FROM quay.io/fedora/fedora:41

ARG USER_HOME_DIR="/home/user"
ARG WORK_DIR="/projects"
ARG INSTALL_PACKAGES="procps-ng openssl git tar gzip zip xz unzip which shadow-utils bash zsh vi wget jq podman buildah skopeo podman-docker glibc-devel zlib-devel gcc libffi-devel libstdc++-devel gcc-c++ glibc-langpack-en ca-certificates python3-pip python3-devel fuse-overlayfs util-linux vim-minimal vim-enhanced dotnet-hostfxr-9.0 dotnet-runtime-9.0 dotnet-sdk-9.0"

ENV HOME=${USER_HOME_DIR}
ENV BUILDAH_ISOLATION=chroot

COPY --chown=0:0 entrypoint.sh /

RUN microdnf --disableplugin=subscription-manager install -y ${INSTALL_PACKAGES}; \
  microdnf update -y ; \
  microdnf clean all ; \
  mkdir -p /usr/local/bin ; \
  mkdir -p ${WORK_DIR} ; \
  pip3 install -U podman-compose ; \
  pip3 install -U cekit ; \
  chgrp -R 0 /home ; \
  chmod -R g=u /home ${WORK_DIR} ; \
  chmod +x /entrypoint.sh ; \
  chown 0:0 /etc/passwd ; \
  chown 0:0 /etc/group ; \
  chmod g=u /etc/passwd /etc/group ; \
  # Setup for rootless podman
  setcap cap_setuid+ep /usr/bin/newuidmap ; \
  setcap cap_setgid+ep /usr/bin/newgidmap ; \
  touch /etc/subgid /etc/subuid ; \
  chown 0:0 /etc/subgid ; \
  chown 0:0 /etc/subuid ; \
  chmod -R g=u /etc/subuid /etc/subgid ; \
  # Create Sym Links for OpenShift CLI (Assumed to be retrieved by an init-container)
  ln -s /projects/bin/oc /usr/local/bin/oc ; \
  ln -s /projects/bin/kubectl /usr/local/bin/kubectl

USER 1000
WORKDIR ${WORK_DIR}
ENTRYPOINT ["/usr/libexec/podman/catatonit","--","/entrypoint.sh"]
CMD [ "tail", "-f", "/dev/null" ]
