Skip to content

Commit a485235

Browse files
sarahchen6sarahchen6
committed
Re-order installation
1 parent da5e893 commit a485235

File tree

1 file changed

+66
-65
lines changed

1 file changed

+66
-65
lines changed

Dockerfile

Lines changed: 66 additions & 65 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,35 @@
33
# Intermediate image used to prune cruft from JDKs and squash them all.
44
FROM ubuntu:latest AS all-jdk
55

6+
RUN <<-EOT
7+
set -eux
8+
apt-get update
9+
apt-get install -y sudo
10+
groupadd --gid 1001 non-root-group
11+
useradd --uid 1001 --gid non-root-group -m non-root-user
12+
echo "non-root-user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/non-root-user
13+
chmod 0440 /etc/sudoers.d/non-root-user
14+
mkdir -p /home/non-root-user/.config
15+
chown -R non-root-user:non-root-group /home/non-root-user/.config
16+
sudo apt-get clean
17+
sudo rm -rf /var/lib/apt/lists/*
18+
EOT
19+
20+
USER non-root-user
21+
WORKDIR /home/non-root-user
22+
23+
RUN <<-EOT
24+
set -eux
25+
sudo apt-get update
26+
sudo apt-get install -y curl tar apt-transport-https ca-certificates gnupg locales jq git gh
27+
sudo locale-gen en_US.UTF-8
28+
sudo git config --system --add safe.directory "*"
29+
sudo apt-get clean
30+
sudo rm -rf /var/lib/apt/lists/*
31+
EOT
32+
33+
ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
34+
635
COPY --from=eclipse-temurin:8-jdk-jammy /opt/java/openjdk /usr/lib/jvm/8
736
COPY --from=eclipse-temurin:11-jdk-jammy /opt/java/openjdk /usr/lib/jvm/11
837
COPY --from=eclipse-temurin:17-jdk-jammy /opt/java/openjdk /usr/lib/jvm/17
@@ -21,58 +50,38 @@ COPY --from=ibm-semeru-runtimes:open-17-jdk-jammy /opt/java/openjdk /usr/lib/jvm
2150
COPY --from=ghcr.io/graalvm/native-image-community:17-ol9 /usr/lib64/graalvm/graalvm-community-java17 /usr/lib/jvm/graalvm17
2251
COPY --from=ghcr.io/graalvm/native-image-community:21-ol9 /usr/lib64/graalvm/graalvm-community-java21 /usr/lib/jvm/graalvm21
2352

24-
RUN <<-EOT
25-
set -eux
26-
apt-get update
27-
apt-get install -y curl tar apt-transport-https ca-certificates gnupg locales jq git gh
28-
locale-gen en_US.UTF-8
29-
groupadd --gid 1001 non-root-group
30-
useradd --uid 1001 --gid non-root-group -m non-root-user
31-
mkdir -p /home/non-root-user/.config
32-
git config --system --add safe.directory '*'
33-
chown -R non-root-user:non-root-group /home/non-root-user/.config
34-
apt-get clean
35-
rm -rf /var/lib/apt/lists/*
36-
EOT
37-
38-
ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
39-
4053
# See: https://gist.github.com/wavezhang/ba8425f24a968ec9b2a8619d7c2d86a6
4154
RUN <<-EOT
4255
set -eux
43-
mkdir -p /usr/lib/jvm/oracle8
44-
curl -L --fail "https://javadl.oracle.com/webapps/download/AutoDL?BundleId=252034_8a1589aa0fe24566b4337beee47c2d29" | tar -xvzf - -C /usr/lib/jvm/oracle8 --strip-components 1
56+
sudo mkdir -p /usr/lib/jvm/oracle8
57+
sudo curl -L --fail "https://javadl.oracle.com/webapps/download/AutoDL?BundleId=252034_8a1589aa0fe24566b4337beee47c2d29" | sudo tar -xvzf - -C /usr/lib/jvm/oracle8 --strip-components 1
4558
EOT
4659

