-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathDockerfile
46 lines (36 loc) · 1.38 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
#
# Build stage
#
FROM maven:3.8.8-amazoncorretto-17 AS build
# Copy POM file and download dependencies -> allows faster build because this step can be cached
COPY oag/pom.xml /home/app/pom.xml
RUN mvn dependency:go-offline -B -f /home/app/pom.xml
# Copy rest of the sources and compile
COPY oag/src /home/app/src
COPY oag/*.yaml oag/*.txt /home/app/
RUN mvn package -f /home/app/pom.xml
#
# Package stage
#
FROM amazoncorretto:17.0.13-alpine3.18
# for regular linux
# RUN useradd --user-group --system --create-home --no-log-init app
# for alpine
RUN adduser --system app
RUN mkdir -p /app
RUN chown app /app
COPY --from=build /home/app/target/oag-exec.jar /home/app/*.yaml /home/app/*.txt /app/
RUN mv /app/*.jar /app/oag.jar
USER app
WORKDIR /app
ENTRYPOINT ["java","-jar","oag.jar"]
#
# HOW TO:
#
# docker build -t owasp/application-gateway:SNAPSHOT .
# docker run -p 8080:8080 owasp/application-gateway:SNAPSHOT
# Test for docker misconfiguration with dockle
# VERSION=$(curl --silent "https://api.github.com/repos/goodwithtech/dockle/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') && curl -L -o dockle.tar.gz https://github.com/goodwithtech/dockle/releases/download/v${VERSION}/dockle_${VERSION}_Linux-64bit.tar.gz && tar zxvf dockle.tar.gz
# ./dockle --exit-code 1 owasp/application-gateway:SNAPSHOT
# Publish docker image
# docker push owasp/application-gateway:SNAPSHOT