feature: added build env for multi-stage Dockerfile to import a CA ce…

…rtificate into the truststore
telekom · Mar 12, 2024 · f4cbcaa · f4cbcaa
1 parent fbc1950
commit f4cbcaa
Showing 1 changed file with 17 additions and 9 deletions.
diff --git a/Dockerfile.multi-stage b/Dockerfile.multi-stage
@@ -1,25 +1,33 @@
 # Copyright 2024 Deutsche Telekom IT GmbH
 #
 # SPDX-License-Identifier: Apache-2.0
-FROM azul/zulu-openjdk-alpine:21 AS builder
 
-WORKDIR /workspace/app
+ARG BUILD_ENV=standard
 
+# builder image for building the actual runnable jar
+FROM azul/zulu-openjdk-alpine:21 AS builder
+WORKDIR /workspace/app
 COPY . .
 RUN dos2unix ./gradlew
 RUN ./gradlew build -x test
 
-FROM azul/zulu-openjdk-alpine:21-jre
-
+# standard image build
+FROM azul/zulu-openjdk-alpine:21-jre AS standard
 USER root
 RUN apk add --no-cache --update gcompat --repository=https://dl-cdn.alpinelinux.org/alpine/v3.18/main/ > /dev/null
-
 USER 1001:1001
-
 WORKDIR /workspace/app
-
 COPY --from=builder /workspace/app/build/libs/starlight.jar app.jar
 
-EXPOSE 8080
+# image build that includes a local cacert.pem and import it into the default truststore
+FROM standard as with_cacert
+USER root
+RUN apk add --no-cache ca-certificates
+COPY cacert.pem /usr/local/share/ca-certificates/cacert.pem
+RUN update-ca-certificates
+USER 1001:1001
 
-CMD ["java", "-jar", "app.jar"]
+# main
+FROM ${BUILD_ENV}
+EXPOSE 8080
+CMD ["java", "-jar", "app.jar"]