Skip to content

Commit dd57309

Browse files
sarahchen6sarahchen6
committed
Re-order installation
1 parent 39156b9 commit dd57309

File tree

1 file changed

+66
-65
lines changed

1 file changed

+66
-65
lines changed

Dockerfile

Lines changed: 66 additions & 65 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,35 @@ FROM eclipse-temurin:${LATEST_VERSION}-jdk-noble AS temurin-latest
77
FROM ubuntu:24.04 AS all-jdk
88
ARG LATEST_VERSION
99

10+
RUN <<-EOT
11+
set -eux
12+
apt-get update
13+
apt-get install -y sudo
14+
groupadd --gid 1001 non-root-group
15+
useradd --uid 1001 --gid non-root-group -m non-root-user
16+
echo "non-root-user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/non-root-user
17+
chmod 0440 /etc/sudoers.d/non-root-user
18+
mkdir -p /home/non-root-user/.config
19+
chown -R non-root-user:non-root-group /home/non-root-user/.config
20+
sudo apt-get clean
21+
sudo rm -rf /var/lib/apt/lists/*
22+
EOT
23+
24+
USER non-root-user
25+
WORKDIR /home/non-root-user
26+
27+
RUN <<-EOT
28+
set -eux
29+
sudo apt-get update
30+
sudo apt-get install -y curl tar apt-transport-https ca-certificates gnupg locales jq git gh
31+
sudo locale-gen en_US.UTF-8
32+
sudo git config --system --add safe.directory "*"
33+
sudo apt-get clean
34+
sudo rm -rf /var/lib/apt/lists/*
35+
EOT
36+
37+
ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
38+
1039
COPY --from=eclipse-temurin:8-jdk-jammy /opt/java/openjdk /usr/lib/jvm/8
1140
COPY --from=eclipse-temurin:11-jdk-jammy /opt/java/openjdk /usr/lib/jvm/11
1241
COPY --from=eclipse-temurin:17-jdk-jammy /opt/java/openjdk /usr/lib/jvm/17
@@ -26,58 +55,38 @@ COPY --from=ibm-semeru-runtimes:open-17-jdk-jammy /opt/java/openjdk /usr/lib/jvm
2655
COPY --from=ghcr.io/graalvm/native-image-community:17-ol9 /usr/lib64/graalvm/graalvm-community-java17 /usr/lib/jvm/graalvm17
2756
COPY --from=ghcr.io/graalvm/native-image-community:21-ol9 /usr/lib64/graalvm/graalvm-community-java21 /usr/lib/jvm/graalvm21
2857

29-
RUN <<-EOT
30-
set -eux
31-
apt-get update
32-
apt-get install -y curl tar apt-transport-https ca-certificates gnupg locales jq git gh
33-
locale-gen en_US.UTF-8
34-
groupadd --gid 1001 non-root-group
35-
useradd --uid 1001 --gid non-root-group -m non-root-user
36-
mkdir -p /home/non-root-user/.config
37-
git config --system --add safe.directory '*'
38-
chown -R non-root-user:non-root-group /home/non-root-user/.config
39-
apt-get clean
40-
rm -rf /var/lib/apt/lists/*
41-
EOT
42-
43-
ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
44-
4558
# See: https://gist.github.com/wavezhang/ba8425f24a968ec9b2a8619d7c2d86a6
4659
RUN <<-EOT
4760
set -eux
48-
mkdir -p /usr/lib/jvm/oracle8
49-
curl -L --fail "https://javadl.oracle.com/webapps/download/AutoDL?BundleId=252034_8a1589aa0fe24566b4337beee47c2d29" | tar -xvzf - -C /usr/lib/jvm/oracle8 --strip-components 1
61+
sudo mkdir -p /usr/lib/jvm/oracle8
62+
sudo curl -L --fail "https://javadl.oracle.com/webapps/download/AutoDL?BundleId=252034_8a1589aa0fe24566b4337beee47c2d29" | sudo tar -xvzf - -C /usr/lib/jvm/oracle8 --strip-components 1
5063
EOT
5164

