# Multi-stage build for CompileFlow project
# Build stage: uses a JDK image with Maven wrapper
FROM openjdk:11-jdk-slim AS builder
# Install lightweight tooling required for Maven wrapper to download dependencies
RUN apt-get update \
&& apt-get install -y --no-install-recommends curl ca-certificates \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /workspace
# Copy the entire repository (including mvnw and pom.xml files)
COPY . .
# Ensure Maven wrapper is executable if present
RUN if [ -f ./mvnw ]; then chmod +x ./mvnw; fi
# Verify build tooling
RUN if [ -f ./mvnw ]; then ./mvnw -version; else mvn -version; fi
# Build the project from source (skipping tests for faster Docker build in CI)
RUN if [ -f ./mvnw ]; then ./mvnw -V --no-transfer-progress clean package -DskipTests; else mvn -V --no-transfer-progress clean package -DskipTests; fi
# Runtime stage: use a lighter JRE image and run with the built artifacts
FROM openjdk:11-jre-slim
WORKDIR /app
# Copy all built artifacts and sources from the builder
COPY --from=builder /workspace /app
# Expose a friendly CMD to keep the container running and verify build artifacts exist
CMD ["bash", "-lc", "echo CompileFlow build artifacts ready at /app; ls -la /app; tail -f /dev/null"]
# Multi-stage build for CompileFlow project # Build stage: uses a Maven image with JDK 11 FROM maven:3.8.8-openjdk-11-slim AS builder WORKDIR /workspace # Copy the entire repository (including mvnw and pom.xml files) COPY . . # Ensure Maven wrapper is executable if present RUN if [ -f ./mvnw ]; then chmod +x ./mvnw; fi # Build the project from source (skip tests by default for a faster Docker build) RUN mvn -V -B -DskipTests clean package # Runtime stage: use a lightweight JRE image FROM openjdk:11-jre-slim WORKDIR /app # Copy built artifacts from builder COPY --from=builder /workspace/target /app/target # Provide a simple entrypoint that keeps the container alive for inspection CMD ["bash", "-lc", "if [ -d /app/target ]; then echo 'Build artifacts ready:'; ls -la /app/target; else echo 'No build artifacts found'; fi; echo 'Container ready'; tail -f /dev/null"]
# Multi-stage Dockerfile to build CompileFlow from source and provide runtime artifacts
FROM debian:11-slim AS builder
RUN apt-get update \
&& apt-get install -y --no-install-recommends openjdk-11-jdk maven ca-certificates curl \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /workspace
# Copy the entire repository (including mvnw and pom.xml files)
COPY . .
# Ensure Maven wrapper is executable if present
RUN if [ -f ./mvnw ]; then chmod +x ./mvnw; fi
# Build the project from source (skip tests by default for a faster Docker build)
RUN mvn -V -B -DskipTests package
# Runtime stage: use a lightweight Debian image with JRE
FROM debian:11-slim
RUN apt-get update \
&& apt-get install -y --no-install-recommends openjdk-11-jre-headless \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app
# Copy built artifacts from builder
COPY --from=builder /workspace /app
# Provide a simple entrypoint that lists artifacts and keeps the container alive for inspection
CMD ["bash", "-lc", "echo Build artifacts ready at /app; ls -la /app; tail -f /dev/null"]
# Ignore common files and folders for a Maven project .git target **/target .docker Dockerfile .dockerignore .gradle .idea *.iml node_modules *.log out build .env .werkscape .kite
Concerns: The final image copies the entire /workspace from the builder (including sources and build outputs); it would be better to copy only the built artifacts to minimize image size and leakage of source files., The runtime CMD does not run the application; it only lists artifacts and tails /dev/null. For a real runtime image, provide a proper entrypoint to start the app. Smoke [PASS]: java -version Smoke [PASS]: jarpath=$(find /app -name '*.jar' -print -quit); if [ -n \"$jarpath\" ]; then echo jar_found_at=$jarpath; else echo jar_not_found; exit 1; fi Smoke [FAIL]: test -d /app || echo '/app missing Output: sh: 1: Syntax error: Unterminated quoted string
# Multi-stage build: build from source and produce runnable jars
FROM debian:11-slim AS builder
RUN apt-get update \
&& apt-get install -y --no-install-recommends openjdk-11-jdk maven ca-certificates curl \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /workspace
# Copy the whole repository
COPY . .
