ruanbekker/Dockerfile

## buildspec.yml
version: 0.2

env:
  environment:
    APP_REPO_URI: "xxxxxxxxxxxx.dkr.ecr.eu-west-1.amazonaws.com/my-application-repo"
    ECS_SVC_NAME: "my-application"
  parameter-store:
    DB_USER: "/my-application/dev/DATABASE_USERNAME"
    DB_PASSWORD: "/my-application/dev/DATABASE_PASSWORD"
    DB_URL: "/my-application/dev/DATABASE_URL"
    DOCKER_USER: "/codebuild/dev/DOCKER_USER"
    DOCKER_PASSWORD: "/codebuild/dev/DOCKER_PASSWORD"

phases:
  pre_build:
    commands:
      - echo Logging in to Amazon ECR
      - aws --version
      - $(aws ecr get-login --region $AWS_DEFAULT_REGION --no-include-email)
      - COMMIT_HASH=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7)
      - IMAGE_TAG=$(echo $CODEBUILD_BUILD_ID | awk -F":" '{print $2}')
      - echo $DOCKER_PASSWORD | docker login -u $DOCKER_USER --password-stdin
  build:
    commands:
      - echo build started on $(date)
      - echo building docker image
      - docker build -f Dockerfile -t app:latest .
      - echo $IMAGE_TAG
      - docker tag app:latest $APP_REPO_URI:latest
      - docker tag app:latest $APP_REPO_URI:$IMAGE_TAG
      - docker images
  post_build:
    commands:
      - echo build completed on $(date)
      - echo pushing the docker images
      - docker push $APP_REPO_URI:latest
      - docker push $APP_REPO_URI:$IMAGE_TAG
      - echo writing image definitions artifact
      - printf '[{"name":"my-application","imageUri":"%s"}]' $APP_REPO_URI:latest > imagedefinitions.json
      - cat imagedefinitions.json
artifacts:
  files: imagedefinitions.json

## codebuild_iam_policy.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowECRGetLogin",
            "Effect": "Allow",
            "Action": [
                "ecr:GetAuthorizationToken"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "AllowECRPush",
            "Effect": "Allow",
            "Action": [
                "ecr:GetAuthorizationToken",
                "ecr:InitiateLayerUpload",
                "ecr:UploadLayerPart",
                "ecr:CompleteLayerUpload",
                "ecr:BatchCheckLayerAvailability",
                "ecr:PutImage"
            ],
            "Resource": [
                "arn:aws:ecr:eu-west-1:xxxxxxxxxxxx:repository/my-application-repo"
            ]
        },
        {
            "Sid": "AllowSSM",
            "Effect": "Allow",
            "Action": [
                "ssm:GetParametersByPath",
                "ssm:GetParameters"
            ],
            "Resource": [
                "arn:aws:ssm:eu-west-1:xxxxxxxxxxxx:parameter/my-application/dev/DATABASE_*",
                "arn:aws:ssm:eu-west-1:xxxxxxxxxxxx:parameter/codebuild/dev/DOCKER_USER",
                "arn:aws:ssm:eu-west-1:xxxxxxxxxxxx:parameter/codebuild/dev/DOCKER_PASSWORD"
            ]
        },
        {
            "Sid": "AllowKMS",
            "Effect": "Allow",
            "Action": [
                "kms:Decrypt",
                "kms:GenerateDataKey"
            ],
            "Resource": [
                "arn:aws:kms:eu-west-1:xxxxxxxxxxxx:key/*"
            ]
        }
    ]
}

## docker-compose.yml
version: "3.6"

services:
  db:
    image: mysql:5.7
    volumes:
      - /var/lib/mysql
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=password
      - MYSQL_DATABASE=application
      - MYSQL_ROOT_USER=root
      - DATABASE_USERNAME=root
      - DATABASE_PASSWORD=password
    ports:
      - "3306:3306"

  app:
    build:
      context: .
      dockerfile: ./Dockerfile
      args:
        DB_USER: "${DB_USER:-root}"
        DB_PASSWORD: "${DB_PASSWORD:-password}"
        DB_URL: "${DB_URL:-jdbc:mysql://host.docker.internal:3306/application}"
    container_name: application
    environment:
      - PROFILE=local
      - DATABASE_NAME=application
      - DATABASE_PORT=3306
      - DATABASE_HOST=host.docker.internal
      - DATABASE_USERNAME=root
      - DATABASE_PASSWORD=password
      - MYSQL_ROOT_PASSWORD=password
    volumes:
      - /app
    ports:
      - 8080:8080
    tty: true
    stdin_open: true
    depends_on:
      - db

