Merge pull request #4 from dksifoua/feature/3-add-task-runner-to-java…

…-image Add Task Runner to Java
dksifoua · Oct 10, 2024 · 575e5a5 · 575e5a5
2 parents 22b7d7d + 47188e6
commit 575e5a5
Show file tree

Hide file tree

Showing 4 changed files with 89 additions and 71 deletions.
diff --git a/.github/workflows/java.yaml b/.github/workflows/java.yaml
@@ -3,47 +3,57 @@ name: java
 on:
   push:
     branches:
-      - main
       - develop
-      - feature/**
   pull_request:
     branches:
-      - main
       - develop
-      - feature/**
 
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - name: Setup Task
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
+
+      - name: Set up Task
         uses: arduino/setup-task@v2
         with:
           version: 3.x
           repo-token: ${{ secrets.GH_TOKEN }}
-      - name: Setup Dockle
+
+      - name: Set up Dockle
         run: |
           VERSION=$(
            curl --silent "https://api.github.com/repos/goodwithtech/dockle/releases/latest" | \
            grep '"tag_name":' | \
            sed -E 's/.*"v([^"]+)".*/\1/' \
           ) && curl -L -o dockle.deb https://github.com/goodwithtech/dockle/releases/download/v${VERSION}/dockle_${VERSION}_Linux-64bit.deb
           sudo dpkg -i dockle.deb && rm dockle.deb
-      - name: Setup Trivy
+
+      - name: Set up Trivy
         run: |
           sudo apt-get install wget apt-transport-https gnupg
           wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
           echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
           sudo apt-get update
           sudo apt-get install trivy
-      - name: Build Java Image
-        run: task java:build
+
+      - name: Build & Push Java Image
+        run: task java:build -- --push
+
       - name: Verify the built image follows the best practises
         run: task java:verify
+
       - name: Scan the built image for vulnerabilities
-        run: task java:scan
-      - name: Push the built image to docker hub
-        run: |
-          docker login --username ${{ vars.DOCKERHUB_USERNAME }} --password ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
-          task java:push
+        run: task java:scan
diff --git a/java/21.Dockerfile b/java/21.Dockerfile
@@ -0,0 +1,56 @@
+FROM --platform=$BUILDPLATFORM ubuntu:24.10
+LABEL authors="Dimitri Sifoua"
+LABEL description="Java Build Agent with GraalVM Support"
+LABEL maintainer="Dimitri Sifoua <[email protected]>"
+
+ARG TARGETPLATFORM
+
+ENV UID=10001
+ENV GID=10001
+ENV USERNAME=dksifoua
+ENV HOME=/home/$USERNAME
+
+ENV GRAALVM_HOME=/opt/graalvm-jdk-21
+ENV JAVA_HOME=$GRAALVM_HOME
+ENV PATH=$GRAALVM_HOME/bin:$PATH
+
+RUN groupadd -g $GID $USERNAME \
+    && useradd -m -g $GID -u $UID -s /bin/bash $USERNAME \
+    && apt-get update \
+    && apt-get install -y curl \
+    && rm -rf /var/lib/apt/lists \
+    && chmod u-s /usr/bin/chfn /usr/bin/gpasswd /usr/bin/su /usr/bin/passwd /usr/bin/chsh /usr/bin/newgrp /usr/bin/mount /usr/bin/umount \
+    && chmod g-s /usr/bin/chage /usr/sbin/pam_extrausers_chkpwd /usr/sbin/unix_chkpwd /usr/bin/expiry \
+    && curl --location https://taskfile.dev/install.sh | bash -s -- -d
+
+RUN case $TARGETPLATFORM in \
+    "linux/amd64") \
+      GRAALVM_FILE="graalvm-jdk-21_linux-x64_bin.tar.gz"; \
+      GRAALVM_URL="https://download.oracle.com/graalvm/21/latest/$GRAALVM_FILE"; \
+      ;; \
+    "linux/arm64") \
+      GRAALVM_FILE="graalvm-jdk-21_linux-aarch64_bin.tar.gz"; \
+      GRAALVM_URL="https://download.oracle.com/graalvm/21/latest/$GRAALVM_FILE"; \
+      ;; \
+    *) \
+      echo "Unsupported platform: $BUILDPLATFORM"; exit 1; \
+      ;; \
+  esac \
+  && mkdir -p $GRAALVM_HOME \
+  && curl -L $GRAALVM_URL -o $GRAALVM_HOME/$GRAALVM_FILE \
+  && tar -xvzf $GRAALVM_HOME/$GRAALVM_FILE --strip-components=1 -C $GRAALVM_HOME \
+  && rm $GRAALVM_HOME/$GRAALVM_FILE
+
+USER $UID:$GID
+
+HEALTHCHECK \
+  --interval=30s \
+  --timeout=10s \
+  --start-period=5s \
+  --retries=3 \
+  CMD curl --fail http://localhost/ || exit 1
+# CMD java --version && task --version || exit 1
+
+WORKDIR $HOME
+
+CMD ["/bin/bash"]
diff --git a/java/Dockerfile b/java/Dockerfile
diff --git a/java/Taskfile.yaml b/java/Taskfile.yaml
@@ -1,33 +1,28 @@
 version: 3
 
 env:
-  DOCKER_CONTENT_TRUST: 0
-
-vars:
-  JAVA_VERSION: 21.0.4-graal
+  DOCKER_BUILDKIT: 1
+  DOCKER_DEFAULT_PLATFORM: linux/amd64,linux/arm64
 
 tasks:
   build:
     desc: Build Java image
     cmd: |
-      docker build \
-            --build-arg JAVA_VERSION={{ .JAVA_VERSION }} \
-            --tag java:{{ .JAVA_VERSION }}-alpine \
-            --file java/Dockerfile \
-            .
+      docker buildx build \
+        --tag dksifoua/java:21-graalvm \
+        --file java/21.Dockerfile \
+        . {{ .CLI_ARGS }}
     silent: true
 
   push:
     desc: Push java image to docker hub
-    cmds:
-      - docker tag java:{{ .JAVA_VERSION }}-alpine dksifoua/java:{{ .JAVA_VERSION }}-alpine
-      - docker push dksifoua/java:{{ .JAVA_VERSION }}-alpine
+    cmd: docker push dksifoua/java:21-graalvm
 
   scan:
     desc: Scan built image for vulnerabilities
-    cmd: trivy image java:{{ .JAVA_VERSION }}-alpine
+    cmd: trivy image dksifoua/java:21-graalvm
 
   verify:
     desc: Check docker image best practices has been followed
-    cmd: dockle --exit-code 1 --exit-level info java:{{ .JAVA_VERSION }}-alpine
+    cmd: dockle --exit-code 1 --exit-level info dksifoua/java:21-graalvm
     silent: true