Last active
September 10, 2024 09:27
-
-
Save paoliniluis/78fe800f06fc7027a20665a429239c1e to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################### | |
| # STAGE 1: builder | |
| ################### | |
| FROM --platform=linux/amd64 eclipse-temurin:11.0.12_7-jdk-focal as builder | |
| ARG MB_EDITION=oss CI=true | |
| WORKDIR /app/ | |
| RUN curl -fsSL https://deb.nodesource.com/setup_lts.x | bash - \ | |
| # install Node LTS and Yarn from their repos | |
| && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \ | |
| && echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list \ | |
| && apt-get update && apt-get upgrade -y && apt-get install -y git nodejs yarn \ | |
| # installing Clojure CLI | |
| && curl -O https://download.clojure.org/install/linux-install-1.10.3.986.sh && chmod +x linux-install-1.10.3.986.sh && ./linux-install-1.10.3.986.sh \ | |
| # downloading certs from AWS and Azure so we don't need to do it in the next step and only install those | |
| && mkdir /app/certs \ | |
| && curl https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem -o /app/certs/rds-combined-ca-bundle.pem \ | |
| && curl https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem -o /app/certs/DigiCertGlobalRootG2.crt.pem | |
| COPY . . | |
| RUN INTERACTIVE=false CI=$CI MB_EDITION=$MB_EDITION bin/build | |
| # ################### | |
| # # STAGE 2: runner | |
| # ################### | |
| FROM eclipse-temurin:11.0.12_7-jre-focal as runner | |
| ENV FC_LANG en-US LC_CTYPE en_US.UTF-8 | |
| WORKDIR /app/ | |
| COPY --from=builder /app/certs/. /app/certs/ | |
| # dependencies | |
| # updating everything that doesn't come updated from previous layers | |
| RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends ttf-dejavu && \ | |
| # importing certs | |
| mkdir -p /etc/ssl/certs/java/cacerts && \ | |
| /opt/java/openjdk/bin/keytool -noprompt -import -trustcacerts -alias aws-rds -file /app/certs/rds-combined-ca-bundle.pem -keystore /etc/ssl/certs/java/cacerts/java-keystore -keypass changeit -storepass changeit && \ | |
| /opt/java/openjdk/bin/keytool -noprompt -import -trustcacerts -alias azure-cert -file /app/certs/DigiCertGlobalRootG2.crt.pem -keystore /etc/ssl/certs/java/cacerts/java-keystore -keypass changeit -storepass changeit && \ | |
| # cleaning everything to reduce container size | |
| apt-get autoremove -y && apt-get autoclean && \ | |
| rm -rf /var/lib/apt/lists/* && \ | |
| # providing permissions to the nobody user | |
| chown -R nobody:nogroup /app | |
| USER nobody | |
| COPY --from=builder --chown=nobody /app/target/uberjar/metabase.jar /app/ | |
| COPY --chown=nobody bin/docker/run_metabase.sh /app/ | |
| # expose our default runtime port | |
| EXPOSE 3000 | |
| # run it | |
| ENTRYPOINT ["/app/run_metabase.sh"] |
Author
Author
Another thing to add: if someone wants to bundle Metabase into the runner (not build it from scratch, which is not recommended, we recommend using release files), just:
- delete the first stage of the Dockerfile
- download the metabase JAR you need by doing
curl https://downloads.metabase.com/latest/metabase.jar -o metabase.jar
- run the following in the directory where the Dockerfile is
curl https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem -o rds-combined-ca-bundle.pem && curl https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem -o DigiCertGlobalRootG2.crt.pem
and then in the second stage replace the
COPY --from=builder /app/certs/. /app/certs/ for COPY DigiCertGlobalRootG2.crt.pem rds-combined-ca-bundle.pem /app/certs/
and also
COPY --from=builder --chown=nobody /app/target/uberjar/metabase.jar /app/ for COPY --chown=nobody metabase.jar /app/
remember to have the run_metabase.sh file in the bin/docker/ path or change it to your current path
- then it's just about using docker build or docker buildx build to pass a --platform flag
Great, tks! I pushed into docker hub a build under iwalucas/metabase, I copied the metabase from the latest instead of building it.....
Author
Thanks @iwalucas, here you'll find a Dockerfile that will do the same:
FROM eclipse-temurin:11-jre-focal as runner
ENV FC_LANG en-US LC_CTYPE en_US.UTF-8
WORKDIR /app/
RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends ttf-dejavu && \
# cleaning everything to reduce container size
apt-get autoremove -y && apt-get autoclean && \
rm -rf /var/lib/apt/lists/* && \
# providing permissions to the nobody user
curl https://downloads.metabase.com/latest/metabase.jar -o metabase.jar && \
curl https://raw.githubusercontent.com/metabase/metabase/master/bin/docker/run_metabase.sh -o run_metabase.sh && \
chmod +x run_metabase.sh && \
chown -R nobody:nogroup /app
USER nobody
# expose our default runtime port
EXPOSE 3000
# run it
ENTRYPOINT ["/app/run_metabase.sh"]
with that Dockerfile, just do docker build . and you'll be good to go :)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
difference of sizes (I have a dirty local repo, but this should be comparable) between current alpine and current focal-JRE
