Skip to content

Commit

Permalink
ARTEMIS-3042 Add docker multistage build
Browse files Browse the repository at this point in the history
This adds the possibility to create an artemis image with just the docker build command.
First the image is downloaded in an Eclipse Temurin installation and later transferred to an alpine image.
Thus, it ensures that only the relevant data is stored in alpine leading to a smaller attack surface.
  • Loading branch information
SamTV12345 committed Dec 7, 2022
1 parent eb11b04 commit 0dff428
Show file tree
Hide file tree
Showing 3 changed files with 93 additions and 4 deletions.
91 changes: 91 additions & 0 deletions artemis-docker/Dockerfile-alpine
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.

# ActiveMQ Artemis

ARG CURRENT_VERSION=2.17.0

FROM eclipse-temurin:11-jdk as builder
ARG CURRENT_VERSION

ENV VERSION=$CURRENT_VERSION

RUN apt update -y && apt upgrade -y && apt install tree curl -y

ADD ./prepare-docker.sh /bin/prepareDocker
WORKDIR /root/artemis-build
COPY ./Dockerfile-alpine .
COPY ./docker-run.sh .
RUN prepareDocker --from-release --artemis-version ${VERSION}


FROM alpine:latest

ARG CURRENT_VERSION

ENV VERSION=$CURRENT_VERSION

RUN apk --no-cache add openjdk17-jre-headless bash libaio\
--repository=http://dl-cdn.alpinelinux.org/alpine/edge/community


LABEL maintainer="Apache ActiveMQ Team"
# Make sure pipes are considered to determine success, see: https://github.com/hadolint/hadolint/wiki/DL4006
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
WORKDIR /opt

ENV ARTEMIS_USER artemis
ENV ARTEMIS_PASSWORD artemis
ENV ANONYMOUS_LOGIN false
ENV EXTRA_ARGS --http-host 0.0.0.0 --relax-jolokia

# add user and group for artemis
RUN addgroup -g 1001 artemis && adduser -u 1002 --ingroup artemis --disabled-password artemis

USER artemis

COPY --from=builder /root/artemis-build/_TMP_/artemis/${VERSION}/ /opt/activemq-artemis

# Web Server
EXPOSE 8161 \
# JMX Exporter
9404 \
# Port for CORE,MQTT,AMQP,HORNETQ,STOMP,OPENWIRE
61616 \
# Port for HORNETQ,STOMP
5445 \
# Port for AMQP
5672 \
# Port for MQTT
1883 \
#Port for STOMP
61613

USER root

RUN mkdir /var/lib/artemis-instance && chown -R artemis.artemis /var/lib/artemis-instance

COPY --from=builder /root/artemis-build/_TMP_/artemis/${VERSION}/docker/docker-run.sh /

USER artemis

# Expose some outstanding folders
VOLUME ["/var/lib/artemis-instance"]
WORKDIR /var/lib/artemis-instance

ENTRYPOINT ["/docker-run.sh"]
CMD ["run"]
4 changes: 1 addition & 3 deletions artemis-docker/docker-run.sh
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,4 @@ else
echo "broker already created, ignoring creation"
fi

exec ./bin/artemis "$@"


exec ./bin/artemis "$@"
2 changes: 1 addition & 1 deletion artemis-docker/prepare-docker.sh
Original file line number Diff line number Diff line change
Expand Up @@ -187,4 +187,4 @@ cp ./docker-run.sh "$ARTEMIS_DIST_DIR/docker"
echo "Docker file support files at:"
tree "$ARTEMIS_DIST_DIR/docker"

next_step
next_step

0 comments on commit 0dff428

Please sign in to comment.