# FoundryVTT Container Image
# Built on Red Hat UBI10 Minimal for security and stability
FROM registry.access.redhat.com/ubi10/ubi-minimal:latest

# OCI Labels
LABEL org.opencontainers.image.title="FoundryVTT"
LABEL org.opencontainers.image.description="FoundryVTT Virtual Tabletop on Red Hat UBI10"
LABEL org.opencontainers.image.source="https://gitea.belway.me/Public/foundryvtt_container"
LABEL org.opencontainers.image.vendor="BelwayHome"

ARG FOUNDRY_URL
ARG FOUNDRY_VERSION=latest
ARG NODEJS_VERSION=22

# Install dependencies and Node.js via dnf module
RUN microdnf update -y --nodocs && \
    microdnf install -y --nodocs --setopt=install_weak_deps=0 \
        nodejs \
        npm \
        openssl \
        tar \
        unzip \
        wget \
        shadow-utils && \
    microdnf clean all && \
    rm -rf /var/cache/yum

# Create non-root user
RUN groupadd -r foundry && \
    useradd -r -g foundry -d /foundryvtt -s /sbin/nologin foundry

# Download and extract FoundryVTT
WORKDIR /foundryvtt/app
RUN wget -q -O foundryvtt.zip "${FOUNDRY_URL}" && \
    unzip -q foundryvtt.zip && \
    rm foundryvtt.zip && \
    chown -R foundry:foundry /foundryvtt

# Create data directory
RUN mkdir -p /foundryvtt/data && \
    chown -R foundry:foundry /foundryvtt/data

WORKDIR /foundryvtt

# Set ownership and switch to non-root user
USER foundry

VOLUME /foundryvtt/data
EXPOSE 30000

# Version label (set at build time)
LABEL org.opencontainers.image.version="${FOUNDRY_VERSION}"

# Use exec form for proper signal handling
ENTRYPOINT ["/usr/bin/node", "/foundryvtt/app/main.js", "--dataPath=/foundryvtt/data"]