-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathStandalone.Dockerfile
More file actions
109 lines (80 loc) · 3.36 KB
/
Standalone.Dockerfile
File metadata and controls
109 lines (80 loc) · 3.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# syntax=docker/dockerfile:1-labs
ARG JAVA_VERSION=25
FROM eclipse-temurin:${JAVA_VERSION}-jre-alpine AS jre-base
# Force upgrade to get rid of CVEs
# See also https://stackoverflow.com/a/76440791
FROM alpine:3 AS alpine-upgraded
RUN apk upgrade --no-cache
# Build the JRE ourself and exclude stuff from Eclipse-Temurin that we don't need
#
# Derived from https://github.com/adoptium/containers/blob/91ea190c462741d2c64ed2f8f0a0efdb3e77c49d/21/jre/alpine/3.21/Dockerfile
FROM scratch AS jre-minimized
COPY --from=alpine-upgraded / /
CMD ["/bin/sh"]
ENV JAVA_HOME=/opt/java/openjdk
ENV PATH=$JAVA_HOME/bin:$PATH
ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
RUN set -eux; \
# DO NOT INSTALL:
# gunpg - only required to verify download of jre from eclipse-temurin
# fontconfig ttf-dejavu - No fonts are needed as nothing is rendered/using AWT
apk add --no-cache \
ca-certificates p11-kit-trust coreutils openssl \
musl-locales musl-locales-lang \
tzdata
COPY --from=jre-base /opt/java/openjdk /opt/java/openjdk
RUN set -eux; \
echo "Verifying install ..."; \
echo "java --version"; java --version; \
echo "Complete."
# Renamed as cacerts functionality is disabled
COPY --from=jre-base /__cacert_entrypoint.sh /entrypoint.sh
RUN chmod 775 /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
FROM eclipse-temurin:${JAVA_VERSION}-jdk-alpine AS builder
RUN apk add --no-cache bash
WORKDIR /builder
# Copy & Cache wrapper
COPY --parents mvnw .mvn/** ./
RUN ./mvnw --version
# Copy & Cache poms/dependencies
COPY --parents **/pom.xml ./
# Resolve jars so that they can be cached and don't need to be downloaded when a Java file changes
ARG MAVEN_GO_OFFLINE_COMMAND='./mvnw -B dependency:go-offline -pl server -am -DincludeScope=runtime -T2C'
RUN echo "Executing '$MAVEN_GO_OFFLINE_COMMAND'"
RUN ${MAVEN_GO_OFFLINE_COMMAND}
# Copying all other files
COPY . ./
# Run the actual build
ARG MAVEN_BUILD_COMMAND='./mvnw -B package -pl "server" -am -T2C -Dmaven.test.skip'
RUN echo "Executing '$MAVEN_BUILD_COMMAND'"
RUN ${MAVEN_BUILD_COMMAND}
FROM jre-minimized
ARG user=app
ARG group=app
ARG uid=1000
ARG gid=1000
ARG APP_DIR=/opt/app
# Create user + group + home
RUN mkdir -p ${APP_DIR} \
&& chown ${uid}:${gid} ${APP_DIR} \
&& addgroup -g ${gid} ${group} \
&& adduser -h "$APP_DIR" -u ${uid} -G ${group} -s /bin/sh -D ${user}
WORKDIR ${APP_DIR}
USER ${user}
COPY --from=builder --chown=${user}:${group} builder/server/target/server-standalone.jar ${APP_DIR}/app.jar
# AOT
RUN java \
-XX:+UseCompactObjectHeaders \
-XX:AOTCacheOutput=app.aot \
-Dexit-immediately-after-start=1 \
-jar app.jar \
-serverPort 1080
# MaxRAMPercentage: Default value is 25% -> we want to use available memory optimal -> increased, but enough is left for other RAM usages like e.g. Metaspace
# Min/MaxHeapFreeRatio: Default values cause container reserved memory not to shrink properly/waste memory -> decreased
# https://stackoverflow.com/questions/16058250/what-is-the-purpose-of-xxminheapfreeratio-and-xxmaxheapfreeratio
# UseCompactObjectHeaders: https://openjdk.org/jeps/519
ENV JAVA_OPTS="-XX:MaxRAMPercentage=75 -XX:MinHeapFreeRatio=30 -XX:MaxHeapFreeRatio=50 -XX:+UseCompactObjectHeaders -Djava.awt.headless=true"
ENV JAVA_AOT_OPTS="-XX:AOTCache=app.aot"
ENV ARGS="-serverPort 1080"
CMD [ "/bin/sh", "-c", "java $JAVA_OPTS $JAVA_AOT_OPTS -jar app.jar ${ARGS}" ]