From 850d28a0f489bbb5a7efe5eda3ef00e4f4fae4e3 Mon Sep 17 00:00:00 2001 From: Martho Evan Date: Fri, 17 Apr 2026 11:50:46 +0200 Subject: [PATCH 1/4] feat(docker_launch_app): add dockerfile for start the app --- Dockerfile | 37 +++++++++++++++++++++++++ README.md | 67 ++++++++++++++++++++++++++++++++++++++++++++++ docker-compose.yml | 24 +++++++++++++++++ 3 files changed, 128 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..4110a02 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,37 @@ +# ---- Stage 1: Build ---- +# Uses the full JDK image to compile the application with Maven +FROM eclipse-temurin:25-jdk AS build +WORKDIR /app + +# Copy Maven wrapper and pom.xml first to leverage Docker layer caching +# Dependencies are downloaded only when pom.xml changes +COPY mvnw pom.xml ./ +COPY .mvn .mvn +RUN chmod +x mvnw && ./mvnw dependency:go-offline -B + +# Copy source code and build the JAR (tests are skipped as they run in CI) +COPY src src +RUN ./mvnw package -DskipTests -B + +# ---- Stage 2: Run ---- +# Uses a lightweight JRE-only image for a smaller and more secure final image +FROM eclipse-temurin:25-jre +WORKDIR /app + +# Create a non-root user and group for running the application securely +RUN groupadd --system appgroup && useradd --system --gid appgroup appuser + +# Copy the built JAR from the build stage (explicit name to avoid matching multiple artifacts) +COPY --from=build /app/target/spring_boot_java_random_user-0.0.1-SNAPSHOT.jar app.jar + +# Ensure the non-root user owns the application files +RUN chown -R appuser:appgroup /app + +# Switch to the non-root user +USER appuser + +# Document the port the application listens on +EXPOSE 8080 + +# Start the Spring Boot application +ENTRYPOINT ["java", "-jar", "app.jar"] diff --git a/README.md b/README.md index 96e6545..33edfc4 100644 --- a/README.md +++ b/README.md @@ -47,6 +47,68 @@ docker-compose up -d --- +## 🐳 Docker + +### Architecture + +L'application peut Γͺtre entiΓ¨rement conteneurisΓ©e via un **Dockerfile multi-stage** et **Docker Compose**. + +``` +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ xpeho_network (bridge) ───────────────────┐ +β”‚ β”‚ +β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” jdbc:postgresql:// β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ +β”‚ β”‚ app β”‚ ──────── postgres:5432 ────────▢ β”‚ postgres β”‚ β”‚ +β”‚ β”‚ :8080 β”‚ (nom du service) β”‚ :5432 β”‚ β”‚ +β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ +β”‚ β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +``` + +| Service | Image / Build | RΓ΄le | Port exposΓ© | +|------------|------------------------------|----------------------------|---------------------------| +| `postgres` | `postgres:17-alpine` | Base de donnΓ©es PostgreSQL | `${POSTGRES_PORT}` β†’ 5432 | +| `app` | Build depuis `Dockerfile` | Application Spring Boot | 8080 β†’ 8080 | + +### Dockerfile β€” Build multi-stage + +Le Dockerfile utilise deux Γ©tapes pour produire une image finale lΓ©gΓ¨re et sΓ©curisΓ©e : + +| Stage | Image | RΓ΄le | +|-------|-------|------| +| **Build** | `eclipse-temurin:25-jdk` | Compile le JAR avec Maven (JDK complet) | +| **Run** | `eclipse-temurin:25-jre` | ExΓ©cute l'application (JRE allΓ©gΓ©, utilisateur non-root) | + +> **Pourquoi Eclipse Temurin ?