# KollectAI CI - SonarQube Runner Image
#
# Extends ci/java-builder with the standalone sonar-scanner CLI baked
# in. Used by KollectAI-ETL's sonar.yml workflow so the scan job goes
# straight from `mvn compile` to `sonar-scanner` with no runtime
# install or cache restore.
#
# Single-purpose image — sonar-scanner is only used by this one
# workflow, so we don't bake it into the shared java-builder.
#
# Build:
#   docker build -t kcr.kollect.biz/kollect-tools/ci/sonar-runner:latest ci/sonar-runner/
#
# Build prerequisite: java-builder:latest must exist in the registry
# (this image FROMs it). Run `build-and-push.ps1 -Image ci/java-builder`
# before this one if java-builder has changed.
#
# Usage in CI:
#   container:
#     image: kcr.kollect.biz/kollect-tools/ci/sonar-runner:latest

ARG REGISTRY=kcr.kollect.biz
ARG JAVA_BUILDER_TAG=latest
FROM ${REGISTRY}/kollect-tools/ci/java-builder:${JAVA_BUILDER_TAG}

# Sonar-scanner version. Bump in lockstep with KollectAI-ETL's
# .gitea/workflows/sonar.yml SONAR_SCANNER_VERSION env.
ARG SONAR_SCANNER_VERSION=8.1.0.6389

# ─────────────────────────────────────────────────────────────────────
# sonar-scanner CLI
#
# Installed under /opt/sonar-scanner with its bin/ on PATH so workflows
# can call `sonar-scanner` directly. The standalone CLI bundles its own
# JRE and analyser binaries — Java 25 from java-builder is only used
# when sonar-scanner shells out to javac for project compilation.
# ─────────────────────────────────────────────────────────────────────
RUN curl -fsSL "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux-x64.zip" \
        -o /tmp/sonar-scanner.zip \
    && unzip -q /tmp/sonar-scanner.zip -d /opt \
    && mv "/opt/sonar-scanner-${SONAR_SCANNER_VERSION}-linux-x64" /opt/sonar-scanner \
    && rm /tmp/sonar-scanner.zip

ENV PATH="/opt/sonar-scanner/bin:${PATH}"

# Verify installation (also re-runs java-builder's verify chain to fail
# fast if the parent image broke).
RUN java -version \
    && mvn -version \
    && sonar-scanner --version
