FROM registry.access.redhat.com/ubi10/ubi:10.1@sha256:1b616c4a90d6444b394d5c8f4bd9e15a394d95dd628925d0ec80c257fdc5099c

# Install Node.js (includes NPM), Python 3, development tools, and RPM tools
RUN dnf install -y nodejs \
    python3 \
    python3-devel \
    rpm-build \
    rpmdevtools \
    curl \
    git \
    make \
    which \
    && dnf clean all

# Install ShellCheck from pre-built binary (not available in UBI repos)
ARG SHELLCHECK_VERSION=v0.11.0
ARG SHELLCHECK_SHA256_X86_64=8c3be12b05d5c177a04c29e3c78ce89ac86f1595681cab149b65b97c4e227198
ARG SHELLCHECK_SHA256_AARCH64=12b331c1d2db6b9eb13cfca64306b1b157a86eb69db83023e261eaa7e7c14588
RUN set -eu; \
    arch="$(uname -m)"; \
    case "$arch" in \
      x86_64)  expected="$SHELLCHECK_SHA256_X86_64" ;; \
      aarch64) expected="$SHELLCHECK_SHA256_AARCH64" ;; \
      *) echo "Unsupported arch: $arch" >&2; exit 1 ;; \
    esac; \
    curl -LsSf -o /tmp/shellcheck.tar.xz "https://github.com/koalaman/shellcheck/releases/download/${SHELLCHECK_VERSION}/shellcheck-${SHELLCHECK_VERSION}.linux.${arch}.tar.xz"; \
    echo "${expected}  /tmp/shellcheck.tar.xz" | sha256sum -c -; \
    tar xJf /tmp/shellcheck.tar.xz --strip-components=1 -C /usr/local/bin/ "shellcheck-${SHELLCHECK_VERSION}/shellcheck"; \
    rm -f /tmp/shellcheck.tar.xz


RUN echo '[google-cloud-cli]' > /etc/yum.repos.d/google-cloud-sdk.repo && \
echo 'name=Google Cloud CLI' >> /etc/yum.repos.d/google-cloud-sdk.repo && \
echo 'baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el10-$basearch' >> /etc/yum.repos.d/google-cloud-sdk.repo && \
echo 'enabled=1' >> /etc/yum.repos.d/google-cloud-sdk.repo && \
echo 'gpgcheck=1' >> /etc/yum.repos.d/google-cloud-sdk.repo && \
echo 'repo_gpgcheck=0' >> /etc/yum.repos.d/google-cloud-sdk.repo && \
echo 'gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key-v10.gpg' >> /etc/yum.repos.d/google-cloud-sdk.repo && \
dnf install -y google-cloud-cli && \
dnf clean all

# Install uv for PEP 723 script dependency management
RUN curl -LsSf https://astral.sh/uv/install.sh | UV_INSTALL_DIR="/usr/local/bin/" INSTALLER_NO_MODIFY_PATH=1 sh

# Install OpenShift client (oc)
RUN curl -LsSf https://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable/openshift-client-linux.tar.gz | tar xzf - -C /usr/local/bin/ oc \
    && chmod +x /usr/local/bin/oc

# Install GitHub CLI (gh)
ARG GH_VERSION=2.89.0
ARG GH_SHA256_AMD64=d0422caade520530e76c1c558da47daebaa8e1203d6b7ff10ad7d6faba3490d8
ARG GH_SHA256_ARM64=9e64a623dfc242990aa5d9b3f507111149c4282f66b68eaad1dc79eeb13b9ce5
RUN set -eu; \
    arch="$(uname -m)"; \
    case "$arch" in \
      x86_64)  expected="$GH_SHA256_AMD64"; dl_arch="amd64" ;; \
      aarch64) expected="$GH_SHA256_ARM64"; dl_arch="arm64" ;; \
      *) echo "Unsupported arch: $arch" >&2; exit 1 ;; \
    esac; \
    curl -LsSf -o /tmp/gh.tar.gz "https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_linux_${dl_arch}.tar.gz"; \
    echo "${expected}  /tmp/gh.tar.gz" | sha256sum -c -; \
    tar xzf /tmp/gh.tar.gz --strip-components=1 -C /usr/local/; \
    rm -f /tmp/gh.tar.gz

# Install GitLab CLI (glab)
ARG GLAB_VERSION=1.91.0
ARG GLAB_SHA256_AMD64=31c5dd4b6f5752e4355997b3c4742c9245a7abbb60f39e58bcc4e582843e4869
ARG GLAB_SHA256_ARM64=29fef489f40fefb615881de55d3b229fc909aaf730de700abe1f448945c5bfc2
RUN set -eu; \
    arch="$(uname -m)"; \
    case "$arch" in \
      x86_64)  expected="$GLAB_SHA256_AMD64"; dl_arch="amd64" ;; \
      aarch64) expected="$GLAB_SHA256_ARM64"; dl_arch="arm64" ;; \
      *) echo "Unsupported arch: $arch" >&2; exit 1 ;; \
    esac; \
    curl -LsSf -o /tmp/glab.tar.gz "https://gitlab.com/gitlab-org/cli/-/releases/v${GLAB_VERSION}/downloads/glab_${GLAB_VERSION}_linux_${dl_arch}.tar.gz"; \
    echo "${expected}  /tmp/glab.tar.gz" | sha256sum -c -; \
    tar xzf /tmp/glab.tar.gz -C /usr/local/bin/ bin/glab --strip-components=1; \
    rm -f /tmp/glab.tar.gz

# Install common Python tools
RUN uv pip install --system --no-cache \
    pytest \
    requests \
    pyyaml \
    ruff \
    tox \
    tox-uv

# Create claude user
RUN useradd -m -u 1000 -s /bin/bash claude

# Copy ai-helpers repository to /opt/ai-helpers
COPY . /opt/ai-helpers

# Fetch external plugin repos so their skills are available in non-interactive mode
RUN python3 /opt/ai-helpers/scripts/fetch_external_plugins.py /opt/ai-helpers

RUN chown -R claude:claude /opt/ai-helpers

# Create Claude configuration directory and copy settings
#   Note: We pre-configure known_marketplaces.json because extraKnownMarketplaces doesn't seem to work in non-interactive mode.
RUN mkdir -p /home/claude/.claude/plugins
COPY ./images/claude/claude-settings.json /home/claude/.claude/settings.json
COPY ./images/claude/known_marketplaces.json /home/claude/.claude/plugins/known_marketplaces.json
RUN chown -R claude:claude /home/claude/.claude

# Switch to claude user
USER claude

# Install Claude Code CLI as the claude user
RUN curl -fsSL https://claude.ai/install.sh | bash

# Copy Claude Code binary to system location and make it available system-wide
USER root
RUN cp /home/claude/.local/bin/claude /usr/bin/claude && \
    chmod +x /usr/bin/claude
USER claude

# Set entrypoint wrapper as the default command.  The wrapper passes
# through to `claude` directly unless CLAUDE_CI_STREAM=1 is set, in
# which case it enables human-readable streaming output for CI.
ENTRYPOINT ["/opt/ai-helpers/images/claude/claude-ci-entrypoint.sh"]
