# =================================================================== # Multi-stage Dockerfile for Meldestelle Masterdata Service # Features: Security hardening, monitoring support, optimal caching, BuildKit cache mounts # Version: 2.6.0 - Reliable Monorepo Build # =================================================================== # === CENTRALIZED BUILD ARGUMENTS === ARG GRADLE_VERSION=9.4.1 ARG JAVA_VERSION=25 ARG BUILD_DATE ARG VERSION=1.0.0-SNAPSHOT # =================================================================== # Build Stage # =================================================================== FROM eclipse-temurin:${JAVA_VERSION}-jdk-alpine AS builder ARG VERSION ARG BUILD_DATE LABEL stage=builder \ service="masterdata-service" \ maintainer="Meldestelle Development Team" WORKDIR /workspace # Gradle optimizations ENV GRADLE_OPTS="-Dorg.gradle.caching=true \ -Dorg.gradle.daemon=false \ -Dorg.gradle.parallel=true \ -Dorg.gradle.workers.max=2 \ -Dorg.gradle.jvmargs=-Xmx2g \ -XX:+UseParallelGC \ -XX:MaxMetaspaceSize=512m" ENV GRADLE_USER_HOME=/root/.gradle # 1. Copy full project structure for a reliable monorepo build # .dockerignore should be used to exclude unnecessary files (IDE, logs, etc.) COPY . . RUN chmod +x gradlew # 2. Build the service RUN --mount=type=cache,target=/root/.gradle/caches \ --mount=type=cache,target=/root/.gradle/wrapper \ ./gradlew :backend:services:masterdata:masterdata-service:bootJar --no-daemon --info # 3. Extract layers WORKDIR /builder RUN cp /workspace/backend/services/masterdata/masterdata-service/build/libs/*.jar app.jar && \ java -Djarmode=layertools -jar app.jar extract # =================================================================== # Runtime Stage # =================================================================== FROM eclipse-temurin:${JAVA_VERSION}-jre-alpine AS runtime ARG BUILD_DATE ARG VERSION ARG JAVA_VERSION LABEL service="masterdata-service" \ version="${VERSION}" \ description="Microservice for Master Data Management" \ maintainer="Meldestelle Development Team" \ java.version="${JAVA_VERSION}" \ build.date="${BUILD_DATE}" ARG APP_USER=appuser ARG APP_GROUP=appgroup ARG APP_UID=1001 ARG APP_GID=1001 WORKDIR /app RUN apk update && \ apk upgrade && \ apk add --no-cache curl tzdata tini && \ rm -rf /var/cache/apk/* && addgroup -g ${APP_GID} -S ${APP_GROUP} && \ adduser -u ${APP_UID} -S ${APP_USER} -G ${APP_GROUP} -h /app -s /bin/sh && \ mkdir -p /app/logs /app/tmp /app/config && \ chown -R ${APP_USER}:${APP_GROUP} /app && \ chmod -R 750 /app # Copy Spring Boot layers COPY --from=builder --chown=${APP_USER}:${APP_GROUP} /builder/dependencies/ ./ COPY --from=builder --chown=${APP_USER}:${APP_GROUP} /builder/spring-boot-loader/ ./ COPY --from=builder --chown=${APP_USER}:${APP_GROUP} /builder/snapshot-dependencies/ ./ COPY --from=builder --chown=${APP_USER}:${APP_GROUP} /builder/application/ ./ USER ${APP_USER} EXPOSE 8086 5005 HEALTHCHECK --interval=15s --timeout=3s --start-period=40s --retries=3 \ CMD curl -fsS --max-time 2 http://localhost:8086/actuator/health/readiness || exit 1 ENV JAVA_OPTS="-XX:MaxRAMPercentage=75.0 \ -XX:+UseG1GC \ -XX:+UseStringDeduplication \ -XX:+UseContainerSupport \ -XX:G1HeapRegionSize=16m \ -XX:G1ReservePercent=25 \ -XX:InitiatingHeapOccupancyPercent=30 \ -XX:+AlwaysPreTouch \ -XX:+DisableExplicitGC \ -Djava.security.egd=file:/dev/./urandom \ -Djava.awt.headless=true \ -Dfile.encoding=UTF-8 \ -Duser.timezone=Europe/Vienna \ -Dspring.backgroundpreinitializer.ignore=true \ -Dmanagement.endpoints.web.exposure.include=health,info,metrics,prometheus \ -Dmanagement.endpoint.health.show-details=always \ -Dmanagement.prometheus.metrics.export.enabled=true" ENV SPRING_OUTPUT_ANSI_ENABLED=ALWAYS \ SERVER_PORT=8086 \ LOGGING_LEVEL_ROOT=INFO ENTRYPOINT ["tini", "--", "sh", "-c", "\ echo 'Starting Masterdata Service with Java ${JAVA_VERSION}...'; \ if [ \"${DEBUG:-false}\" = \"true\" ]; then \ echo 'DEBUG mode enabled'; \ exec java ${JAVA_OPTS} -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005 org.springframework.boot.loader.launch.JarLauncher; \ else \ exec java ${JAVA_OPTS} org.springframework.boot.loader.launch.JarLauncher; \ fi"]