ARTEMIS-3042 Add docker multistage build

SamTV12345 · SamTV12345 · commit 0dff428193ab · 2022-12-07T06:44:33.000+01:00
This adds the possibility to create an artemis image with just the docker build command.
First the image is downloaded in an Eclipse Temurin installation and later transferred to an alpine image.
Thus, it ensures that only the relevant data is stored in alpine leading to a smaller attack surface.
diff --git a/artemis-docker/Dockerfile-alpine b/artemis-docker/Dockerfile-alpine
@@ -0,0 +1,91 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# ActiveMQ Artemis
+
+ARG CURRENT_VERSION=2.17.0
+
+FROM eclipse-temurin:11-jdk as builder
+ARG CURRENT_VERSION
+
+ENV VERSION=$CURRENT_VERSION
+
+RUN apt update -y && apt upgrade -y && apt install tree curl -y
+
+ADD ./prepare-docker.sh /bin/prepareDocker
+WORKDIR /root/artemis-build
+COPY ./Dockerfile-alpine .
+COPY ./docker-run.sh .
+RUN prepareDocker --from-release --artemis-version ${VERSION}
+
+
+FROM alpine:latest
+
+ARG CURRENT_VERSION
+
+ENV VERSION=$CURRENT_VERSION
+
+RUN apk --no-cache add openjdk17-jre-headless bash libaio\
+        --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community
+
+
+LABEL maintainer="Apache ActiveMQ Team"
+# Make sure pipes are considered to determine success, see: https://github.com/hadolint/hadolint/wiki/DL4006
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+WORKDIR /opt
+
+ENV ARTEMIS_USER artemis
+ENV ARTEMIS_PASSWORD artemis
+ENV ANONYMOUS_LOGIN false
+ENV EXTRA_ARGS --http-host 0.0.0.0 --relax-jolokia
+
+# add user and group for artemis
+RUN addgroup  -g 1001 artemis && adduser -u 1002 --ingroup artemis --disabled-password  artemis
+
+USER artemis
+
+COPY --from=builder /root/artemis-build/_TMP_/artemis/${VERSION}/ /opt/activemq-artemis
+
+# Web Server
+EXPOSE 8161 \
+# JMX Exporter
+    9404 \
+# Port for CORE,MQTT,AMQP,HORNETQ,STOMP,OPENWIRE
+    61616 \
+# Port for HORNETQ,STOMP
+    5445 \
+# Port for AMQP
+    5672 \
+# Port for MQTT
+    1883 \
+#Port for STOMP
+    61613
+
+USER root
+
+RUN mkdir /var/lib/artemis-instance && chown -R artemis.artemis /var/lib/artemis-instance
+
+COPY --from=builder /root/artemis-build/_TMP_/artemis/${VERSION}/docker/docker-run.sh /
+
+USER artemis
+
+# Expose some outstanding folders
+VOLUME ["/var/lib/artemis-instance"]
+WORKDIR /var/lib/artemis-instance
+
+ENTRYPOINT ["/docker-run.sh"]
+CMD ["run"]
diff --git a/artemis-docker/docker-run.sh b/artemis-docker/docker-run.sh
@@ -44,6 +44,4 @@ else
     echo "broker already created, ignoring creation"
 fi
 
-exec ./bin/artemis "$@"
-
-
+exec ./bin/artemis "$@"
diff --git a/artemis-docker/prepare-docker.sh b/artemis-docker/prepare-docker.sh
@@ -187,4 +187,4 @@ cp ./docker-run.sh "$ARTEMIS_DIST_DIR/docker"
 echo "Docker file support files at:"
 tree "$ARTEMIS_DIST_DIR/docker"
 
-next_step
+next_step
