-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Loading status checks…
P4ADEV-1387-update-docker-for-timezone
1 parent
15f2a55
commit dee5ca4
Showing
9 changed files
with
232 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
name: 📦 Payments Snapshot docker | ||
|
||
on: | ||
push: | ||
branches-ignore: | ||
- 'develop' | ||
- 'uat' | ||
- 'main' | ||
paths-ignore: | ||
- 'CODEOWNERS' | ||
- '**.md' | ||
- '.**' | ||
workflow_dispatch: | ||
|
||
env: | ||
CURRENT_BRANCH: ${{ github.event.inputs.branch || github.ref_name }} | ||
|
||
jobs: | ||
payments-flow-docker-snapshot: | ||
runs-on: ubuntu-22.04 | ||
steps: | ||
- name: 🔖 Checkout code | ||
# https://github.com/actions/checkout/releases/tag/v4.2.1 | ||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 | ||
with: | ||
ref: ${{ env.CURRENT_BRANCH }} | ||
|
||
- name: 📦 Run Snapshot Docker Build/Push & Trigger | ||
# https://github.com/pagopa/github-actions-template/releases/tag/v1.19.0 | ||
uses: pagopa/github-actions-template/payments-flow-docker-snapshot@37569377fa759368a01c1e7f40700b4118d65d0c | ||
with: | ||
current_branch: ${{ github.ref_name }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
name: 🚀 Payments release | ||
|
||
on: | ||
push: | ||
branches: | ||
- develop | ||
- uat | ||
- main | ||
paths-ignore: | ||
- 'CODEOWNERS' | ||
- '**.md' | ||
- '.**' | ||
workflow_dispatch: | ||
|
||
jobs: | ||
payments-flow-release: | ||
runs-on: ubuntu-22.04 | ||
steps: | ||
- name: 🔖 Checkout code | ||
# https://github.com/actions/checkout/releases/tag/v4.2.1 | ||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 | ||
with: | ||
ref: ${{ github.ref_name }} | ||
|
||
- name: 🚀 release + docker + azdo | ||
# https://github.com/pagopa/github-actions-template/releases/tag/v1.19.1 | ||
uses: pagopa/github-actions-template/payments-flow-release@3ae6a4268ccff000194696b21e1124d9e8ddf997 | ||
with: | ||
current_branch: ${{ github.ref_name }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
{ | ||
"plugins": [ | ||
[ | ||
"@semantic-release/commit-analyzer", | ||
{ | ||
"preset": "angular", | ||
"releaseRules": [{ "type": "breaking", "release": "major" }] | ||
} | ||
], | ||
"@semantic-release/release-notes-generator", | ||
[ | ||
"@semantic-release/github", | ||
{ | ||
"successComment": false, | ||
"failComment": false | ||
} | ||
] | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,27 +1,156 @@ | ||
# syntax=docker/dockerfile:1.4 | ||
|
||
# | ||
# 🎯 Version Management | ||
# | ||
ARG CORRETTO_VERSION="17-alpine3.19" | ||
ARG CORRETTO_SHA="2122cb140fa94053abce343fb854d24f4c62ba3c1ac701882dce12980396b477" | ||
ARG GRADLE_VERSION="8.10.2" | ||
ARG GRADLE_DOWNLOAD_SHA256="31c55713e40233a8303827ceb42ca48a47267a0ad4bab9177123121e71524c26" | ||
ARG APPINSIGHTS_VERSION="3.5.2" | ||
|
||
# 🌍 Timezone Configuration | ||
ARG TZ="Europe/Rome" | ||
|
||
# 🔧 Build Configuration | ||
ARG GRADLE_OPTS="-Dorg.gradle.daemon=false \ | ||
-Dorg.gradle.parallel=true \ | ||
-Dorg.gradle.caching=true \ | ||
-Dorg.gradle.configureondemand=true \ | ||
-Dorg.gradle.jvmargs=-Xmx2g" | ||
|
||
# 👤 App Configuration | ||
ARG APP_USER="appuser" | ||
ARG APP_GROUP="appgroup" | ||
ARG APP_HOME="/app" | ||
ARG GRADLE_HOME="/opt/gradle" | ||
|
||
# | ||
# 📥 Base Setup Stage | ||
# | ||
FROM amazoncorretto:${CORRETTO_VERSION}@sha256:${CORRETTO_SHA} AS base | ||
ARG APP_USER | ||
ARG APP_GROUP | ||
|
||
# Install base packages | ||
RUN apk add --no-cache \ | ||
wget \ | ||
unzip \ | ||
bash \ | ||
shadow | ||
|
||
# Create Gradle user | ||
RUN groupadd --system --gid 1000 ${APP_GROUP} && \ | ||
useradd --system --gid ${APP_GROUP} --uid 1000 --shell /bin/bash --create-home ${APP_USER} | ||
|
||
# | ||
# 📦 Gradle Setup Stage | ||
# | ||
FROM base AS gradle-setup | ||
ARG GRADLE_VERSION | ||
ARG GRADLE_DOWNLOAD_SHA256 | ||
ARG GRADLE_HOME | ||
ARG GRADLE_OPTS | ||
ARG APP_USER | ||
ARG APP_GROUP | ||
|
||
