FROM hashicorp/terraform:1.14.8 AS tf

FROM alpine:3.20

RUN apk add --no-cache git bash wget

# Copy terraform binary from pinned vulnerable version
COPY --from=tf /bin/terraform /usr/local/bin/terraform

# Simulate a GitHub Actions runner environment
RUN adduser -D runner
USER runner
WORKDIR /home/runner

# Fake AWS credentials at the standard CI path
RUN mkdir -p /home/runner/.aws && \
    printf '[default]\naws_access_key_id = AKIAIOSFODNN7EXAMPLE\naws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY\n' > /home/runner/.aws/credentials

# Fake SSH key at the standard CI path
RUN mkdir -p /home/runner/.ssh && \
    printf '-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAEbm9uZQAAAAAAAABBAAAAMwAAAAtzc2gtZWQyNTUxOQAAACBf\nTGsW7jX5W4VmPGqN9BkI2RbZ3YcHStoXl2KuQdCiYAAAAKjyj8lE8o/JRAAAAA==\n-----END OPENSSH PRIVATE KEY-----\n' > /home/runner/.ssh/id_rsa

RUN mkdir -p /home/runner/project

COPY --chown=runner:runner poc.sh /home/runner/poc.sh
RUN chmod +x /home/runner/poc.sh

CMD ["/home/runner/poc.sh"]