Merge pull request #133 from hackcoderr/non-root-img

Make Non-root docker image for cat server

docker-compose.yml

@@ -7,7 +7,7 @@ networks:
 services:
 
   cat:
-    image: ghcr.io/datakaveri/cat-prod:latest
+    image: iudx/cat-prod:latest
     environment:
       - CAT_URL=https://catalogue.iudx.org.in
       - LOG_LEVEL=INFO
@@ -31,7 +31,7 @@ services:
     command: bash -c "exec java $$CAT_JAVA_OPTS  -Dvertx.logger-delegate-factory-class-name=io.vertx.core.logging.Log4j2LogDelegateFactory -jar ./fatjar.jar  --host $$(hostname) -c configs/config.json"
 
   dev:
-    image: ghcr.io/datakaveri/cat-dev:latest
+    image: iudx/cat-dev:latest
     environment:
       - CAT_URL=https://catalogue.iudx.org.in
       - LOG_LEVEL=INFO

docker/build-push.sh

@@ -6,8 +6,8 @@ COMMIT_ID=`git log -1 --pretty=%h` # last commit-id in short form
 
 # To be executed from project root
 
-docker build -t dockerhub.iudx.io/iudx/cat-prod:$MAJOR_RELEASE.$MINOR_RELEASE-$COMMIT_ID -f docker/prod.dockerfile . && \
-docker push dockerhub.iudx.io/iudx/cat-prod:$MAJOR_RELEASE.$MINOR_RELEASE-$COMMIT_ID
+docker build -t ghcr.io/datakaveri/cat-prod:$MAJOR_RELEASE.$MINOR_RELEASE-$COMMIT_ID -f docker/prod.dockerfile . && \
+docker push ghcr.io/datakaveri/cat-prod:$MAJOR_RELEASE.$MINOR_RELEASE-$COMMIT_ID
 
-docker build -t dockerhub.iudx.io/iudx/cat-dev:$MAJOR_RELEASE.$MINOR_RELEASE-$COMMIT_ID -f docker/dev.dockerfile . && \
-docker push dockerhub.iudx.io/iudx/cat-dev:$MAJOR_RELEASE.$MINOR_RELEASE-$COMMIT_ID
+docker build -t ghcr.io/datakaveri/cat-dev:$MAJOR_RELEASE.$MINOR_RELEASE-$COMMIT_ID -f docker/dev.dockerfile . && \
+docker push ghcr.io/datakaveri/cat-dev:$MAJOR_RELEASE.$MINOR_RELEASE-$COMMIT_ID

docker/dev.dockerfile

@@ -1,24 +1,30 @@
 ARG VERSION="0.0.1-SNAPSHOT"
 
-FROM maven:3-openjdk-11-slim as dependencies
+# Using maven base image in builder stage to build Java code
+FROM maven:3-openjdk-11-slim as builder
 
 WORKDIR /usr/share/app
 COPY pom.xml .
+# Downloads all packages defined in pom.xml
 RUN mvn clean package
-
-FROM dependencies as builder
-
-WORKDIR /usr/share/app
-COPY pom.xml .
 COPY src src
+# Build the source code to generate the fatjar
 RUN mvn clean package -Dmaven.test.skip=true
 
-
+# Java Runtime as the base for final image
 FROM openjdk:11-jre-slim-buster
 
 ARG VERSION
 ENV JAR="iudx.catalogue.server-dev-${VERSION}-fat.jar"
 
 WORKDIR /usr/share/app
+# Copying openapi docs 
 COPY docs docs
+# Copying dev fatjar from builder stage to final image
 COPY --from=builder /usr/share/app/target/${JAR} ./fatjar.jar
+EXPOSE 8080
+EXPOSE 8443
+# Creating a non-root user
+RUN useradd -r -u 1001 -g root catuser
+# Setting non-root user to use when container starts
+USER catuser

docker/prod.dockerfile

@@ -1,24 +1,34 @@
 ARG VERSION="0.0.1-SNAPSHOT"
 
-FROM maven:3-openjdk-11-slim as dependencies
+# Maven base image for building the java code
+FROM maven:3-openjdk-11-slim as builder
 
 WORKDIR /usr/share/app
 COPY pom.xml .
+# Downloads packages defined in pom.xml
 RUN mvn clean package
-
-FROM dependencies as builder
-
-WORKDIR /usr/share/app
-COPY pom.xml .
 COPY src src
+# Build the source code to generate fat jar
 RUN mvn clean package -Dmaven.test.skip=true
 
-
+# Java runtime as final base image
 FROM openjdk:11-jre-slim-buster
 
 ARG VERSION
 ENV JAR="iudx.catalogue.server-cluster-${VERSION}-fat.jar"
 
 WORKDIR /usr/share/app
+# Copying openapi docs 
 COPY docs docs
+# Copying cluster fatjar from builder image stage to final image 
 COPY --from=builder /usr/share/app/target/${JAR} ./fatjar.jar
+# HTTP cat server port
+EXPOSE 8080
+# HTTPS cat server port
+EXPOSE 8443
+# Metrics http server port
+EXPOSE 9000 
+# creating a non-root user
+RUN useradd -r -u 1001 -g root catuser
+# Setting non-root user to use when container starts
+USER catuser