Skip to content

Adding support for production grade image in Dockerfile #180

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cendhu merged 18 commits into from
Jan 13, 2026
Merged

Adding support for production grade image in Dockerfile #180

cendhu merged 18 commits into from
Jan 13, 2026

Conversation

@anushka159-a
Copy link
Contributor

@anushka159-a anushka159-a commented Nov 19, 2025

I have modified the current Dockerfile to be able to generate a Production grade Docker Image based on UBI, the new Dockerfile follows the below good practices for Production.

Multi-stage build: keeps the final image small and clean.
Non-root execution: creates appuser (uid 10001) and runs the service as non-root.
Minimal runtime dependencies: no extra tools/packages installed (keeps attack surface small).
Metadata labels: provides traceability (name, version, maintainer, vendor, etc.).
Deterministic build: dependencies are pulled in the build stage, final image only has the binary.
Absolute path: in ENTRYPOINT: safer for production.

@cendhu cendhu requested a review from pasquale95 November 21, 2025 10:32
@pasquale95
Copy link
Contributor

pasquale95 commented Dec 17, 2025

@anushka159-a please enhance the Dockerfile and .dockerignore files to follow the guidelines we discussed during our sync.

@pasquale95
Copy link
Contributor

pasquale95 commented Dec 23, 2025
edited
Loading

@cendhu I've updated the PR with some improvements. I have a couple of questions:

  • the Docker README is outdated and technically not necessary anymore since it refers to internal IBM procedures. Should we remove it with this PR?
  • the docker-compose is also outdated as it refers to when the images were splitted. I suggest to either remove or update it. If you're ok with removing it, i can do it with this PR.
  • I see in many code places that by default the version 0.0.2 is referred. Is this intended or should they point always to the latest?

pasquale95
pasquale95 previously approved these changes Dec 23, 2025
View reviewed changes
Copy link
Contributor

@pasquale95 pasquale95 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGMT
Not true. Pipeline failed.

@pasquale95 pasquale95 self-requested a review December 23, 2025 08:11
@pasquale95 pasquale95 dismissed their stale review December 23, 2025 08:12

Pipeline failing on new prod-ready images.

pasquale95
pasquale95 approved these changes Dec 23, 2025
View reviewed changes
Copy link
Contributor

@pasquale95 pasquale95 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@pasquale95 pasquale95 requested a review from cendhu January 6, 2026 10:21
cendhu
cendhu reviewed Jan 7, 2026
View reviewed changes
@cendhu cendhu merged commit 5463682 into hyperledger:main Jan 13, 2026
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pasquale95 pasquale95 pasquale95 approved these changes

@cendhu cendhu cendhu approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@anushka159-a @pasquale95 @cendhu