# Ensure mvnw is executable if present
RUN if [ -f ./mvnw ]; then chmod +x ./mvnw; fi
# Build all modules and produce jars
RUN mvn -V -B -DskipTests package
# Runtime stage: minimal image with JRE
FROM debian:11-slim
RUN apt-get update \
&& apt-get install -y --no-install-recommends openjdk-11-jre-headless ca-certificates \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app
# Copy built artifacts from builder (best-effort, ignore missing jars)
COPY --from=builder /workspace/compileflow-api/target/*.jar /app/compileflow-api.jar 2>/dev/null || true
COPY --from=builder /workspace/compileflow-core/target/*.jar /app/compileflow-core.jar 2>/dev/null || true
COPY --from=builder /workspace/compileflow-bpmn/target/*.jar /app/compileflow-bpmn.jar 2>/dev/null || true
# Run script to start the first available jar, or drop to a shell if none found
COPY run.sh /app/run.sh
RUN chmod +x /app/run.sh
ENTRYPOINT ["/app/run.sh"]
No files found matching pattern.
#!/usr/bin/env bash set -e # Find the first jar to run if present JAR_PATH=$(ls /app/*.jar 2>/dev/null | head -n 1 || true) if [ -n "$JAR_PATH" ]; then echo "Running $JAR_PATH" exec java -jar "$JAR_PATH" "$@" else echo "No jar found to run. Dropping into shell." exec bash fi
Concerns: COPY lines incorrectly include shell redirection and '|| true' which is invalid in a Dockerfile syntax. These will cause the build to fail., Using wildcard patterns like '*.jar' in COPY with a single destination file (/app/compileflow-*.jar) is not supported by Docker and could copy multiple files to a single path or fail if multiple jars match., The COPY commands rely on the assumption that module jars exist in specific target paths; if build output differs (e.g., different module names or missing jars), the runtime image will have no executables and run.sh may fail., No explicit HEALTHCHECK or non-root user is defined, which is a best practice for container security and reliability., No verification that the run.sh script is present and safe to execute in all environments; the runtime depends on the first available jar but there is no guarantee a jar exists after build., Potentially fragile multi-module jar handling: copying from separate module targets into distinct single-jar destinations may not reflect the actual built artifacts.
# Multi-stage build: build from source and produce runnable jars
FROM debian:11-slim AS builder
RUN apt-get update \
&& apt-get install -y --no-install-recommends openjdk-11-jdk maven ca-certificates curl \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /workspace
# Copy the entire repository
COPY . .
# Ensure mvnw is executable if present
RUN if [ -f ./mvnw ]; then chmod +x ./mvnw; fi
# Build all modules and produce jars
RUN mvn -V -B -DskipTests package
# Runtime stage: minimal image with JRE
FROM debian:11-slim
RUN apt-get update \
&& apt-get install -y --no-install-recommends openjdk-11-jre-headless ca-certificates \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app
# Copy built artifacts from builder
COPY --from=builder /workspace /app
# Copy a small launcher script and make it executable
COPY run.sh /app/run.sh
RUN chmod +x /app/run.sh
ENTRYPOINT ["/app/run.sh"]
Concerns: COPY --from=builder /workspace /app copies the entire workspace, including source files; consider copying only built artifacts to reduce image size., No non-root user is defined; consider adding a non-root user for security. Smoke [PASS]: test -f /app/run.sh Smoke [PASS]: find /app -name '*.jar' -print -quit Smoke [PASS]: java -version