FROM ubuntu:22.04

ENV DEBIAN_FRONTEND=noninteractive
ARG TARGETPLATFORM
ARG TARGETARCH

RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates \
    curl \
    gnupg2 \
    sudo \
    jq \
    && rm -rf /var/lib/apt/lists/*

RUN echo "deb [arch=${TARGETARCH}] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_22.04/ /" | tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list \
    && curl -fsSL "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_22.04/Release.key" | apt-key add -

RUN apt-get update && apt-get install -y --no-install-recommends \
    uidmap \
    fuse-overlayfs \
    podman \
    netavark \
    && rm -rf /var/lib/apt/lists/*

RUN adduser --disabled-password --gecos "" --uid 1001 runner \
    && groupadd docker --gid 123 \
    && usermod -aG sudo,docker runner \
    && echo "%sudo   ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers \
    && echo "Defaults env_keep += \"DEBIAN_FRONTEND\"" >> /etc/sudoers

WORKDIR /home/runner

# Copy container configuration files
COPY docker-image-worker/storage.conf docker-image-worker/containers.conf docker-image-worker/registries.conf /home/runner/.config/containers/

# Copy the entrypoint script
COPY docker-image-worker/podman-preauth.sh ./

# Copy the worker binary (from goreleaser build context)
COPY $TARGETPLATFORM/worker ./

USER runner
RUN sudo chown -R runner:runner /home/runner/.config \
    && sudo chmod +x podman-preauth.sh worker

ENTRYPOINT ["/home/runner/podman-preauth.sh"]
CMD ["bash", "-c"]