Dockerfile.webhook_client_local

###########
# BUILDER #
###########

FROM milmove/circleci-docker:milmove-app-59d1b5d814b190c7c5a8c460ca97ed193d518350 as builder

# Prepare public DOD certificates.
# hadolint ignore=DL3002
USER root
COPY config/tls/milmove-cert-bundle.p7b /tmp/all-public-dod-certs.der.p7b
RUN openssl pkcs7 -print_certs -inform der -in /tmp/all-public-dod-certs.der.p7b -out /usr/local/share/ca-certificates/all-public-dod-certs.crt
RUN update-ca-certificates

ENV CIRCLECI=true

COPY --chown=circleci:circleci . /home/circleci/project
WORKDIR /home/circleci/project

RUN make clean
RUN make bin/rds-ca-rsa4096-g1.pem

RUN make bin/webhook-client

#########
# FINAL #
#########

# hadolint ignore=DL3007
FROM gcr.io/distroless/static:latest

# Copy DOD certs from the builder.
COPY --from=builder --chown=root:root /etc/ssl/certs /etc/ssl/certs

# mTLS authentication self-signed certificate for use in development and test environments.
COPY --from=builder --chown=root:root /home/circleci/project/config/tls/devlocal-mtls.cer /config/tls/devlocal-mtls.cer
COPY --from=builder --chown=root:root /home/circleci/project/config/tls/devlocal-mtls.key /config/tls/devlocal-mtls.key

# Public root certificate for RDS in us-gov-west-1.
COPY --from=builder --chown=root:root /home/circleci/project/bin/rds-ca-rsa4096-g1.pem /bin/rds-ca-rsa4096-g1.pem

# The main webhook-client binary.
COPY --from=builder --chown=root:root /home/circleci/project/bin/webhook-client /bin/webhook-client

CMD ["/bin/webhook-client", "webhook-notify"]