forked from metaschema-framework/oscal-cli
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Complete Dockerfile for metaschema-framework#22
This supports "inside container" builds and outside container builds to hard-code as the default for GitHub Actions to follow in the GHA workflow YAML definition because that will not require repeat builds of the container in the pipeline.
- Loading branch information
1 parent
889aeaa
commit f0a3e53
Showing
1 changed file
with
43 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,23 +1,54 @@ | ||
ARG BUILDER_IMAGE=maven:3.9.9-eclipse-temurin-17-alpine | ||
ARG RUNNER_IMAGE=eclipse-temurin:17-alpine | ||
ARG CONTAINER_BUILD=yes | ||
# Not set by default, so it will build in container locally. See the GitHub | ||
# Actions build.yml where build-arg is provider to override and build inside | ||
# the container. | ||
ARG USE_PREBUILT_ZIP | ||
|
||
FROM ${BUILDER_IMAGE} as builder | ||
ARG CONTAINER_BUILD | ||
COPY . /usr/local/src | ||
RUN if [ -n "$CONTAINER_BUILD" ]; \ | ||
then apk add --no-cache git unzip && \ | ||
cd /usr/local/src && \ | ||
mvn -B -e -Prelease package; \ | ||
else echo Building on host outside container to copy later; \ | ||
fi && \ | ||
cp target/*.zip /tmp | ||
COPY ./target/oscal-cli-enhanced-2.1.0-SNAPSHOT-oscal-cli.zip /tmp | ||
ARG USE_PREBUILT_ZIP | ||
ARG BUILDER_JDK_VENDOR=temurin | ||
ARG BUILDER_JDK_MAJOR_VERSION=17 | ||
ARG BUILDER_JDK_HOME_PATH=/opt/java/openjdk | ||
ADD . /usr/local/src | ||
# You can't copy conditionally for a folder that doesn't exist. | ||
# Make the build boostrap files regardless. | ||
RUN mkdir -p "/root/.m2" | ||
COPY <<M2TEMPLATE /root/.m2/toolchains.xml | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<toolchains> | ||
<toolchain> | ||
<type>jdk</type> | ||
<provides> | ||
<version>${BUILDER_JDK_MAJOR_VERSION}</version> | ||
<vendor>${BUILDER_JDK_VENDOR}</vendor> | ||
<id>${BUILDER_JDK_VENDOR}_${BUILDER_JDK_MAJOR_VERSION}</id> | ||
</provides> | ||
<configuration> | ||
<jdkHome>${BUILDER_JDK_HOME_PATH}</jdkHome> | ||
</configuration> | ||
</toolchain> | ||
</toolchains> | ||
M2TEMPLATE | ||
RUN if [[ -z "$USE_PREBUILT_ZIP" ]]; then \ | ||
apk add --no-cache git unzip && \ | ||
cd /usr/local/src && \ | ||
mvn -B -e -Prelease package && \ | ||
cp ./target/*.zip /tmp; \ | ||
else \ | ||
echo "Using prebuilt ZIP archive from outside container"; \ | ||
fi | ||
|
||
# Conditional source to prevent failed check for pre-built zip when the variable | ||
# USE_PREBUILT_ZIP is set. See the following: | ||
# https://stackoverflow.com/a/43656644 | ||
# https://stackoverflow.com/a/46801962 | ||
COPY pom.xml ./target/*.zi[p] /tmp | ||
WORKDIR /tmp | ||
RUN unzip *.zip -d /opt/oscal-cli-extended | ||
|
||
|
||
FROM ${RUNNER_IMAGE} as runner | ||
COPY --from=builder /opt/oscal-cli-extended /opt/oscal-cli-extended | ||
WORKDIR /opt/oscal-cli-extended | ||
RUN /opt/oscal-cli-extended/bin/oscal-cli --version | ||
ENTRYPOINT [ "/opt/oscal-cli-extended/bin/oscal-cli" ] |