# Start with the official Cachix Devenv image (which has Nix and Devenv pre-installed)
FROM ghcr.io/cachix/devenv/devenv:latest

# Switch to root to install system-level packages
USER root

# Install the critical dependencies for Gitea Actions
# - nodejs: Required to run standard actions (like actions/checkout)
# - sudo: Required by many actions to escalate privileges
# - bash & jq: Standard utilities often expected in CI scripts
RUN apt-get update && \
    apt-get install -y nodejs sudo bash jq && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# Allow passwordless sudo for any user in the container.
# CI runners often execute as 'runner' or 'root'. This guarantees neither gets stuck.
RUN echo "ALL ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

# Guarantee the image ships without the Nix sandboxing artifact.
# This prevents the "purity" crash on the very first Nix run.
RUN rm -rf /homeless-shelter

# Set the default shell to bash
CMD ["/bin/bash"]