# Ghidra-equipped acquisition worker. Self-contained: bundles JDK 21 + a pinned Ghidra
# release so `docker compose up` just works (at the cost of a heavy, slow-to-build image).
#
# Override the Ghidra build without editing this file:
#   docker build --build-arg GHIDRA_URL=https://github.com/.../ghidra_X_PUBLIC_DATE.zip ...
FROM eclipse-temurin:21-jdk-jammy

ARG GHIDRA_URL=https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_11.3_build/ghidra_11.3_PUBLIC_20250205.zip

# Runtime deps: python (the package), unzip/wget (fetch Ghidra), libarchive-tools (bsdtar:
# unpacks ISO9660 + ZIP game archives).
RUN apt-get update && apt-get install -y --no-install-recommends \
        python3 python3-pip unzip wget ca-certificates libarchive-tools \
    && rm -rf /var/lib/apt/lists/*

# Fetch + unpack Ghidra into /opt/ghidra (strip the versioned top-level dir).
RUN wget -q "$GHIDRA_URL" -O /tmp/ghidra.zip \
    && unzip -q /tmp/ghidra.zip -d /opt \
    && mv /opt/ghidra_* /opt/ghidra \
    && rm /tmp/ghidra.zip

ENV GHIDRA_HOME=/opt/ghidra
ENV AMS_GHIDRA_SCRIPTS=/app/ghidra_scripts
ENV AMS_UPLOAD_DIR=/data/uploads

WORKDIR /app
COPY pyproject.toml README.md ./
COPY ams ./ams
COPY ghidra_scripts ./ghidra_scripts
COPY snapshots ./snapshots

RUN pip3 install --no-cache-dir -e ".[api,acquire,worker]"

# Drain the 'acquire' queue. Shell form so $REDIS_URL expands at runtime.
CMD rq worker --url "${REDIS_URL:-redis://redis:6379/0}" acquire