From c3a0c7a63f4f95217d904723b87ae0431a6e319b Mon Sep 17 00:00:00 2001
From: "A.J. Stein" <aj@gsa.gov>
Date: Tue, 8 Oct 2024 20:54:01 -0400
Subject: [PATCH] Complete Dockerfile for #22

This supports "inside container" builds and outside container builds to
hard-code as the default for GitHub Actions to follow in the GHA
workflow YAML definition because that will not require repeat builds of
the container in the pipeline.
---
 Dockerfile | 49 ++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 38 insertions(+), 11 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index dce5fc7..3e51fe3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,23 +1,50 @@
 ARG BUILDER_IMAGE=maven:3.9.9-eclipse-temurin-17-alpine
 ARG RUNNER_IMAGE=eclipse-temurin:17-alpine
-ARG CONTAINER_BUILD=yes
 
 FROM ${BUILDER_IMAGE} as builder
-ARG CONTAINER_BUILD
+ARG BUILDER_JDK_VENDOR=temurin
+ARG BUILDER_JDK_MAJOR_VERSION=17
+ARG BUILDER_JDK_HOME_PATH=/opt/java/openjdk
 COPY . /usr/local/src
-RUN if [ -n "$CONTAINER_BUILD" ]; \
-    then apk add --no-cache git unzip && \
-    cd /usr/local/src && \
-    mvn -B -e -Prelease package; \
-    else echo Building on host outside container to copy later; \
-    fi && \
-    cp target/*.zip /tmp
-COPY ./target/oscal-cli-enhanced-2.1.0-SNAPSHOT-oscal-cli.zip /tmp
+RUN if [ "$CONTAINER_BUILD"="yes" ]; \
+    then mkdir -p "/root/.m2"; \
+    else \
+        echo Building on host outside container to copy later; \
+    fi
+COPY  <<M2TEMPLATE /root/.m2/toolchains.xml
+<?xml version="1.0" encoding="UTF-8"?>
+<toolchains>
+    <toolchain>
+    <type>jdk</type>
+    <provides>
+        <version>${BUILDER_JDK_MAJOR_VERSION}</version>
+        <vendor>${BUILDER_JDK_VENDOR}</vendor>
+        <id>${BUILDER_JDK_VENDOR}_${BUILDER_JDK_MAJOR_VERSION}</id>
+    </provides>
+    <configuration>
+        <jdkHome>${BUILDER_JDK_HOME_PATH}</jdkHome>
+    </configuration>
+    </toolchain>
+</toolchains>
+M2TEMPLATE
+RUN if [ "$CONTAINER_BUILD"="yes" ]; \
+    then \
+        apk add --no-cache git unzip && \
+        cd /usr/local/src && \
+        mvn -B -e -Prelease package && \
+        cp ./target/*.zip /tmp ; \
+    else \
+        echo Building on host outside container to copy later; \
+    fi
+
+# Conditional source to prevent failed check for pre-built zip when CONTAINER_BUILD=no
+# https://stackoverflow.com/a/46801962
+COPY pom.xml ./target/*.zi[p] /tmp
 WORKDIR /tmp
 RUN unzip *.zip -d /opt/oscal-cli-extended
 
-
 FROM ${RUNNER_IMAGE} as runner
 COPY --from=builder /opt/oscal-cli-extended /opt/oscal-cli-extended
 WORKDIR /opt/oscal-cli-extended
+RUN /opt/oscal-cli-extended/bin/oscal-cli --version
 ENTRYPOINT [ "/opt/oscal-cli-extended/bin/oscal-cli" ]