** Distribution OpenJDK de rΓ©fΓ©rence : gratuite, open-source, maintenue par la fondation Eclipse (Adoptium). + +> **SΓ©curitΓ© :** L'image finale tourne avec un utilisateur non-root (`appuser`), sans code source ni outils de build. + +### Compose Profiles + +Le service `app` est derriΓ¨re un **profil Compose** pour ne pas interfΓ©rer avec le workflow dev/CI : + +```bash +# DΓ©marrer uniquement PostgreSQL (dev, tests, CI) +docker compose up -d + +# DΓ©marrer PostgreSQL + Application (dΓ©ploiement complet) +docker compose --profile app up -d --build +``` + +### Commandes utiles + +```bash +# Voir les logs de l'application +docker compose logs -f app + +# ArrΓͺter et supprimer les conteneurs +docker compose down + +# ArrΓͺter et supprimer les conteneurs + volumes (reset DB) +docker compose down -v +``` + +--- + ## βš™οΈ Configuration ### Environment Variables (.env) @@ -56,6 +118,11 @@ POSTGRES_USER=your_user POSTGRES_PASSWORD=your_password POSTGRES_DB=your_database POSTGRES_PORT=5432 + +# Liquibase (optionnel, valeurs par dΓ©faut fournies) +LB_CHANGELOG=db/changelog/db.changelog-master.yaml +LB_SCHEMA=public +SPRING_LIQUIBASE_ENABLED=true ``` ### External API Configuration diff --git a/docker-compose.yml b/docker-compose.yml index 93fac5a..efe7983 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -18,6 +18,30 @@ services: networks: - xpeho_network + app: + profiles: + - app + build: + context: . + dockerfile: Dockerfile + container_name: xpeho_app + environment: + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + POSTGRES_DB: ${POSTGRES_DB} + POSTGRES_PORT: 5432 + SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/${POSTGRES_DB} + SPRING_LIQUIBASE_ENABLED: ${SPRING_LIQUIBASE_ENABLED:-true} + LB_CHANGELOG: ${LB_CHANGELOG:-db/changelog/db.changelog-master.yaml} + LB_SCHEMA: ${LB_SCHEMA:-public} + ports: + - "8080:8080" + depends_on: + postgres: + condition: service_healthy + networks: + - xpeho_network + volumes: postgres_data: driver: local From 743eb13858c4f1c1b1c8c3f8f36b3ee401027254 Mon Sep 17 00:00:00 2001 From: Martho Evan Date: Mon, 20 Apr 2026 15:35:35 +0200 Subject: [PATCH 2/4] Update Dockerfile Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4110a02..25049b9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,8 +21,8 @@ WORKDIR /app # Create a non-root user and group for running the application securely RUN groupadd --system appgroup && useradd --system --gid appgroup appuser -# Copy the built JAR from the build stage (explicit name to avoid matching multiple artifacts) -COPY --from=build /app/target/spring_boot_java_random_user-0.0.1-SNAPSHOT.jar app.jar +# Copy the built JAR from the build stage using a stable pattern so version changes do not break the image build +COPY --from=build /app/target/*.jar app.jar # Ensure the non-root user owns the application files RUN chown -R appuser:appgroup /app From 4df34c6059dcc01874aae75cb64331ad8fdf0c79 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 20 Apr 2026 13:37:12 +0000 Subject: [PATCH 3/4] docs: translate README Docker section from French to English Agent-Logs-Url: https://github.com/XPEHO/spring_boot_java_random_user/sessions/aeb0a3ca-f19e-4a14-8249-f59f74e929c9 Co-authored-by: MayuriXx <26456981+MayuriXx@users.noreply.github.com> --- README.md | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 33edfc4..05189a7 100644 --- a/README.md +++ b/README.md @@ -51,59 +51,59 @@ docker-compose up -d ### Architecture -L'application peut Γͺtre entiΓ¨rement conteneurisΓ©e via un **Dockerfile multi-stage** et **Docker Compose**. +The application can be fully containerized using a **multi-stage Dockerfile** and **Docker Compose**. ``` β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ xpeho_network (bridge) ───────────────────┐ β”‚ β”‚ β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” jdbc:postgresql:// β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ β”‚ β”‚ app β”‚ ──────── postgres:5432 ────────▢ β”‚ postgres β”‚ β”‚ -β”‚ β”‚ :8080 β”‚ (nom du service) β”‚ :5432 β”‚ β”‚ +β”‚ β”‚ :8080 β”‚ (service name) β”‚ :5432 β”‚ β”‚ β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β”‚ β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ ``` -| Service | Image / Build | RΓ΄le | Port exposΓ© | +| Service | Image / Build | Role | Exposed Port | |------------|------------------------------|----------------------------|---------------------------| -| `postgres` | `postgres:17-alpine` | Base de donnΓ©es PostgreSQL | `${POSTGRES_PORT}` β†’ 5432 | -| `app` | Build depuis `Dockerfile` | Application Spring Boot | 8080 β†’ 8080 | +| `postgres` | `postgres:17-alpine` | PostgreSQL database | `${POSTGRES_PORT}` β†’ 5432 | +| `app` | Built from `Dockerfile` | Spring Boot application | 8080 β†’ 8080 | -### Dockerfile β€” Build multi-stage +### Dockerfile β€” Multi-stage Build -Le Dockerfile utilise deux Γ©tapes pour produire une image finale lΓ©gΓ¨re et sΓ©curisΓ©e : +The Dockerfile uses two stages to produce a lightweight, secure final image: -| Stage | Image | RΓ΄le | +| Stage | Image | Role | |-------|-------|------| -| **Build** | `eclipse-temurin:25-jdk` | Compile le JAR avec Maven (JDK complet) | -| **Run** | `eclipse-temurin:25-jre` | ExΓ©cute l'application (JRE allΓ©gΓ©, utilisateur non-root) | +| **Build** | `eclipse-temurin:25-jdk` | Compiles the JAR with Maven (full JDK) | +| **Run** | `eclipse-temurin:25-jre` | Runs the application (lightweight JRE, non-root user) | -> **Pourquoi Eclipse Temurin ?** Distribution OpenJDK de rΓ©fΓ©rence : gratuite, open-source, maintenue par la fondation Eclipse (Adoptium). +> **Why Eclipse Temurin?** Reference OpenJDK distribution: free, open-source, maintained by the Eclipse Foundation (Adoptium). -> **SΓ©curitΓ© :** L'image finale tourne avec un utilisateur non-root (`appuser`), sans code source ni outils de build. +> **Security:** The final image runs as a non-root user (`appuser`), without source code or build tools. ### Compose Profiles -Le service `app` est derriΓ¨re un **profil Compose** pour ne pas interfΓ©rer avec le workflow dev/CI : +The `app` service is behind a **Compose profile** to avoid interfering with the dev/CI workflow: ```bash -# DΓ©marrer uniquement PostgreSQL (dev, tests, CI) +# Start PostgreSQL only (dev, tests, CI) docker compose up -d -# DΓ©marrer PostgreSQL + Application (dΓ©ploiement complet) +# Start PostgreSQL + Application (full deployment) docker compose --profile app up -d --build ``` -### Commandes utiles +### Useful Commands ```bash -# Voir les logs de l'application +# View application logs docker compose logs -f app -# ArrΓͺter et supprimer les conteneurs +# Stop and remove containers docker compose down -# ArrΓͺter et supprimer les conteneurs + volumes (reset DB) +# Stop and remove containers + volumes (reset DB) docker compose down -v ``` @@ -119,7 +119,7 @@ POSTGRES_PASSWORD=your_password POSTGRES_DB=your_database POSTGRES_PORT=5432 -# Liquibase (optionnel, valeurs par dΓ©faut fournies) +# Liquibase (optional, defaults provided) LB_CHANGELOG=db/changelog/db.changelog-master.yaml LB_SCHEMA=public SPRING_LIQUIBASE_ENABLED=true From bf8b696c22908d5a6dbd2da056f650ca80600536 Mon Sep 17 00:00:00 2001 From: Martho Evan Date: Mon, 20 Apr 2026 15:40:44 +0200 Subject: [PATCH 4/4] Update README.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 05189a7..63aa953 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,7 @@ docker-compose up -d The application can be fully containerized using a **multi-stage Dockerfile** and **Docker Compose**. +The `app` container connects to the `postgres` container over the `xpeho_network` bridge network using the PostgreSQL service name as the hostname. ``` β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ xpeho_network (bridge) ───────────────────┐ β”‚ β”‚