-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
115 lines (91 loc) · 4.98 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# === STAGE 1 ================================================================ #
# Build the uberjar
# ============================================================================ #
# Use this command to list all available tags for the container image:
# skopeo list-tags docker://docker.io/clojure
FROM docker.io/library/clojure:temurin-23-tools-deps-1.12.0.1479-bullseye-slim AS bb-uberjar-builder
ARG APP_DIR=/usr/src/app
RUN if [ -z "${APP_DIR}" ] ; then echo "APP_DIR not set!" ; exit 1; fi
ARG APP_NAME
RUN if [ -z "${APP_NAME}" ] ; then echo "APP_NAME not set!" ; exit 1; fi
ARG APP_VERSION
RUN if [ -z "${APP_VERSION}" ] ; then echo "APP_VERSION not set!" ; exit 1; fi
ARG CREATED_DATE
RUN if [ -z "${CREATED_DATE}" ] ; then echo "CREATED_DATE not set!" ; exit 1; fi
# https://github.com/babashka/babashka/releases
ARG BB_VERSION="1.4.192"
# Case A: pod version on pod registry
# Babashka will download the pod here when running any Babashka task, like
# `bb run build:bb-uber`, because in the bb.edn file we specified a `:version`
# of this pod which is available on pod registry.
# ARG JSOUP_POD_VERSION
# RUN if [ -z "${JSOUP_POD_VERSION}" ] ; then echo "JSOUP_POD_VERSION not set!" ; exit 1; fi
# Case B: pod version NOT on pod registry
# If you need to use a version of pod-jackdbd-jsoup which is not available on
# pod registry, you will need to use `:path` in the bb.edn file, download the
# pod it manually, and place it where bb.edn declares it.
# (e.g. {:pods {com.github.jackdbd/jsoup {:path "/usr/src/app/pods/jsoup"}}}).
# Use a single RUN instruction to create just one layer in the container image.
RUN apt update && \
apt install wget && \
wget --directory-prefix /tmp "https://github.com/babashka/babashka/releases/download/v${BB_VERSION}/babashka-${BB_VERSION}-linux-amd64-static.tar.gz" && \
tar xf "/tmp/babashka-${BB_VERSION}-linux-amd64-static.tar.gz" --directory=/tmp && \
mv /tmp/bb /usr/local/bin/bb && \
mkdir -p ${APP_DIR}
WORKDIR ${APP_DIR}
# I think that resources (i.e. assets) and source code change frequently, while
# build scripts and dependencies change less frequently. That's why I decided
# to define the docker layers in this order.
COPY deps.edn ${APP_DIR}/
COPY bb.edn ${APP_DIR}/
COPY build.clj ${APP_DIR}/
COPY bb ${APP_DIR}/bb
# COPY ${JSOUP_POD_PATH} ${APP_DIR}/${JSOUP_POD_PATH}
COPY src ${APP_DIR}/src
RUN bb run build:bb-uber && \
mv target/${APP_NAME}-${APP_VERSION}.jar "${APP_NAME}.jar"
# === STAGE 2 ================================================================ #
# Run the uberjar
# ============================================================================ #
# Use this command to list all available tags for the container image:
# skopeo list-tags docker://docker.io/babashka/babashka
FROM docker.io/babashka/babashka:1.4.193-SNAPSHOT AS bb-uberjar-runner
ARG APP_DIR=/usr/src/app
RUN if [ -z "${APP_DIR}" ] ; then echo "APP_DIR not set!" ; exit 1; fi
ARG CREATED_DATE
RUN if [ -z "${CREATED_DATE}" ] ; then echo "CREATED_DATE not set!" ; exit 1; fi
ARG JSOUP_POD_VERSION
RUN if [ -z "${JSOUP_POD_VERSION}" ] ; then echo "JSOUP_POD_VERSION not set!" ; exit 1; fi
ARG NON_ROOT_USER=zaraki
RUN if [ -z "${NON_ROOT_USER}" ] ; then echo "NON_ROOT_USER not set!" ; exit 1; fi
RUN groupadd --gid 1234 $NON_ROOT_USER && \
useradd --uid 1234 --gid 1234 --shell /bin/bash --create-home $NON_ROOT_USER
USER $NON_ROOT_USER
WORKDIR "/home/$NON_ROOT_USER"
COPY --from=bb-uberjar-builder "${APP_DIR}/fosdem-dl.jar" fosdem-dl.jar
# Bake the jsoup pod into the container image.
# NOTE: we could avoid baking the pod into the container image and save ~15 MB,
# but this would mean that Babashka will have to download the pod at runtime
# every single time the container starts.
# Option A: if the builder stage has already downloaded the pod, copied it,
# created a non-root user and gave that user execution permissions on the pod,
# we have nothing to do here.
# Option B: we let Babashka re-download the pod from the pod registry.
RUN bb -e "(require '[babashka.pods :as pods]) \
(pods/load-pod 'com.github.jackdbd/jsoup \"${JSOUP_POD_VERSION}\")"
# This mess is required only when the pod is not available on the pod registry
# and in bb.edn it is declared with :path instead of :version.
# An alternative to this mess would be to set the BABASHKA_PODS_DIR environment
# variable, I think.
# https://github.com/babashka/pods?tab=readme-ov-file#where-does-the-pod-come-from
# RUN bb -e "(require '[babashka.pods :as pods]) \
# (pods/load-pod 'com.github.jackdbd/jsoup \"${JSOUP_POD_VERSION}\")" && \
# mkdir -p $(dirname $JSOUP_POD_PATH) && \
# mv $JSOUP_POD_BB_PATH $JSOUP_POD_PATH && \
# rm -rf "/home/${NON_ROOT_USER}/.babashka"
# When the image is built on GitHub Actions, additional labels are extracted by
# docker-metadata-action and written to the container image by build-and-push-docker-images.
# https://github.com/opencontainers/image-spec/blob/main/annotations.md
LABEL org.opencontainers.image.created=${CREATED_DATE}
ENTRYPOINT ["bb", "fosdem-dl.jar"]
CMD ["help"]