From f4cbcaaa448f4ae1f2430e3440d844b65ac77226 Mon Sep 17 00:00:00 2001
From: Mike Herwig <Mike.Herwig@telekom.de>
Date: Tue, 12 Mar 2024 09:24:43 +0100
Subject: [PATCH] feature: added build env for multi-stage Dockerfile to import
 a CA certificate into the truststore

---
 Dockerfile.multi-stage | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/Dockerfile.multi-stage b/Dockerfile.multi-stage
index c85043e..d4d2fa6 100644
--- a/Dockerfile.multi-stage
+++ b/Dockerfile.multi-stage
@@ -1,25 +1,33 @@
 # Copyright 2024 Deutsche Telekom IT GmbH
 #
 # SPDX-License-Identifier: Apache-2.0
-FROM azul/zulu-openjdk-alpine:21 AS builder
 
-WORKDIR /workspace/app
+ARG BUILD_ENV=standard
 
+# builder image for building the actual runnable jar
+FROM azul/zulu-openjdk-alpine:21 AS builder
+WORKDIR /workspace/app
 COPY . .
 RUN dos2unix ./gradlew
 RUN ./gradlew build -x test
 
-FROM azul/zulu-openjdk-alpine:21-jre
-
+# standard image build
+FROM azul/zulu-openjdk-alpine:21-jre AS standard
 USER root
 RUN apk add --no-cache --update gcompat --repository=https://dl-cdn.alpinelinux.org/alpine/v3.18/main/ > /dev/null
-
 USER 1001:1001
-
 WORKDIR /workspace/app
-
 COPY --from=builder /workspace/app/build/libs/starlight.jar app.jar
 
-EXPOSE 8080
+# image build that includes a local cacert.pem and import it into the default truststore
+FROM standard as with_cacert
+USER root
+RUN apk add --no-cache ca-certificates
+COPY cacert.pem /usr/local/share/ca-certificates/cacert.pem
+RUN update-ca-certificates
+USER 1001:1001
 
-CMD ["java", "-jar", "app.jar"]
+# main
+FROM ${BUILD_ENV}
+EXPOSE 8080
+CMD ["java", "-jar", "app.jar"]
\ No newline at end of file