Skip to content

Instantly share code, notes, and snippets.

@paoliniluis

paoliniluis/Dockerfile

Last active February 10, 2023 15:27
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save paoliniluis/78fe800f06fc7027a20665a429239c1e to your computer and use it in GitHub Desktop.
Save paoliniluis/78fe800f06fc7027a20665a429239c1e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Dockerfile
###################
# STAGE 1: builder
###################
FROM --platform=linux/amd64 eclipse-temurin:11.0.12_7-jdk-focal as builder
ARG MB_EDITION=oss CI=true
WORKDIR /app/
RUN curl -fsSL https://deb.nodesource.com/setup_lts.x | bash - \
# install Node LTS and Yarn from their repos
&& curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
&& echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list \
&& apt-get update && apt-get upgrade -y && apt-get install -y git nodejs yarn \
# installing Clojure CLI
&& curl -O https://download.clojure.org/install/linux-install-1.10.3.986.sh && chmod +x linux-install-1.10.3.986.sh && ./linux-install-1.10.3.986.sh \
# downloading certs from AWS and Azure so we don't need to do it in the next step and only install those
&& mkdir /app/certs \
&& curl https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem -o /app/certs/rds-combined-ca-bundle.pem \
&& curl https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem -o /app/certs/DigiCertGlobalRootG2.crt.pem
COPY . .
RUN INTERACTIVE=false CI=$CI MB_EDITION=$MB_EDITION bin/build
# ###################
# # STAGE 2: runner
# ###################
FROM eclipse-temurin:11.0.12_7-jre-focal as runner
ENV FC_LANG en-US LC_CTYPE en_US.UTF-8
WORKDIR /app/
COPY --from=builder /app/certs/. /app/certs/
# dependencies
# updating everything that doesn't come updated from previous layers
RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends ttf-dejavu && \
# importing certs
mkdir -p /etc/ssl/certs/java/cacerts && \
/opt/java/openjdk/bin/keytool -noprompt -import -trustcacerts -alias aws-rds -file /app/certs/rds-combined-ca-bundle.pem -keystore /etc/ssl/certs/java/cacerts/java-keystore -keypass changeit -storepass changeit && \
/opt/java/openjdk/bin/keytool -noprompt -import -trustcacerts -alias azure-cert -file /app/certs/DigiCertGlobalRootG2.crt.pem -keystore /etc/ssl/certs/java/cacerts/java-keystore -keypass changeit -storepass changeit && \
# cleaning everything to reduce container size
apt-get autoremove -y && apt-get autoclean && \
rm -rf /var/lib/apt/lists/* && \
# providing permissions to the nobody user
chown -R nobody:nogroup /app
USER nobody
COPY --from=builder --chown=nobody /app/target/uberjar/metabase.jar /app/
COPY --chown=nobody bin/docker/run_metabase.sh /app/
# expose our default runtime port
EXPOSE 3000
# run it
ENTRYPOINT ["/app/run_metabase.sh"]
@paoliniluis
Copy link
Author

Thanks @iwalucas, here you'll find a Dockerfile that will do the same:

FROM eclipse-temurin:11-jre-focal as runner

ENV FC_LANG en-US LC_CTYPE en_US.UTF-8

WORKDIR /app/

RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends ttf-dejavu && \
    # cleaning everything to reduce container size
    apt-get autoremove -y && apt-get autoclean && \
    rm -rf /var/lib/apt/lists/* && \
    # providing permissions to the nobody user
    curl https://downloads.metabase.com/latest/metabase.jar -o metabase.jar && \
    curl https://raw.githubusercontent.com/metabase/metabase/master/bin/docker/run_metabase.sh -o run_metabase.sh && \
    chmod +x run_metabase.sh && \
    chown -R nobody:nogroup /app

USER nobody

# expose our default runtime port
EXPOSE 3000

# run it
ENTRYPOINT ["/app/run_metabase.sh"]

with that Dockerfile, just do docker build . and you'll be good to go :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment