|
| 1 | +# syntax=docker/dockerfile:1 |
| 2 | + |
| 3 | +# Comments are provided throughout this file to help you get started. |
| 4 | +# If you need more help, visit the Dockerfile reference guide at |
| 5 | +# https://docs.docker.com/go/dockerfile-reference/ |
| 6 | + |
| 7 | +# Want to help us make this template better? Share your feedback here: https://forms.gle/ybq9Krt8jtBL3iCk7 |
| 8 | + |
| 9 | +################################################################################ |
| 10 | + |
| 11 | +# Create a stage for resolving and downloading dependencies. |
| 12 | +FROM eclipse-temurin:21-jdk-jammy as deps |
| 13 | + |
| 14 | +WORKDIR /build |
| 15 | + |
| 16 | +# Copy the mvnw wrapper with executable permissions. |
| 17 | +COPY --chmod=0755 mvnw mvnw |
| 18 | +COPY .mvn/ .mvn/ |
| 19 | + |
| 20 | +# Download dependencies as a separate step to take advantage of Docker's caching. |
| 21 | +# Leverage a cache mount to /root/.m2 so that subsequent builds don't have to |
| 22 | +# re-download packages. |
| 23 | +RUN --mount=type=bind,source=pom.xml,target=pom.xml \ |
| 24 | + --mount=type=cache,target=/root/.m2 ./mvnw dependency:go-offline -DskipTests |
| 25 | + |
| 26 | +################################################################################ |
| 27 | + |
| 28 | +# Create a stage for building the application based on the stage with downloaded dependencies. |
| 29 | +# This Dockerfile is optimized for Java applications that output an uber jar, which includes |
| 30 | +# all the dependencies needed to run your app inside a JVM. If your app doesn't output an uber |
| 31 | +# jar and instead relies on an application server like Apache Tomcat, you'll need to update this |
| 32 | +# stage with the correct filename of your package and update the base image of the "final" stage |
| 33 | +# use the relevant app server, e.g., using tomcat (https://hub.docker.com/_/tomcat/) as a base image. |
| 34 | +FROM deps as package |
| 35 | + |
| 36 | +WORKDIR /build |
| 37 | + |
| 38 | +COPY ./src src/ |
| 39 | +RUN --mount=type=bind,source=pom.xml,target=pom.xml \ |
| 40 | + --mount=type=cache,target=/root/.m2 \ |
| 41 | + ./mvnw package -DskipTests && \ |
| 42 | + mv target/$(./mvnw help:evaluate -Dexpression=project.artifactId -q -DforceStdout)-$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout).jar target/app.jar |
| 43 | + |
| 44 | + |
| 45 | +################################################################################ |
| 46 | + |
| 47 | +# Create a new stage for running the application that contains the minimal |
| 48 | +# runtime dependencies for the application. This often uses a different base |
| 49 | +# image from the install or build stage where the necessary files are copied |
| 50 | +# from the install stage. |
| 51 | +# |
| 52 | +# The example below uses eclipse-turmin's JRE image as the foundation for running the app. |
| 53 | +# By specifying the "21-jre-jammy" tag, it will also use whatever happens to be the |
| 54 | +# most recent version of that tag when you build your Dockerfile. |
| 55 | +# If reproducibility is important, consider using a specific digest SHA, like |
| 56 | +# eclipse-temurin@sha256:99cede493dfd88720b610eb8077c8688d3cca50003d76d1d539b0efc8cca72b4. |
| 57 | +FROM eclipse-temurin:21-jre-jammy AS final |
| 58 | + |
| 59 | +# Create a non-privileged user that the app will run under. |
| 60 | +# See https://docs.docker.com/go/dockerfile-user-best-practices/ |
| 61 | +ARG UID=10001 |
| 62 | +RUN adduser \ |
| 63 | + --disabled-password \ |
| 64 | + --gecos "" \ |
| 65 | + --home "/nonexistent" \ |
| 66 | + --shell "/sbin/nologin" \ |
| 67 | + --no-create-home \ |
| 68 | + --uid "${UID}" \ |
| 69 | + appuser |
| 70 | +USER appuser |
| 71 | + |
| 72 | +# Copy the executable from the "package" stage. |
| 73 | +COPY --from=package build/target/app.jar app.jar |
| 74 | + |
| 75 | +EXPOSE 8080 |
| 76 | + |
| 77 | +ENTRYPOINT [ "java", "-jar", "app.jar" ] |
0 commit comments