-
Notifications
You must be signed in to change notification settings - Fork 64
Expand file tree
/
Copy pathDockerfile
More file actions
77 lines (66 loc) · 3.27 KB
/
Dockerfile
File metadata and controls
77 lines (66 loc) · 3.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# -----------------------------
# Builder stage
# -----------------------------
# Uses the official Maven image with Eclipse Temurin Java 21 on Alpine.
# This stage is only used to compile/package the application.
# Maven and build tools stay in this stage and are not included in the final runtime image.
FROM maven:3.9.15-eclipse-temurin-21-alpine AS builder
# Set the application source directory inside the container.
WORKDIR /usr/src/app
# Copy custom Maven settings.
# This is useful if the build depends on internal repositories, mirrors, credentials, or proxy config.
COPY settings-docker.xml /usr/share/maven/ref/settings-docker.xml
# Copy only the source files/modules needed for the Maven build.
# Keeping this explicit avoids copying unnecessary files into the build context.
COPY pom.xml /usr/src/app/
COPY commons/ /usr/src/app/commons/
COPY test-commons/ /usr/src/app/test-commons/
COPY converter/ /usr/src/app/converter/
COPY commandline/ /usr/src/app/commandline/
COPY rest-api/ /usr/src/app/rest-api/
COPY generate/ /usr/src/app/generate/
COPY test-coverage/ /usr/src/app/test-coverage/
COPY tools/docker/docker-artifacts/ /usr/src/app/tools/docker/docker-artifacts/
# Build the application.
# -B runs Maven in batch mode for CI/CD.
# -ntp disables Maven transfer progress logs.
# -s uses the custom Maven settings file copied above.
# Tests, JaCoCo, and generate steps are skipped because this Docker build only packages the runtime artifact.
RUN mvn -B -ntp \
-s /usr/share/maven/ref/settings-docker.xml \
clean install \
-Dmaven.test.skip=true \
-Djacoco.skip=true \
-Dskip.generate=true > /dev/null
# -----------------------------
# Final runtime stage
# -----------------------------
# Uses a pinned Alpine-based Java 21 JRE image.
# This avoids the Ubuntu-based OS package vulnerabilities reported by Snyk
# while keeping the runtime image smaller and more reproducible.
FROM eclipse-temurin:21.0.10_7-jre-alpine-3.23
# Set the directory where the application will run.
WORKDIR /usr/src/run/
# Copy only the runtime artifacts from the builder stage.
# This keeps Maven, source code, and build dependencies out of the final image.
COPY --from=builder /usr/src/app/tools/docker/docker-artifacts /usr/src/run/
COPY --from=builder /usr/src/app/rest-api/target/rest-api.jar /usr/src/run/rest-api.jar
# Prepare the startup script for the Alpine runtime.
# 1. Remove Windows CRLF line endings if present.
# 2. Replace a bash shebang with sh because Alpine includes /bin/sh by default,
# but does not include /bin/bash unless bash is installed separately.
# 3. Make the script executable.
# 4. Validate that the required runtime files exist during image build.
#
# We intentionally do not run "apk upgrade" here.
# The runtime image is pinned, so OS package versions come from the selected base image.
# This keeps builds more reproducible and avoids transient failures from Alpine package repos.
RUN sed -i 's/\r$//' /usr/src/run/qppConverter.sh \
&& sed -i '1s|^#!/bin/bash|#!/bin/sh|' /usr/src/run/qppConverter.sh \
&& chmod +x /usr/src/run/qppConverter.sh \
&& test -f /usr/src/run/rest-api.jar \
&& test -f /usr/src/run/qppConverter.sh
# Application listens on 8443.
EXPOSE 8443
# Start the application using the existing startup script.
CMD ["/usr/src/run/qppConverter.sh"]