Index: .dockerignore =================================================================== diff -u -r13bc9f256f14155b335dfb9215a8c8c4af936b37 -rde186fec561a38e0e6cd419ec7ff73ee54212920 --- .dockerignore (.../.dockerignore) (revision 13bc9f256f14155b335dfb9215a8c8c4af936b37) +++ .dockerignore (.../.dockerignore) (revision de186fec561a38e0e6cd419ec7ff73ee54212920) @@ -7,4 +7,3 @@ .gitignore README.md .vscode -pom.xml Index: Dockerfile =================================================================== diff -u -r199e0c7f8bc319abc97ac01e61da2bad9ae476a8 -rde186fec561a38e0e6cd419ec7ff73ee54212920 --- Dockerfile (.../Dockerfile) (revision 199e0c7f8bc319abc97ac01e61da2bad9ae476a8) +++ Dockerfile (.../Dockerfile) (revision de186fec561a38e0e6cd419ec7ff73ee54212920) @@ -1,56 +1,76 @@ -#NOTES: This dockerfile will build an image capable of building the backend without using OracleJDK8 and all of Oracle's license nonsense. -# Using the OpenJDK8 base image, this will install Maven, Node, and NPM locally. Tag the image with pulsebuildenv:0.0.x and increment the version. +# NOTES: This dockerfile will build an image capable of building the backend without using OracleJDK8 and all of Oracle's license nonsense. +# Using the OpenJDK8 base image, this will install Maven, Node, and NPM locally. +# Tag the image with pulsebuilder:x.0.x and increment the version accordingly. +# # After image creation, create a container with the following command line parameters to mount local storage with the PulseUI repo already cloned and away you go. # Adjust the params to Maven for your profile, etc... # -# docker run -it --name pulse_builder -v "$(pwd)":/usr/app/PulseUI -w /usr/app/PulseUI mvn clean package -X -P QA,US-QA -Dmaven.test.skip +# Important note about identity: +# On the Pulse Dev, QA, and Prod RHEL VMs, the UID and GID for the jboss user are both 185. This UID and GID are set up in this image so a mapping exists between the host's security +# context (jboss user) and this docker image (pulsebuilder user), allowing the image to output files to the host's filesystem in the context of the jboss user, NOT root, as output artifacts with root file security +# is useless to us. # +# Important errata: was unable to use WORKDIR $HOMEDIR command and USER pulsebuilder command because of inconsistancies with pulsebuilder context vs root context during docker build # +# docker run -d --name pulse_builder --user -v "$(pwd)":/home/pulsebuilder/PulseUI mvn clean package -X -P QA,US-QA -Dmaven.test.skip +# + FROM openjdk:8-jdk +#pass in the uid from the host for the jboss user when doing a docker build +ENV HOST_UID=500271 +RUN useradd -ms /bin/bash -u ${HOST_UID} pulsebuilder + ENV NODE_VERSION 11.9.0 ENV NPM_VERSION 6.9.0 - ARG MAVEN_VERSION=3.6.1 -ARG USER_HOME_DIR="/root" ARG SHA=b4880fb7a3d81edd190a029440cdf17f308621af68475a4fe976296e71ff4a4b546dd6d8a58aaafba334d309cc11e638c52808a4b0e818fc0fd544226d952544 ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries +#Get and install maven RUN mkdir -p /usr/share/maven /usr/share/maven/ref \ && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \ && echo "${SHA} /tmp/apache-maven.tar.gz" | sha512sum -c - \ && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 \ && rm -f /tmp/apache-maven.tar.gz \ && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn -ENV MAVEN_HOME /usr/share/maven -ENV MAVEN_CONFIG "$USER_HOME_DIR/.m2" - +#Install other bs RUN apt-get update && apt-get install -y wget git curl gpg openssh-server #the following RUN line is simply a hack to get around GPCs terrible network security implementation. At some point when their firewall is adjusted, the git:// protocol can be used again instead of https -RUN git config --global