# syntax=docker/dockerfile:1 ARG GRADLE_VERSION=8.7 ARG JDK_VERSION=17 ARG UBUNTU_CODENAME=jammy ARG SOURCE_DIR=/home/jenkins ARG UID=1000 ARG GID=1000 ARG APP_FAMILY=family ARG APP_NAME=application FROM gradle:${GRADLE_VERSION}-jdk${JDK_VERSION}-${UBUNTU_CODENAME} AS builder SHELL [ "/bin/bash", "-euo", "pipefail", "-c" ] # Create a custom Java runtime RUN jlink \ --verbose \ --add-modules ALL-MODULE-PATH \ --strip-debug \ --no-header-files \ --no-man-pages \ --compress=2 \ --output "/opt/company/openjdk" ARG SOURCE_DIR ARG UID ARG GID RUN install -d -o "$UID" -g "$GID" "$SOURCE_DIR" WORKDIR $SOURCE_DIR USER "$UID:$GID" ENV GRADLE_OPTS="\ -Dorg.gradle.caching=true \ -Dorg.gradle.daemon=false \ -Dorg.gradle.logging.stacktrace=all \ -Dorg.gradle.vfs.watch=false \ -Dorg.gradle.warning.mode=all \ " ENV GRADLE_USER_HOME="$SOURCE_DIR/.gradle" ARG APP_FAMILY COPY --chown=$UID:$GID *.gradle gradle.* ./ COPY --chown=$UID:$GID $APP_FAMILY-libs/*.gradle $APP_FAMILY-libs/gradle.* $APP_FAMILY-libs/ RUN gradle clean resolveDependencies COPY --chown=$UID:$GID config/ config/ COPY --chown=$UID:$GID $APP_FAMILY-libs/ $APP_FAMILY-libs/ COPY --chown=$UID:$GID src/ src/ RUN gradle classes checkstyleMain testClasses checkstyleTest ":$APP_FAMILY-libs:jar" ARG DOCKER_TAG ARG GIT_COMMIT RUN gradle bootJar FROM builder AS test SHELL [ "/bin/bash", "-euo", "pipefail", "-c" ] ARG SOURCE_DIR ARG APP_FAMILY ARG APP_NAME RUN ln -rsv "build/libs/${APP_FAMILY}-${APP_NAME}.jar" build/veracode.jar CMD [ "gradle", "test" ] FROM ubuntu:${UBUNTU_CODENAME} AS runtime SHELL [ "/bin/bash", "-euo", "pipefail", "-c" ] RUN apt-get update \ && apt-get install --yes --no-install-recommends -o Dir::Log=/dev/null -oDpkg::Options::=--log=/dev/null \ curl \ tini \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* ENV JAVA_HOME=/opt/java/openjdk ENV PATH="${JAVA_HOME}/bin:${PATH}" COPY --link --from=builder "/opt/company/openjdk" $JAVA_HOME ARG APP_FAMILY ARG APP_HOME="/home/$APP_FAMILY" RUN groupadd -g 1000 "$APP_FAMILY" \ && useradd -lmr -u 1000 -g "$APP_FAMILY" -d "$APP_HOME" -s /bin/bash "$APP_FAMILY" \ && rm -rf /etc/{group,gshadow,passwd,shadow}- WORKDIR $APP_HOME ARG SOURCE_DIR ARG APP_NAME COPY --link --from=builder --chown=1000:1000 "$SOURCE_DIR/build/libs/${APP_FAMILY}-${APP_NAME}.jar" "$APP_HOME/app.jar" USER $APP_FAMILY:$APP_FAMILY LABEL io.company.app-family=$APP_FAMILY LABEL io.company.app-name=$APP_NAME ENTRYPOINT [ "tini", "-g", "--" ] CMD [ "java", "-jar", "app.jar" ]