feat: add docker images for genesis

.github/workflows/create-release.yaml

@@ -47,9 +47,40 @@ jobs:
           else
             echo "should_continue=true" >> $GITHUB_OUTPUT
           fi
+  build-sources:
+    needs: check-version
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '21'
+
+      - name: Clone BPM
+        uses: actions/checkout@master
+        with:
+          repository: InseeFr/BPM
+          path: bpm
+
+      - name: Build BPM
+        run: |
+          cd bpm
+          mvn clean install --no-transfer-progress
+          cd ..
+
+      - uses: actions/checkout@v4
+      - name: Build app
+        run: mvn package --no-transfer-progress
+
+      - name: Upload app jar
+        uses: actions/upload-artifact@v4
+        with:
+          name: app-jar
+          path: target/*.jar
 
   create-release:
-    needs: [ check-version ]
+    needs: [ check-version, build-sources ]
     if: needs.check-version.outputs.should_run_next_job == 'true'
     runs-on: ubuntu-latest
     steps:
@@ -80,3 +111,25 @@ jobs:
           body: ${{steps.changeLogContent.outputs.changes}}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  publish-docker:
+    needs: [ check-version, create-release ]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Download uploaded jar
+        uses: actions/download-artifact@v4
+        with:
+          name: app-jar
+          path: target/
+
+      - name: Publish to Docker Hub
+        uses: elgohr/Publish-Docker-Github-Action@v5
+        with:
+          name: inseefr/genesis-api
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          default_branch: ${{ github.ref }}
+          tags: ${{ needs.check-version.outputs.release-tag }}
+          workdir: .

.github/workflows/docker.yaml

@@ -0,0 +1,70 @@
+name: Build snapshot docker image
+
+on:
+  push:
+    branches-ignore:
+      - main
+
+jobs:
+  build-snapshot:
+    runs-on: ubuntu-latest
+    outputs:
+      branch: ${{ steps.extract_branch.outputs.branch }}
+    steps:
+      - name: Extract branch name
+        shell: bash
+        run: echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >>$GITHUB_OUTPUT
+        id: extract_branch
+
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ steps.extract_branch.outputs.branch }}
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          distribution: "temurin"
+          java-version: "21"
+
+      - name: Clone BPM
+        uses: actions/checkout@master
+        with:
+          repository: InseeFr/BPM
+          path: bpm
+
+      - name: Build BPM
+        run: |
+          cd bpm
+          mvn clean install --no-transfer-progress
+          cd ..
+
+      - name: Build API
+        run: mvn package --no-transfer-progress
+
+      - name: Upload API jar
+        uses: actions/upload-artifact@v4
+        with:
+          name: app-jar
+          path: target/*.jar
+
+  docker:
+    needs:
+      - build-snapshot
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Download uploaded jar
+        uses: actions/download-artifact@v4
+        with:
+          name: app-jar
+          path: target/
+
+      - name: Publish to Docker Hub
+        uses: elgohr/Publish-Docker-Github-Action@v5
+        with:
+          name: inseefr/genesis-api
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          tags: "snapshot-${{ needs.build-snapshot.outputs.branch }}"
+          workdir: .

Dockerfile

@@ -0,0 +1,20 @@
+FROM eclipse-temurin:21.0.5_11-jre-alpine
+
+ENV PATH_TO_JAR=/opt/app/app.jar
+WORKDIR /opt/app/
+COPY ./target/*.jar $PATH_TO_JAR
+
+ENV JAVA_TOOL_OPTIONS_DEFAULT \
+    -XX:MaxRAMPercentage=75
+
+# Setup a non-root user context (security)
+RUN addgroup -g 1000 tomcatgroup
+RUN adduser -D -s / -u 1000 tomcatuser -G tomcatgroup
+RUN mkdir /opt/app/temp-files
+RUN chown -R 1000:1000 /opt/app
+
+USER 1000
+
+ENTRYPOINT [ "/bin/sh", "-c", \
+    "export JAVA_TOOL_OPTIONS=\"$JAVA_TOOL_OPTIONS_DEFAULT $JAVA_TOOL_OPTIONS\"; \
+    exec java -jar $PATH_TO_JAR" ]