url.https://github.com/.insteadOf git://github.com/ +RUN git config --global url.https://github.com/.insteadOf git://github.com/ && git config --global http.sslVerify false #Add Node's public RSA key: -RUN mkdir ~/.gnupg && echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf +RUN mkdir /root/.gnupg && echo "disable-ipv6" >> /root/.gnupg/dirmngr.conf RUN gpg --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 RUN gpg --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 -ENV MAVEN_ROOT /var/lib/maven -ENV MAVEN_HOME $MAVEN_ROOT/apache-maven-$MAVEN_VERSION -ENV MAVEN_OPTS -Xms256m -Xmx512m - -RUN wget --no-verbose -O /tmp/apache-maven-$MAVEN_VERSION.tar.gz \ - http://archive.apache.org/dist/maven/maven-3/$MAVEN_VERSION/binaries/apache-maven-$MAVEN_VERSION-bin.tar.gz && \ - mkdir -p $MAVEN_ROOT && \ - tar xzf /tmp/apache-maven-$MAVEN_VERSION.tar.gz -C $MAVEN_ROOT && \ - ln -s $MAVEN_HOME/bin/mvn /usr/local/bin && \ - rm -f /tmp/apache-maven-$MAVEN_VERSION.tar.gz - +#Get and install node RUN curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64.tar.gz" \ && curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --verify SHASUMS256.txt.asc \ && grep " node-v$NODE_VERSION-linux-x64.tar.gz\$" SHASUMS256.txt.asc | sha256sum -c - \ && tar -xzf "node-v$NODE_VERSION-linux-x64.tar.gz" -C /usr/local --strip-components=1 \ && rm "node-v$NODE_VERSION-linux-x64.tar.gz" SHASUMS256.txt.asc \ - && npm install -g npm@"$NPM_VERSION" \ No newline at end of file + && npm install -g npm@"$NPM_VERSION" + +#the following RUN line is simply a hack to get around GPCs terrible network security implementation. At some point when they use something other than a self-signed cert for outbound traffic, this line can be removed and image rebuilt +RUN npm config set strict-ssl false + +#do all the real work... note if you rebuild this image, be sure you use the latest pom.xml and package.json from source control. +#ideally, for a refresh, simply attach a shell to the container, COPY new pom.xml and package.json, run RUN mvn -X dependency:go-offline and RUN npm install -f --no-optional -dd to refresh each respective cache, exit, then DOCKER COMMIT to update the image from the running container :-) +WORKDIR /home/pulsebuilder/ +COPY pom.xml . +COPY package.json . +RUN mkdir .m2 && mkdir ./.m2/repository +RUN echo "/home/pulsebuilder/.m2/repository" >> ./.m2/settings.xml +RUN mkdir /root/.m2 && cp ./.m2/settings.xml /root/.m2/ + +#copy npm and git config to pulsebuilder user for container execution in that security context +RUN cp /root/.npmrc . && cp /root/.gitconfig . +RUN mvn -X dependency:go-offline +RUN npm install -f --no-optional -dd + +#set all fs access to pulsebuilder user for container execution in that security context +RUN chown -R pulsebuilder:pulsebuilder . \ No newline at end of file Index: pom.xml =================================================================== diff -u -r199e0c7f8bc319abc97ac01e61da2bad9ae476a8 -rde186fec561a38e0e6cd419ec7ff73ee54212920 --- pom.xml (.../pom.xml) (revision 199e0c7f8bc319abc97ac01e61da2bad9ae476a8) +++ pom.xml (.../pom.xml) (revision de186fec561a38e0e6cd419ec7ff73ee54212920) @@ -603,23 +603,28 @@ org.codehaus.mojo exec-maven-plugin 1.6.0 + + ${maven.exec.skip} + - - npm-pkgs-install + + + npm-pulse-setup generate-sources exec - ${project.basedir}/src/main/webapp/app - npm + ${project.basedir} + ln - install - -f - -dd + -s +                 ../node_modules + ../PulseUI/src/main/webapp/app/node_modules + npm-pulse-build generate-sources @@ -631,7 +636,7 @@ npm run - build-all +                 build-all @@ -925,5 +930,8 @@ 5000000 /home/Pulse/PulseUI v.${project.version}-${build.date}_${spring.profiles.value} + + + true