-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
49 lines (36 loc) · 1.15 KB
/
Dockerfile
File metadata and controls
49 lines (36 loc) · 1.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# Multi-stage build for minimal production image
FROM eclipse-temurin:25-jdk AS builder
WORKDIR /app
# Copy Maven wrapper and pom first (cache dependencies layer)
COPY mvnw .
COPY .mvn .mvn
COPY pom.xml .
# Fix line endings and make wrapper executable
RUN sed -i 's/\r$//' mvnw && chmod +x mvnw
# Download dependencies (cached layer)
RUN ./mvnw dependency:go-offline -B
# Copy source and build
COPY src src
RUN ./mvnw clean package -DskipTests -B
# --- Runtime stage ---
FROM eclipse-temurin:25-jre
# Security: run as non-root
RUN groupadd -r appuser && useradd -r -g appuser -d /app appuser
WORKDIR /app
# Copy the built jar
COPY --from=builder /app/target/*.jar app.jar
# Create temp directory for repo cloning
RUN mkdir -p /tmp/github-deep-audit && chown -R appuser:appuser /app /tmp/github-deep-audit
USER appuser
# Cloud Run uses PORT env var
ENV PORT=8080
EXPOSE 8080
# JVM flags optimized for containers
ENTRYPOINT ["java", \
"--enable-preview", \
"-XX:+UseContainerSupport", \
"-XX:MaxRAMPercentage=75.0", \
"-XX:+UseG1GC", \
"-Djava.security.egd=file:/dev/./urandom", \
"-jar", "app.jar", \
"--spring.profiles.active=prod"]