Issue appropriate#113

Fix appropriate#113 by creating multistage builds that first download keys. Also took opportunity to reorder Dockerfiles to reduce complexity and size. Signed-off-by: Greg Wilkins <gregw@webtide.com>
jetty-project · Nov 24, 2019 · d32c229 · d32c229
1 parent 229c800
commit d32c229
Show file tree

Hide file tree

Showing 4 changed files with 114 additions and 135 deletions.
diff --git a/9.2-jre8/Dockerfile b/9.2-jre8/Dockerfile
@@ -1,15 +1,4 @@
-FROM openjdk:8-jre
-
-# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
-RUN groupadd -r jetty && useradd -r -g jetty jetty
-
-ENV JETTY_HOME /usr/local/jetty
-ENV PATH $JETTY_HOME/bin:$PATH
-RUN mkdir -p "$JETTY_HOME"
-WORKDIR $JETTY_HOME
-
-ENV JETTY_VERSION 9.2.28.v20190418
-ENV JETTY_TGZ_URL https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/$JETTY_VERSION/jetty-distribution-$JETTY_VERSION.tar.gz
+FROM openjdk:8-jre AS Keys
 
 # GPG Keys are personal keys of Jetty committers (see https://github.com/eclipse/jetty.project/blob/0607c0e66e44b9c12a62b85551da3a0edce0281e/KEYS.txt)
 ENV JETTY_GPG_KEYS \
@@ -31,36 +20,38 @@ ENV JETTY_GPG_KEYS \
 	5C9579B3DB2E506429319AAEF33B071B29559E1E
 
 RUN set -xe \
-	&& curl -SL "$JETTY_TGZ_URL" -o jetty.tar.gz \
-	&& curl -SL "$JETTY_TGZ_URL.asc" -o jetty.tar.gz.asc \
-	&& export GNUPGHOME="$(mktemp -d)" \
+	&& mkdir /jetty-keys \
 	&& for key in $JETTY_GPG_KEYS; do \
-		gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; done \
-	&& gpg --batch --verify jetty.tar.gz.asc jetty.tar.gz \
-	&& gpgconf --kill all \
-	&& rm -rf "$GNUPGHOME" \
-	&& tar -xvf jetty.tar.gz --strip-components=1 \
-	&& sed -i '/jetty-logging/d' etc/jetty.conf \
-	&& rm -fr demo-base javadoc \
-	&& rm jetty.tar.gz* \
-	&& rm -rf /tmp/hsperfdata_root
-
-ENV JETTY_BASE /var/lib/jetty
-RUN mkdir -p "$JETTY_BASE"
-WORKDIR $JETTY_BASE
+		GNUPGHOME=/jetty-keys gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; done 
 
-# Get the list of modules in the default start.ini and build new base with those modules
-RUN modules="$(grep -- ^--module= "$JETTY_HOME/start.ini" | cut -d= -f2 | paste -d, -s)" \
-	&& set -xe \
-	&& java -jar "$JETTY_HOME/start.jar" --add-to-startd="$modules" \
-	&& chown -R jetty:jetty "$JETTY_BASE" \
-	&& rm -rf /tmp/hsperfdata_root
+# Start a new image and import keys
+FROM openjdk:8-jre
+COPY --from=keys /jetty-keys/ /jetty-keys/
 
