# -- <worker_dependencies> --
FROM docker:dind AS worker_dependencies
# -- </worker_dependencies> --

# -- <ci_worker> --
FROM img.liz.coffee/emprespresso/ci_base:release AS worker

ENV PIPELINE_PATH=/app/worker/dist/scripts
RUN chmod +x /app/worker/dist/scripts/*

RUN mkdir -p /var/lib/laminar/cfg
RUN cp -r /app/worker/jobs /var/lib/laminar/cfg
# see: https://github.com/nodejs/docker-node/blame/89b29ef06b421598ec007605a2604ede0348b298/22/bullseye-slim/Dockerfile#L3-L4
RUN chown -R node:node /var/lib/laminar

# adding a user to only the group"docker" doesn't deterministically give it access to the
# docker socket of the host.
# e.g. host has /etc/groups: docker:995, container has /etc/groups: docker:996
# because i'm likely the only one to ever touch this, and i FORCE "docker" to be 996, this will
# be hardcoded defaulting to 995.
ARG DOCKER_GID="995" # but it may be overridden via this `DOCKER_GID` build arg.
RUN groupadd -g ${DOCKER_GID} docker
RUN usermod -a -d /var/lib/laminar -G docker node

COPY --from=worker_dependencies /usr/local/bin/docker /usr/local/bin/

USER node
WORKDIR /var/lib/laminar
EXPOSE 8080

CMD [ "/usr/sbin/laminard" ]
# -- </ci_worker> --