FROM ubuntu:24.04

# Prevent interactive prompts during package installation
ENV DEBIAN_FRONTEND=noninteractive

# Install dependencies needed for tools
RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates \
    curl \
    wget \
    git \
    unzip \
    gnupg \
    lsb-release \
    software-properties-common \
    && rm -rf /var/lib/apt/lists/*

# Create a non-root user for running tools
RUN groupadd -r qadocker && useradd -r -g qadocker -m -s /bin/bash qadocker

# Install Hadolint
RUN wget -q -O /usr/local/bin/hadolint \
    https://github.com/hadolint/hadolint/releases/latest/download/hadolint-$(uname -s)-$(uname -m) && \
    chmod +x /usr/local/bin/hadolint

# Install Dive
RUN wget -q -O /tmp/dive_0.10.0_linux_amd64.deb \
    https://github.com/wagoodman/dive/releases/download/v0.10.0/dive_0.10.0_linux_amd64.deb && \
    apt-get update && apt-get install -y --no-install-recommends /tmp/dive_0.10.0_linux_amd64.deb && \
    rm /tmp/dive_0.10.0_linux_amd64.deb && \
    rm -rf /var/lib/apt/lists/*

# Install ShellCheck
RUN apt-get update && apt-get install -y --no-install-recommends shellcheck && \
    rm -rf /var/lib/apt/lists/*

# Install Trivy (vulnerability scanner)
RUN wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor -o /usr/share/keyrings/trivy.gpg && \
    echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" | tee -a /etc/apt/sources.list.d/trivy.list && \
    apt-get update && \
    apt-get install -y trivy && \
    rm -rf /var/lib/apt/lists/*

# Install Dockle (container linter)
RUN wget -q -O dockle_0.4.5_linux_amd64.deb \
    https://github.com/goodwithtech/dockle/releases/download/v0.4.5/dockle_0.4.5_Linux-64bit.deb && \
    apt-get update && apt-get install -y --no-install-recommends ./dockle_0.4.5_linux_amd64.deb && \
    rm dockle_0.4.5_linux_amd64.deb && \
    rm -rf /var/lib/apt/lists/*

# Install Docker client
RUN curl -fsSL https://get.docker.com -o get-docker.sh && \
    sh get-docker.sh && \
    rm get-docker.sh

# Install Node.js (may be needed for some tools)
RUN curl -fsSL https://deb.nodesource.com/setup_lts | bash - && \
    apt-get install -y --no-install-recommends nodejs && \
    rm -rf /var/lib/apt/lists/*

# Ensure non-root user has proper permissions for Docker socket if needed
# This should be handled at runtime via volume mounting

# Switch to non-root user
USER qadocker
WORKDIR /home/qadocker

CMD ["/bin/bash"]