Skip to content

Commit

Permalink
Update Dockerfile to run Java 17 as non-root user
Browse files Browse the repository at this point in the history
+ Upgrade production docker image to use Java 17 to make the build compatible with the latest diga-api-client

+ in the production docker image create a new user so the application is not run as root
  • Loading branch information
jakob-p authored Oct 24, 2023
1 parent 55192f1 commit 356d252
Showing 1 changed file with 19 additions and 3 deletions.
22 changes: 19 additions & 3 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
# build stage to build the diga-api-service.jar
FROM maven:3-jdk-11-slim as build

WORKDIR /usr/src/app
Expand All @@ -6,9 +7,24 @@ COPY . /usr/src/app

RUN mvn clean package

FROM adoptopenjdk/openjdk11:jdk-11.0.11_9-alpine-slim as production
# create production image. Use the Temurin image with Alpine Linux and Java 17
FROM eclipse-temurin:17-alpine as production

COPY --from=build /usr/src/app/target/diga-api-service-*.jar /diga-api-service.jar
RUN mkdir /app

CMD ["java", "-jar", "/diga-api-service.jar"]
# add a new user javauser so we dont run the application as root
RUN addgroup -S javauser && adduser -S -G javauser javauser

# Copy the JAR file from the build stage into the production image
COPY --from=build /usr/src/app/target/diga-api-service-*.jar /app/diga-api-service.jar

WORKDIR /app

# Set the ownership to the javauser
RUN chown -R javauser:javauser /app

# Switch to the javauser
USER javauser

# Specify the command to run your application
CMD "java" "-jar" "diga-api-service.jar"

0 comments on commit 356d252

Please sign in to comment.