FROM alpine:3.23 AS builder
LABEL maintainer="tabledevil"
RUN apk add --no-cache rust cargo python3 py3-pip alpine-sdk git bash
ENV PATH=/root/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

# Always grab the current Zircolite master + rules at build time.
RUN git clone --depth=1 https://github.com/wagga40/Zircolite /opt/zircolite

ENV PYTHONDONTWRITEBYTECODE=1
ADD pip.conf /etc/pip.conf

# Use a venv: PEP 668 on modern Alpine blocks system-pip.
RUN python3 -m venv /opt/zircolite/venv \
 && /opt/zircolite/venv/bin/pip install -r /opt/zircolite/requirements.txt

WORKDIR /data
RUN mkdir /output && touch /output/notmounted

# Refresh sigma rules to latest at build time.
RUN /opt/zircolite/venv/bin/python /opt/zircolite/zircolite.py -U --rules /opt/zircolite/rules/

ADD start.sh /root/start.sh
RUN chmod +x /root/start.sh

FROM alpine:3.23
RUN apk add --no-cache python3 bash
COPY --from=builder /opt/zircolite /opt/zircolite
COPY --from=builder /root/start.sh /root/start.sh
RUN mkdir -p /output && touch /output/notmounted
WORKDIR /data
CMD ["/bin/bash","/root/start.sh"]