From aff7758a31fc4594aef44a982971f809cc3722e4 Mon Sep 17 00:00:00 2001 From: jakob-p Date: Fri, 10 Nov 2023 12:54:09 +0100 Subject: [PATCH] Update Dockerfile to run Java 17 as non-root user (#24) + Upgrade production docker image to use Java 17 to make the build compatible with the latest diga-api-client + in the production docker image create a new user so the application is not run as root --- Dockerfile | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 87cdb12..956f870 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,4 @@ +# build stage to build the diga-api-service.jar FROM maven:3-jdk-11-slim as build WORKDIR /usr/src/app @@ -6,9 +7,24 @@ COPY . /usr/src/app RUN mvn clean package -FROM adoptopenjdk/openjdk11:jdk-11.0.11_9-alpine-slim as production +# create production image. Use the Temurin image with Alpine Linux and Java 17 +FROM eclipse-temurin:17-alpine as production -COPY --from=build /usr/src/app/target/diga-api-service-*.jar /diga-api-service.jar +RUN mkdir /app -CMD ["java", "-jar", "/diga-api-service.jar"] +# add a new user javauser so we dont run the application as root +RUN addgroup -S javauser && adduser -S -G javauser javauser +# Copy the JAR file from the build stage into the production image +COPY --from=build /usr/src/app/target/diga-api-service-*.jar /app/diga-api-service.jar + +WORKDIR /app + +# Set the ownership to the javauser +RUN chown -R javauser:javauser /app + +# Switch to the javauser +USER javauser + +# Specify the command to run your application +CMD "java" "-jar" "diga-api-service.jar"