diff --git a/.github/scripts/check-if-running-as-user-10001.sh b/.github/scripts/check-if-running-as-user-10001.sh new file mode 100755 index 00000000..4b52b855 --- /dev/null +++ b/.github/scripts/check-if-running-as-user-10001.sh @@ -0,0 +1,10 @@ +#!/bin/bash -e + +if docker exec -u0 dataportal-backend pgrep -u 10001 java > /dev/null +then + echo "Java process is running as user 10001" + exit 0 +else + echo "Java process is not running as user 10001" + exit 1 +fi diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 63735242..e59a55a0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,6 +17,26 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Docker Meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha + labels: | + maintainer=medizininformatik-initiative + org.opencontainers.image.authors=medizininformatik-initiative + org.opencontainers.image.source=https://github.com/medizininformatik-initiative/feasibility-backend + org.opencontainers.image.vendor=medizininformatik-initiative + org.opencontainers.image.title=feasibility backend + org.opencontainers.image.description=Provides backend functions for feasibility UI including query execution + - name: Set up JDK 17 uses: actions/setup-java@v4 with: @@ -150,8 +170,8 @@ jobs: - name: Wait for Dataportal Backend run: .github/scripts/wait-for-url.sh http://localhost:8091/actuator/health - - name: Check if Dataportal Backend is correctly running with the dataportal user - run: .github/scripts/check-if-running-as-dataportal-user.sh + - name: Check if Feasibility Backend is correctly running with the user with id 10001 + run: .github/scripts/check-if-running-as-user-10001.sh - name: Wait for Blaze run: .github/scripts/wait-for-url.sh http://localhost:8082/health diff --git a/Dockerfile b/Dockerfile index c6871383..5bf2b1f2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,18 +1,12 @@ -FROM eclipse-temurin:17-jre +FROM eclipse-temurin:22-jre@sha256:26bd835ee107ae775d85f1ff8c55abc799f514fb4201e65981857041d18826c1 -RUN apt update -yqq && apt upgrade -yqq && \ +RUN apt-get update -yqq && apt-get upgrade -yqq && \ apt-get autoremove -y && apt-get clean && rm -rf /var/lib/apt/lists/ WORKDIR /opt/dataportal-backend COPY ./target/*.jar ./dataportal-backend.jar COPY ontology ontology -RUN groupadd --system dataportal && useradd --system dataportal -g dataportal -RUN mkdir logging -RUN chown -R dataportal:dataportal /opt/dataportal-backend - -USER dataportal:dataportal - ARG VERSION=6.0.0 ENV APP_VERSION=${VERSION} ENV DATABASE_HOST="dataportal-network" @@ -23,22 +17,13 @@ ENV CERTIFICATE_PATH=/opt/dataportal-backend/certs ENV TRUSTSTORE_PATH=/opt/dataportal-backend/truststore ENV TRUSTSTORE_FILE=self-signed-truststore.jks -RUN mkdir -p $CERTIFICATE_PATH $TRUSTSTORE_PATH -RUN chown dataportal:dataportal $CERTIFICATE_PATH $TRUSTSTORE_PATH +RUN mkdir logging && \ + mkdir -p $CERTIFICATE_PATH $TRUSTSTORE_PATH && \ + chown -R 10001:10001 /opt/dataportal-backend && \ + chown 10001:10001 $CERTIFICATE_PATH $TRUSTSTORE_PATH +USER 10001 HEALTHCHECK --interval=5s --start-period=10s CMD curl -s -f http://localhost:8090/actuator/health || exit 1 COPY ./docker-entrypoint.sh / -ENTRYPOINT ["/bin/bash", "/docker-entrypoint.sh"] - -ARG GIT_REF="" -ARG BUILD_TIME="" -LABEL maintainer="medizininformatik-initiative" \ - org.opencontainers.image.created=${BUILD_TIME} \ - org.opencontainers.image.authors="medizininformatik-initiative" \ - org.opencontainers.image.source="https://github.com/medizininformatik-initiative/feasibility-backend" \ - org.opencontainers.image.version=${VERSION} \ - org.opencontainers.image.revision=${GIT_REF} \ - org.opencontainers.image.vendor="medizininformatik-initiative" \ - org.opencontainers.image.title="dataportal backend" \ - org.opencontainers.image.description="Provides backend functions for the dataportal" +ENTRYPOINT ["/bin/bash", "/docker-entrypoint.sh"] \ No newline at end of file