+ENV JETTY_VERSION 9.2.28.v20190418
+ENV JETTY_HOME /usr/local/jetty
+ENV JETTY_BASE /var/lib/jetty
 ENV TMPDIR /tmp/jetty
+ENV PATH $JETTY_HOME/bin:$PATH
+ENV JETTY_TGZ_URL https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/$JETTY_VERSION/jetty-distribution-$JETTY_VERSION.tar.gz
+
 RUN set -xe \
-	&& mkdir -p "$TMPDIR" \
-	&& chown -R jetty:jetty "$TMPDIR"
+	&& groupadd -r jetty && useradd -r -g jetty jetty \
+	&& mkdir -p "$JETTY_HOME" "$JETTY_BASE" "$TMPDIR" \
+	&& cd $JETTY_HOME \
+	&& curl -SL "$JETTY_TGZ_URL" -o jetty.tar.gz \
+	&& curl -SL "$JETTY_TGZ_URL.asc" -o jetty.tar.gz.asc \
+	&& GNUPGHOME=/jetty-keys gpg --batch --verify jetty.tar.gz.asc jetty.tar.gz \
+	&& tar -xvf jetty.tar.gz --strip-components=1 \
+	&& sed -i '/jetty-logging/d' etc/jetty.conf \
+	&& rm -fr demo-base javadoc jetty.tar.gz* \
+	&& cd $JETTY_BASE \
+	&& modules="$(grep -- ^--module= "$JETTY_HOME/start.ini" | cut -d= -f2 | paste -d, -s)" \
+	&& java -jar "$JETTY_HOME/start.jar" --add-to-startd="$modules" \
+	&& chown -R jetty:jetty "$JETTY_HOME" "$JETTY_BASE" "$TMPDIR" \
+	&& rm -rf /tmp/hsperfdata_root /jetty-keys
 
+WORKDIR $JETTY_BASE
 COPY docker-entrypoint.sh generate-jetty-start.sh /
 
 USER jetty

diff --git a/9.3-jre8/Dockerfile b/9.3-jre8/Dockerfile
@@ -1,15 +1,4 @@
-FROM openjdk:8-jre
-
-# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
-RUN groupadd -r jetty && useradd -r -g jetty jetty
-
-ENV JETTY_HOME /usr/local/jetty
-ENV PATH $JETTY_HOME/bin:$PATH
-RUN mkdir -p "$JETTY_HOME"
-WORKDIR $JETTY_HOME
-
-ENV JETTY_VERSION 9.3.27.v20190418
-ENV JETTY_TGZ_URL https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/$JETTY_VERSION/jetty-distribution-$JETTY_VERSION.tar.gz
+FROM openjdk:8-jre AS Keys
 
 # GPG Keys are personal keys of Jetty committers (see https://github.com/eclipse/jetty.project/blob/0607c0e66e44b9c12a62b85551da3a0edce0281e/KEYS.txt)
 ENV JETTY_GPG_KEYS \
@@ -31,36 +20,38 @@ ENV JETTY_GPG_KEYS \
 	5C9579B3DB2E506429319AAEF33B071B29559E1E
 
 RUN set -xe \
-	&& curl -SL "$JETTY_TGZ_URL" -o jetty.tar.gz \
-	&& curl -SL "$JETTY_TGZ_URL.asc" -o jetty.tar.gz.asc \
-	&& export GNUPGHOME="$(mktemp -d)" \
+	&& mkdir /jetty-keys \
 	&& for key in $JETTY_GPG_KEYS; do \
-		gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; done \
-	&& gpg --batch --verify jetty.tar.gz.asc jetty.tar.gz \
-	&& gpgconf --kill all \
-	&& rm -rf "$GNUPGHOME" \
-	&& tar -xvf jetty.tar.gz --strip-components=1 \
-	&& sed -i '/jetty-logging/d' etc/jetty.conf \
-	&& rm -fr demo-base javadoc \
-	&& rm jetty.tar.gz* \
-	&& rm -rf /tmp/hsperfdata_root
-
-ENV JETTY_BASE /var/lib/jetty
-RUN mkdir -p "$JETTY_BASE"
-WORKDIR $JETTY_BASE
+		GNUPGHOME=/jetty-keys gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; done 
 
