# Use a minimal, secure base image
FROM alpine:latest

# Install only the tools we need: SOPS and GnuPG
RUN apk add --no-cache sops gnupg

# Create the .gnupg directory with correct permissions first
RUN mkdir -m 700 /root/.gnupg

# Copy our GPG agent config file into the image
COPY gpg.conf /root/.gnupg/gpg.conf

# Set a working directory
WORKDIR /app

# Copy our decryption script into the container and make it executable
COPY entrypoint.sh .
RUN chmod +x ./entrypoint.sh

# Set the script as the entrypoint
ENTRYPOINT ["./entrypoint.sh"]