forked from DIGI-UW/OpenELIS-Global-2
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
130 lines (110 loc) · 5.44 KB
/
Copy pathDockerfile
File metadata and controls
130 lines (110 loc) · 5.44 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
##
# Build Stage
#
FROM maven:3-eclipse-temurin-21 AS build
RUN --mount=target=/var/lib/apt/lists,type=cache,sharing=locked \
--mount=target=/var/cache/apt,type=cache,sharing=locked \
rm -f /etc/apt/apt.conf.d/docker-clean \
&& sed -i 's|http://archive.ubuntu.com|http://azure.archive.ubuntu.com|g; s|http://security.ubuntu.com|http://azure.archive.ubuntu.com|g' \
/etc/apt/sources.list /etc/apt/sources.list.d/*.list 2>/dev/null || true \
&& apt-get -o Acquire::Retries=5 -o Acquire::http::Timeout=60 \
--allow-releaseinfo-change -y update \
&& apt-get -o Acquire::Retries=5 -o Acquire::http::Timeout=60 \
-y --no-install-recommends install \
git apache2-utils
# OE Default Password
ARG DEFAULT_PW="adminADMIN!"
COPY ./install/createDefaultPassword.sh /build/install/createDefaultPassword.sh
WORKDIR /build
RUN ./install/createDefaultPassword.sh -c -p ${DEFAULT_PW}
##
# Build DataExport
#
COPY ./dataexport /build/dataexport
WORKDIR /build/dataexport/dataexport-core
RUN --mount=type=cache,target=/root/.m2,sharing=locked \
mvn dependency:go-offline
RUN --mount=type=cache,target=/root/.m2,sharing=locked \
mvn clean install -DskipTests
WORKDIR /build/dataexport/
RUN --mount=type=cache,target=/root/.m2,sharing=locked \
mvn dependency:go-offline
RUN --mount=type=cache,target=/root/.m2,sharing=locked \
mvn clean install -DskipTests \
&& mkdir -p /build/dataexport-m2/org \
&& cp -r /root/.m2/repository/org/itech /build/dataexport-m2/org/
##
# Build the Project
#
# NOTE: Each step restores dataexport artifacts into the cache mount if missing.
# When BuildKit restores cached layers from GHA, the --mount=type=cache volume
# starts empty (it is not part of the layer blob). Without this restore step,
# the main project build cannot resolve org.itech:dataexport-* dependencies.
#
WORKDIR /build
COPY ./pom.xml /build/pom.xml
RUN --mount=type=cache,target=/root/.m2,sharing=locked \
[ -d /root/.m2/repository/org/itech ] || { mkdir -p /root/.m2/repository/org && cp -r /build/dataexport-m2/org/itech /root/.m2/repository/org/; } \
&& mvn dependency:go-offline
ARG SKIP_SPOTLESS="false"
COPY ./src /build/src
RUN --mount=type=cache,target=/root/.m2,sharing=locked \
[ -d /root/.m2/repository/org/itech ] || { mkdir -p /root/.m2/repository/org && cp -r /build/dataexport-m2/org/itech /root/.m2/repository/org/; } \
&& mvn clean install -Dmaven.test.skip=true -DskipITs=true -Dspotless.check.skip=${SKIP_SPOTLESS}
##
# Run Stage
#
FROM tomcat:10-jre21
COPY install/createDefaultPassword.sh ./
#Clean out unneccessary files from tomcat (especially pre-existing applications)
RUN rm -rf /usr/local/tomcat/webapps/* \
/usr/local/tomcat/conf/Catalina/localhost/manager.xml
#Deploy the war into tomcat image and point root to it
COPY install/tomcat-resources/ROOT.war /usr/local/tomcat/webapps/ROOT.war
COPY --from=build /build/target/OpenELIS-Global.war /usr/local/tomcat/webapps/OpenELIS-Global.war
#rewrite cataline.properties with our catalina.properties so it contains:
# org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true
# org.apache.catalina.connector.RECYCLE_FACADES=true
# org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=false
# org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=false
# org.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER=false
COPY install/tomcat-resources/catalina.properties /usr/local/tomcat/conf/catalina.properties
COPY install/tomcat-resources/logging.properties /usr/local/tomcat/conf/logging.properties
#replace ServerInfo.properties with a less informative one
RUN mkdir -p /usr/local/tomcat/lib/org/apache/catalina/util
COPY install/tomcat-resources/ServerInfo.properties /usr/local/tomcat/lib/org/apache/catalina/util/ServerInfo.properties
#restrict files
#GID AND UID must be kept the same as setupTomcat.sh (if using default certificate group)
RUN groupadd tomcat; \
groupadd tomcat-ssl-cert -g 8443; \
useradd -M -s /bin/bash -u 8443 tomcat_admin; \
usermod -a -G tomcat,tomcat-ssl-cert tomcat_admin; \
chown -R tomcat_admin:tomcat $CATALINA_HOME; \
chmod g-w,o-rwx $CATALINA_HOME; \
chmod g-w,o-rwx $CATALINA_HOME/conf; \
chmod o-rwx $CATALINA_HOME/logs; \
chmod o-rwx $CATALINA_HOME/temp; \
chmod g-w,o-rwx $CATALINA_HOME/bin; \
chmod g-w,o-rwx $CATALINA_HOME/webapps; \
chmod 770 $CATALINA_HOME/conf/catalina.policy; \
chmod g-w,o-rwx $CATALINA_HOME/conf/catalina.properties; \
chmod g-w,o-rwx $CATALINA_HOME/conf/context.xml; \
chmod g-w,o-rwx $CATALINA_HOME/conf/logging.properties; \
chmod g-w,o-rwx $CATALINA_HOME/conf/server.xml; \
chmod g-w,o-rwx $CATALINA_HOME/conf/tomcat-users.xml; \
chmod g-w,o-rwx $CATALINA_HOME/conf/web.xml; \
mkdir -p /var/lib/openelis-global/logs/; \
chown -R tomcat_admin:tomcat /var/lib/openelis-global/logs/;\
mkdir -p /var/lib/openelis-global/properties/; \
chown -R tomcat_admin:tomcat /var/lib/openelis-global/properties/; \
mkdir -p /var/lib/openelis-global/configuration/; \
chown -R tomcat_admin:tomcat /var/lib/openelis-global/configuration/;
COPY install/openelis_healthcheck.sh /healthcheck.sh
RUN chown tomcat_admin:tomcat /healthcheck.sh; \
chmod 770 /healthcheck.sh;
COPY install/docker-entrypoint.sh /docker-entrypoint.sh
RUN chown tomcat_admin:tomcat /docker-entrypoint.sh; \
chmod 770 /docker-entrypoint.sh;
COPY ./tomcat/oe_server.xml /usr/local/tomcat/conf/server.xml
USER root
ENTRYPOINT [ "/docker-entrypoint.sh" ]