-# Get the list of modules in the default start.ini and build new base with those modules
-RUN modules="$(grep -- ^--module= "$JETTY_HOME/start.ini" | cut -d= -f2 | paste -d, -s)" \
-	&& set -xe \
-	&& java -jar "$JETTY_HOME/start.jar" --add-to-startd="$modules" \
-	&& chown -R jetty:jetty "$JETTY_BASE" \
-	&& rm -rf /tmp/hsperfdata_root
+# Start a new image and import keys
+FROM openjdk:8-jre
+COPY --from=keys /jetty-keys/ /jetty-keys/
 
+ENV JETTY_VERSION 9.3.27.v20190418
+ENV JETTY_HOME /usr/local/jetty
+ENV JETTY_BASE /var/lib/jetty
 ENV TMPDIR /tmp/jetty
+ENV PATH $JETTY_HOME/bin:$PATH
+ENV JETTY_TGZ_URL https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/$JETTY_VERSION/jetty-distribution-$JETTY_VERSION.tar.gz
+
 RUN set -xe \
-	&& mkdir -p "$TMPDIR" \
-	&& chown -R jetty:jetty "$TMPDIR"
+	&& groupadd -r jetty && useradd -r -g jetty jetty \
+	&& mkdir -p "$JETTY_HOME" "$JETTY_BASE" "$TMPDIR" \
+	&& cd $JETTY_HOME \
+	&& curl -SL "$JETTY_TGZ_URL" -o jetty.tar.gz \
+	&& curl -SL "$JETTY_TGZ_URL.asc" -o jetty.tar.gz.asc \
+	&& GNUPGHOME=/jetty-keys gpg --batch --verify jetty.tar.gz.asc jetty.tar.gz \
+	&& tar -xvf jetty.tar.gz --strip-components=1 \
+	&& sed -i '/jetty-logging/d' etc/jetty.conf \
+	&& rm -fr demo-base javadoc jetty.tar.gz* \
+	&& cd $JETTY_BASE \
+	&& modules="$(grep -- ^--module= "$JETTY_HOME/start.ini" | cut -d= -f2 | paste -d, -s)" \
+	&& java -jar "$JETTY_HOME/start.jar" --add-to-startd="$modules" \
+	&& chown -R jetty:jetty "$JETTY_HOME" "$JETTY_BASE" "$TMPDIR" \
+	&& rm -rf /tmp/hsperfdata_root /jetty-keys
 
+WORKDIR $JETTY_BASE
 COPY docker-entrypoint.sh generate-jetty-start.sh /
 
 USER jetty

diff --git a/9.4-jre11/Dockerfile b/9.4-jre11/Dockerfile
@@ -1,15 +1,4 @@
-FROM openjdk:11-jre
-
-# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
-RUN groupadd -r jetty && useradd -r -g jetty jetty
-
-ENV JETTY_HOME /usr/local/jetty
-ENV PATH $JETTY_HOME/bin:$PATH
-RUN mkdir -p "$JETTY_HOME"
-WORKDIR $JETTY_HOME
-
-ENV JETTY_VERSION 9.4.23.v20191118
-ENV JETTY_TGZ_URL https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-home/$JETTY_VERSION/jetty-home-$JETTY_VERSION.tar.gz
+FROM openjdk:11-jre AS Keys
 
 # GPG Keys are personal keys of Jetty committers (see https://github.com/eclipse/jetty.project/blob/0607c0e66e44b9c12a62b85551da3a0edce0281e/KEYS.txt)
 ENV JETTY_GPG_KEYS \
@@ -31,35 +20,45 @@ ENV JETTY_GPG_KEYS \
 	5C9579B3DB2E506429319AAEF33B071B29559E1E
 
