Created
July 8, 2024 10:36
-
-
Save ikorchynskyi/4a25e24eefed4bb4924f4c59461ae8e0 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # syntax=docker/dockerfile:1 | |
| ARG GRADLE_VERSION=8.7 | |
| ARG JDK_VERSION=17 | |
| ARG UBUNTU_CODENAME=jammy | |
| ARG SOURCE_DIR=/home/jenkins | |
| ARG UID=1000 | |
| ARG GID=1000 | |
| ARG APP_FAMILY=family | |
| ARG APP_NAME=application | |
| FROM gradle:${GRADLE_VERSION}-jdk${JDK_VERSION}-${UBUNTU_CODENAME} AS builder | |
| SHELL [ "/bin/bash", "-euo", "pipefail", "-c" ] | |
| # Create a custom Java runtime | |
| RUN jlink \ | |
| --verbose \ | |
| --add-modules ALL-MODULE-PATH \ | |
| --strip-debug \ | |
| --no-header-files \ | |
| --no-man-pages \ | |
| --compress=2 \ | |
| --output "/opt/company/openjdk" | |
| ARG SOURCE_DIR | |
| ARG UID | |
| ARG GID | |
| RUN install -d -o "$UID" -g "$GID" "$SOURCE_DIR" | |
| WORKDIR $SOURCE_DIR | |
| USER "$UID:$GID" | |
| ENV GRADLE_OPTS="\ | |
| -Dorg.gradle.caching=true \ | |
| -Dorg.gradle.daemon=false \ | |
| -Dorg.gradle.logging.stacktrace=all \ | |
| -Dorg.gradle.vfs.watch=false \ | |
| -Dorg.gradle.warning.mode=all \ | |
| " | |
| ENV GRADLE_USER_HOME="$SOURCE_DIR/.gradle" | |
| ARG APP_FAMILY | |
| COPY --chown=$UID:$GID *.gradle gradle.* ./ | |
| COPY --chown=$UID:$GID $APP_FAMILY-libs/*.gradle $APP_FAMILY-libs/gradle.* $APP_FAMILY-libs/ | |
| RUN gradle clean resolveDependencies | |
| COPY --chown=$UID:$GID config/ config/ | |
| COPY --chown=$UID:$GID $APP_FAMILY-libs/ $APP_FAMILY-libs/ | |
| COPY --chown=$UID:$GID src/ src/ | |
| RUN gradle classes checkstyleMain testClasses checkstyleTest ":$APP_FAMILY-libs:jar" | |
| ARG DOCKER_TAG | |
| ARG GIT_COMMIT | |
| RUN gradle bootJar | |
| FROM builder AS test | |
| SHELL [ "/bin/bash", "-euo", "pipefail", "-c" ] | |
| ARG SOURCE_DIR | |
| ARG APP_FAMILY | |
| ARG APP_NAME | |
| RUN ln -rsv "build/libs/${APP_FAMILY}-${APP_NAME}.jar" build/veracode.jar | |
| CMD [ "gradle", "test" ] | |
| FROM ubuntu:${UBUNTU_CODENAME} AS runtime | |
| SHELL [ "/bin/bash", "-euo", "pipefail", "-c" ] | |
| RUN apt-get update \ | |
| && apt-get install --yes --no-install-recommends -o Dir::Log=/dev/null -oDpkg::Options::=--log=/dev/null \ | |
| curl \ | |
| tini \ | |
| && apt-get clean \ | |
| && rm -rf /var/lib/apt/lists/* | |
| ENV JAVA_HOME=/opt/java/openjdk | |
| ENV PATH="${JAVA_HOME}/bin:${PATH}" | |
| COPY --link --from=builder "/opt/company/openjdk" $JAVA_HOME | |
| ARG APP_FAMILY | |
| ARG APP_HOME="/home/$APP_FAMILY" | |
| RUN groupadd -g 1000 "$APP_FAMILY" \ | |
| && useradd -lmr -u 1000 -g "$APP_FAMILY" -d "$APP_HOME" -s /bin/bash "$APP_FAMILY" \ | |
| && rm -rf /etc/{group,gshadow,passwd,shadow}- | |
| WORKDIR $APP_HOME | |
| ARG SOURCE_DIR | |
| ARG APP_NAME | |
| COPY --link --from=builder --chown=1000:1000 "$SOURCE_DIR/build/libs/${APP_FAMILY}-${APP_NAME}.jar" "$APP_HOME/app.jar" | |
| USER $APP_FAMILY:$APP_FAMILY | |
| LABEL io.company.app-family=$APP_FAMILY | |
| LABEL io.company.app-name=$APP_NAME | |
| ENTRYPOINT [ "tini", "-g", "--" ] | |
| CMD [ "java", "-jar", "app.jar" ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment