# Use Alpine as the base image
FROM alpine:3.18

LABEL io.hass.name="SonarQube"
LABEL io.hass.description="SonarQube Server helps you comply with common code security standards, such as the NIST SSDF, OWASP, CWE, STIG, and CASA."
LABEL io.hass.arch="amd64|aarch64"
LABEL io.hass.type="addon"
LABEL io.hass.version="0.0.1-beta"

# Build parameters
ARG SONARQUBE_VERSION=9.9.6.92038
ENV SONARQUBE_VERSION=${SONARQUBE_VERSION} \
    SONARQUBE_HOME=/opt/sonarqube \
    SONARQUBE_BIN=/opt/sonarqube/bin/linux-x86-64

# Install runtime dependencies
RUN apk add --no-cache \
      openjdk11-jre \
      curl \
      unzip \
      su-exec \
      tzdata

# Create a user with uid/gid 1000
RUN addgroup -S sonarqube -g 1000 \
 && adduser  -S sonarqube -u 1000 -G sonarqube

# Download and extract SonarQube
RUN curl -L "https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-${SONARQUBE_VERSION}.zip" -o /tmp/sonarqube.zip \
 && unzip /tmp/sonarqube.zip -d /opt \
 && mv /opt/sonarqube-${SONARQUBE_VERSION} "${SONARQUBE_HOME}" \
 && rm /tmp/sonarqube.zip \
 && chown -R sonarqube:sonarqube "${SONARQUBE_HOME}"

# Copy the startup script
COPY run.sh /usr/local/bin/run.sh
RUN chmod +x /usr/local/bin/run.sh

# Expose the internal port (always 9000)
EXPOSE 9000

# Run as the 'sonarqube' user
USER sonarqube
ENTRYPOINT ["/usr/local/bin/run.sh"]