-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
23 lines (17 loc) · 839 Bytes
/
Dockerfile
File metadata and controls
23 lines (17 loc) · 839 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# Production-ready Dockerfile: Secure + Layered
# Combines security (non-root user) with performance (layer caching)
FROM eclipse-temurin:25
# Create non-root user
RUN addgroup --system spring && adduser --system spring --ingroup spring
# Set working directory and change ownership
WORKDIR /app
RUN chown spring:spring /app
# Switch to non-root user
USER spring:spring
# Copy dependencies layer (cached unless dependencies change)
ARG DEPENDENCY=target/dependency
COPY --chown=spring:spring ${DEPENDENCY}/BOOT-INF/lib /app/lib
COPY --chown=spring:spring ${DEPENDENCY}/META-INF /app/META-INF
# Copy application layer (rebuilt when your code changes)
COPY --chown=spring:spring ${DEPENDENCY}/BOOT-INF/classes /app
ENTRYPOINT ["java","-cp","/app:/app/lib/*","edu.yu.capstone.DistributedSecretsVault.DistributedSecretsVaultApplication"]