lionsdev/unionflow-server-impl-quarkus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Simplify Dockerfile for lionsctl compatibility - use uber-jar

Browse Source
This commit is contained in:
dahoud
2025-12-10 10:28:48 +00:00
parent e1c0daa2aa
commit 637f6de9d2
1 changed files with 27 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
Dockerfile
View File

@@ -1,28 +1,9 @@
#### ####
# Dockerfile de production pour UnionFlow Server (Backend) # Dockerfile simplifié pour UnionFlow Server - Compatible lionsctl
# Multi-stage build optimisé avec sécurité renforcée # Utilise l'uber-jar pré-compilé par Maven
#### ####
## Stage 1 : Build avec Maven FROM eclipse-temurin:17-jre-alpine
FROM maven:3.9.6-eclipse-temurin-17 AS builder
WORKDIR /app
# Copier les fichiers de configuration Maven
COPY pom.xml .
COPY ../unionflow-server-api/pom.xml ../unionflow-server-api/
# Télécharger les dépendances (cache Docker)
RUN mvn dependency:go-offline -B -pl unionflow-server-impl-quarkus -am
# Copier le code source
COPY src ./src
# Construire l'application avec profil production
RUN mvn clean package -DskipTests -B -Dquarkus.profile=prod -pl unionflow-server-impl-quarkus
## Stage 2 : Image de production optimisée
FROM registry.access.redhat.com/ubi8/openjdk-17:1.18
ENV LANGUAGE='en_US:en' ENV LANGUAGE='en_US:en'
@@ -31,49 +12,52 @@ ENV QUARKUS_PROFILE=prod
ENV QUARKUS_HTTP_PORT=8085 ENV QUARKUS_HTTP_PORT=8085
ENV QUARKUS_HTTP_HOST=0.0.0.0 ENV QUARKUS_HTTP_HOST=0.0.0.0
# Configuration Base de données (à surcharger via variables d'environnement) # Configuration Base de données
ENV DB_URL=jdbc:postgresql://postgresql:5432/unionflow ENV DB_URL=jdbc:postgresql://postgresql-service.postgresql.svc.cluster.local:5432/unionflow
ENV DB_USERNAME=unionflow ENV DB_USERNAME=unionflow
ENV DB_PASSWORD=changeme ENV DB_PASSWORD=UnionFlow2025!
# Configuration Keycloak/OIDC (production) # Configuration Keycloak/OIDC
ENV QUARKUS_OIDC_AUTH_SERVER_URL=https://security.lions.dev/realms/unionflow ENV QUARKUS_OIDC_AUTH_SERVER_URL=https://security.lions.dev/realms/unionflow
ENV QUARKUS_OIDC_CLIENT_ID=unionflow-server ENV QUARKUS_OIDC_CLIENT_ID=unionflow-server
ENV KEYCLOAK_CLIENT_SECRET=changeme ENV KEYCLOAK_CLIENT_SECRET=unionflow-server-secret-2025
ENV QUARKUS_OIDC_TLS_VERIFICATION=required ENV QUARKUS_OIDC_TLS_VERIFICATION=required
# Configuration CORS pour production # Configuration CORS
ENV CORS_ORIGINS=https://unionflow.lions.dev,https://security.lions.dev ENV CORS_ORIGINS=https://unionflow.lions.dev,https://security.lions.dev
ENV QUARKUS_HTTP_CORS_ORIGINS=${CORS_ORIGINS} ENV QUARKUS_HTTP_CORS_ORIGINS=${CORS_ORIGINS}
# Configuration Wave Money (optionnel) # Configuration Wave Money
ENV WAVE_API_KEY= ENV WAVE_API_KEY=
ENV WAVE_API_SECRET= ENV WAVE_API_SECRET=
ENV WAVE_API_BASE_URL=https://api.wave.com/v1 ENV WAVE_API_BASE_URL=https://api.wave.com/v1
ENV WAVE_ENVIRONMENT=production ENV WAVE_ENVIRONMENT=production
ENV WAVE_WEBHOOK_SECRET= ENV WAVE_WEBHOOK_SECRET=
# Installer curl pour les health checks # Créer l'utilisateur appuser
USER root RUN addgroup -g 185 appuser && adduser -D -u 185 -G appuser appuser
RUN microdnf install curl -y && microdnf clean all
RUN mkdir -p /app/logs && chown -R 185:185 /app/logs
USER 185
# Copier l'application depuis le builder # Installer curl pour health checks
COPY --from=builder --chown=185 /app/target/quarkus-app/lib/ /deployments/lib/ RUN apk add --no-cache curl
COPY --from=builder --chown=185 /app/target/quarkus-app/*.jar /deployments/
COPY --from=builder --chown=185 /app/target/quarkus-app/app/ /deployments/app/ # Créer les répertoires nécessaires
COPY --from=builder --chown=185 /app/target/quarkus-app/quarkus/ /deployments/quarkus/ RUN mkdir -p /app/logs && chown -R appuser:appuser /app
WORKDIR /app
# Copier l'uber-jar depuis target/
COPY --chown=appuser:appuser target/*-runner.jar /app/app.jar
USER appuser
# Exposer le port # Exposer le port
EXPOSE 8085 EXPOSE 8085
# Variables JVM optimisées pour production avec sécurité # Variables JVM optimisées
ENV JAVA_OPTS="-Xmx1g -Xms512m \ ENV JAVA_OPTS="-Xmx1g -Xms512m \
-XX:+UseG1GC \ -XX:+UseG1GC \
-XX:MaxGCPauseMillis=200 \ -XX:MaxGCPauseMillis=200 \
-XX:+UseStringDeduplication \ -XX:+UseStringDeduplication \
-XX:+ParallelRefProcEnabled \
-XX:+HeapDumpOnOutOfMemoryError \ -XX:+HeapDumpOnOutOfMemoryError \
-XX:HeapDumpPath=/app/logs/heapdump.hprof \ -XX:HeapDumpPath=/app/logs/heapdump.hprof \
-Djava.security.egd=file:/dev/./urandom \ -Djava.security.egd=file:/dev/./urandom \
@@ -82,10 +66,9 @@ ENV JAVA_OPTS="-Xmx1g -Xms512m \
-Djava.util.logging.manager=org.jboss.logmanager.LogManager \ -Djava.util.logging.manager=org.jboss.logmanager.LogManager \
-Dquarkus.profile=${QUARKUS_PROFILE}" -Dquarkus.profile=${QUARKUS_PROFILE}"
# Point d'entrée avec profil production # Point d'entrée
ENTRYPOINT ["sh", "-c", "exec java $JAVA_OPTS -jar /deployments/quarkus-run.jar"] ENTRYPOINT ["sh", "-c", "exec java $JAVA_OPTS -jar /app/app.jar"]
# Health check # Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \ HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD curl -f http://localhost:8085/q/health/ready || exit 1 CMD curl -f http://localhost:8085/q/health/ready || exit 1