Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
P4ADEV-1387-update-docker-for-timezone
Browse files Browse the repository at this point in the history
LarissaASLeite committed Nov 14, 2024
1 parent 15f2a55 commit dee5ca4
Showing 9 changed files with 232 additions and 17 deletions.
32 changes: 32 additions & 0 deletions .github/workflows/payments-flow-docker-snapshot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
name: 📦 Payments Snapshot docker

on:
push:
branches-ignore:
- 'develop'
- 'uat'
- 'main'
paths-ignore:
- 'CODEOWNERS'
- '**.md'
- '.**'
workflow_dispatch:

env:
CURRENT_BRANCH: ${{ github.event.inputs.branch || github.ref_name }}

jobs:
payments-flow-docker-snapshot:
runs-on: ubuntu-22.04
steps:
- name: 🔖 Checkout code
# https://github.com/actions/checkout/releases/tag/v4.2.1
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
with:
ref: ${{ env.CURRENT_BRANCH }}

- name: 📦 Run Snapshot Docker Build/Push & Trigger
# https://github.com/pagopa/github-actions-template/releases/tag/v1.19.0
uses: pagopa/github-actions-template/payments-flow-docker-snapshot@37569377fa759368a01c1e7f40700b4118d65d0c
with:
current_branch: ${{ github.ref_name }}
29 changes: 29 additions & 0 deletions .github/workflows/payments-flow-release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
name: 🚀 Payments release

on:
push:
branches:
- develop
- uat
- main
paths-ignore:
- 'CODEOWNERS'
- '**.md'
- '.**'
workflow_dispatch:

jobs:
payments-flow-release:
runs-on: ubuntu-22.04
steps:
- name: 🔖 Checkout code
# https://github.com/actions/checkout/releases/tag/v4.2.1
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
with:
ref: ${{ github.ref_name }}

- name: 🚀 release + docker + azdo
# https://github.com/pagopa/github-actions-template/releases/tag/v1.19.1
uses: pagopa/github-actions-template/payments-flow-release@3ae6a4268ccff000194696b21e1124d9e8ddf997
with:
current_branch: ${{ github.ref_name }}
19 changes: 19 additions & 0 deletions .releaserc.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"plugins": [
[
"@semantic-release/commit-analyzer",
{
"preset": "angular",
"releaseRules": [{ "type": "breaking", "release": "major" }]
}
],
"@semantic-release/release-notes-generator",
[
"@semantic-release/github",
{
"successComment": false,
"failComment": false
}
]
]
}
157 changes: 143 additions & 14 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,27 +1,156 @@
# syntax=docker/dockerfile:1.4

#
# 🎯 Version Management
#
ARG CORRETTO_VERSION="17-alpine3.19"
ARG CORRETTO_SHA="2122cb140fa94053abce343fb854d24f4c62ba3c1ac701882dce12980396b477"
ARG GRADLE_VERSION="8.10.2"
ARG GRADLE_DOWNLOAD_SHA256="31c55713e40233a8303827ceb42ca48a47267a0ad4bab9177123121e71524c26"
ARG APPINSIGHTS_VERSION="3.5.2"

# 🌍 Timezone Configuration
ARG TZ="Europe/Rome"

# 🔧 Build Configuration
ARG GRADLE_OPTS="-Dorg.gradle.daemon=false \
-Dorg.gradle.parallel=true \
-Dorg.gradle.caching=true \
-Dorg.gradle.configureondemand=true \
-Dorg.gradle.jvmargs=-Xmx2g"

# 👤 App Configuration
ARG APP_USER="appuser"
ARG APP_GROUP="appgroup"
ARG APP_HOME="/app"
ARG GRADLE_HOME="/opt/gradle"

#
# 📥 Base Setup Stage
#
FROM amazoncorretto:${CORRETTO_VERSION}@sha256:${CORRETTO_SHA} AS base
ARG APP_USER
ARG APP_GROUP

# Install base packages
RUN apk add --no-cache \
wget \
unzip \
bash \
shadow

# Create Gradle user
RUN groupadd --system --gid 1000 ${APP_GROUP} && \
useradd --system --gid ${APP_GROUP} --uid 1000 --shell /bin/bash --create-home ${APP_USER}

#
# 📦 Gradle Setup Stage
#
FROM base AS gradle-setup
ARG GRADLE_VERSION
ARG GRADLE_DOWNLOAD_SHA256
ARG GRADLE_HOME
ARG GRADLE_OPTS
ARG APP_USER
ARG APP_GROUP

# Set environment variables for Gradle
ENV GRADLE_OPTS="${GRADLE_OPTS}"
ENV GRADLE_HOME="${GRADLE_HOME}"
ENV PATH="${GRADLE_HOME}/bin:${PATH}"

