Dockerfile.ubi.ibmjava8

ARG PARENT_IMAGE=ibmjava:8-ubi
FROM $PARENT_IMAGE AS getRuntime

USER root

ARG LIBERTY_VERSION=24.0.0.9
ARG LIBERTY_SHA=416a2f8dd37d676b9e60c37463f536974a31d2ef
ARG LIBERTY_DOWNLOAD_URL=https://repo1.maven.org/maven2/io/openliberty/openliberty-kernel/$LIBERTY_VERSION/openliberty-kernel-$LIBERTY_VERSION.zip

ARG VERBOSE=false

# If there is a local copy of the image use that instead
COPY resources/ /tmp/

# Install Open Liberty
RUN yum -y install shadow-utils wget unzip openssl \
    && if [ ! -f /tmp/wlp.zip ]; then wget -q $LIBERTY_DOWNLOAD_URL -U UA-Open-Liberty-Docker -O /tmp/wlp.zip; fi \
    && echo "$LIBERTY_SHA  /tmp/wlp.zip" > /tmp/wlp.zip.sha1 \
    && sha1sum -c /tmp/wlp.zip.sha1 \
    && chmod -R u+x /usr/bin \
    && unzip -q /tmp/wlp.zip -d /opt/ol \
    && mkdir -p /licenses \
    && cp /opt/ol/wlp/LICENSE /licenses/ \
    && adduser -u 1001 -r -g root -s /usr/sbin/nologin default \
    && chown -R 1001:0 /opt/ol/wlp \
    && chmod -R g+rw /opt/ol/wlp

FROM $PARENT_IMAGE

USER root

ARG LIBERTY_VERSION=24.0.0.9
ARG LIBERTY_BUILD_LABEL=cl241020240827-1743

ARG OPENJ9_SCC=true
ARG VERBOSE=false

LABEL org.opencontainers.image.authors="Leo Christy Jesuraj, Melissa Lee, Thomas Watson, Michal Broz, Wendy Raschke" \
      org.opencontainers.image.vendor="Open Liberty" \
      org.opencontainers.image.url="https://openliberty.io/" \
      org.opencontainers.image.source="https://github.com/OpenLiberty/ci.docker" \
      org.opencontainers.image.version="$LIBERTY_VERSION" \
      org.opencontainers.image.revision="$LIBERTY_BUILD_LABEL" \
      vendor="Open Liberty" \
      name="Open Liberty" \
      version="$LIBERTY_VERSION" \
      summary="Image for Open Liberty with IBM's Java and UBI 8" \
      description="This image contains the Open Liberty runtime with IBM's Java and Red Hat UBI 8 as the base OS.  For more information on this image please see https://github.com/OpenLiberty/ci.docker#building-an-application-image"

COPY NOTICES /opt/ol/NOTICES
COPY helpers /opt/ol/helpers
COPY fixes/ /opt/ol/fixes/

# Install dumb-init
RUN set -eux; \
    ARCH="$(uname -m)"; \
    case "${ARCH}" in \
       aarch64|arm64) \
         DUMB_INIT_URL='https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_aarch64'; \
         DUMB_INIT_SHA256=b7d648f97154a99c539b63c55979cd29f005f88430fb383007fe3458340b795e; \
         ;; \
       amd64|x86_64) \
         DUMB_INIT_URL='https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_x86_64'; \
         DUMB_INIT_SHA256=e874b55f3279ca41415d290c512a7ba9d08f98041b28ae7c2acb19a545f1c4df; \
         ;; \
       ppc64el|ppc64le) \
         DUMB_INIT_URL='https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_ppc64le'; \
         DUMB_INIT_SHA256=3d15e80e29f0f4fa1fc686b00613a2220bc37e83a35283d4b4cca1fbd0a5609f; \
         ;; \
       s390x) \
         DUMB_INIT_URL='https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_s390x'; \
         DUMB_INIT_SHA256=47e4601b152fc6dcb1891e66c30ecc62a2939fd7ffd1515a7c30f281cfec53b7; \
         ;;\
       *) \
         echo "Unsupported arch: ${ARCH}"; \
         exit 1; \
         ;; \
    esac; \
    curl -LfsSo /usr/bin/dumb-init ${DUMB_INIT_URL}; \
    echo "${DUMB_INIT_SHA256} */usr/bin/dumb-init" | sha256sum -c -; \
    chmod +x /usr/bin/dumb-init;

