demo-annotations-spring/Containerfile at master · Big-Dao/demo-annotations-spring · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# syntax=docker/dockerfile:1.7
# ---------------------------------------------------------------------------
# Production-grade multi-stage build for demo-annotations-spring.
#
#   Stage 1 (builder)  Java 25 + Maven wrapper. Pre-warms dependencies and
#                      builds the layered Spring Boot jar so that runtime
#                      image layers stay tiny and rebuilds stay fast.
#
#   Stage 2 (runtime)  Slim Temurin 25 JRE + non-root user + production
#                      JAVA_OPTS (ZGC, container-aware heap, OOM heap-dumps).
#                      HEALTHCHECK probes /actuator/health/liveness.
#
# Build:  podman build -t demo-annotations-spring:latest -f Containerfile .
# Run:    podman run --rm -p 8080:8080 demo-annotations-spring:latest
#
# Override the registry/base images at build time:
#   podman build --build-arg BASE_REGISTRY=docker.io -t demo:dev .
# ---------------------------------------------------------------------------

ARG BASE_REGISTRY=docker.m.daocloud.io
ARG JDK_IMAGE=${BASE_REGISTRY}/library/eclipse-temurin:25-jdk
ARG JRE_IMAGE=${BASE_REGISTRY}/library/eclipse-temurin:25-jre

# ---------------------------------------------------------------------------
FROM ${JDK_IMAGE} AS builder
WORKDIR /src

# Cache dependency resolution in its own layer.
COPY .mvn/ .mvn/
COPY mvnw pom.xml ./
RUN --mount=type=cache,target=/root/.m2 \
    ./mvnw -B -q -DskipTests dependency:go-offline

COPY src/ src/
RUN --mount=type=cache,target=/root/.m2 \
    ./mvnw -B -q -DskipTests package spring-boot:repackage \
    && cp target/demo-annotations-spring-0.0.1-SNAPSHOT.jar /tmp/app.jar \
    && mkdir -p /tmp/extracted \
    && (cd /tmp/extracted && java -Djarmode=tools -jar /tmp/app.jar extract --layers --launcher)

# ---------------------------------------------------------------------------
FROM ${JRE_IMAGE} AS runtime

RUN apt-get update \
    && apt-get install -y --no-install-recommends curl tini \
    && rm -rf /var/lib/apt/lists/* \
    && groupadd --system --gid 1000 spring \
    && useradd --system --uid 1000 --gid spring --home-dir /app --shell /usr/sbin/nologin spring

WORKDIR /app

# Layered jar contents (least-to-most volatile) for optimal image diffs.
COPY --from=builder --chown=spring:spring /tmp/extracted/demo-annotations-spring/dependencies/          ./
COPY --from=builder --chown=spring:spring /tmp/extracted/demo-annotations-spring/spring-boot-loader/    ./
COPY --from=builder --chown=spring:spring /tmp/extracted/demo-annotations-spring/snapshot-dependencies/ ./
COPY --from=builder --chown=spring:spring /tmp/extracted/demo-annotations-spring/application/           ./

USER spring
EXPOSE 8080

ENV SERVER_PORT=8080 \
    SPRING_PROFILES_ACTIVE="" \
    JAVA_OPTS="-XX:+UseZGC -XX:+ZGenerational \
               -XX:MaxRAMPercentage=75.0 -XX:InitialRAMPercentage=50.0 \
               -XX:+AlwaysPreTouch \
               -XX:+ExitOnOutOfMemoryError \
               -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp \
               -Djava.security.egd=file:/dev/./urandom \
               -Dfile.encoding=UTF-8"

HEALTHCHECK --interval=15s --timeout=3s --start-period=60s --retries=4 \
  CMD curl -fsS "http://127.0.0.1:${SERVER_PORT}/actuator/health/liveness" \
        | grep -q '"status":"UP"' || exit 1

ENTRYPOINT ["/usr/bin/tini", "--", "sh", "-c", "exec java $JAVA_OPTS org.springframework.boot.loader.launch.JarLauncher"]