Run BBS-ep docker container as non-root

Replaced docker maven plugin to introduce Dockerfile. Corrected component blueprint to deploy BBS-ep as a service component instead of a platform one. Change-Id: If3af67eef1a9f68554ee215d24b54f9cd4b7ce80 Issue-ID: DCAEGEN2-1446 Signed-off-by: Stavros Kanarakis <stavros.kanarakis@nokia.com>
author: Stavros Kanarakis <stavros.kanarakis@nokia.com> 2019-04-22 18:41:18 +0300
committer: Stavros Kanarakis <stavros.kanarakis@nokia.com> 2019-04-22 18:41:18 +0300
commit: f6668af5c6a624dc3053a2217dacce82ad7b547a (patch)
tree: a8f7e7c0d78f8eafa4e128c50010cae49533cdab /components/bbs-event-processor/Dockerfile
parent: da4ba6e2c81f3dd7157e1cc06a92e91c5a38aa95 (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/components/bbs-event-processor/Dockerfile b/components/bbs-event-processor/Dockerfile
new file mode 100644
index 00000000..e799bd92
--- /dev/null
+++ b/components/bbs-event-processor/Dockerfile
@@ -0,0 +1,21 @@
+FROM openjdk:8-jre-alpine
+
+ARG PROJECT_BUILD_DIR_NAME
+ARG FINAL_JAR
+ARG DEPENDENCIES_DIR
+ARG DOCKER_ARTIFACT_DIR
+
+#Add a new user and group to allow container to be run as non-root
+RUN addgroup -S bbs-ep && adduser -S -G bbs-ep bbs-ep
+
+#Copy dependencies and executable jar
+WORKDIR ${DOCKER_ARTIFACT_DIR}
+COPY ${PROJECT_BUILD_DIR_NAME}/${FINAL_JAR} .
+#Overcome Docker limitation to put ARG inside ENTRYPOINT
+RUN ln -s ${FINAL_JAR} bbs-ep.jar
+COPY ${PROJECT_BUILD_DIR_NAME}/${DEPENDENCIES_DIR} ./${DEPENDENCIES_DIR}
+
+EXPOSE 8100
+
+USER bbs-ep:bbs-ep
+ENTRYPOINT ["java", "-jar", "bbs-ep.jar"]
author	Stavros Kanarakis <stavros.kanarakis@nokia.com>	2019-04-22 18:41:18 +0300
committer	Stavros Kanarakis <stavros.kanarakis@nokia.com>	2019-04-22 18:41:18 +0300
commit	f6668af5c6a624dc3053a2217dacce82ad7b547a (patch)
tree	a8f7e7c0d78f8eafa4e128c50010cae49533cdab /components/bbs-event-processor/Dockerfile
parent	da4ba6e2c81f3dd7157e1cc06a92e91c5a38aa95 (diff)