# This default may be swapped for any compatible base image
ARG BASE_IMAGE=ubuntu:24.04

# Containerbase is used for tool installation and user/directory setup
FROM ghcr.io/containerbase/base:13.14.2 AS containerbase

FROM ${BASE_IMAGE} as base

RUN apt-get update -y && apt-get upgrade -y && apt-get clean && rm -rf /var/lib/apt/lists/*

# Containerbase supports custom user
ARG USER_NAME=wss-scanner
ARG USER_ID=1000
ARG USER_HOME=/home/${USER_NAME}

# Set env and shell
ENV BASH_ENV=/usr/local/etc/env
SHELL ["/bin/bash" , "-c"]

# Set up containerbase
COPY --from=containerbase /usr/local/sbin/ /usr/local/sbin/
COPY --from=containerbase /usr/local/containerbase/ /usr/local/containerbase/
RUN install-containerbase && \
    prepare-tool all

# renovate: datasource=github-tags depName=git lookupName=git/git
ARG GIT_VERSION=v2.41.0
RUN install-tool git

### !!! Install this version after the other versions, so that it is the default !!! ###
# renovate: datasource=adoptium-java depName=java
ARG JAVA_VERSION=17.0.8+7
RUN install-tool java

# Download the SAST CLI and set it in $PATH, can be replaced by:
#--build-arg SASTCLI=URL
RUN echo "Downloading latest Mend Unified CLI wrapper"
ARG SASTCLI=https://downloads.mend.io/cli/linux_amd64/mend
RUN curl -f $SASTCLI --create-dirs -o /sast/bin/mend && chmod 0775 /sast/bin/mend
ENV PATH=$PATH:/sast/bin

ENV WS_SAST_SCAN_PREFIX=SAST_

### copy folder
COPY docker-image-scanner/ /

RUN chmod 755 /start.sh
RUN chgrp -R 0 ${USER_HOME} && chmod -R g=u ${USER_HOME}

ENV SCM_SCANNER_HOME=/etc/usr/local/whitesource/scm-scanner
RUN chmod -R ugo+rw ${SCM_SCANNER_HOME}
ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true
### Switch User ###
ENV HOME ${USER_HOME}
WORKDIR ${USER_HOME}
USER ${USER_NAME}
ARG JAVA_OPTS
ENV JAVA_OPTS=${JAVA_OPTS}
ENV JDK_JAVA_OPTIONS "--add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/sun.reflect.generics.reflectiveObjects=ALL-UNNAMED"

EXPOSE 9393

ENTRYPOINT ["docker-entrypoint.sh"]
# Mend traceability labels  
LABEL io.mend.image.dockerfile.path=integration-new/github-scanner-parent/scm-packaging/src/assembly-staging/docker/Dockerfile
LABEL org.opencontainers.image.source=https://github.com/whitesource/github-scanner

CMD ["/start.sh"]
