refactor for renovate

8e426f47 · sean.melissari · aa2d4bb7 · 8e426f47 · 8e426f47 · 8e426f47
Commit 8e426f47 authored Jun 26, 2020 by sean.melissari
9 changed files
--- a/Dockerfile
+++ b/Dockerfile
-ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082
+ARG BASE_REGISTRY=nexus-docker-secure.levelup-dev.io
-ARG BASE_IMAGE=opensource/openjdk/openjdk8-devel
+ARG BASE_IMAGE=redhat/openjdk/openjdk8-devel
 ARG BASE_TAG=1.8.0
+FROM maven:3.6.3-openjdk-8 as base
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
-USER 0
+LABEL org.opencontainers.image.title="maven" \
+      org.opencontainers.image.description="Apache Maven is a software project management and comprehension tool." \
-ENV MAVEN_USER="maven" \
+      org.opencontainers.image.licenses="Apache-2.0" \
-    MAVEN_UID="1001" \
+      org.opencontainers.image.url="https://maven.apache.org" \
-    MAVEN_GID="0" \
+      org.opencontainers.image.version="3.6.3" \
-    MAVEN_HOME=/usr/share/maven 
+      maintainer="cht@dsop.io"
-ENV HOME=/home/${MAVEN_USER}
-ENV MAVEN_CONFIG "$HOME/.m2"
+ENV HOME=/home/maven \
+    MAVEN_HOME=/usr/share/maven \
-LABEL name="Maven" \
+    MAVEN_CONFIG=/home/maven/.m2
-      maintainer="maintainer@dsop.io" \
-      vendor="Maven" \
+USER root
-      version="3.6.3" \
-      release="1" \
-      summary="Maven image with maven tools" \
-      description="Maven Image on openjdk8" \
-      com.redhat.component="ubi8-container" \
-      io.k8s.display-name="Maven 3.6.3"
-ARG RELEASE=3.6.3
-ARG TARBALL=apache-maven-${RELEASE}-bin.tar.gz
-COPY ${TARBALL} LICENSE scripts/* settings-docker.xml /tmp/
-# Install openjdk & maven
-# Create maven user
-RUN mkdir -p /usr/share/maven /usr/share/maven/ref \
-  && tar -xzf /tmp/${TARBALL} -C /usr/share/maven --strip-components=1 \
-  && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn \
-  && mv /tmp/settings-docker.xml /usr/share/maven/ref \
-  && mkdir -p /licenses/maven && mv /tmp/LICENSE /licenses/maven \
-  && mv /tmp/{mvn-entrypoint.sh,fix-permissions} /usr/local/bin \
-  && chmod a+rx /usr/local/bin/{mvn-entrypoint.sh,fix-permissions} \
-  && fix-permissions /usr/share/maven \
-  && fix-permissions /usr/local/bin/mvn-entrypoint.sh \
-  && rm -fv ./${TARBALL} \
-  && useradd -s /bin/bash -u $MAVEN_UID -g $MAVEN_GID -m $MAVEN_USER
-USER 1001
-WORKDIR $HOME
-RUN fix-permissions $HOME
-ENTRYPOINT ["/usr/local/bin/mvn-entrypoint.sh"]
-CMD ["mvn"]
+RUN groupadd -g 1000 maven && \
+    useradd -r -u 1000 -m -s /sbin/nologin -g maven maven && \
+    chown maven:0 ${HOME} && \
+    chmod g=u ${HOME} && \
+    ln -s /usr/share/maven/bin/mvn /usr/bin/mvn && \
+    dnf upgrade -y && \
+    dnf clean all && \
+    rm -rf /var/cache/dnf
+COPY --from=base /usr/share/maven /usr/share/maven
+COPY scripts/mvn-entrypoint.sh /usr/local/bin/mvn-entrypoint.sh
+WORKDIR ${HOME}
+USER maven
+ENTRYPOINT ["mvn-entrypoint.sh"]
+CMD ["mvn"]
--- a/Jenkinsfile
+++ b/Jenkinsfile
 @Library('DCCSCR@master') _
-dccscrPipeline( version: "3.6.3")
+dccscrPipeline(version: "3.6.3")
--- a/LICENSE
+++ b/LICENSE
- Apache License
+                                 Apache License
                           Version 2.0, January 2004
                        http://www.apache.org/licenses/
@@ -199,4 +200,3 @@
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
--- a/README.md
+++ b/README.md
-# Description
+# maven-openjdk-8
-Maven 3.6.3-openjdk-1.8
-# Supported tags
- 3.6.3
 # Quick reference
 - **Where to get help**: [the Docker Community Forums](https://forums.docker.com/), [the Docker Community Slack](http://dockr.ly/slack), [Stack Overflow](https://stackoverflow.com/search?tab=newest&q=docker), or [Repo1 DCCSCR Issues](https://repo1.dsop.io/dsop/dccscr/issues).