## Dockerfile
FROM maven:3.6.1-amazoncorretto-11 as builder

ARG DB_USER
ARG DB_PASSWORD
ARG DB_URL
ENV DB_USER=${DB_USER}
ENV DB_PASSWORD=${DB_PASSWORD}
ENV DB_URL=${DB_URL}

RUN curl -LJO https://github.com/liquibase/liquibase/releases/download/v4.2.0/liquibase-4.2.0.tar.gz && \
    tar -xzf liquibase-4.2.0.tar.gz && \
    curl -LJO https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-8.0.22.tar.gz && \
    tar -xzf mysql-connector-java-8.0.22.tar.gz

COPY liquibase ./

RUN set -ex; ./liquibase \
    --changeLogFile=src/main/resources/db/changelog/changelog-master.yaml  \
    --url=$DB_URL \
    --username=$DB_USER \
    --password=$DB_PASSWORD \
    --driver=com.mysql.cj.jdbc.Driver \
    --classpath=mysql-connector-java-8.0.22/mysql-connector-java-8.0.22.jar \
    update

WORKDIR /app

COPY . ./

RUN mvn dependency:go-offline
RUN mvn clean package
RUN cp app/target/application-0.0.1-SNAPSHOT.jar /app/application.jar

FROM adoptopenjdk:11-jre-hotspot
COPY --from=builder /app/application.jar /app/application.jar

CMD ["java", "-jar", "/app/application.jar"]

## run_locally.sh
#!/usr/bin/env bash
docker-compose pull
docker-compose up -d db

while [[ "$TCP_EXIT_CODE" != 0 ]] ;
do
  echo "waiting for mysql";
  sleep 5;
  nc -vz -w 1 localhost 3306 &> /dev/null && TCP_EXIT_CODE=${?} || TCP_EXIT_CODE=${?} ;
done

docker-compose up --build
	version: 0.2

	env:
	environment:
	APP_REPO_URI: "xxxxxxxxxxxx.dkr.ecr.eu-west-1.amazonaws.com/my-application-repo"
	ECS_SVC_NAME: "my-application"
	parameter-store:
	DB_USER: "/my-application/dev/DATABASE_USERNAME"
	DB_PASSWORD: "/my-application/dev/DATABASE_PASSWORD"
	DB_URL: "/my-application/dev/DATABASE_URL"
	DOCKER_USER: "/codebuild/dev/DOCKER_USER"
	DOCKER_PASSWORD: "/codebuild/dev/DOCKER_PASSWORD"

	phases:
	pre_build:
	commands:
	- echo Logging in to Amazon ECR
	- aws --version
	- $(aws ecr get-login --region $AWS_DEFAULT_REGION --no-include-email)
	- COMMIT_HASH=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION \| cut -c 1-7)
	- IMAGE_TAG=$(echo $CODEBUILD_BUILD_ID \| awk -F":" '{print $2}')
	- echo $DOCKER_PASSWORD \| docker login -u $DOCKER_USER --password-stdin
	build:
	commands:
	- echo build started on $(date)
	- echo building docker image
	- docker build -f Dockerfile -t app:latest .
	- echo $IMAGE_TAG
	- docker tag app:latest $APP_REPO_URI:latest
	- docker tag app:latest $APP_REPO_URI:$IMAGE_TAG
	- docker images
	post_build:
	commands:
	- echo build completed on $(date)
	- echo pushing the docker images
	- docker push $APP_REPO_URI:latest
	- docker push $APP_REPO_URI:$IMAGE_TAG
	- echo writing image definitions artifact
	- printf '[{"name":"my-application","imageUri":"%s"}]' $APP_REPO_URI:latest > imagedefinitions.json
	- cat imagedefinitions.json
	artifacts:
	files: imagedefinitions.json
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "AllowECRGetLogin",
	"Effect": "Allow",
	"Action": [
	"ecr:GetAuthorizationToken"
	],
	"Resource": [
	"*"
	]
	},
	{
	"Sid": "AllowECRPush",
	"Effect": "Allow",
	"Action": [
	"ecr:GetAuthorizationToken",
	"ecr:InitiateLayerUpload",
	"ecr:UploadLayerPart",
	"ecr:CompleteLayerUpload",
	"ecr:BatchCheckLayerAvailability",
	"ecr:PutImage"
	],
	"Resource": [
	"arn:aws:ecr:eu-west-1:xxxxxxxxxxxx:repository/my-application-repo"
	]
	},
	{
	"Sid": "AllowSSM",
	"Effect": "Allow",
	"Action": [
	"ssm:GetParametersByPath",
	"ssm:GetParameters"
	],
	"Resource": [
	"arn:aws:ssm:eu-west-1:xxxxxxxxxxxx:parameter/my-application/dev/DATABASE_*",
	"arn:aws:ssm:eu-west-1:xxxxxxxxxxxx:parameter/codebuild/dev/DOCKER_USER",
	"arn:aws:ssm:eu-west-1:xxxxxxxxxxxx:parameter/codebuild/dev/DOCKER_PASSWORD"
	]
	},
	{
	"Sid": "AllowKMS",
	"Effect": "Allow",
	"Action": [
	"kms:Decrypt",
	"kms:GenerateDataKey"
	],
	"Resource": [
	"arn:aws:kms:eu-west-1:xxxxxxxxxxxx:key/*"
	]
	}
	]
	}
	version: "3.6"

