Dockerfile.wolfi

# Build stage
FROM docker.elastic.co/wolfi/jdk:openjdk-21.35-r1-dev@sha256:d7ca36452a68f28e4c4683062241e817b548844820a0ffd087451214e61eb188 AS builder
USER root

# ------------------------------------------------------------------------------
# we need curl and make for building
RUN apk update && apk add --no-cache libcurl-openssl4=~8.12.1 curl=~8.12.1 make

# ------------------------------------------------------------------------------
# jruby install steps below have been adapted from:
# https://github.com/jruby/docker-jruby/blob/f325c86e2c2ca0bbe82f64c0aded0719372507fa/9.4/jdk21/Dockerfile

ENV JRUBY_VERSION=9.4.12.0
ENV JRUBY_SHA256=05c5d203d6990c92671cc42f57d2fa1c1083bbfd16fa7023dc5848cdb8f0aa2e
RUN mkdir /opt/jruby \
  && curl -fSL https://repo1.maven.org/maven2/org/jruby/jruby-dist/${JRUBY_VERSION}/jruby-dist-${JRUBY_VERSION}-bin.tar.gz -o /tmp/jruby.tar.gz \
  && echo "$JRUBY_SHA256 /tmp/jruby.tar.gz" | sha256sum -c - \
  && tar -zx --strip-components=1 -f /tmp/jruby.tar.gz -C /opt/jruby \
  && rm /tmp/jruby.tar.gz
RUN mkdir -p /usr/local/bin && ln -s /opt/jruby/bin/jruby /usr/local/bin/ruby
ENV PATH=/opt/jruby/bin:$PATH

# skip installing gem documentation
RUN mkdir -p /opt/jruby/etc \
       && { \
               echo 'install: --no-document'; \
               echo 'update: --no-document'; \
       } >> /opt/jruby/etc/gemrc

RUN gem install bundler rake net-telnet xmlrpc

# don't create ".bundle" in all our apps
ENV GEM_HOME=/usr/local/bundle
ENV BUNDLE_SILENCE_ROOT_WARNING=1 \
    BUNDLE_APP_CONFIG="$GEM_HOME"
ENV PATH=$GEM_HOME/bin:$PATH

# adjust permissions of a few directories for running "gem install" as an arbitrary user
RUN mkdir -p "$GEM_HOME" && chmod 777 "$GEM_HOME"

# ------------------------------------------------------------------------------
# install the application

# java is the base image's default user
COPY --chown=java:java --chmod=775 . /home/app
WORKDIR /home/app

# skip jenv/rbenv setup
ENV IS_DOCKER=1

RUN make clean install
# add more directories and files not to be copied to the runtime image from /home/app
RUN rm -rf .git .github .idea .devcontainer .buildkite

# Create custom JDK using jlink
RUN jlink \
    --add-modules java.base,jdk.crypto.ec,java.logging,java.management,java.naming,java.net.http,java.scripting,java.security.jgss,java.security.sasl,java.sql,jdk.unsupported \
    --strip-debug \
    --no-man-pages \
    --no-header-files \
    --compress=zip-6 \
    --output /opt/jdk-crawler

# ------------------------------------------------------------------------------
# Runtime stage - using wolfi-base
FROM docker.elastic.co/wolfi/chainguard-base:latest@sha256:1235a5eee51eb21cd63b0dec7d65c439119c4a6020c0d2d86dc1bf3e41797568

USER root

# Create java user and install runtime dependencies
RUN addgroup -g 1000 java && adduser -u 1000 -G java -s /bin/bash -D java && \
    apk update && apk add --no-cache libcurl-openssl4=~8.12.1 git=~2.50.1-r1 bash=~5.3.0

# Set environment variables
ENV JAVA_HOME=/opt/jdk-crawler \
    PATH=/opt/jdk-crawler/bin:/opt/jruby/bin:/usr/local/bundle/bin:$PATH \
    GEM_HOME=/usr/local/bundle \
    BUNDLE_SILENCE_ROOT_WARNING=1 \
    BUNDLE_APP_CONFIG=/usr/local/bundle \
    IS_DOCKER=1

# Copy custom JDK, JRuby, gem environment, and application from builder
COPY --from=builder /opt/jdk-crawler /opt/jdk-crawler
COPY --from=builder /opt/jruby /opt/jruby
COPY --from=builder /usr/local/bundle /usr/local/bundle
COPY --from=builder --chown=java:java /home/app /home/app

# Create Ruby symlink
RUN mkdir -p /usr/local/bin && ln -s /opt/jruby/bin/jruby /usr/local/bin/ruby

WORKDIR /home/app

# switch to the base image's default user when running the application
USER java

# Set the entrypoint to bash and default command to run the crawler
ENTRYPOINT [ "/bin/bash" ]