5265
# Install Ubuntu's OpenJDK 17 and fix broken symlinks:
5366
# some files in /usr/lib/jvm/ubuntu17 are symlinks to /etc/java-17-openjdk/, so we just copy all symlinks targets.
5467
RUN <<-EOT
5568
set -eux
56-
apt-get update
57-
apt-get install -y openjdk-17-jdk
58-
mv /usr/lib/jvm/java-17-openjdk-amd64 /usr/lib/jvm/ubuntu17
59-
mkdir -p /usr/lib/jvm/ubuntu17/conf/ /usr/lib/jvm/ubuntu17/lib/
60-
cp -rf --remove-destination /etc/java-17-openjdk/* /usr/lib/jvm/ubuntu17/conf/
61-
cp -rf --remove-destination /etc/java-17-openjdk/* /usr/lib/jvm/ubuntu17/lib/
62-
cp -f --remove-destination /etc/java-17-openjdk/jvm-amd64.cfg /usr/lib/jvm/ubuntu17/lib/
63-
apt-get clean
64-
rm -rf /var/lib/apt/lists/*
69+
sudo apt-get update
70+
sudo apt-get install -y openjdk-17-jdk
71+
sudo mv /usr/lib/jvm/java-17-openjdk-amd64 /usr/lib/jvm/ubuntu17
72+
sudo mkdir -p /usr/lib/jvm/ubuntu17/conf/ /usr/lib/jvm/ubuntu17/lib/
73+
sudo cp -rf --remove-destination /etc/java-17-openjdk/* /usr/lib/jvm/ubuntu17/conf/
74+
sudo cp -rf --remove-destination /etc/java-17-openjdk/* /usr/lib/jvm/ubuntu17/lib/
75+
sudo cp -f --remove-destination /etc/java-17-openjdk/jvm-amd64.cfg /usr/lib/jvm/ubuntu17/lib/
76+
sudo apt-get clean
77+
sudo rm -rf /var/lib/apt/lists/*
6578
EOT
6679

6780
# Remove cruft from JDKs that is not used in the build process.
6881
RUN <<-EOT
69-
rm -rf \
82+
sudo rm -rf \
7083
/usr/lib/jvm/*/man \
7184
/usr/lib/jvm/*/lib/src.zip \
7285
/usr/lib/jvm/*/demo \
7386
/usr/lib/jvm/*/sample \
7487
/usr/lib/jvm/graalvm*/lib/installer
7588
EOT
7689

77-
# Switch to non-root user during runtime for security
78-
USER non-root-user
79-
WORKDIR /home/non-root-user
80-
8190
FROM scratch AS default-jdk
8291
ARG LATEST_VERSION
8392

@@ -99,35 +108,33 @@ LABEL org.opencontainers.image.source=https://github.com/DataDog/dd-trace-java-d
99108
RUN <<-EOT
100109
set -eux
101110
apt-get update
102-
apt-get install -y curl tar apt-transport-https ca-certificates gnupg \
103-
socat less debian-goodies autossh ca-certificates-java python3-pip locales jq git gh
104-
locale-gen en_US.UTF-8
111+
apt-get install -y sudo
105112
groupadd --gid 1001 non-root-group
106113
useradd --uid 1001 --gid non-root-group -m non-root-user
114+
echo "non-root-user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/non-root-user
115+
chmod 0440 /etc/sudoers.d/non-root-user
107116
mkdir -p /home/non-root-user/.config
108-
git config --system --add safe.directory '*'
109117
chown -R non-root-user:non-root-group /home/non-root-user/.config
110-
apt-get clean
111-
rm -rf /var/lib/apt/lists/*
112-
mkdir -p /usr/local/lib/docker/cli-plugins /usr/local/bin
118+
sudo apt-get clean
119+
sudo rm -rf /var/lib/apt/lists/*
113120
EOT
114121

115-
ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
122+
USER non-root-user
123+
WORKDIR /home/non-root-user
116124

