-
Notifications
You must be signed in to change notification settings - Fork 32
/
Copy pathDockerfile.alpine
137 lines (112 loc) · 5.01 KB
/
Dockerfile.alpine
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
#
# Copyright (c) 2017-present Sonatype, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# hadolint ignore=DL3026
FROM docker-all.repo.sonatype.com/alpine:3 AS builder
ARG TEMP="/tmp/work"
# Build parameters
ARG IQ_SERVER_VERSION=1.186.0-01
ARG IQ_SERVER_SHA256=56ca90497fd4735436ef3d863b10ee36cea3805407031a10433e77102643e559
ARG SONATYPE_WORK="/sonatype-work"
# hadolint ignore=DL3018
RUN mkdir -p ${TEMP} && \
apk update && \
apk add --no-cache curl
# Copy config.yml and set sonatypeWork to the correct value
COPY config.yml ${TEMP}
# hadolint ignore=DL4006,SC3060
RUN cat ${TEMP}/config.yml | sed -r "s/\s*sonatypeWork\s*:\s*\"?[-0-9a-zA-Z_/\\]+\"?/sonatypeWork: ${SONATYPE_WORK//\//\\/}/" > ${TEMP}/config-edited.yml
# Download the server bundle, verify its checksum, and extract the server jar to the install directory
WORKDIR ${TEMP}
RUN echo "${IQ_SERVER_SHA256} nexus-iq-server.tar.gz" > nexus-iq-server.tar.gz.sha256 && \
curl -L https://download.sonatype.com/clm/server/nexus-iq-server-${IQ_SERVER_VERSION}-linux_musl-x86_64.tgz --output nexus-iq-server.tar.gz
RUN sha256sum -c nexus-iq-server.tar.gz.sha256 \
&& tar -xvf nexus-iq-server.tar.gz \
&& mv nexus-iq-server-${IQ_SERVER_VERSION}-linux_musl-* nexus-iq-server
# hadolint ignore=DL3026
FROM docker-all.repo.sonatype.com/alpine:3
ARG IQ_SERVER_VERSION=1.186.0-01
ARG IQ_HOME="/opt/sonatype/nexus-iq-server"
ARG SONATYPE_WORK="/sonatype-work"
ARG CONFIG_HOME="/etc/nexus-iq-server"
ARG LOGS_HOME="/var/log/nexus-iq-server"
ARG GID=1001
ARG UID=1001
ARG TIMEOUT=600
LABEL name="Nexus IQ Server image" \
maintainer="Sonatype <[email protected]>" \
vendor=Sonatype \
version="${IQ_SERVER_VERSION}" \
release="1.186.0" \
url="https://www.sonatype.com" \
summary="The Nexus IQ Server" \
description="Nexus IQ Server is a policy engine powered by precise intelligence on open source components. \
It provides a number of tools to improve component usage in your software supply chain, allowing you to \
automate your processes and achieve accelerated speed to delivery while also increasing product quality" \
com.sonatype.license="Apache License, Version 2.0" \
com.sonatype.name="Nexus IQ Server image" \
run="docker run -d -p 8070:8070 -p 8071:8071 IMAGE" \
io.k8s.description="Nexus IQ Server is a policy engine powered by precise intelligence on open source components. \
It provides a number of tools to improve component usage in your software supply chain, allowing you to \
automate your processes and achieve accelerated speed to delivery while also increasing product quality" \
io.k8s.display-name="Nexus IQ Server" \
io.openshift.expose-services="8071:8071" \
io.openshift.tags="Sonatype,Nexus,IQ Server"
USER root
# For testing
# hadolint ignore=DL3018
RUN apk update \
&& apk add --no-cache procps-ng gzip unzip tar findutils util-linux less rsync git which
# Create folders & set permissions
RUN mkdir -p ${IQ_HOME} \
&& mkdir -p ${SONATYPE_WORK} \
&& mkdir -p ${CONFIG_HOME} \
&& mkdir -p ${LOGS_HOME} \
&& chmod 0755 "/opt/sonatype" ${IQ_HOME} \
&& chmod 0755 ${CONFIG_HOME} \
&& chmod 0755 ${LOGS_HOME}
# Add group and user
RUN addgroup -g ${GID} nexus \
&& adduser -D -u ${UID} -h ${IQ_HOME} -g "Nexus IQ user" -G nexus -s /sbin/nologin nexus \
# Change owner to nexus user
&& chown -R nexus:nexus ${IQ_HOME} \
&& chown -R nexus:nexus ${SONATYPE_WORK} \
&& chown -R nexus:nexus ${CONFIG_HOME} \
&& chown -R nexus:nexus ${LOGS_HOME}
# Copy config.yml
COPY --from=builder /tmp/work/config-edited.yml ${CONFIG_HOME}/config.yml
RUN chmod 0644 ${CONFIG_HOME}/config.yml
# Copy server assemblies
COPY --chown=nexus:nexus --from=builder /tmp/work/nexus-iq-server ${IQ_HOME}
# Create start script
RUN echo "trap 'kill -TERM \`cut -f1 -d@ ${SONATYPE_WORK}/lock\`; timeout ${TIMEOUT} tail --pid=\`cut -f1 -d@ ${SONATYPE_WORK}/lock\` -f /dev/null' SIGTERM" > ${IQ_HOME}/start.sh \
&& echo "/opt/sonatype/nexus-iq-server/bin/nexus-iq-server server ${CONFIG_HOME}/config.yml 2> ${LOGS_HOME}/stderr.log & " >> ${IQ_HOME}/start.sh \
&& echo "wait" >> ${IQ_HOME}/start.sh \
&& chmod 0755 ${IQ_HOME}/start.sh
WORKDIR ${IQ_HOME}
# This is where we will store persistent data
VOLUME ${SONATYPE_WORK}
VOLUME ${LOGS_HOME}
# Expose the ports
EXPOSE 8070
EXPOSE 8071
# Wire up health check
HEALTHCHECK CMD curl --fail --silent --show-error http://localhost:8071/healthcheck || exit 1
# Change to nexus user
USER nexus
ENV JAVA_OPTS=" -Djava.util.prefs.userRoot=${SONATYPE_WORK}/javaprefs "
ENV SONATYPE_INTERNAL_HOST_SYSTEM=Docker
WORKDIR ${IQ_HOME}
CMD [ "sh", "./start.sh" ]