Dockerfile.webhook_client

###########
# BUILDER #
###########

FROM milmove/circleci-docker:milmove-app-3d9acdaa37c81a87b5fc1c6193a8e528dd56e4ed as builder

# Prepare public DOD certificates.
# hadolint ignore=DL3002
USER root
COPY config/tls/dod-wcf-root-ca-1.pem /usr/local/share/ca-certificates/dod-wcf-root-ca-1.pem.crt
COPY config/tls/dod-wcf-intermediate-ca-1.pem /usr/local/share/ca-certificates/dod-wcf-intermediate-ca-1.pem.crt
COPY config/tls/milmove-cert-bundle.p7b /tmp/all-public-dod-certs.der.p7b
RUN openssl pkcs7 -print_certs -inform der -in /tmp/all-public-dod-certs.der.p7b -out /usr/local/share/ca-certificates/all-public-dod-certs.crt
RUN update-ca-certificates

#########
# FINAL #
#########
# hadolint ignore=DL3007
FROM gcr.io/distroless/static:latest

# Copy DOD certs from the builder.
COPY --from=builder --chown=root:root /etc/ssl/certs /etc/ssl/certs

COPY bin/rds-ca-rsa4096-g1.pem /bin/rds-ca-rsa4096-g1.pem
COPY bin/webhook-client /bin/webhook-client

CMD ["/bin/webhook-client", "webhook-notify"]