WORKDIR /tmp

# Download and verify Gradle with progress bar
RUN echo "Downloading Gradle ${GRADLE_VERSION}..." && \
wget --progress=bar:force --output-document=gradle.zip \
"https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip" && \
echo "Verifying download..." && \
echo "${GRADLE_DOWNLOAD_SHA256} gradle.zip" | sha256sum -c - && \
echo "Installing Gradle..." && \
unzip -q gradle.zip && \
mv "gradle-${GRADLE_VERSION}" "${GRADLE_HOME}" && \
ln -s "${GRADLE_HOME}/bin/gradle" /usr/bin/gradle && \
rm gradle.zip && \
# Setup Gradle user directories
mkdir -p /home/${APP_USER}/.gradle && \
chown --recursive ${APP_USER}:${APP_GROUP} /home/${APP_USER} && \
# Verify installation
echo "Verifying Gradle installation..." && \
gradle --version

# Create Gradle volume
VOLUME /home/${APP_USER}/.gradle

#
# Build
# 📚 Dependencies Stage
#
FROM amazoncorretto:17-alpine3.19@sha256:2122cb140fa94053abce343fb854d24f4c62ba3c1ac701882dce12980396b477 AS buildtime
FROM gradle-setup AS dependencies

WORKDIR /build
COPY . .

RUN chmod +x ./gradlew
RUN ./gradlew bootJar
# Copy build configuration
COPY --chown=${APP_USER}:${APP_GROUP} build.gradle.kts settings.gradle.kts ./
COPY --chown=${APP_USER}:${APP_GROUP} gradle.lockfile ./
COPY --chown=${APP_USER}:${APP_GROUP} openapi openapi/

# Generate OpenAPI stubs and download dependencies
RUN mkdir -p src/main/java && \
chown -R ${APP_USER}:${APP_GROUP} /build && \
chmod -R 775 /build

USER ${APP_USER}

RUN gradle openApiGenerate dependencies --no-daemon

#
# Docker RUNTIME
# 🏗️ Build Stage
#
FROM amazoncorretto:17-alpine3.19@sha256:2122cb140fa94053abce343fb854d24f4c62ba3c1ac701882dce12980396b477 AS runtime
FROM dependencies AS build

# Copy source code
COPY --chown=${APP_USER}:${APP_GROUP} src src/

# Build application
RUN gradle bootJar --no-daemon

#
# 🚀 Runtime Stage
#
FROM amazoncorretto:${CORRETTO_VERSION}@sha256:${CORRETTO_SHA} AS runtime
ARG APP_USER
ARG APP_GROUP
ARG APP_HOME
ARG APPINSIGHTS_VERSION
ARG TZ

WORKDIR ${APP_HOME}

# Set timezone environment variable
ENV TZ=${TZ}

# 🛡️ Security Setup and Timezone
RUN apk upgrade --no-cache && \
apk add --no-cache \
tini \
curl \
# Configure timezone + ENV=TZ
tzdata && \
# Create user and group
addgroup -S ${APP_GROUP} && \
adduser -S ${APP_USER} -G ${APP_GROUP}

WORKDIR /app
# 📦 Copy Artifacts
COPY --from=build /build/build/libs/*.jar ${APP_HOME}/app.jar
ADD --chmod=644 https://github.com/microsoft/ApplicationInsights-Java/releases/download/${APPINSIGHTS_VERSION}/applicationinsights-agent-${APPINSIGHTS_VERSION}.jar ${APP_HOME}/applicationinsights-agent.jar

COPY --from=buildtime /build/build/libs/*.jar /app/app.jar
# The agent is enabled at runtime via JAVA_TOOL_OPTIONS.
ADD https://github.com/microsoft/ApplicationInsights-Java/releases/download/3.5.2/applicationinsights-agent-3.5.2.jar /app/applicationinsights-agent.jar
# 📝 Set Permissions
RUN chown -R ${APP_USER}:${APP_GROUP} ${APP_HOME}

RUN chown -R nobody:nobody /app
# 🔌 Container Configuration
EXPOSE 8080
USER 65534 # user nobody
USER ${APP_USER}

ENTRYPOINT ["java","-jar","/app/app.jar"]
# 🎬 Startup Configuration
ENTRYPOINT ["/sbin/tini", "--"]
CMD ["java", "-jar", "/app/app.jar"]
1 change: 1 addition & 0 deletions force-release
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
0000
Binary file modified gradle/wrapper/gradle-wrapper.jar
Binary file not shown.
2 changes: 1 addition & 1 deletion gradle/wrapper/gradle-wrapper.properties
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip
networkTimeout=10000
validateDistributionUrl=true
zipStoreBase=GRADLE_USER_HOME
7 changes: 5 additions & 2 deletions gradlew
Original file line number Diff line number Diff line change
@@ -15,6 +15,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
#

##############################################################################
#
@@ -55,7 +57,7 @@
# Darwin, MinGW, and NonStop.
#
# (3) This script is generated from the Groovy template
# https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
# https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
# within the Gradle project.
#
# You can find Gradle at https://github.com/gradle/gradle/.
@@ -84,7 +86,8 @@ done
# shellcheck disable=SC2034
APP_BASE_NAME=${0##*/}
# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
' "$PWD" ) || exit

# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD=maximum
2 changes: 2 additions & 0 deletions gradlew.bat
Original file line number Diff line number Diff line change
@@ -13,6 +13,8 @@
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
@rem SPDX-License-Identifier: Apache-2.0
@rem

@if "%DEBUG%"=="" @echo off
@rem ##########################################################################

0 comments on commit dee5ca4

Please sign in to comment.