# Scanning Engine - Background Scanner Worker
ARG TARGETOS
ARG TARGETARCH

FROM alpine:latest

# Install scanning tools and runtime dependencies
RUN apk add --no-cache \
    ca-certificates \
    tzdata \
    git \
    curl \
    wget \
    bash \
    && update-ca-certificates

# Install Trivy for container scanning
RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin

# Install Grype for vulnerability scanning
RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin

# Create non-root user
RUN addgroup -g 1000 scanner && \
    adduser -D -u 1000 -G scanner scanner

# Create necessary directories with proper permissions
RUN mkdir -p /var/cache/gohoarder \
             /var/lib/gohoarder/metadata \
             /var/lib/trivy \
             /tmp/gohoarder && \
    chown -R scanner:scanner /var/cache/gohoarder \
                              /var/lib/gohoarder \
                              /var/lib/trivy \
                              /tmp/gohoarder && \
    chmod -R 750 /var/cache/gohoarder \
                 /var/lib/gohoarder \
                 /var/lib/trivy

# Copy binary (from platform-specific path)
ARG TARGETOS
ARG TARGETARCH
COPY ${TARGETOS}/${TARGETARCH}/gohoarder /usr/local/bin/gohoarder
RUN chmod +x /usr/local/bin/gohoarder

# Copy example config
COPY config.yaml.example /etc/gohoarder/config.yaml.example

WORKDIR /var/cache/gohoarder
USER scanner

# Expose metrics port
EXPOSE 9091

# Health check
HEALTHCHECK --interval=60s --timeout=30s --start-period=10s --retries=3 \
    CMD ["/usr/local/bin/gohoarder", "version"] || exit 1

# Environment variables for scanner mode
ENV SCANNER_MODE=true \
    SCANNER_WORKERS=4 \
    SCANNER_INTERVAL=300

# Run the scanner in background mode
# The scanner runs the same serve command but uses SCANNER_MODE env var
# and configuration to determine its role
ENTRYPOINT ["/usr/local/bin/gohoarder"]
CMD ["serve"]