 RUN set -xe \
-	&& curl -SL "$JETTY_TGZ_URL" -o jetty.tar.gz \
-	&& curl -SL "$JETTY_TGZ_URL.asc" -o jetty.tar.gz.asc \
-	&& export GNUPGHOME="$(mktemp -d)" \
+	&& mkdir /jetty-keys \
 	&& for key in $JETTY_GPG_KEYS; do \
-		gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; done \
-	&& gpg --batch --verify jetty.tar.gz.asc jetty.tar.gz \
-	&& rm -rf "$GNUPGHOME" \
-	&& tar -xvf jetty.tar.gz --strip-components=1 \
-	&& sed -i '/jetty-logging/d' etc/jetty.conf \
-	&& rm jetty.tar.gz* \
-	&& rm -rf /tmp/hsperfdata_root
+		GNUPGHOME=/jetty-keys gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; done 
+
+# Start a new image and import keys
+FROM openjdk:11-jre
+COPY --from=keys /jetty-keys/ /jetty-keys/
 
+ENV JETTY_VERSION 9.4.23.v20191118
+ENV JETTY_HOME /usr/local/jetty
 ENV JETTY_BASE /var/lib/jetty
-RUN mkdir -p "$JETTY_BASE"
-WORKDIR $JETTY_BASE
+ENV TMPDIR /tmp/jetty
+ENV PATH $JETTY_HOME/bin:$PATH
+ENV JETTY_TGZ_URL https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/$JETTY_VERSION/jetty-distribution-$JETTY_VERSION.tar.gz
 
 RUN set -xe \
+	&& groupadd -r jetty && useradd -r -g jetty jetty \
+	&& mkdir -p "$JETTY_HOME" "$JETTY_BASE" "$TMPDIR" \
+	&& cd $JETTY_HOME \
+	&& curl -SL "$JETTY_TGZ_URL" -o jetty.tar.gz \
+	&& curl -SL "$JETTY_TGZ_URL.asc" -o jetty.tar.gz.asc \
+	&& GNUPGHOME=/jetty-keys gpg --batch --verify jetty.tar.gz.asc jetty.tar.gz \
+	&& tar -xvf jetty.tar.gz --strip-components=1 \
+	&& sed -i '/jetty-logging/d' etc/jetty.conf \
+	&& rm -fr demo-base javadoc jetty.tar.gz* \
+	&& cd $JETTY_BASE \
 	&& java -jar "$JETTY_HOME/start.jar" --create-startd --add-to-start="server,http,deploy,jsp,jstl,ext,resources,websocket" \
-	&& chown -R jetty:jetty "$JETTY_BASE" \
-	&& rm -rf /tmp/hsperfdata_root
-
-ENV TMPDIR /tmp/jetty
-RUN set -xe \
-	&& mkdir -p "$TMPDIR" \
-	&& chown -R jetty:jetty "$TMPDIR"
+	&& chown -R jetty:jetty "$JETTY_HOME" "$JETTY_BASE" "$TMPDIR" \
+	&& rm -rf /tmp/hsperfdata_root /jetty-keys
 
+WORKDIR $JETTY_BASE
 COPY docker-entrypoint.sh generate-jetty-start.sh /
 
 USER jetty
 EXPOSE 8080
 ENTRYPOINT ["/docker-entrypoint.sh"]
 CMD ["java","-jar","/usr/local/jetty/start.jar"]
+
+RUN set -xe \
+	&& chown -R jetty:jetty "$JETTY_BASE" \
+	&& rm -rf /tmp/hsperfdata_root
+
diff --git a/9.4-jre8/Dockerfile b/9.4-jre8/Dockerfile
@@ -1,15 +1,4 @@
-FROM openjdk:8-jre
-
-# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
-RUN groupadd -r jetty && useradd -r -g jetty jetty
-
-ENV JETTY_HOME /usr/local/jetty
-ENV PATH $JETTY_HOME/bin:$PATH
-RUN mkdir -p "$JETTY_HOME"
-WORKDIR $JETTY_HOME
-
-ENV JETTY_VERSION 9.4.23.v20191118
-ENV JETTY_TGZ_URL https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-home/$JETTY_VERSION/jetty-home-$JETTY_VERSION.tar.gz
+FROM openjdk:8-jre AS Keys
 
