java-on-aws/apps/dockerfiles/Dockerfile.03-custom-jre at cc9472e9452d2c2efcb03503ae809fbfd70a66a7 · aws-samples/java-on-aws · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
FROM public.ecr.aws/docker/library/maven:3-amazoncorretto-25-al2023 AS builder

RUN yum install -y tar gzip unzip

COPY ./pom.xml ./pom.xml
COPY src ./src/

RUN mvn clean package -DskipTests -ntp && \
    mv target/store-spring-1.0.0-exec.jar target/store-spring.jar && \
    cd target && unzip store-spring.jar

# Analyze dependencies to determine required JDK modules
RUN jdeps --ignore-missing-deps \
    --multi-release 25 --print-module-deps \
    --class-path="target/BOOT-INF/lib/*" \
    target/store-spring.jar > jre-deps.info

# Add jdk.crypto.ec for TLS 1.3 support
RUN truncate --size -1 jre-deps.info && \
    echo ",jdk.crypto.ec" >> jre-deps.info && cat jre-deps.info

# Create custom JRE with only required modules
RUN export JAVA_TOOL_OPTIONS="-Djdk.lang.Process.launchMechanism=vfork" && \
    jlink --verbose --compress zip-6 --strip-java-debug-attributes \
    --no-header-files --no-man-pages --output custom-jre \
    --add-modules $(cat jre-deps.info)

FROM public.ecr.aws/docker/library/amazoncorretto:26-al2023

RUN yum install -y shadow-utils

COPY --from=builder target/store-spring.jar store-spring.jar
COPY --from=builder custom-jre custom-jre

RUN groupadd --system spring -g 1000
RUN adduser spring -u 1000 -g 1000

USER 1000:1000
EXPOSE 8080

ENTRYPOINT ["./custom-jre/bin/java", "-jar", "-Dserver.port=8080", "/store-spring.jar"]