FROM docker.io/library/python:3.14-alpine

ARG AR_UID=1000
ARG AR_USER=ar
ARG AR_HOME=/home/ansible-executor
ARG AR_PY_VER=3.14  # Python3-version; has to match image

RUN apk add --update --no-cache git git-lfs openssh-client sshpass openssl >/dev/null && \
    adduser --uid ${AR_UID} --home ${AR_HOME} --shell /usr/sbin/nologin --disabled-password ${AR_USER} ${AR_USER} && \
    mkdir -p /run/ansible && \
    chown -R ${AR_USER}:${AR_USER} /run/ansible

ENV PYTHONUNBUFFERED=1 \
    PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:${AR_HOME}/.local/bin \
    ANSIBLE_ACTION_PLUGINS=${AR_HOME}/.local/lib/python${AR_PY_VER}/site-packages/ara/plugins/action \
    ANSIBLE_CALLBACK_PLUGINS=${AR_HOME}/.local/lib/python${AR_PY_VER}/site-packages/ara/plugins/callback:${AR_HOME}/.local/lib/python${AR_PY_VER}/site-packages/oxl_ansible_executor_plugins/callback \
    ANSIBLE_LOOKUP_PLUGINS=${AR_HOME}/.local/lib/python${AR_PY_VER}/site-packages/ara/plugins/lookup

USER ${AR_USER}

RUN pip install --user ansible-core oxl-ansible-executor-plugins ara passlib netaddr jmespath cryptography >/dev/null