 # GPG Keys are personal keys of Jetty committers (see https://github.com/eclipse/jetty.project/blob/0607c0e66e44b9c12a62b85551da3a0edce0281e/KEYS.txt)
 ENV JETTY_GPG_KEYS \
@@ -31,36 +20,45 @@ ENV JETTY_GPG_KEYS \
 	5C9579B3DB2E506429319AAEF33B071B29559E1E
 
 RUN set -xe \
-	&& curl -SL "$JETTY_TGZ_URL" -o jetty.tar.gz \
-	&& curl -SL "$JETTY_TGZ_URL.asc" -o jetty.tar.gz.asc \
-	&& export GNUPGHOME="$(mktemp -d)" \
+	&& mkdir /jetty-keys \
 	&& for key in $JETTY_GPG_KEYS; do \
-		gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; done \
-	&& gpg --batch --verify jetty.tar.gz.asc jetty.tar.gz \
-	&& gpgconf --kill all \
-	&& rm -rf "$GNUPGHOME" \
-	&& tar -xvf jetty.tar.gz --strip-components=1 \
-	&& sed -i '/jetty-logging/d' etc/jetty.conf \
-	&& rm jetty.tar.gz* \
-	&& rm -rf /tmp/hsperfdata_root
+		GNUPGHOME=/jetty-keys gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; done 
+
+# Start a new image and import keys
+FROM openjdk:8-jre
+COPY --from=keys /jetty-keys/ /jetty-keys/
 
+ENV JETTY_VERSION 9.4.23.v20191118
+ENV JETTY_HOME /usr/local/jetty
 ENV JETTY_BASE /var/lib/jetty
-RUN mkdir -p "$JETTY_BASE"
-WORKDIR $JETTY_BASE
+ENV TMPDIR /tmp/jetty
+ENV PATH $JETTY_HOME/bin:$PATH
+ENV JETTY_TGZ_URL https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/$JETTY_VERSION/jetty-distribution-$JETTY_VERSION.tar.gz
 
 RUN set -xe \
+	&& groupadd -r jetty && useradd -r -g jetty jetty \
+	&& mkdir -p "$JETTY_HOME" "$JETTY_BASE" "$TMPDIR" \
+	&& cd $JETTY_HOME \
+	&& curl -SL "$JETTY_TGZ_URL" -o jetty.tar.gz \
+	&& curl -SL "$JETTY_TGZ_URL.asc" -o jetty.tar.gz.asc \
+	&& GNUPGHOME=/jetty-keys gpg --batch --verify jetty.tar.gz.asc jetty.tar.gz \
+	&& tar -xvf jetty.tar.gz --strip-components=1 \
+	&& sed -i '/jetty-logging/d' etc/jetty.conf \
+	&& rm -fr demo-base javadoc jetty.tar.gz* \
+	&& cd $JETTY_BASE \
 	&& java -jar "$JETTY_HOME/start.jar" --create-startd --add-to-start="server,http,deploy,jsp,jstl,ext,resources,websocket" \
-	&& chown -R jetty:jetty "$JETTY_BASE" \
-	&& rm -rf /tmp/hsperfdata_root
-
-ENV TMPDIR /tmp/jetty
-RUN set -xe \
-	&& mkdir -p "$TMPDIR" \
-	&& chown -R jetty:jetty "$TMPDIR"
+	&& chown -R jetty:jetty "$JETTY_HOME" "$JETTY_BASE" "$TMPDIR" \
+	&& rm -rf /tmp/hsperfdata_root /jetty-keys
 
+WORKDIR $JETTY_BASE
 COPY docker-entrypoint.sh generate-jetty-start.sh /
 
 USER jetty
 EXPOSE 8080
 ENTRYPOINT ["/docker-entrypoint.sh"]
 CMD ["java","-jar","/usr/local/jetty/start.jar"]
+
+RUN set -xe \
+	&& chown -R jetty:jetty "$JETTY_BASE" \
+	&& rm -rf /tmp/hsperfdata_root
+