# Clean PostgreSQL Build from Official Debian Sources
# Built to avoid compromised Docker Hub images

FROM debian:bookworm-slim

# PostgreSQL version
ENV PG_MAJOR=16
ENV PGDATA=/var/lib/postgresql/data

# Install dependencies and PostgreSQL from official apt repository
RUN set -ex; \
    apt-get update; \
    apt-get install -y --no-install-recommends \
        ca-certificates \
        wget \
        gnupg \
        lsb-release \
        locales; \
    \
    # Add PostgreSQL official repository (new GPG method)
    mkdir -p /usr/share/postgresql-common/pgdg; \
    wget --quiet -O /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc https://www.postgresql.org/media/keys/ACCC4CF8.asc; \
    echo "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] http://apt.postgresql.org/pub/repos/apt bookworm-pgdg main" > /etc/apt/sources.list.d/pgdg.list; \
    \
    apt-get update; \
    apt-get install -y --no-install-recommends \
        postgresql-$PG_MAJOR \
        postgresql-contrib-$PG_MAJOR; \
    \
    # Cleanup
    apt-get purge -y --auto-remove wget gnupg lsb-release; \
    rm -rf /var/lib/apt/lists/*; \
    \
    # Configure locales
    localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8

ENV LANG=en_US.utf8

# Create postgres user and data directory
RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 700 "$PGDATA"

# Add volume for persistence
VOLUME /var/lib/postgresql/data

# Copy custom entrypoint (modified from official but verified)
COPY docker-entrypoint.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/docker-entrypoint.sh && \
    ln -s usr/local/bin/docker-entrypoint.sh /

USER postgres

EXPOSE 5432

ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["postgres"]