	services:
	db:
	image: mysql:5.7
	volumes:
	- /var/lib/mysql
	restart: always
	environment:
	- MYSQL_ROOT_PASSWORD=password
	- MYSQL_DATABASE=application
	- MYSQL_ROOT_USER=root
	- DATABASE_USERNAME=root
	- DATABASE_PASSWORD=password
	ports:
	- "3306:3306"

	app:
	build:
	context: .
	dockerfile: ./Dockerfile
	args:
	DB_USER: "${DB_USER:-root}"
	DB_PASSWORD: "${DB_PASSWORD:-password}"
	DB_URL: "${DB_URL:-jdbc:mysql://host.docker.internal:3306/application}"
	container_name: application
	environment:
	- PROFILE=local
	- DATABASE_NAME=application
	- DATABASE_PORT=3306
	- DATABASE_HOST=host.docker.internal
	- DATABASE_USERNAME=root
	- DATABASE_PASSWORD=password
	- MYSQL_ROOT_PASSWORD=password
	volumes:
	- /app
	ports:
	- 8080:8080
	tty: true
	stdin_open: true
	depends_on:
	- db
	FROM maven:3.6.1-amazoncorretto-11 as builder

	ARG DB_USER
	ARG DB_PASSWORD
	ARG DB_URL
	ENV DB_USER=${DB_USER}
	ENV DB_PASSWORD=${DB_PASSWORD}
	ENV DB_URL=${DB_URL}

	RUN curl -LJO https://github.com/liquibase/liquibase/releases/download/v4.2.0/liquibase-4.2.0.tar.gz && \
	tar -xzf liquibase-4.2.0.tar.gz && \
	curl -LJO https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-8.0.22.tar.gz && \
	tar -xzf mysql-connector-java-8.0.22.tar.gz

	COPY liquibase ./

	RUN set -ex; ./liquibase \
	--changeLogFile=src/main/resources/db/changelog/changelog-master.yaml \
	--url=$DB_URL \
	--username=$DB_USER \
	--password=$DB_PASSWORD \
	--driver=com.mysql.cj.jdbc.Driver \
	--classpath=mysql-connector-java-8.0.22/mysql-connector-java-8.0.22.jar \
	update

	WORKDIR /app

	COPY . ./

	RUN mvn dependency:go-offline
	RUN mvn clean package
	RUN cp app/target/application-0.0.1-SNAPSHOT.jar /app/application.jar

	FROM adoptopenjdk:11-jre-hotspot
	COPY --from=builder /app/application.jar /app/application.jar

	CMD ["java", "-jar", "/app/application.jar"]
	#!/usr/bin/env bash
	docker-compose pull
	docker-compose up -d db

	while [[ "$TCP_EXIT_CODE" != 0 ]] ;
	do
	echo "waiting for mysql";
	sleep 5;
	nc -vz -w 1 localhost 3306 &> /dev/null && TCP_EXIT_CODE=${?} \|\| TCP_EXIT_CODE=${?} ;
	done

	docker-compose up --build