# Dockerfile.ci-node-podman
ARG CI_IMAGE_REV=1
FROM node:20-bookworm-slim

# Tools needed at runtime by actions and your scripts
# - git: actions/checkout uses it
# - curl, ca-certificates: handy for health checks, etc.
# - jq: used in your scripts
# Then add the libcontainers repo to get a recent Podman (v5.x).
RUN set -eux; \
  apt-get update; \
  apt-get install -y --no-install-recommends \
      ca-certificates curl git gnupg jq; \
  . /etc/os-release; \
  echo "deb [signed-by=/usr/share/keyrings/libcontainers-archive-keyring.gpg] \
       https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_${VERSION_ID}/ /" \
    > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list; \
  curl -fsSL \
      "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_${VERSION_ID}/Release.key" \
    | gpg --dearmor -o /usr/share/keyrings/libcontainers-archive-keyring.gpg; \
  apt-get update; \
  apt-get install -y --no-install-recommends podman; \
  apt-get purge -y gnupg; \
  rm -rf /var/lib/apt/lists/*

# These match your runner’s rootless socket layout
ENV XDG_RUNTIME_DIR=/run/user/999
ENV CONTAINER_HOST=unix:///run/user/999/podman/podman.sock