FROM alpine:3.20

RUN apk add --no-cache \
    bash \
    docker-cli \
    git \
    nodejs \
    npm \
    openssh-client \
    gzip

WORKDIR /app

# Install script dependencies at /app/node_modules. The /app/scripts dir is
# a read-only host mount at runtime, so deps can't live inside it. Node ESM
# walks up from the importing file looking for node_modules — /app is the
# parent of /app/scripts, and /app itself is NOT mounted, so this works.
# (NODE_PATH is intentionally NOT used: ESM resolution ignores it.)
COPY scripts/package*.json ./
RUN npm install --omit=dev

COPY cron/crontab /etc/crontabs/root
COPY cron/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

ENTRYPOINT ["/entrypoint.sh"]
CMD ["crond", "-f", "-l", "2"]
