# Default Gitea Actions job image (managed by ansible: roles/gitea-actions).
# Covers Go/web/node jobs plus `docker build` (talks to the mounted rootless
# podman socket). Go toolchains are provided per-job by actions/setup-go.
FROM node:20-bookworm-slim

ARG DOCKER_CLI_VERSION=27.3.1

RUN apt-get update && apt-get install -y --no-install-recommends \
        ca-certificates curl git openssh-client make build-essential \
        python3 python3-pip jq zip unzip \
    && rm -rf /var/lib/apt/lists/*

# Static docker client (no daemon) for jobs that run `docker build` against the
# mounted podman socket (/var/run/docker.sock).
RUN curl -fsSL "https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_CLI_VERSION}.tgz" \
        | tar -xz -C /tmp \
    && install -m0755 /tmp/docker/docker /usr/local/bin/docker \
    && rm -rf /tmp/docker

# AWS CLI v2 — several workflows upload artifacts / deploy Lambda.
RUN curl -fsSL "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o /tmp/awscliv2.zip \
    && unzip -q /tmp/awscliv2.zip -d /tmp \
    && /tmp/aws/install \
    && rm -rf /tmp/aws /tmp/awscliv2.zip