# hadolint global ignore=DL3008

##
## Download docker
##

FROM docker.io/library/debian:12.11-slim@sha256:e5865e6858dacc255bead044a7f2d0ad8c362433cfaa5acefb670c1edf54dfef AS download
SHELL ["/bin/bash", "-u", "-e", "-o", "pipefail", "-c"]
WORKDIR /tmp/docker
RUN --mount=type=tmpfs,target=/var/lib/apt/lists \
	--mount=type=tmpfs,target=/var/log \
	--mount=type=tmpfs,target=/var/cache \
	apt-get -qq update && \
	apt-get -qq install --yes --no-install-recommends ca-certificates curl && \
	rm -rf /etc/*- /var/lib/dpkg/*-old /var/lib/dpkg/status
RUN ARCH=$(dpkg --print-architecture) && curl --fail --silent --parallel --remote-name-all \
		"https://download.docker.com/linux/debian/dists/bookworm/pool/stable/$ARCH/containerd.io_1.7.27-1_$ARCH.deb" \
		"https://download.docker.com/linux/debian/dists/bookworm/pool/stable/$ARCH/docker-ce-cli_28.1.1-1~debian.12~bookworm_$ARCH.deb" \
		"https://download.docker.com/linux/debian/dists/bookworm/pool/stable/$ARCH/docker-ce_28.1.1-1~debian.12~bookworm_$ARCH.deb" \
		"https://download.docker.com/linux/debian/dists/bookworm/pool/stable/$ARCH/docker-ce-rootless-extras_28.1.1-1~debian.12~bookworm_$ARCH.deb"

##
## Final stage
##

FROM docker.io/library/debian:12.11-slim@sha256:e5865e6858dacc255bead044a7f2d0ad8c362433cfaa5acefb670c1edf54dfef
SHELL ["/bin/bash", "-u", "-e", "-o", "pipefail", "-c"]
RUN --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
	--mount=type=tmpfs,target=/var/log \
	--mount=type=tmpfs,target=/var/cache \
	apt-get -qq update && \
	apt-get -qq install --yes --no-install-recommends ca-certificates uidmap slirp4netns dbus-user-session iproute2 && \
	rm -rf /etc/*- /var/lib/dpkg/*-old /var/lib/dpkg/status
RUN --mount=type=bind,from=download,source=/tmp/docker,target=/tmp/docker \
	--mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
	--mount=type=tmpfs,target=/var/log \
	--mount=type=tmpfs,target=/var/cache \
	apt-get -qq update && \
	apt-get -qq install --yes --no-install-recommends /tmp/docker/*.deb && \
	rm -rf /etc/*- /var/lib/dpkg/*-old /var/lib/dpkg/status

RUN useradd dockerd --uid 1000 --home-dir /home/docker --create-home && rm /etc/*- /home/docker/.* && \
	echo dockerd:100000:65536 >/etc/subuid && \
	echo dockerd:100000:65536 >/etc/subgid
COPY --chmod=555 entrypoint.sh /usr/bin/entrypoint.sh
ENTRYPOINT ["/usr/bin/entrypoint.sh"]
USER 1000