# ---------------------------------------------------------------------------
# Dockerfile.runtime-assets
#
# Lightweight data image that packages runtime assets (ML models, JDK, Ghidra,
# certificates) into named volumes for Stella Ops services.
#
# Usage:
#   1. Acquire assets first:
#      ./devops/runtime-assets/acquire.sh --all
#
#   2. Build the data image:
#      docker build -f devops/runtime-assets/Dockerfile.runtime-assets \
#        -t stellaops/runtime-assets:latest .
#
#   3. Use in docker-compose (see docker-compose.runtime-assets.yml)
#
# The image runs a one-shot copy to populate named volumes, then exits.
# Services mount the same volumes read-only.
# ---------------------------------------------------------------------------

FROM busybox:1.37 AS base

LABEL org.opencontainers.image.title="stellaops-runtime-assets"
LABEL org.opencontainers.image.description="Runtime data assets for Stella Ops (ML models, certificates, tools)"
LABEL org.opencontainers.image.vendor="stella-ops.org"

# ---------------------------------------------------------------------------
# ML Models
# ---------------------------------------------------------------------------
COPY src/AdvisoryAI/StellaOps.AdvisoryAI/models/ /data/models/

# ---------------------------------------------------------------------------
# Certificates and trust bundles
# ---------------------------------------------------------------------------
COPY etc/trust-profiles/assets/ /data/certificates/trust-profiles/
COPY etc/authority/keys/ /data/certificates/authority/

# ---------------------------------------------------------------------------
# License attribution (required by Apache-2.0 and MIT)
# ---------------------------------------------------------------------------
COPY NOTICE.md /data/licenses/NOTICE.md
COPY third-party-licenses/ /data/licenses/third-party/

# ---------------------------------------------------------------------------
# Manifest for verification
# ---------------------------------------------------------------------------
COPY devops/runtime-assets/manifest.yaml /data/manifest.yaml

# ---------------------------------------------------------------------------
# Entrypoint: copy assets to volume mount points, then exit
# ---------------------------------------------------------------------------
COPY devops/runtime-assets/init-volumes.sh /init-volumes.sh
RUN chmod +x /init-volumes.sh

ENTRYPOINT ["/init-volumes.sh"]