-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
40 lines (30 loc) · 1.29 KB
/
Dockerfile
File metadata and controls
40 lines (30 loc) · 1.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# Build stage - compile the application
FROM --platform=linux/amd64 gradle:9.3.1-jdk21@sha256:a2563ec0331573c2462a89573b59b9e0d509a48f367d1e6c2fae32ee774c0334 AS builder
WORKDIR /build
# Copy source files
COPY gradle gradle
COPY gradlew gradlew.bat gradle.properties settings.gradle ./
COPY dependency-check-suppressions.xml ./
COPY app app
# Build the application
RUN ./gradlew :app:build -x test
# Runtime stage - use FIPS-enabled Semeru runtime
FROM --platform=linux/amd64 icr.io/webmethods/stig-hardened-images/dev-release/ubi9/ubi9-basic-java-semeru21-runtime:latest
WORKDIR /app
USER root
# Copy compiled classes and dependencies
COPY --from=builder /build/app/build/classes/java/main /app/classes
COPY --from=builder /build/app/build/libs /app/libs
COPY --from=builder /root/.gradle/caches /root/.gradle/caches
USER 1001
# Set FIPS mode
ENV JAVA_OPTS="-Dsemeru.fips=true -Dsemeru.customprofile=OpenJCEPlusFIPS.FIPS140-3"
# Build classpath and run FIPSValidatorRunner
CMD CLASSPATH="/app/classes"; \
for jar in $(find /root/.gradle/caches/modules-2/files-2.1 -name "*.jar" 2>/dev/null); do \
CLASSPATH="$CLASSPATH:$jar"; \
done; \
java -Dsemeru.fips=true \
-Dsemeru.customprofile=OpenJCEPlusFIPS.FIPS140-3 \
-cp "$CLASSPATH" \
org.example.FIPSValidatorRunner