Feature/update docker support (#319)

* Updated docker image according to discussion on https://github.com/hapifhir/hapi-fhir-jpaserver-starter/pull/305 * Added doc * Added corrections according to comments * Update Dockerfile * Update build-images.yaml Updated to default to distroless
2022-03-02 16:39:13 +01:00
parent deefd595dd
commit 24a20a7e97
2 changed files with 37 additions and 27 deletions
--- a/.github/workflows/build-images.yaml
+++ b/.github/workflows/build-images.yaml
@@ -19,25 +19,24 @@ jobs:
    name: Build
    runs-on: ubuntu-20.04
    steps:
-      - name: Docker meta
+      - name: Container meta for default (distroless) image
        id: docker_meta
        uses: docker/metadata-action@v3
        with:
          images: ${{ env.IMAGES }}
          tags: |
            type=match,pattern=image-(.*),group=1,enable=${{github.event_name != 'pull_request'}}
            type=sha
-      - name: Docker distroless meta
+
-        id: docker_distroless_meta
+      - name: Container meta for tomcat image
        id: docker_tomcat_meta
        uses: docker/metadata-action@v3
        with:
          images: ${{ env.IMAGES }}
          tags: |
            type=match,pattern=image-(.*),group=1,enable=${{github.event_name != 'pull_request'}}
            type=sha
          flavor: |
-            suffix=-distroless,onlatest=true
+            suffix=-tomcat,onlatest=true
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v1
@@ -60,7 +59,7 @@ jobs:
          restore-keys: |
            ${{ runner.os }}-buildx-
-      - name: Build and push
+      - name: Build and push default (distroless) image
        id: docker_build
        uses: docker/build-push-action@v2
        with:
@@ -70,15 +69,16 @@ jobs:
          tags: ${{ steps.docker_meta.outputs.tags }}
          labels: ${{ steps.docker_meta.outputs.labels }}
          platforms: ${{ env.PLATFORMS }}
          target: default
-      - name: Build and push distroless
+      - name: Build and push tomcat image
-        id: docker_build_distroless
+        id: docker_build_tomcat
        uses: docker/build-push-action@v2
        with:
          cache-from: type=local,src=/tmp/.buildx-cache
          cache-to: type=local,dest=/tmp/.buildx-cache
          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.docker_distroless_meta.outputs.tags }}
+          tags: ${{ steps.docker_tomcat_meta.outputs.tags }}
-          labels: ${{ steps.docker_distroless_meta.outputs.labels }}
+          labels: ${{ steps.docker_tomcat_meta.outputs.labels }}
          platforms: ${{ env.PLATFORMS }}
-          target: release-distroless
+          target: tomcat
--- a/40
+++ b/40
@@ -1,4 +1,4 @@
-FROM maven:3.8.2-jdk-11-slim as build-hapi
+FROM maven:3.8-openjdk-17-slim as build-hapi
 WORKDIR /tmp/hapi-fhir-jpaserver-starter
 COPY pom.xml .
@@ -6,14 +6,34 @@ COPY server.xml .
 RUN mvn -ntp dependency:go-offline
 COPY src/ /tmp/hapi-fhir-jpaserver-starter/src/
-RUN mvn clean install -DskipTests
+RUN mvn clean install -DskipTests -Djdk.lang.Process.launchMechanism=vfork
 FROM build-hapi AS build-distroless
 RUN mvn package spring-boot:repackage -Pboot
-RUN mkdir /app && \
+RUN mkdir /app && cp /tmp/hapi-fhir-jpaserver-starter/target/ROOT.war /app/main.war
    cp /tmp/hapi-fhir-jpaserver-starter/target/ROOT.war /app/main.war
-FROM gcr.io/distroless/java-debian11:11 AS release-distroless
+
 ########### bitnami tomcat version is suitable for debugging and comes with a shell
 ########### it can be built using eg. `docker build --target tomcat .`
 FROM bitnami/tomcat:9.0 as tomcat
 RUN rm -rf /opt/bitnami/tomcat/webapps/ROOT && \
    rm -rf /opt/bitnami/tomcat/webapps_default/ROOT && \
    mkdir -p /opt/bitnami/hapi/data/hapi/lucenefiles && \
    chmod 775 /opt/bitnami/hapi/data/hapi/lucenefiles
 USER root
 RUN mkdir -p /target && chown -R 1001:1001 target
 USER 1001
 COPY --chown=1001:1001 catalina.properties /opt/bitnami/tomcat/conf/catalina.properties
 COPY --chown=1001:1001 server.xml /opt/bitnami/tomcat/conf/server.xml
 COPY --from=build-hapi --chown=1001:1001 /tmp/hapi-fhir-jpaserver-starter/target/ROOT.war /opt/bitnami/tomcat/webapps_default/ROOT.war
 ENV ALLOW_EMPTY_PASSWORD=yes
 ########### distroless brings focus on security and runs on plain spring boot - this is the default image
 FROM gcr.io/distroless/java17:nonroot as default
 COPY --chown=nonroot:nonroot --from=build-distroless /app /app
 # 65532 is the nonroot user's uid
 # used here instead of the name to allow Kubernetes to easily detect that the container
@@ -21,13 +41,3 @@ COPY --chown=nonroot:nonroot --from=build-distroless /app /app
 USER 65532:65532
 WORKDIR /app
 CMD ["/app/main.war"]
 FROM tomcat:9.0.53-jdk11-openjdk-slim-bullseye
 RUN mkdir -p /data/hapi/lucenefiles && chmod 775 /data/hapi/lucenefiles
 COPY --from=build-hapi /tmp/hapi-fhir-jpaserver-starter/target/*.war /usr/local/tomcat/webapps/
 COPY catalina.properties /usr/local/tomcat/conf/catalina.properties
 COPY server.xml /usr/local/tomcat/conf/server.xml
 CMD ["catalina.sh", "run"]