openjdk-docker/docker/distroless/Dockerfile.msopenjdk-17-jdk

60 строки
2.1 KiB
Docker

ARG INSTALLER_IMAGE="mcr.microsoft.com/cbl-mariner/base/core"
ARG INSTALLER_TAG="2.0"
ARG BASE_IMAGE="mcr.microsoft.com/cbl-mariner/distroless/base"
ARG BASE_TAG="2.0"
FROM ${INSTALLER_IMAGE}:${INSTALLER_TAG} AS installer
ARG JDK_URL="https://aka.ms/download-jdk/microsoft-jdk-17-linux-ARCH.tar.gz"
# Add dynamically linked packages: zlib
# Distroless base image already has tzdata ca-certificates openssl glibc
# Create a non-root user and group (just like .NET's image)
RUN mkdir /staging \
&& tdnf update -y \
&& tdnf install -y --releasever=2.0 --installroot /staging zlib \
&& tdnf install -y gawk shadow-utils ca-certificates tar \
&& groupadd --system --gid=101 app \
&& adduser --uid 101 --gid 101 --shell /bin/false --system app \
&& install -d -m 0755 -o 101 -g 101 "/staging/home/app" \
&& rootOrAppRegex='^\(root\|app\):' \
&& cat /etc/passwd | grep $rootOrAppRegex > "/staging/etc/passwd" \
&& cat /etc/group | grep $rootOrAppRegex > "/staging/etc/group"
# Get JDK
RUN mkdir -p /usr/lib/jvm && \
if [ $(uname -m) = "x86_64" ]; then \
JDK_URL=${JDK_URL/ARCH/x64}; \
else \
JDK_URL=${JDK_URL/ARCH/aarch64}; \
fi && \
curl --silent -L ${JDK_URL} -o /jdk.tar.gz && \
tar -xzf /jdk.tar.gz -C / && \
rm /jdk.tar.gz && \
mv /jdk-1* /usr/jdk
# Clean up staging
RUN rm -rf /staging/etc/tdnf \
&& rm -rf /staging/run/* \
&& rm -rf /staging/var/cache/tdnf \
&& rm -rf /staging/var/lib/rpm \
&& rm -rf /staging/usr/share/doc \
&& rm -rf /staging/usr/share/man \
&& rm -rf /usr/jdk/man /usr/jdk/lib/src.zip \
&& find /staging/var/log -type f -size +0 -delete
FROM ${BASE_IMAGE}:${BASE_TAG}
LABEL "Author"="Microsoft"
LABEL "Support"="Microsoft OpenJDK Support <openjdk-support@microsoft.com>"
COPY --from=installer /staging/ /
COPY --from=installer /usr/jdk/ /usr/jdk/
COPY --from=installer --chown=101:101 /staging/home/app /home/app
ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
ENV JAVA_HOME=/usr/jdk
ENV PATH="$PATH:$JAVA_HOME/bin"
ENTRYPOINT [ "/usr/jdk/bin/java" ]