4760
# Install Ubuntu's OpenJDK 17 and fix broken symlinks:
4861
# some files in /usr/lib/jvm/ubuntu17 are symlinks to /etc/java-17-openjdk/, so we just copy all symlinks targets.
4962
RUN <<-EOT
5063
set -eux
51-
apt-get update
52-
apt-get install -y openjdk-17-jdk
53-
mv /usr/lib/jvm/java-17-openjdk-amd64 /usr/lib/jvm/ubuntu17
54-
mkdir -p /usr/lib/jvm/ubuntu17/conf/ /usr/lib/jvm/ubuntu17/lib/
55-
cp -rf --remove-destination /etc/java-17-openjdk/* /usr/lib/jvm/ubuntu17/conf/
56-
cp -rf --remove-destination /etc/java-17-openjdk/* /usr/lib/jvm/ubuntu17/lib/
57-
cp -f --remove-destination /etc/java-17-openjdk/jvm-amd64.cfg /usr/lib/jvm/ubuntu17/lib/
58-
apt-get clean
59-
rm -rf /var/lib/apt/lists/*
64+
sudo apt-get update
65+
sudo apt-get install -y openjdk-17-jdk
66+
sudo mv /usr/lib/jvm/java-17-openjdk-amd64 /usr/lib/jvm/ubuntu17
67+
sudo mkdir -p /usr/lib/jvm/ubuntu17/conf/ /usr/lib/jvm/ubuntu17/lib/
68+
sudo cp -rf --remove-destination /etc/java-17-openjdk/* /usr/lib/jvm/ubuntu17/conf/
69+
sudo cp -rf --remove-destination /etc/java-17-openjdk/* /usr/lib/jvm/ubuntu17/lib/
70+
sudo cp -f --remove-destination /etc/java-17-openjdk/jvm-amd64.cfg /usr/lib/jvm/ubuntu17/lib/
71+
sudo apt-get clean
72+
sudo rm -rf /var/lib/apt/lists/*
6073
EOT
6174

6275
# Remove cruft from JDKs that is not used in the build process.
6376
RUN <<-EOT
64-
rm -rf \
77+
sudo rm -rf \
6578
/usr/lib/jvm/*/man \
6679
/usr/lib/jvm/*/lib/src.zip \
6780
/usr/lib/jvm/*/demo \
6881
/usr/lib/jvm/*/sample \
6982
/usr/lib/jvm/graalvm*/lib/installer
7083
EOT
7184

72-
# Switch to non-root user during runtime for security
73-
USER non-root-user
74-
WORKDIR /home/non-root-user
75-
7685
FROM scratch AS default-jdk
7786

7887
COPY --from=all-jdk /usr/lib/jvm/8 /usr/lib/jvm/8
@@ -90,35 +99,33 @@ LABEL org.opencontainers.image.source=https://github.com/DataDog/dd-trace-java-d
9099
RUN <<-EOT
91100
set -eux
92101
apt-get update
93-
apt-get install -y curl tar apt-transport-https ca-certificates gnupg \
94-
socat less debian-goodies autossh ca-certificates-java python3-pip locales jq git gh
95-
locale-gen en_US.UTF-8
102+
apt-get install -y sudo
96103
groupadd --gid 1001 non-root-group
97104
useradd --uid 1001 --gid non-root-group -m non-root-user
105+
echo "non-root-user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/non-root-user
106+
chmod 0440 /etc/sudoers.d/non-root-user
98107
mkdir -p /home/non-root-user/.config
99-
git config --system --add safe.directory '*'
100108
chown -R non-root-user:non-root-group /home/non-root-user/.config
101-
apt-get clean
102-
rm -rf /var/lib/apt/lists/*
103-
mkdir -p /usr/local/lib/docker/cli-plugins /usr/local/bin
109+
sudo apt-get clean
110+
sudo rm -rf /var/lib/apt/lists/*
104111
EOT
105112

106-
ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
113+
USER non-root-user
114+
WORKDIR /home/non-root-user
107115