# Add default user 1001 and create wlp with right user/permissions before copying
RUN adduser -u 1001 -r -g root -s /usr/sbin/nologin default \
    && mkdir -p /opt/ol/wlp \
    && chown -R 1001:0 /opt/ol/wlp \
    && chmod -R g+rw /opt/ol/wlp

# Copy the runtime and licenses
COPY --from=getRuntime --chown=1001:0 /opt/ol/wlp /opt/ol/wlp
COPY --from=getRuntime /licenses /licenses

RUN yum -y install openssl \
    && yum clean all

# Set Path Shortcuts
ENV PATH=$PATH:/opt/ol/wlp/bin:/opt/ol/helpers/build \
    LOG_DIR=/logs \
    WLP_OUTPUT_DIR=/opt/ol/wlp/output \
    WLP_SKIP_MAXPERMSIZE=true \
    OPENJ9_SCC=$OPENJ9_SCC

# Configure Open Liberty
RUN /opt/ol/wlp/bin/server create \
    && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea \
    && rm -rf /opt/ol/wlp/usr/servers/defaultServer/server.env

# Create symlinks && set permissions for non-root user
RUN mkdir /logs \
    && mkdir -p /opt/ol/wlp/usr/shared/resources/lib.index.cache \
    && ln -s /opt/ol/wlp/usr/shared/resources/lib.index.cache /lib.index.cache \
    && mkdir -p $WLP_OUTPUT_DIR/defaultServer \
    && ln -s $WLP_OUTPUT_DIR/defaultServer /output \
    && ln -s /opt/ol/wlp/usr/servers/defaultServer /config \
    && mkdir -p /config/configDropins/defaults \
    && mkdir -p /config/configDropins/overrides \
    && ln -s /opt/ol/wlp /liberty \
    && ln -s /opt/ol/fixes /fixes \
    && chown -R 1001:0 /config \
    && chmod -R g+rw /config \
    && chown -R 1001:0 /logs \
    && chmod -R g+rw /logs \
    && chown -R 1001:0 /opt/ol/wlp/usr \
    && chmod -R g+rw /opt/ol/wlp/usr \
    && chown -R 1001:0 /opt/ol/wlp/output \
    && chmod -R g+rw /opt/ol/wlp/output \
    && chown -R 1001:0 /opt/ol/helpers \
    && chmod -R g+rw /opt/ol/helpers \
    && chown -R 1001:0 /opt/ol/fixes \
    && chmod -R g+rwx /opt/ol/fixes \
    && mkdir /etc/wlp \
    && chown -R 1001:0 /etc/wlp \
    && chmod -R g+rw /etc/wlp \
    && echo "<server description=\"Default Server\"><httpEndpoint id=\"defaultHttpEndpoint\" host=\"*\" /></server>" > /config/configDropins/defaults/open-default-port.xml

# Create a new SCC layer
RUN if [ "$OPENJ9_SCC" = "true" ]; then populate_scc.sh; fi \
    && rm -rf /output/messaging /output/resources/security /logs/* $WLP_OUTPUT_DIR/.classCache /output/workarea \
    && chown -R 1001:0 /opt/ol/wlp/output \
    && chmod -R g+rwx /opt/ol/wlp/output

#These settings are needed so that we can run as a different user than 1001 after server warmup
ENV RANDFILE=/tmp/.rnd \
    IBM_JAVA_OPTIONS="-Xshareclasses:name=liberty,readonly,nonfatal,cacheDir=/output/.classCache/ -Dosgi.checkConfiguration=false ${IBM_JAVA_OPTIONS}"

USER 1001

EXPOSE 9080 9443

ENTRYPOINT ["/opt/ol/helpers/runtime/docker-server.sh"]
CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]