-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
90 lines (71 loc) · 3.63 KB
/
Dockerfile
File metadata and controls
90 lines (71 loc) · 3.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# syntax=docker/dockerfile:1
#==============================================================================
# STAGE 1: BUILD STAGE
# Build the application using Maven in an Alpine-based container
#==============================================================================
FROM maven:3.9.5-eclipse-temurin-17 AS builder
ARG BUILD_HOME=/home/app
ARG BUILD_PROFILE=postgres
# instance configuration: JKU, MUG, TUG
ARG INSTANCE_NAME
# Optional: override DAMAP base version
ARG DAMAP_BASE_VERSION
# build directories with proper permissions for non-root user
RUN mkdir $BUILD_HOME && \
mkdir -p $BUILD_HOME/.m2/repository && \
mkdir -p $BUILD_HOME/instances/${INSTANCE_NAME} && \
chown -R 1000:0 $BUILD_HOME
# Copy parent POM to correct location (../../pom.xml from instances/INSTANCE/pom.xml)
COPY pom.xml $BUILD_HOME/pom.xml
# copies from instances/${INSTANCE_NAME}/ directory
COPY instances/${INSTANCE_NAME}/src $BUILD_HOME/instances/${INSTANCE_NAME}/src
COPY instances/${INSTANCE_NAME}/pom.xml $BUILD_HOME/instances/${INSTANCE_NAME}/
# Fix ownership after copying
RUN chown -R 1000:0 $BUILD_HOME
# Switch to non-root user for security
USER 1000
WORKDIR $BUILD_HOME/instances/${INSTANCE_NAME}
# Maven repository volume for caching dependencies
VOLUME ["/home/app/.m2/repository"]
# build the application
RUN if [ -n "$DAMAP_BASE_VERSION" ]; then \
mvn -Duser.home=$BUILD_HOME -B package -DskipTests -Dquarkus.profile=${BUILD_PROFILE} -Ddamap.base.version=$DAMAP_BASE_VERSION; \
else \
mvn -Duser.home=$BUILD_HOME -B package -DskipTests -Dquarkus.profile=${BUILD_PROFILE}; \
fi
#==============================================================================
# STAGE 2: RUNTIME STAGE
# Create a lightweight container with only the required dependencies to run the app
#==============================================================================
FROM rockylinux:8.5 AS runner
ARG JAVA_PACKAGE=java-17-openjdk-headless
ARG RUN_JAVA_VERSION=1.3.8
ARG BUILD_HOME=/home/app
ARG INSTANCE_NAME
ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'
# install runtime dependencies and set up deployment directory
RUN dnf install -y openssl tzdata-java curl ca-certificates ${JAVA_PACKAGE} && \
dnf clean all -y && \
# Create deployment directory with proper permissions
mkdir /deployments && \
chown 1001 /deployments && \
chmod "g+rwX" /deployments && \
chown 1001:root /deployments && \
# Download and install run-java script for optimized JVM startup
curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh && \
chown 1001 /deployments/run-java.sh && \
chmod 540 /deployments/run-java.sh && \
# Optimize JVM random number generation for faster startup
echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/lib/security/java.security
# configure JVM options for Quarkus application
ENV JAVA_OPTIONS="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager -Duser.home=/deployments"
# copy compiled application from builder stage
COPY --from=builder $BUILD_HOME/instances/${INSTANCE_NAME}/target/quarkus-app/lib/ /deployments/lib/
COPY --from=builder $BUILD_HOME/instances/${INSTANCE_NAME}/target/quarkus-app/*.jar /deployments/
COPY --from=builder $BUILD_HOME/instances/${INSTANCE_NAME}/target/quarkus-app/app/ /deployments/app/
COPY --from=builder $BUILD_HOME/instances/${INSTANCE_NAME}/target/quarkus-app/quarkus/ /deployments/quarkus/
# expose application port
EXPOSE 8080
# user 1001 is standard for OpenShift and Kubernetes environments
USER 1001
ENTRYPOINT [ "/deployments/run-java.sh" ]