FROM nikolaik/python-nodejs:python3.11-nodejs20 AS base

LABEL description="ngn-agent: Custom Hermes Docker image with platform engineering tools"
LABEL maintainer="ngn-agent"

ARG TERRAFORM_VERSION=1.15.6
ARG HELM_VERSION=4.2.0
ARG KUBECTL_VERSION=1.36.1
ARG PUPP_VERSION=1.1.0

SHELL ["/bin/bash", "-o", "pipefail", "-c"]

RUN apt-get update && apt-get install -y --no-install-recommends \
    curl ca-certificates unzip gnupg wget \
    && wget -O- https://apt.releases.hashicorp.com/gpg 2>/dev/null \
    | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg \
    && curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.36/deb/Release.key \
    | gpg --dearmor -o /usr/share/keyrings/kubernetes-apt-keyring.gpg \
    && curl -fsSL https://packages.buildkite.com/helm-linux/helm-debian/gpgkey \
    | gpg --dearmor -o /usr/share/keyrings/helm.gpg \
    && . /etc/os-release \
    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com ${VERSION_CODENAME} main" \
    | tee /etc/apt/sources.list.d/hashicorp.list > /dev/null \
    && echo 'deb [signed-by=/usr/share/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.36/deb/ /' \
    | tee /etc/apt/sources.list.d/kubernetes.list > /dev/null \
    && echo "deb [signed-by=/usr/share/keyrings/helm.gpg] https://packages.buildkite.com/helm-linux/helm-debian/any/ any main" \
    | tee /etc/apt/sources.list.d/helm-stable-debian.list > /dev/null \
    && apt-get update && apt-get install -y --no-install-recommends \
    terraform=${TERRAFORM_VERSION}-1 \
    kubectl \
    helm=${HELM_VERSION}-1 \
    && rm -rf /var/lib/apt/lists/*

RUN ARCH=$(uname -m) && \
    case "$ARCH" in \
        x86_64)   AWS_URL="https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"; PUPP_ARCH="x86_64" ;; \
        aarch64)  AWS_URL="https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"; PUPP_ARCH="arm64"  ;; \
        *)        echo "Unsupported architecture: $ARCH" >&2; exit 1 ;; \
    esac \
    && curl -fsSL "$AWS_URL" -o /tmp/awscliv2.zip \
    && unzip -q /tmp/awscliv2.zip -d /tmp \
    && /tmp/aws/install --bin-dir /usr/local/bin --install-dir /usr/local/aws-cli \
    && curl -fsSL "https://github.com/DataDog/pup/releases/download/v${PUPP_VERSION}/pup_${PUPP_VERSION}_Linux_${PUPP_ARCH}.tar.gz" -o /tmp/pup.tar.gz \
    && tar xzf /tmp/pup.tar.gz -C /usr/local/bin/ pup \
    && rm -rf /tmp/awscliv2.zip /tmp/aws /tmp/pup.tar.gz \
    && echo "=== Tool versions ===" \
    && aws --version \
    && terraform --version \
    && helm version --short \
    && kubectl version --client --output=yaml 2>/dev/null | grep gitVersion || true \
    && pup --version || true

CMD ["bash"]
