FROM code.forgejo.org/forgejo/runner:5 AS runner
FROM debian:bullseye

COPY --from=runner /bin/forgejo-runner /bin/forgejo-runner

USER root
COPY ./entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

# Install required packages
RUN apt-get update && \
    apt-get install -y sudo lxc lxc-templates uidmap && \
    apt-get clean

# Configure user and permissions
RUN useradd -m runner && \
    echo "runner ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/runner && \
    chmod 0440 /etc/sudoers.d/runner && \
    mkdir /data && chown runner:runner /data

# Enable subuid and subgid for unprivileged containers
RUN echo "runner:100000:65536" >> /etc/subuid && \
    echo "runner:100000:65536" >> /etc/subgid

VOLUME [ "/data" ]

WORKDIR /data

ENTRYPOINT [ "/entrypoint.sh" ]