# Copyright (c) 2019 Red Hat, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or # implied. # See the License for the specific language governing permissions and # limitations under the License. FROM l.gcr.io/google/bazel:0.26.1 as bazel # The bazel image comes with bazel only runnable by root for some weird reason. # The bower build in gerrit does not work as root. # Fix the bazel image. RUN groupadd builder && \ useradd builder --home-dir /usr/src --create-home -g builder RUN chown -R builder /usr/src /usr/local/lib/bazel \ && chmod +x /usr/local/lib/bazel RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - \ && apt-get update \ && apt-get install -y nodejs USER builder WORKDIR /usr/src FROM bazel as builder USER builder COPY . /usr/src ARG BAZEL_OPTS RUN cd /usr/src \ && bazel build release \ --local_ram_resources=3072 \ --local_cpu_resources=1 \ --host_force_python=PY3 \ --incompatible_string_join_requires_strings=false \ --host_javabase=@local_jdk//:jdk \ --javabase=@local_jdk//:jdk \ --host_java_toolchain=@bazel_tools//tools/jdk:toolchain_hostjdk8 \ --java_toolchain=@bazel_tools//tools/jdk:toolchain_hostjdk8 \ ${BAZEL_OPTS} FROM openjdk:8 RUN apt-get update \ && apt-get install -y dumb-init \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* # 3000 is what the existing opendev gerrit2 user is RUN addgroup gerrit --gid 3000 --system \ && adduser \ --system \ --uid 3000 \ --home /var/gerrit \ --shell /bin/bash \ --ingroup gerrit \ gerrit USER gerrit RUN mkdir /var/gerrit/bin COPY --from=builder /usr/src/bazel-bin/release.war /var/gerrit/bin/gerrit.war # Allow incoming traffic EXPOSE 29418 8080 VOLUME /var/gerrit/git /var/gerrit/index /var/gerrit/cache /var/gerrit/db /var/gerrit/etc /var/log/gerrit RUN ln -s /var/log/gerrit /var/gerrit/logs # container.javaOptions # Also include container.heapLimit - but with -Xmx prefixing it ENV JAVA_OPTIONS "" # Ulimits should be set on command line or in docker-compose.yaml ENTRYPOINT ["/usr/bin/dumb-init", "--"] CMD ["/usr/bin/java", ${JAVA_OPTIONS}, "-jar", "/var/gerrit/bin/gerrit.war"]