mirror of
https://github.com/scm-manager/scm-manager.git
synced 2026-01-14 03:22:09 +01:00
e9f4022294
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE319-OPENSSL-7895536 - https://snyk.io/vuln/SNYK-ALPINE319-OPENSSL-7895536 - https://snyk.io/vuln/SNYK-ALPINE319-OPENSSL-8235202 - https://snyk.io/vuln/SNYK-ALPINE319-OPENSSL-8235202 Co-authored-by: snyk-bot<snyk-bot@snyk.io>
67 lines
2.0 KiB
Docker
67 lines
2.0 KiB
Docker
#
|
|
# Copyright (c) 2020 - present Cloudogu GmbH
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify it under
|
|
# the terms of the GNU Affero General Public License as published by the Free
|
|
# Software Foundation, version 3.
|
|
#
|
|
# This program is distributed in the hope that it will be useful, but WITHOUT
|
|
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
|
# details.
|
|
#
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
# along with this program. If not, see https://www.gnu.org/licenses/.
|
|
#
|
|
|
|
# Create minimal java version
|
|
FROM alpine:3.21.2 as jre-build
|
|
|
|
RUN set -x \
|
|
&& apk add --no-cache openjdk17-jdk openjdk17-jmods binutils \
|
|
&& jlink \
|
|
--add-modules ALL-MODULE-PATH \
|
|
--strip-debug \
|
|
--no-man-pages \
|
|
--no-header-files \
|
|
--compress=2 \
|
|
--output /javaruntime
|
|
|
|
|
|
# ---
|
|
|
|
# SCM-Manager runtime
|
|
FROM alpine:3.21.2 as runtime
|
|
|
|
ENV SCM_HOME /var/lib/scm
|
|
ENV CACHE_DIR /var/cache/scm/work
|
|
ENV JAVA_HOME /opt/java/openjdk
|
|
ENV PATH "${JAVA_HOME}/bin:${PATH}"
|
|
|
|
COPY --from=jre-build /javaruntime "${JAVA_HOME}"
|
|
COPY build/docker/etc /etc
|
|
COPY build/docker/opt /opt
|
|
|
|
RUN set -x \
|
|
# ttf-dejavu graphviz are required for the plantuml plugin
|
|
&& apk add --no-cache ttf-dejavu graphviz mercurial bash ca-certificates \
|
|
&& adduser -S -s /bin/false -h ${SCM_HOME} -D -H -u 1000 -G root scm \
|
|
&& mkdir -p ${SCM_HOME} ${CACHE_DIR} \
|
|
&& chmod +x /opt/scm-server/bin/scm-server \
|
|
# set permissions to group 0 for openshift compatibility
|
|
&& chown 1000:0 ${SCM_HOME} ${CACHE_DIR} \
|
|
&& chmod -R g=u ${SCM_HOME} ${CACHE_DIR}
|
|
|
|
USER 1000
|
|
|
|
WORKDIR "/opt/scm-server"
|
|
VOLUME ["${SCM_HOME}", "${CACHE_DIR}"]
|
|
EXPOSE 8080
|
|
|
|
# we us a high relative high start period,
|
|
# because the start time depends on the number of installed plugins
|
|
HEALTHCHECK --interval=30s --timeout=3s --start-period=30s --retries=3 \
|
|
CMD /opt/scm-server/bin/healthcheck || exit 1
|
|
|
|
ENTRYPOINT [ "/opt/scm-server/bin/scm-server" ]
|