-
-
Save paoliniluis/78fe800f06fc7027a20665a429239c1e to your computer and use it in GitHub Desktop.
################### | |
# STAGE 1: builder | |
################### | |
FROM --platform=linux/amd64 eclipse-temurin:11.0.12_7-jdk-focal as builder | |
ARG MB_EDITION=oss CI=true | |
WORKDIR /app/ | |
RUN curl -fsSL https://deb.nodesource.com/setup_lts.x | bash - \ | |
# install Node LTS and Yarn from their repos | |
&& curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \ | |
&& echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list \ | |
&& apt-get update && apt-get upgrade -y && apt-get install -y git nodejs yarn \ | |
# installing Clojure CLI | |
&& curl -O https://download.clojure.org/install/linux-install-1.10.3.986.sh && chmod +x linux-install-1.10.3.986.sh && ./linux-install-1.10.3.986.sh \ | |
# downloading certs from AWS and Azure so we don't need to do it in the next step and only install those | |
&& mkdir /app/certs \ | |
&& curl https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem -o /app/certs/rds-combined-ca-bundle.pem \ | |
&& curl https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem -o /app/certs/DigiCertGlobalRootG2.crt.pem | |
COPY . . | |
RUN INTERACTIVE=false CI=$CI MB_EDITION=$MB_EDITION bin/build | |
# ################### | |
# # STAGE 2: runner | |
# ################### | |
FROM eclipse-temurin:11.0.12_7-jre-focal as runner | |
ENV FC_LANG en-US LC_CTYPE en_US.UTF-8 | |
WORKDIR /app/ | |
COPY --from=builder /app/certs/. /app/certs/ | |
# dependencies | |
# updating everything that doesn't come updated from previous layers | |
RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends ttf-dejavu && \ | |
# importing certs | |
mkdir -p /etc/ssl/certs/java/cacerts && \ | |
/opt/java/openjdk/bin/keytool -noprompt -import -trustcacerts -alias aws-rds -file /app/certs/rds-combined-ca-bundle.pem -keystore /etc/ssl/certs/java/cacerts/java-keystore -keypass changeit -storepass changeit && \ | |
/opt/java/openjdk/bin/keytool -noprompt -import -trustcacerts -alias azure-cert -file /app/certs/DigiCertGlobalRootG2.crt.pem -keystore /etc/ssl/certs/java/cacerts/java-keystore -keypass changeit -storepass changeit && \ | |
# cleaning everything to reduce container size | |
apt-get autoremove -y && apt-get autoclean && \ | |
rm -rf /var/lib/apt/lists/* && \ | |
# providing permissions to the nobody user | |
chown -R nobody:nogroup /app | |
USER nobody | |
COPY --from=builder --chown=nobody /app/target/uberjar/metabase.jar /app/ | |
COPY --chown=nobody bin/docker/run_metabase.sh /app/ | |
# expose our default runtime port | |
EXPOSE 3000 | |
# run it | |
ENTRYPOINT ["/app/run_metabase.sh"] |
Another thing to add: if someone wants to bundle Metabase into the runner (not build it from scratch, which is not recommended, we recommend using release files), just:
- delete the first stage of the Dockerfile
- download the metabase JAR you need by doing
curl https://downloads.metabase.com/latest/metabase.jar -o metabase.jar
- run the following in the directory where the Dockerfile is
curl https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem -o rds-combined-ca-bundle.pem && curl https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem -o DigiCertGlobalRootG2.crt.pem
and then in the second stage replace the
COPY --from=builder /app/certs/. /app/certs/
for COPY DigiCertGlobalRootG2.crt.pem rds-combined-ca-bundle.pem /app/certs/
and also
COPY --from=builder --chown=nobody /app/target/uberjar/metabase.jar /app/
for COPY --chown=nobody metabase.jar /app/
remember to have the run_metabase.sh file in the bin/docker/ path or change it to your current path
- then it's just about using docker build or docker buildx build to pass a --platform flag
Great, tks! I pushed into docker hub a build under iwalucas/metabase
, I copied the metabase from the latest instead of building it.....
Thanks @iwalucas, here you'll find a Dockerfile that will do the same:
FROM eclipse-temurin:11-jre-focal as runner
ENV FC_LANG en-US LC_CTYPE en_US.UTF-8
WORKDIR /app/
RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends ttf-dejavu && \
# cleaning everything to reduce container size
apt-get autoremove -y && apt-get autoclean && \
rm -rf /var/lib/apt/lists/* && \
# providing permissions to the nobody user
curl https://downloads.metabase.com/latest/metabase.jar -o metabase.jar && \
curl https://raw.githubusercontent.com/metabase/metabase/master/bin/docker/run_metabase.sh -o run_metabase.sh && \
chmod +x run_metabase.sh && \
chown -R nobody:nogroup /app
USER nobody
# expose our default runtime port
EXPOSE 3000
# run it
ENTRYPOINT ["/app/run_metabase.sh"]
with that Dockerfile, just do docker build .
and you'll be good to go :)
difference of sizes (I have a dirty local repo, but this should be comparable) between current alpine and current focal-JRE