117-
# Install Docker Compose plugin and yq YAML processor
118125
RUN <<-EOT
119-
set -eu
120-
dockerPluginDir=/usr/local/lib/docker/cli-plugins
121-
curl -sSL "https://github.com/docker/compose/releases/latest/download/docker-compose-linux-$(uname -m)" -o $dockerPluginDir/docker-compose
122-
chmod +x $dockerPluginDir/docker-compose
123-
update-alternatives --remove docker-compose /usr/local/bin/compose-switch
124-
rm -f /usr/local/bin/compose-switch
125-
curl -sSL "https://github.com/mikefarah/yq/releases/latest/download/yq_linux_$(dpkg --print-architecture).tar.gz" | tar -xz -C /usr/local/bin --wildcards --no-anchored 'yq_linux_*'
126-
YQ_PATH=$(find /usr/local/bin -name 'yq_linux_*')
127-
mv "$YQ_PATH" /usr/local/bin/yq
128-
chown root:root /usr/local/bin/yq
126+
set -eux
127+
sudo apt-get update
128+
sudo apt-get install -y curl tar apt-transport-https ca-certificates gnupg socat less debian-goodies autossh ca-certificates-java python3-pip locales jq git gh
129+
sudo locale-gen en_US.UTF-8
130+
sudo git config --system --add safe.directory "*"
131+
sudo mkdir -p /usr/local/lib/docker/cli-plugins /usr/local/bin
132+
sudo apt-get clean
133+
sudo rm -rf /var/lib/apt/lists/*
129134
EOT
130135

136+
ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
137+
131138
COPY --from=default-jdk /usr/lib/jvm /usr/lib/jvm
132139

133140
COPY autoforward.py /usr/local/bin/autoforward
@@ -138,20 +145,16 @@ COPY autoforward.py /usr/local/bin/autoforward
138145
# - datadog-ci: Datadog CI tool
139146
RUN <<-EOT
140147
set -eux
141-
apt-get update
142-
pip3 install --break-system-packages awscli requests requests-unixsocket2
143-
pip3 cache purge
144-
chmod +x /usr/local/bin/autoforward
145-
curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
146-
chmod +x /usr/local/bin/datadog-ci
147-
apt-get clean
148-
rm -rf /var/lib/apt/lists/*
148+
sudo apt-get update
149+
sudo pip3 install --break-system-packages awscli requests requests-unixsocket2
150+
sudo pip3 cache purge
151+
sudo chmod +x /usr/local/bin/autoforward
152+
sudo curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
153+
sudo chmod +x /usr/local/bin/datadog-ci
154+
sudo apt-get clean
155+
sudo rm -rf /var/lib/apt/lists/*
149156
EOT
150157

151-
# Switch to non-root user during runtime for security
152-
USER non-root-user
153-
WORKDIR /home/non-root-user
154-
155158
# IBM specific env variables
156159
ENV IBM_JAVA_OPTIONS="-XX:+UseContainerSupport"
157160

@@ -177,7 +180,6 @@ COPY --from=all-jdk /usr/lib/jvm/${VARIANT_LOWER} /usr/lib/jvm/${VARIANT_LOWER}
177180
ENV JAVA_${VARIANT_UPPER}_HOME=/usr/lib/jvm/${VARIANT_LOWER}
178181
ENV JAVA_${VARIANT_LOWER}_HOME=/usr/lib/jvm/${VARIANT_LOWER}
179182

180-
# Switch to non-root user during runtime for security
181183
USER non-root-user
182184
WORKDIR /home/non-root-user
183185

@@ -196,7 +198,6 @@ COPY --from=all-jdk /usr/lib/jvm/ubuntu17 /usr/lib/jvm/ubuntu17
196198
COPY --from=all-jdk /usr/lib/jvm/graalvm17 /usr/lib/jvm/graalvm17
197199
COPY --from=all-jdk /usr/lib/jvm/graalvm21 /usr/lib/jvm/graalvm21
198200

199-
# Switch to non-root user during runtime for security
200201
USER non-root-user
201202
WORKDIR /home/non-root-user
202203

0 commit comments

Comments
 (0)