openliberty.io/docker/certifications/Dockerfile.certifications.draft at 7c88a2557a781f88fb11b5faf47f5c23d58a698e · OpenLiberty/openliberty.io · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
#
#
#
FROM icr.io/continuous-delivery/pipeline/pipeline-base-image:2.6 as jekyll
SHELL ["/bin/bash", "-c"]

COPY gems /gems
COPY robots.txt /

COPY src /src
COPY scripts /scripts

RUN apt-get update && \
    apt-get -y install curl git python3 python3-bs4 python3-lxml \
    libgdbm-dev libncurses5-dev automake libtool bison libffi-dev

# Upgrade the git manually to mitigate risk from CVE-2022-41903, CVE-2022-23521, CVE-2022-41953
RUN add-apt-repository -y ppa:git-core/ppa && \
    apt-get update && \
    apt-get install git -y && \
    git --version

ENV BUILD_SCRIPTS_DIR /scripts/build

ENV NOT_PROD_SITE=true
ENV CERTS_DRAFT_SITE=true

RUN $BUILD_SCRIPTS_DIR/jekyll.sh

#
#
#
FROM icr.io/appcafe/open-liberty-devfile-stack:22.0.0.1 as war

COPY mvnw /
COPY .mvn /.mvn
COPY pom.xml /
COPY --from=jekyll --chown=1001:0 /src /src
COPY --from=jekyll --chown=1001:0 /target /target
RUN ./mvnw -B -Dhttps.protocols=TLSv1.2 compile war:exploded

#
#
#
FROM icr.io/appcafe/open-liberty:25.0.0.5-kernel-slim-java8-openj9-ubi as runtime
ENV SEC_TLS_TRUSTDEFAULTCERTS true

COPY --chown=1001:0 src/main/wlp/server.xml /config/server.xml

# This script will add the requested XML snippets to enable Liberty features and grow image to be fit-for-purpose
# using featureUtility.
# Only available in 'kernel-slim'. The 'full' tag already includes all features for convenience.
RUN features.sh

COPY --from=war --chown=1001:0 target/openliberty-website-1.0-SNAPSHOT /config/apps/openliberty.war

# This script will add the requested server configurations, apply any interim fixes and populate caches to
# optimize runtime
RUN configure.sh