java-spring-boot-starter/Dockerfile at master · bekaku/java-spring-boot-starter · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# --- Stage 1: Build Stage ---
FROM eclipse-temurin:25-jdk-alpine AS builder
WORKDIR /build

COPY gradlew .
COPY gradle gradle
COPY build.gradle settings.gradle ./
RUN chmod +x gradlew && ./gradlew build -x test --stacktrace || return 0

COPY src src
RUN ./gradlew bootJar -x test

# --- Stage 2: Run Stage ---
FROM eclipse-temurin:25-jdk-alpine

# 1. Setup User & Group (ทำก่อนเพื่อความปลอดภัย)
#RUN addgroup -g 1001 springgroup && \
#    adduser -D -u 1001 -G springgroup springuser


# Make sure heapdump path exists and is writable
# RUN mkdir -p /usr/spring-data/logs && chown -R springuser:springgroup /usr/spring-data

ENV TZ=Asia/Bangkok \
    JAVA_OPTS="-Xms1G -Xmx1G -Xss256k -XX:MaxMetaspaceSize=256m -XX:+UseG1GC -XX:+UseContainerSupport -XX:MaxRAMPercentage=75.0 -XX:InitialRAMPercentage=75.0 -XX:MaxGCPauseMillis=100 -XX:+ParallelRefProcEnabled -XX:+UseCompressedOops -XX:+UseCompressedClassPointers -XX:+AlwaysPreTouch -XX:+TieredCompilation -XX:+UseStringDeduplication -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp/heapdump.hprof"

RUN apk --no-cache add curl tzdata && \
    cp /usr/share/zoneinfo/Asia/Bangkok /etc/localtime && \
    echo "Asia/Bangkok" > /etc/timezone

WORKDIR /app


# 2. Copy ไฟล์ JAR และเปลี่ยนเจ้าของเป็น springuser ทันที
COPY --from=builder /build/build/libs/*.jar app.jar
#COPY --from=builder --chown=springuser:springgroup /build/build/libs/*.jar app.jar

# 3. สลับไปใช้ non-root user
#USER springuser

EXPOSE 8080

HEALTHCHECK --interval=30s --timeout=3s --retries=3 \
  CMD curl -f http://localhost:8080/actuator/health || exit 1

ENTRYPOINT ["sh", "-c", "java $JAVA_OPTS -Dspring.config.additional-location=/usr/spring-data/env/ -Dspring.profiles.active=prod -jar app.jar"]