# Example .safeclaude/Dockerfile for a Ruby + Postgres app.
#
# Everything here runs once when the container is built (and is cached), so it
# won't slow down launches. You're root during the build, so apt just works.
FROM safeclaude-base:latest

# System packages: what's needed to build Ruby, talk to Postgres, proxy the
# database (socat), run browser tests (headless Chrome), and unpack the Node
# download below (xz-utils).
RUN apt-get update && apt-get install -y --no-install-recommends \
      build-essential \
      libssl-dev libreadline-dev zlib1g-dev libffi-dev libyaml-dev \
      libpq-dev \
      socat \
      chromium chromium-driver \
      xz-utils

# Capybara/Selenium look for Chrome at these paths.
ENV CHROME_BIN=/usr/bin/chromium
ENV CHROMEDRIVER=/usr/bin/chromedriver

# --- Ruby (one pinned version) ---
# A project only ever needs one Ruby, so we install it straight into /usr/local
# instead of running a version manager. ruby-build (the tool rbenv uses under the
# hood) does the download + compile. To change versions, bump RUBY_VERSION and
# rebuild with `safeclaude build`.
ARG RUBY_VERSION=3.3.6
RUN git clone --depth 1 https://github.com/rbenv/ruby-build.git /tmp/ruby-build && \
    PREFIX=/usr/local /tmp/ruby-build/install.sh && \
    rm -rf /tmp/ruby-build && \
    ruby-build "$RUBY_VERSION" /usr/local && \
    gem install bundler --no-document

# Gems install into the project's cache folder (which lives on the host), so they
# persist between runs and survive container/volume resets. The bundle hook
# relies on this too. BUNDLE_PATH is set here so both the hook and your app see it.
ENV BUNDLE_PATH=/code/.safeclaude/cache/bundle

# --- Node (one pinned version) ---
# Same idea: download one Node and unpack it into /usr/local. Bump NODE_VERSION
# and rebuild to change it.
ARG NODE_VERSION=22.11.0
RUN arch="$(uname -m)" && \
    case "$arch" in \
      x86_64) narch=x64 ;; \
      aarch64) narch=arm64 ;; \
      *) echo "unsupported arch: $arch" >&2; exit 1 ;; \
    esac && \
    curl -fsSL "https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-${narch}.tar.xz" \
      | tar -xJ -C /usr/local --strip-components=1