ARG N8N_VERSION=2.4.6
ARG JQ_VERSION=1.7.1

# ------------------------------------------------
# 1) busybox-static (sh, sed, mkdir, etc.)
# ------------------------------------------------
FROM alpine:3.23 AS busybox-builder
RUN apk add --no-cache busybox-static

# ------------------------------------------------
# 2) tools: su-exec + runtime libs (musl loader, etc.)
# ------------------------------------------------
FROM alpine:3.23 AS tools-builder
RUN apk add --no-cache su-exec

# ------------------------------------------------
# 3) static jq (download)
# jq official release provides static binaries for linux
# ------------------------------------------------
FROM alpine:3.23 AS jq-builder
ARG JQ_VERSION
RUN apk add --no-cache wget ca-certificates
RUN wget -O /usr/local/bin/jq \
    "https://github.com/jqlang/jq/releases/download/jq-${JQ_VERSION}/jq-linux-arm64" \
 && chmod +x /usr/local/bin/jq

# ------------------------------------------------
# 4) claude-code
# ------------------------------------------------
FROM node:20-alpine AS node-builder
RUN npm install -g @anthropic-ai/claude-code

# ------------------------------------------------
# 5) Final image (n8n distroless)
# ------------------------------------------------
FROM docker.n8n.io/n8nio/n8n:${N8N_VERSION}

USER root

# ---- busybox (static) ----
COPY --from=busybox-builder /bin/busybox /bin/busybox
RUN ["/bin/busybox", "--install", "/bin"]

# ---- jq (static) ----
COPY --from=jq-builder /usr/local/bin/jq /usr/bin/jq

# ---- su-exec + required musl runtime pieces ----
COPY --from=tools-builder /sbin/su-exec /sbin/su-exec
# musl loader + libc (needed for dynamically linked su-exec)
COPY --from=tools-builder /lib/ld-musl-aarch64.so.1 /lib/ld-musl-aarch64.so.1
COPY --from=tools-builder /lib/libc.musl-aarch64.so.1 /lib/libc.musl-aarch64.so.1

ENV PATH="/usr/local/bin:/usr/bin:/bin:/sbin:${PATH}"

# ---- claude-code ----
COPY --from=node-builder /usr/local/lib/node_modules /usr/local/lib/node_modules
COPY --from=node-builder /usr/local/bin/claude /usr/local/bin/claude

WORKDIR /data
COPY docker-entrypoint.sh /tmp/docker-entrypoint.sh
RUN chmod +x /tmp/docker-entrypoint.sh

ENTRYPOINT ["/bin/sh", "/tmp/docker-entrypoint.sh"]
EXPOSE 443