FROM oryd/oathkeeper:v0.40.9

USER root

# Install envsubst (gettext) and su-exec
RUN apk add --no-cache gettext su-exec

# Copy config as templates (JWKS mounted at runtime via docker-compose)
COPY config/oathkeeper.yml /etc/oathkeeper/oathkeeper.yml.template
COPY config/rules/ /etc/oathkeeper/rules.template/

# Copy entrypoint
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

ENTRYPOINT ["/entrypoint.sh"]
CMD ["serve", "--config", "/etc/oathkeeper/oathkeeper.yml"]