FROM node:20-bookworm-slim

# essentials your CI uses
RUN set -eux; \
  apt-get update; \
  apt-get install -y --no-install-recommends ca-certificates curl git jq; \
  rm -rf /var/lib/apt/lists/*

# install podman remote client and expose it as "podman"
ARG PODMAN_REMOTE_VERSION=5.2.3
RUN set -eux; \
  arch="$(dpkg --print-architecture)"; \
  case "$arch" in amd64) goarch=amd64;; arm64) goarch=arm64;; *) echo "unsupported arch: $arch"; exit 1;; esac; \
  url="https://github.com/containers/podman/releases/download/v${PODMAN_REMOTE_VERSION}/podman-remote-static-linux_${goarch}.tar.gz"; \
  curl -fsSL -o /tmp/podman-remote.tgz "$url"; \
  mkdir -p /tmp/podman-remote; \
  tar -xzf /tmp/podman-remote.tgz -C /tmp/podman-remote; \
  bin="$(find /tmp/podman-remote -type f \( -name podman-remote -o -name podman \) -perm -111 -print -quit)"; \
  test -n "$bin" || { echo "podman(-remote) binary not found in archive"; ls -R /tmp/podman-remote; exit 1; }; \
  install -m0755 "$bin" /usr/local/bin/podman-remote; \
  ln -sf /usr/local/bin/podman-remote /usr/local/bin/podman; \
  /usr/local/bin/podman --version; \
  rm -rf /tmp/podman-remote /tmp/podman-remote.tgz

# defaults for your runner’s rootless socket
ENV XDG_RUNTIME_DIR=/run/user/999
ENV CONTAINER_HOST=unix:///run/user/999/podman/podman.sock