-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile.07.graalVM
More file actions
48 lines (39 loc) · 2.15 KB
/
Dockerfile.07.graalVM
File metadata and controls
48 lines (39 loc) · 2.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# ------------------------------------------------------------
# Stage: build
# Purpose: build a static native binary using GraalVM native-image
# Base image: ghcr.io/graalvm/native-image-community:25-muslib
# Maven profile: -Pgraalvm
# Artifact: target/app (native binary)
# Notes: install zlib-static and use musl toolchain; verify binary is truly static before final image
# ------------------------------------------------------------
FROM ghcr.io/graalvm/native-image-community:25-muslib AS builder
# Installation de zlib-static (indispensable pour le flag --static)
RUN microdnf install -y gcc make binutils zlib-static && microdnf clean all
WORKDIR /app
# IMPORTANT : On force l'utilisation du compilateur musl pour les tests de fonctionnalités
ENV CC=/usr/local/musl/bin/gcc
COPY .mvn/ .mvn/
COPY mvnw pom.xml ./
RUN chmod +x mvnw
# On télécharge les dépendances
RUN --mount=type=cache,target=/root/.m2 ./mvnw dependency:go-offline -Pgraalvm
COPY src ./src
# On lance la compilation via Maven
# Le flag --libc=musl dans le POM fera le reste
RUN --mount=type=cache,target=/root/.m2 ./mvnw package -Pnative -DskipTests
# Place any produced native binary in a stable location (/app/app) so final stage can copy it
RUN mkdir -p /app \
&& candidate=$(find target -type f \( -name app -o -name "*app" -o -name "*native*" -o -name "*-runner" -o -name "*.exe" -o -name "*.bin" -o -name "*.so" \) 2>/dev/null | head -n 1 || true) \
&& if [ -n "$candidate" ]; then cp "$candidate" /app/app; chmod +x /app/app || true; else echo "No native artifact found under target/" >&2; fi
# ------------------------------------------------------------
# Stage: runtime
# Purpose: minimal final image for the static native binary
# Base image: gcr.io/distroless/static-debian12
# Copies: /app/app (native binary) from build stage
# Notes: distroless static image contains no shell; ensure user exists or set numeric UID and that binary is static
# ------------------------------------------------------------
FROM gcr.io/distroless/static-debian12
COPY --from=builder /app/app /app/app
# Use numeric UID/GID to avoid relying on username existing in distroless
USER 65532:65532
ENTRYPOINT ["/app/app"]