FROM python:3.12.13-bookworm

# Noninteractive apt to keep builds deterministic
ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        git \
        build-essential \
        pkg-config \
        libssl-dev \
        libjson-c-dev \
        python3 \
        python3-pip && \
    rm -rf /var/lib/apt/lists/*

# Working directory for the project
WORKDIR /opt/cipherscan

# Copy source code
COPY . .

# Ensure scripts are executable
RUN chmod +x cscan.sh && chmod +x cscan.py

# Note: Building the C CA parser (top1m/parse_CAs.c) can fail on some environments due to macro issues.
# Rely on runtime TLS libraries clones performed by cscan.sh.

# Default entrypoint to run the project's scanner wrapper
ENTRYPOINT ["./cscan.sh"]