Complete Dockerfile for metaschema-framework#22

This supports "inside container" builds and outside container builds to hard-code as the default for GitHub Actions to follow in the GHA workflow YAML definition because that will not require repeat builds of the container in the pipeline.
aj-stein-gsa · Oct 9, 2024 · 797a15d · 797a15d
1 parent 889aeaa
commit 797a15d
Showing 1 changed file with 39 additions and 12 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,23 +1,50 @@
 ARG BUILDER_IMAGE=maven:3.9.9-eclipse-temurin-17-alpine
 ARG RUNNER_IMAGE=eclipse-temurin:17-alpine
-ARG CONTAINER_BUILD=yes
 
 FROM ${BUILDER_IMAGE} as builder
-ARG CONTAINER_BUILD
-COPY . /usr/local/src
-RUN if [ -n "$CONTAINER_BUILD" ]; \
-    then apk add --no-cache git unzip && \
-    cd /usr/local/src && \
-    mvn -B -e -Prelease package; \
-    else echo Building on host outside container to copy later; \
-    fi && \
-    cp target/*.zip /tmp
-COPY ./target/oscal-cli-enhanced-2.1.0-SNAPSHOT-oscal-cli.zip /tmp
+ARG BUILDER_JDK_VENDOR=temurin
+ARG BUILDER_JDK_MAJOR_VERSION=17
+ARG BUILDER_JDK_HOME_PATH=/opt/java/openjdk
+ADD . /usr/local/src
+RUN if [ "$CONTAINER_BUILD"="yes" ]; \
+    then mkdir -p "/root/.m2"; \
+    else \
+        echo Building on host outside container to copy later; \
+    fi
+COPY  <<M2TEMPLATE /root/.m2/toolchains.xml
+<?xml version="1.0" encoding="UTF-8"?>
+<toolchains>
+    <toolchain>
+    <type>jdk</type>
+    <provides>
+        <version>${BUILDER_JDK_MAJOR_VERSION}</version>
+        <vendor>${BUILDER_JDK_VENDOR}</vendor>
+        <id>${BUILDER_JDK_VENDOR}_${BUILDER_JDK_MAJOR_VERSION}</id>
+    </provides>
+    <configuration>
+        <jdkHome>${BUILDER_JDK_HOME_PATH}</jdkHome>
+    </configuration>
+    </toolchain>
+</toolchains>
+M2TEMPLATE
+RUN if [ "$CONTAINER_BUILD"="yes" ]; \
+    then \
+        apk add --no-cache git unzip && \
+        cd /usr/local/src && \
+        mvn -B -e -Prelease package && \
+        cp ./target/*.zip /tmp ; \
+    else \
+        echo Building on host outside container to copy later; \
+    fi
+
+# Conditional source to prevent failed check for pre-built zip when CONTAINER_BUILD=no
+# https://stackoverflow.com/a/46801962
+COPY pom.xml ./target/*.zi[p] /tmp
 WORKDIR /tmp
 RUN unzip *.zip -d /opt/oscal-cli-extended
 
-
 FROM ${RUNNER_IMAGE} as runner
 COPY --from=builder /opt/oscal-cli-extended /opt/oscal-cli-extended
 WORKDIR /opt/oscal-cli-extended
+RUN /opt/oscal-cli-extended/bin/oscal-cli --version
 ENTRYPOINT [ "/opt/oscal-cli-extended/bin/oscal-cli" ]