-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
51 lines (40 loc) · 2.66 KB
/
Copy pathDockerfile
File metadata and controls
51 lines (40 loc) · 2.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# ─────────────────────────────────────────────────────────────────────────────
# Stage 1: Build
# Uses a full JDK image with Gradle wrapper to compile and package the app.
# The dependency-download layer is cached separately from the source-compile
# layer so incremental rebuilds are fast.
# ─────────────────────────────────────────────────────────────────────────────
FROM eclipse-temurin:21-jdk-alpine AS builder
WORKDIR /app
# Copy Gradle wrapper and build scripts first (infrequently changed → cached layer)
COPY gradle/wrapper/gradle-wrapper.properties gradle/wrapper/gradle-wrapper.properties
COPY gradlew gradlew
COPY build.gradle.kts settings.gradle.kts ./
# Pre-fetch all dependencies without building source (maximises cache hits)
RUN chmod +x gradlew && ./gradlew dependencies --no-daemon --quiet 2>/dev/null || true
# Now copy source and build the fat JAR
COPY src src
RUN ./gradlew bootJar --no-daemon -x test
# ─────────────────────────────────────────────────────────────────────────────
# Stage 2: Runtime
# Lean JRE-only image. The fat JAR is the only artefact copied across.
# ─────────────────────────────────────────────────────────────────────────────
FROM eclipse-temurin:21-jre-alpine AS runtime
WORKDIR /app
# Create a non-root user for security best practice
RUN addgroup -S proxy && adduser -S proxy -G proxy
COPY --from=builder /app/build/libs/*.jar app.jar
# Health check: polls /actuator/health every 30 s after a 60 s start delay
HEALTHCHECK --interval=30s --timeout=5s --start-period=60s --retries=3 \
CMD wget -qO- http://localhost:8080/actuator/health | grep -q '"status":"UP"' || exit 1
USER proxy
EXPOSE 8080
# JVM flags tuned for containerised, high-throughput reactive workloads:
# -XX:+UseZGC → low-pause GC ideal for latency-sensitive proxies
# -XX:MaxRAMPercentage → honour container memory limits
# -Djava.security.egd → faster SecureRandom (avoids /dev/random blocking)
ENTRYPOINT ["java", \
"-XX:+UseZGC", \
"-XX:MaxRAMPercentage=75.0", \
"-Djava.security.egd=file:/dev/./urandom", \
"-jar", "app.jar"]