-
Notifications
You must be signed in to change notification settings - Fork 2
/
Dockerfile
86 lines (66 loc) · 2.54 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#### GLOBAL
ARG PROJECT_DIR="/project"
#### COMPILE STAGE
#FROM maven:3.6.3-jdk-11-openj9 as compile
FROM maven:3.8.7-eclipse-temurin-11 as compile
# Args
ARG PROJECT_DIR
# Ensure up to date / patched OS
RUN apt-get -qq update \
&& DEBIAN_FRONTEND=noninteractive apt-get -qq upgrade -y \
&& apt-get -qq clean \
&& rm -rf /tmp/* /var/lib/apt/lists/*
# Create non-root user / group to run
RUN groupadd --gid 1000 java_group \
&& useradd --uid 1000 --gid java_group --shell /bin/bash --create-home java_user \
&& mkdir -p /mvn/repository && chown -R java_user:java_group /mvn \
&& mkdir ${PROJECT_DIR} && chown -R java_user:java_group ${PROJECT_DIR}
# Switch to non-root user and workdir
USER java_user:java_group
WORKDIR ${PROJECT_DIR}
# Copy files
COPY --chown=java_user:java_group src ${PROJECT_DIR}/src/
COPY --chown=java_user:java_group pom.xml ${PROJECT_DIR}
# Package it
RUN mvn --no-transfer-progress clean package
# Extract the jar
RUN mkdir -p target/dependency && (cd target/dependency; jar -xf ../*.jar)
#### BUILD STAGE
#FROM adoptopenjdk:11-jdk-openj9
FROM eclipse-temurin:11
# Build args
ARG ARTIFACT_TITLE=springboot-swagger-jpa-stack
ARG ARTIFACT_VERSION=1.0.0-SNAPSHOT
ARG PROJECT_DIR
# Envs
ENV JVM_ARGS=""
# Ensure up to date / patched OS
RUN apt-get -qq update \
&& DEBIAN_FRONTEND=noninteractive apt-get -qq upgrade -y \
&& apt-get -qq clean \
&& rm -rf /tmp/* /var/lib/apt/lists/*
# Create non-root user / group to run
RUN groupadd --gid 1000 java_group \
&& useradd --uid 1000 --gid java_group --shell /bin/bash --create-home java_user \
&& mkdir /app && chown -R java_user:java_group /app
# Switch to non-root user and workdir
USER java_user:java_group
WORKDIR /app
# Label the image
LABEL org.opencontainers.image.title="${ARTIFACT_TITLE}"
LABEL org.opencontainers.image.version="${ARTIFACT_VERSION}"
# Layering the app instead of using the fat jar
COPY --from=compile ${PROJECT_DIR}/target/dependency/BOOT-INF/lib /app/lib
COPY --from=compile ${PROJECT_DIR}/target/dependency/META-INF /app/META-INF
COPY --from=compile ${PROJECT_DIR}/target/dependency/BOOT-INF/classes /app
# Expose ports
EXPOSE 8080
EXPOSE 8443
# Prepare and set the entry point
RUN echo '#!/bin/sh' > start.sh \
&& echo "exec java \${JVM_ARGS} \${JAVA_TOOL_OPTIONS} -cp /app:/app/lib/* -Djava.security.egd=file:/dev/./urandom \\" >> start.sh \
&& cat /app/META-INF/MANIFEST.MF | grep 'Start-Class: ' | cut -d' ' -f2 | tr -d '\r\n' >> start.sh \
&& echo "" >> start.sh \
&& cat start.sh \
&& chmod +x start.sh
ENTRYPOINT [ "/app/start.sh" ]