From a049f16dffa10337c58e702db4078c844a9fa7f3 Mon Sep 17 00:00:00 2001
From: Paul Gallagher <paul.gallagher@telicent.io>
Date: Wed, 29 Jan 2025 12:52:11 +0000
Subject: [PATCH 1/4] [CORE-673] Updating dockerfile to use Telicent crafted
 base image

---
 Dockerfile | 29 ++++++++++++++++-------------
 1 file changed, 16 insertions(+), 13 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index ce7c760..faddeea 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,21 +1,24 @@
-#
-# Copyright (C) Telicent Ltd
-#
-
 # syntax=docker/dockerfile:1.7
 
-FROM eclipse-temurin:21-jre as rdf-abac-evaluator
+FROM telicent/telicent-java21:1.1.2 AS rdf-abac-evaluator
 
-WORKDIR /app
+USER root
 
-RUN mkdir /config
+# Define argument with a default value to prevent build failures
+ARG PROJECT_VERSION
 
-RUN useradd -Mg root telicent-service
-USER telicent-service
+# Set up directories and user in a single efficient step
+RUN groupadd -r telicent-service && \
+    useradd -r -g telicent-service -d /app telicent-service && \
+    mkdir -p /app /config /opt/telicent/sbom && \
+    chown -R telicent-service:telicent-service /app /config /opt/telicent/sbom
 
-COPY src/main/resources/* /config/
+WORKDIR /app
+USER telicent-service
 
-ARG PROJECT_VERSION
+# Copy config and application files
+COPY --chown=telicent-service:telicent-service src/main/resources/ /config/
+COPY --chown=telicent-service:telicent-service target/rdf-abac-evaluator-${PROJECT_VERSION}.jar /app/app.jar
+COPY --chown=telicent-service:telicent-service target/rdf-abac-evaluator-${PROJECT_VERSION}-bom.json /opt/telicent/sbom/
 
-COPY target/rdf-abac-evaluator-${PROJECT_VERSION}.jar /app/app.jar
-ENTRYPOINT java -cp /app/app.jar $CLASSNAME $ARGS
\ No newline at end of file
+ENTRYPOINT /usr/bin/dumb-init -v --single-child -- java -cp /app/app.jar $CLASSNAME $ARGS
\ No newline at end of file

From 84ee423e85fc749e4d1f721b0976498dbb45e7d1 Mon Sep 17 00:00:00 2001
From: Paul Gallagher <paul.gallagher@telicent.io>
Date: Mon, 10 Feb 2025 09:06:48 +0000
Subject: [PATCH 2/4] [CORE-673] Updating dockerfile to use Telicent crafted
 base image.

---
 .github/workflows/maven.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index 639223d..7ec4ac1 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -38,4 +38,5 @@ jobs:
       USES_MAVEN: true
       # Container image is built for Java 21 to be as up to date as possible
       JAVA_VERSION: 21
+      GRYPE_SECURITY_ISSUES_BLOCK_ONLY_IF_FIX_AVAILABLE: true
     secrets: inherit
\ No newline at end of file

From f5080a20978230e54a067295f35ff3c3d72ede78 Mon Sep 17 00:00:00 2001
From: Paul Gallagher <paul.gallagher@telicent.io>
Date: Wed, 12 Feb 2025 08:23:16 +0000
Subject: [PATCH 3/4] [CORE-696] Update dockerfile - bump base image version
 and use "user"

---
 Dockerfile | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index faddeea..91aa056 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1.7
 
-FROM telicent/telicent-java21:1.1.2 AS rdf-abac-evaluator
+FROM telicent/telicent-java21:1.1.4 AS rdf-abac-evaluator
 
 USER root
 
@@ -8,17 +8,16 @@ USER root
 ARG PROJECT_VERSION
 
 # Set up directories and user in a single efficient step
-RUN groupadd -r telicent-service && \
-    useradd -r -g telicent-service -d /app telicent-service && \
-    mkdir -p /app /config /opt/telicent/sbom && \
-    chown -R telicent-service:telicent-service /app /config /opt/telicent/sbom
+RUN mkdir -p /app /config /opt/telicent/sbom && \
+    chown -R user:user /app /config /opt/telicent/sbom
 
 WORKDIR /app
-USER telicent-service
 
 # Copy config and application files
-COPY --chown=telicent-service:telicent-service src/main/resources/ /config/
-COPY --chown=telicent-service:telicent-service target/rdf-abac-evaluator-${PROJECT_VERSION}.jar /app/app.jar
-COPY --chown=telicent-service:telicent-service target/rdf-abac-evaluator-${PROJECT_VERSION}-bom.json /opt/telicent/sbom/
+COPY --chown=user:user src/main/resources/ /config/
+COPY --chown=user:user target/rdf-abac-evaluator-${PROJECT_VERSION}.jar /app/app.jar
+COPY --chown=user:user target/rdf-abac-evaluator-${PROJECT_VERSION}-bom.json /opt/telicent/sbom/
+
+USER user
 
 ENTRYPOINT /usr/bin/dumb-init -v --single-child -- java -cp /app/app.jar $CLASSNAME $ARGS
\ No newline at end of file

From 6145e39fa76a57e1e61c6fc8e7b3d614f6040ff3 Mon Sep 17 00:00:00 2001
From: Paul Gallagher <paul.gallagher@telicent.io>
Date: Wed, 12 Feb 2025 10:10:51 +0000
Subject: [PATCH 4/4] [CORE-696] Update dockerfile - bump base image version
 and use "user"

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 91aa056..9537b03 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1.7
 
-FROM telicent/telicent-java21:1.1.4 AS rdf-abac-evaluator
+FROM telicent/telicent-java21:1.1.5 AS rdf-abac-evaluator
 
 USER root