108-
# Install Docker Compose plugin and yq YAML processor
109116
RUN <<-EOT
110-
set -eu
111-
dockerPluginDir=/usr/local/lib/docker/cli-plugins
112-
curl -sSL "https://github.com/docker/compose/releases/latest/download/docker-compose-linux-$(uname -m)" -o $dockerPluginDir/docker-compose
113-
chmod +x $dockerPluginDir/docker-compose
114-
update-alternatives --remove docker-compose /usr/local/bin/compose-switch
115-
rm -f /usr/local/bin/compose-switch
116-
curl -sSL "https://github.com/mikefarah/yq/releases/latest/download/yq_linux_$(dpkg --print-architecture).tar.gz" | tar -xz -C /usr/local/bin --wildcards --no-anchored 'yq_linux_*'
117-
YQ_PATH=$(find /usr/local/bin -name 'yq_linux_*')
118-
mv "$YQ_PATH" /usr/local/bin/yq
119-
chown root:root /usr/local/bin/yq
117+
set -eux
118+
sudo apt-get update
119+
sudo apt-get install -y curl tar apt-transport-https ca-certificates gnupg socat less debian-goodies autossh ca-certificates-java python3-pip locales jq git gh
120+
sudo locale-gen en_US.UTF-8
121+
sudo git config --system --add safe.directory "*"
122+
sudo mkdir -p /usr/local/lib/docker/cli-plugins /usr/local/bin
123+
sudo apt-get clean
124+
sudo rm -rf /var/lib/apt/lists/*
120125
EOT
121126

127+
ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
128+
122129
COPY --from=default-jdk /usr/lib/jvm /usr/lib/jvm
123130

124131
COPY autoforward.py /usr/local/bin/autoforward
@@ -129,20 +136,16 @@ COPY autoforward.py /usr/local/bin/autoforward
129136
# - datadog-ci: Datadog CI tool
130137
RUN <<-EOT
131138
set -eux
132-
apt-get update
133-
pip3 install --break-system-packages awscli requests requests-unixsocket2
134-
pip3 cache purge
135-
chmod +x /usr/local/bin/autoforward
136-
curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
137-
chmod +x /usr/local/bin/datadog-ci
138-
apt-get clean
139-
rm -rf /var/lib/apt/lists/*
139+
sudo apt-get update
140+
sudo pip3 install --break-system-packages awscli requests requests-unixsocket2
141+
sudo pip3 cache purge
142+
sudo chmod +x /usr/local/bin/autoforward
143+
sudo curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
144+
sudo chmod +x /usr/local/bin/datadog-ci
145+
sudo apt-get clean
146+
sudo rm -rf /var/lib/apt/lists/*
140147
EOT
141148

142-
# Switch to non-root user during runtime for security
143-
USER non-root-user
144-
WORKDIR /home/non-root-user
145-
146149
# IBM specific env variables
147150
ENV IBM_JAVA_OPTIONS="-XX:+UseContainerSupport"
148151

@@ -167,7 +170,6 @@ COPY --from=all-jdk /usr/lib/jvm/${VARIANT_LOWER} /usr/lib/jvm/${VARIANT_LOWER}
167170
ENV JAVA_${VARIANT_UPPER}_HOME=/usr/lib/jvm/${VARIANT_LOWER}
168171
ENV JAVA_${VARIANT_LOWER}_HOME=/usr/lib/jvm/${VARIANT_LOWER}
169172

170-
# Switch to non-root user during runtime for security
171173
USER non-root-user
172174
WORKDIR /home/non-root-user
173175

@@ -186,7 +188,6 @@ COPY --from=all-jdk /usr/lib/jvm/ubuntu17 /usr/lib/jvm/ubuntu17
186188
COPY --from=all-jdk /usr/lib/jvm/graalvm17 /usr/lib/jvm/graalvm17
187189
COPY --from=all-jdk /usr/lib/jvm/graalvm21 /usr/lib/jvm/graalvm21
188190

189-
# Switch to non-root user during runtime for security
190191
USER non-root-user
191192
WORKDIR /home/non-root-user
192193

0 commit comments

Comments
 (0)