FROM debian:bookworm-slim

# Install system dependencies
RUN apt-get update && apt-get install -y \
    # Basic utilities
    wget \
    gnupg \
    curl \
    ca-certificates \
    # Xvfb for virtual display
    xvfb \
    # VNC server and noVNC
    x11vnc \
    novnc \
    websockify \
    # Window manager (lightweight)
    openbox \
    # For clicking extension icon automatically
    xdotool \
    # Credential storage (gnome-keyring for password persistence)
    gnome-keyring \
    libsecret-1-0 \
    libsecret-1-dev \
    dbus-x11 \
    # Chrome dependencies
    fonts-liberation \
    libasound2 \
    libatk-bridge2.0-0 \
    libatk1.0-0 \
    libatspi2.0-0 \
    libcups2 \
    libdbus-1-3 \
    libdrm2 \
    libgbm1 \
    libgtk-3-0 \
    libnspr4 \
    libnss3 \
    libwayland-client0 \
    libxcomposite1 \
    libxdamage1 \
    libxfixes3 \
    libxkbcommon0 \
    libxrandr2 \
    xdg-utils \
    libu2f-udev \
    libvulkan1 \
    # Node.js for Playwriter relay server
    nodejs \
    npm \
    && rm -rf /var/lib/apt/lists/*

# Install Google Chrome (better extension support than Chromium)
RUN wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | gpg --dearmor -o /usr/share/keyrings/google-chrome.gpg \
    && echo "deb [arch=amd64 signed-by=/usr/share/keyrings/google-chrome.gpg] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
    && apt-get update \
    && apt-get install -y google-chrome-stable \
    && rm -rf /var/lib/apt/lists/*

# Install Playwriter CLI globally
RUN npm install -g playwriter

# Create directories for Chrome profile and keyrings
RUN mkdir -p /app \
    /root/.config/google-chrome/Default/Extensions \
    /root/.local/share/keyrings \
    /run/dbus \
    && chmod 700 /root/.local/share/keyrings

WORKDIR /app

# Copy startup scripts
COPY start.sh /app/start.sh
COPY auto-activate.sh /app/auto-activate.sh
RUN chmod +x /app/start.sh /app/auto-activate.sh

# Run as root (required for dbus/keyring; Chrome uses --no-sandbox in containers)
USER root

# Environment variables
ENV DISPLAY=:99
ENV HOME=/root
ENV GNOME_KEYRING_CONTROL=/tmp/keyring

# Expose ports
# 5900 - VNC
# 6080 - noVNC web interface
# 19988 - Playwriter WebSocket relay
EXPOSE 5900 6080 19988

# Health check - verify Chrome and relay are running
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
    CMD pgrep -x chrome > /dev/null && curl -s http://localhost:19988 || exit 1

CMD ["/app/start.sh"]
