|
| 1 | +# |
1 | 2 | # Copyright IBM Corp. All Rights Reserved. |
2 | 3 | # |
3 | 4 | # SPDX-License-Identifier: Apache-2.0 |
4 | 5 | # |
5 | | -FROM registry.access.redhat.com/ubi9/ubi-micro:9.4 AS prod |
| 6 | + |
| 7 | +########################################### |
| 8 | +# Stage 1: Production runtime image |
| 9 | +########################################### |
| 10 | +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.6 AS prod |
| 11 | + |
6 | 12 | ARG BIN |
7 | 13 | ARG ARCHBIN_PATH |
8 | 14 | ARG TARGETOS |
9 | 15 | ARG TARGETARCH |
10 | 16 | ARG PORTS |
| 17 | +ARG VERSION=1.0 |
11 | 18 |
|
12 | | -# --- Create a non-root user (UBI-micro does not include useradd) --- |
13 | | -USER 10001 |
14 | | - |
15 | | -# --- Create working directory --- |
16 | | -WORKDIR /app |
| 19 | +# Add non-root user (10001) using BIN argument |
| 20 | +RUN /usr/sbin/useradd -u 10001 -r -g root -s /sbin/nologin -c "Hyperledger Fabric-X ${BIN} user" ${BIN} && \ |
| 21 | + mkdir -p /home/${BIN} && \ |
| 22 | + chown -R 10001:0 /home/${BIN} && \ |
| 23 | + chmod 0755 /home/${BIN} |
17 | 24 |
|
18 | | -# --- Copy the architecture-specific binary --- |
| 25 | +# Copy binaries |
19 | 26 | COPY ${ARCHBIN_PATH}/${TARGETOS}-${TARGETARCH}/${BIN} /bin/${BIN} |
20 | 27 |
|
21 | | -# --- Expose ports for Kubernetes/OpenShift --- |
| 28 | +# Create fixed entrypoint since args are not replaced |
| 29 | +# within ENTRYPOINT or CMD |
| 30 | +RUN ln -s /bin/${BIN} /bin/entrypoint |
| 31 | + |
| 32 | +# Expose ports |
22 | 33 | EXPOSE ${PORTS} |
23 | 34 |
|
24 | | -# --- Container metadata (OCI labels) --- |
| 35 | +# OCI metadata labels |
25 | 36 | LABEL name="${BIN}" \ |
26 | | - vendor="IBM" \ |
27 | | - maintainer="ZRL Decentralized Trust Group" \ |
28 | | - description="Production-grade ${BIN} microservice running on UBI-micro" \ |
29 | | - summary="Minimal, secure UBI-micro image for ${BIN}" \ |
30 | | - license="Apache-2.0" |
31 | | - |
32 | | -# --- Set runtime entrypoint --- |
33 | | -ENTRYPOINT /bin/${BIN} |
| 37 | + maintainer="IBM Research ZRL Decentralized Trust Group" \ |
| 38 | + version="${VERSION}" \ |
| 39 | + description="Hyperledger Fabric-X ${BIN} packaged in a UBI image" \ |
| 40 | + license="Apache-2.0" \ |
| 41 | + vendor="IBM" |
| 42 | + |
| 43 | +# Use non-root user and set workdir using BIN argument |
| 44 | +USER 10001 |
| 45 | +WORKDIR /home/${BIN} |
| 46 | + |
| 47 | +# Default Entrypoint |
| 48 | +ENTRYPOINT ["/bin/entrypoint"] |
0 commit comments