# KNEL-Football ISO Builder - Dockerfile
# Multi-stage build for security hardening

# Base stage
FROM debian:13.3-slim AS base

# Set environment variables
ENV DEBIAN_FRONTEND=noninteractive
ENV LANG=C.UTF-8

# Install base dependencies
RUN apt-get update && apt-get install -y \
    ca-certificates \
    gnupg \
    curl \
    wget \
    git \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

# Builder stage
FROM base AS builder

# Install build dependencies
RUN apt-get update && apt-get install -y \
    live-build \
    debootstrap \
    squashfs-tools \
    xorriso \
    grub-pc-bin \
    grub-efi-amd64-bin \
    mtools \
    dosfstools \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

# Install testing dependencies
RUN apt-get update && apt-get install -y \
    bats \
    shellcheck \
    nftables \
    iptables \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

# Install additional security tools
RUN apt-get update && apt-get install -y \
    auditd \
    rsyslog \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

# Create workspace directory
WORKDIR /workspace

# Set proper permissions
RUN groupadd -r builder && useradd -r -g builder builder
RUN chown -R builder:builder /workspace
USER builder

# Default command
CMD ["/bin/bash"]