# Set environment variables for Gradle | ||
ENV GRADLE_OPTS="${GRADLE_OPTS}" | ||
ENV GRADLE_HOME="${GRADLE_HOME}" | ||
ENV PATH="${GRADLE_HOME}/bin:${PATH}" | ||
|
||
WORKDIR /tmp | ||
|
||
# Download and verify Gradle with progress bar | ||
RUN echo "Downloading Gradle ${GRADLE_VERSION}..." && \ | ||
wget --progress=bar:force --output-document=gradle.zip \ | ||
"https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip" && \ | ||
echo "Verifying download..." && \ | ||
echo "${GRADLE_DOWNLOAD_SHA256} gradle.zip" | sha256sum -c - && \ | ||
echo "Installing Gradle..." && \ | ||
unzip -q gradle.zip && \ | ||
mv "gradle-${GRADLE_VERSION}" "${GRADLE_HOME}" && \ | ||
ln -s "${GRADLE_HOME}/bin/gradle" /usr/bin/gradle && \ | ||
rm gradle.zip && \ | ||
# Setup Gradle user directories | ||
mkdir -p /home/${APP_USER}/.gradle && \ | ||
chown --recursive ${APP_USER}:${APP_GROUP} /home/${APP_USER} && \ | ||
# Verify installation | ||
echo "Verifying Gradle installation..." && \ | ||
gradle --version | ||
|
||
# Create Gradle volume | ||
VOLUME /home/${APP_USER}/.gradle | ||
|
||
# | ||
# Build | ||
# 📚 Dependencies Stage | ||
# | ||
FROM amazoncorretto:17-alpine3.19@sha256:2122cb140fa94053abce343fb854d24f4c62ba3c1ac701882dce12980396b477 AS buildtime | ||
FROM gradle-setup AS dependencies | ||
|
||
WORKDIR /build | ||
COPY . . | ||
|
||
RUN chmod +x ./gradlew | ||
RUN ./gradlew bootJar | ||
# Copy build configuration | ||
COPY --chown=${APP_USER}:${APP_GROUP} build.gradle.kts settings.gradle.kts ./ | ||
COPY --chown=${APP_USER}:${APP_GROUP} gradle.lockfile ./ | ||
COPY --chown=${APP_USER}:${APP_GROUP} openapi openapi/ | ||
|
||
# Generate OpenAPI stubs and download dependencies | ||
RUN mkdir -p src/main/java && \ | ||
chown -R ${APP_USER}:${APP_GROUP} /build && \ | ||
chmod -R 775 /build | ||
|
||
USER ${APP_USER} | ||
|
||
RUN gradle openApiGenerate dependencies --no-daemon | ||
|
||
# | ||
# Docker RUNTIME | ||
# 🏗️ Build Stage | ||
# | ||
FROM amazoncorretto:17-alpine3.19@sha256:2122cb140fa94053abce343fb854d24f4c62ba3c1ac701882dce12980396b477 AS runtime | ||
FROM dependencies AS build | ||
|
||
# Copy source code | ||
COPY --chown=${APP_USER}:${APP_GROUP} src src/ | ||
|
||
# Build application | ||
RUN gradle bootJar --no-daemon | ||
|
||
# | ||
# 🚀 Runtime Stage | ||
# | ||
FROM amazoncorretto:${CORRETTO_VERSION}@sha256:${CORRETTO_SHA} AS runtime | ||
ARG APP_USER | ||
ARG APP_GROUP | ||
ARG APP_HOME | ||
ARG APPINSIGHTS_VERSION | ||
ARG TZ | ||
|
||
WORKDIR ${APP_HOME} | ||
|
||
# Set timezone environment variable | ||
ENV TZ=${TZ} | ||
|
||
# 🛡️ Security Setup and Timezone | ||
RUN apk upgrade --no-cache && \ | ||
apk add --no-cache \ | ||
tini \ | ||
curl \ | ||
# Configure timezone + ENV=TZ | ||
tzdata && \ | ||
# Create user and group | ||
addgroup -S ${APP_GROUP} && \ | ||
adduser -S ${APP_USER} -G ${APP_GROUP} | ||
|
||
WORKDIR /app | ||
# 📦 Copy Artifacts | ||
COPY --from=build /build/build/libs/*.jar ${APP_HOME}/app.jar | ||
ADD --chmod=644 https://github.com/microsoft/ApplicationInsights-Java/releases/download/${APPINSIGHTS_VERSION}/applicationinsights-agent-${APPINSIGHTS_VERSION}.jar ${APP_HOME}/applicationinsights-agent.jar | ||
|
||
COPY --from=buildtime /build/build/libs/*.jar /app/app.jar | ||
# The agent is enabled at runtime via JAVA_TOOL_OPTIONS. | ||
ADD https://github.com/microsoft/ApplicationInsights-Java/releases/download/3.5.2/applicationinsights-agent-3.5.2.jar /app/applicationinsights-agent.jar | ||
# 📝 Set Permissions | ||
RUN chown -R ${APP_USER}:${APP_GROUP} ${APP_HOME} | ||
|
||
RUN chown -R nobody:nobody /app | ||
# 🔌 Container Configuration | ||
EXPOSE 8080 | ||
USER 65534 # user nobody | ||
USER ${APP_USER} | ||
|
||
ENTRYPOINT ["java","-jar","/app/app.jar"] | ||
# 🎬 Startup Configuration | ||
ENTRYPOINT ["/sbin/tini", "--"] | ||
CMD ["java", "-jar", "/app/app.jar"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
0000 |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters