From 3027b6b5973a6aeed1b5a59449208c2436c9db3b Mon Sep 17 00:00:00 2001 From: nscuro Date: Fri, 18 Feb 2022 11:27:32 +0100 Subject: [PATCH 1/4] Fix container image health check `wget` does not come preinstalled on Debian slim. Additionally, the syntax of disabling proxies differs from the `wget` provided by Alpine vs. Debian. Signed-off-by: nscuro --- src/main/docker/Dockerfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile index 09564f3c56..fa22c5b0bf 100644 --- a/src/main/docker/Dockerfile +++ b/src/main/docker/Dockerfile @@ -2,6 +2,11 @@ FROM eclipse-temurin:11.0.14.1_1-jre-focal@sha256:246f0a07f7ba2c52b48d1879aa6f29 FROM debian:bullseye-20220125-slim@sha256:4c25ffa6ef572cf0d57da8c634769a08ae94529f7de5be5587ec8ce7b9b50f9c +# Install wget for healthcheck +RUN apt update \ + && apt install -y wget \ + && rm -rf /var/lib/apt/lists/* + # Arguments that can be passed at build time # Directory names must end with / to avoid errors when ADDing and COPYing ARG COMMIT_SHA @@ -55,7 +60,7 @@ CMD java ${JAVA_OPTIONS} -DdependencyTrack.logging.level=${LOGGING_LEVEL} -jar $ EXPOSE 8080 # Add a healthcheck using the Dependency-Track version API -HEALTHCHECK --interval=5m --timeout=3s CMD wget --proxy off -q -O /dev/null http://127.0.0.1:8080${CONTEXT}api/version || exit 1 +HEALTHCHECK --interval=5m --timeout=3s CMD wget --no-proxy -q -O /dev/null http://127.0.0.1:8080${CONTEXT}api/version || exit 1 # metadata labels LABEL \ From 773fb9c7ed7a44ee1e2311e95dbfc4c9268e5f48 Mon Sep 17 00:00:00 2001 From: nscuro Date: Fri, 18 Feb 2022 15:32:33 +0100 Subject: [PATCH 2/4] Apply review suggestion by @k3rnelpan1c-dev https://github.com/DependencyTrack/dependency-track/pull/1408#discussion_r810019198 Signed-off-by: nscuro --- src/main/docker/Dockerfile | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile index fa22c5b0bf..923bb76656 100644 --- a/src/main/docker/Dockerfile +++ b/src/main/docker/Dockerfile @@ -2,11 +2,6 @@ FROM eclipse-temurin:11.0.14.1_1-jre-focal@sha256:246f0a07f7ba2c52b48d1879aa6f29 FROM debian:bullseye-20220125-slim@sha256:4c25ffa6ef572cf0d57da8c634769a08ae94529f7de5be5587ec8ce7b9b50f9c -# Install wget for healthcheck -RUN apt update \ - && apt install -y wget \ - && rm -rf /var/lib/apt/lists/* - # Arguments that can be passed at build time # Directory names must end with / to avoid errors when ADDing and COPYing ARG COMMIT_SHA @@ -32,20 +27,26 @@ ENV TZ=Etc/UTC \ PATH="/opt/java/openjdk/bin:${PATH}" \ LANG=C.UTF-8 -COPY --from=jre-build /opt/java/openjdk $JAVA_HOME - -# Copy the compiled WAR to the application directory created above -# Automatically creates the $APP_DIR directory -COPY ./target/${WAR_FILENAME} ${APP_DIR} - -# Create the directory where Dependency-Track will store its data (${DATA_DIR}) and the external library directory (${EXTLIB_DIR}) +# Create the directories where the WAR will be deployed to (${APP_DIR}) and Dependency-Track will store its data (${DATA_DIR}) # Create a user and assign home directory to a ${DATA_DIR} # Ensure UID 1000 & GID 1000 own all the needed directories -RUN mkdir -p -m 770 ${DATA_DIR} \ +RUN mkdir -p -m 770 ${APP_DIR} \ + && mkdir -p -m 770 ${DATA_DIR} \ && addgroup --system --gid ${GID} dtrack || true \ && adduser --system --disabled-login --ingroup dtrack --no-create-home --home ${DATA_DIR} --gecos "dtrack user" --shell /bin/false --uid ${UID} dtrack || true \ && chown -R dtrack:0 ${DATA_DIR} ${APP_DIR} \ - && chmod -R g=u ${DATA_DIR} ${APP_DIR} + && chmod -R g=u ${DATA_DIR} ${APP_DIR} \ + \ + # Install wget for health check + && apt update \ + && DEBIAN_FRONTEND=noninteractive apt install -y wget \ + && rm -rf /var/lib/apt/lists/* + +# Copy JRE from temurin base image +COPY --from=jre-build /opt/java/openjdk $JAVA_HOME + +# Copy the compiled WAR to the application directory created above +COPY ./target/${WAR_FILENAME} ${APP_DIR} # Specify the user to run as (in numeric format for compatibility with Kubernetes/OpenShift's SCC) USER ${UID} From 95a541af7f1a1d5be461972f10be7b5aede423f9 Mon Sep 17 00:00:00 2001 From: Niklas Date: Fri, 18 Feb 2022 16:14:28 +0100 Subject: [PATCH 3/4] Make `apt` less noisy during `wget` installation Co-authored-by: K3rnelPan1c <69395733+k3rnelpan1c-dev@users.noreply.github.com> Signed-off-by: nscuro --- src/main/docker/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile index 923bb76656..f61ec404f4 100644 --- a/src/main/docker/Dockerfile +++ b/src/main/docker/Dockerfile @@ -38,8 +38,8 @@ RUN mkdir -p -m 770 ${APP_DIR} \ && chmod -R g=u ${DATA_DIR} ${APP_DIR} \ \ # Install wget for health check - && apt update \ - && DEBIAN_FRONTEND=noninteractive apt install -y wget \ + && apt-get -yqq update \ + && DEBIAN_FRONTEND=noninteractive apt-get install -yqq wget \ && rm -rf /var/lib/apt/lists/* # Copy JRE from temurin base image From beea401db3cec9c64374247c4be897aeda66417b Mon Sep 17 00:00:00 2001 From: nscuro Date: Fri, 18 Feb 2022 16:22:44 +0100 Subject: [PATCH 4/4] Fix codacy issue by simplifying `mkdir` command Signed-off-by: nscuro --- src/main/docker/Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile index f61ec404f4..b4cf2e2b20 100644 --- a/src/main/docker/Dockerfile +++ b/src/main/docker/Dockerfile @@ -30,8 +30,7 @@ ENV TZ=Etc/UTC \ # Create the directories where the WAR will be deployed to (${APP_DIR}) and Dependency-Track will store its data (${DATA_DIR}) # Create a user and assign home directory to a ${DATA_DIR} # Ensure UID 1000 & GID 1000 own all the needed directories -RUN mkdir -p -m 770 ${APP_DIR} \ - && mkdir -p -m 770 ${DATA_DIR} \ +RUN mkdir -p ${APP_DIR} ${DATA_DIR} \ && addgroup --system --gid ${GID} dtrack || true \ && adduser --system --disabled-login --ingroup dtrack --no-create-home --home ${DATA_DIR} --gecos "dtrack user" --shell /bin/false --uid ${UID} dtrack || true \ && chown -R dtrack:0 ${DATA_DIR} ${APP_DIR} \