@@ -17,7 +13,7 @@ Maven 3.6.3-openjdk-1.8
 # How to use this image
 You can run a Maven project by using the Maven Container image directly, passing a Maven command to podman/docker run:
-`podman run -it --rm --name my-maven-project -v "$(pwd)":/home/maven/mymaven -w /home/maven/mymaven nexus-docker-secure.levelup-nexus.svc.cluster.local:18082/opensource/maven/maven:3.6.3 mvn clean install`
+`podman run -it --rm --name my-maven-project -v "$(pwd)":/home/maven/mymaven -w /home/maven/mymaven <image> mvn clean install`
 # Running as non-root
-Maven needs the user home to download artifacts to, and if the user does not exist in the image an extra user.home Java property needs to be set.  By default there is a `maven` user created in this image with UID `1001`, which this container runs as.
+Maven needs the user home to download artifacts to, and if the user does not exist in the image an extra user.home Java property needs to be set.  By default there is a `maven` user created in this image with UID `1000`, which this container runs as.
--- a/download.json
+++ b/download.json
-{ "resources":
-	[
-		{ "url" : "https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz",
-			"filename": "apache-maven-3.6.3-bin.tar.gz",
-			"validation": {
-       				 "type": "sha512",
-       				 "value": "c35a1803a6e70a126e80b2b3ae33eed961f83ed74d18fcd16909b2d44d7dada3203f1ffe726c17ef8dcca2dcaa9fca676987befeadc9b9f759967a8cb77181c0"
-      			}
-		}
-] }
--- a/download.yaml
+++ b/download.yaml
+resources:
+  - url: "docker://docker.io/library/maven@sha256:526b51f2bd1c06ed0f976c86f84bd2b934be001bfc795f00861a30b9030c2a78"
+    tag: "maven:3.6.3-openjdk-8"
--- a/renovate.json
+++ b/renovate.json
+{
+  "assignees": ["@sean.melissari"],
+  "baseBranches": ["development"],
+  "regexManagers": [
+    {
+      "fileMatch": ["^Dockerfile$"],
+      "matchStrings": [
+        "version=\"(?<currentValue>.*?)\""
+      ],
+      "depNameTemplate": "maven",
+      "datasourceTemplate": "docker"
+    },
+    {
+      "fileMatch": ["^Jenkinsfile$"],
+      "matchStrings": [
+        "version:\\s+\"(?<currentValue>.*?)\""
+      ],
+      "depNameTemplate": "maven",
+      "datasourceTemplate": "docker"
+    }
+  ]
+}
--- a/scripts/fix-permissions
+++ b/scripts/fix-permissions
-#!/bin/sh
-# Allow this script to fail without failing a build
-set +e
-SYMLINK_OPT=${2:--L}
-# Fix permissions on the given directory or file to allow group read/write of
-# regular files and execute of directories.
-[ $(id -u) -ne 0 ] && CHECK_OWNER=" -uid $(id -u)"
-# If argument does not exist, script will still exit with 0,
-# but at least we'll see something went wrong in the log
-if ! [ -e "$1" ] ; then
-  echo "ERROR: File or directory $1 does not exist." >&2
-  # We still want to end successfully
-  exit 0
-fi
-find $SYMLINK_OPT "$1" ${CHECK_OWNER} \! -gid 0 -exec chgrp 0 {} +
-find $SYMLINK_OPT "$1" ${CHECK_OWNER} \! -perm -g+rw -exec chmod g+rw {} +
-find $SYMLINK_OPT "$1" ${CHECK_OWNER} -perm /u+x -a \! -perm /g+x -exec chmod g+x {} +
-find $SYMLINK_OPT "$1" ${CHECK_OWNER} -type d \! -perm /g+x -exec chmod g+x {} +
-# Always end successfully
-exit 0
--- a/settings-docker.xml
+++ b/settings-docker.xml
-<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
-                      https://maven.apache.org/xsd/settings-1.0.0.xsd">
-  <localRepository>/usr/share/maven/ref/repository</localRepository>
-</settings>