From 5c07e4a4eeabf68c5fa1ea24ced373ac8d697bbf Mon Sep 17 00:00:00 2001 From: Carl Harris Date: Sat, 7 Oct 2017 10:07:20 -0400 Subject: [PATCH 1/5] GUACAMOLE-408: revise Dockerfile to use multi-stage image build --- Dockerfile | 37 ++++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index bd8131f28..ebc3cb0c3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,29 +21,36 @@ # Dockerfile for guacamole-client # -# Start from Tomcat image -FROM tomcat:8.0.20-jre8 +# Use args for Tomcat image label to allow image builder to choose alternatives +# such as `--build-arg TOMCAT_JRE=jre8-alpine` +# +ARG TOMCAT_VERSION=8.0.20 +ARG TOMCAT_JRE=jre8 -# Environment variables +# Use official maven image for the build +FROM maven:3-jdk-8 AS builder + +# Build environment variables ENV \ - BUILD_DIR=/tmp/guacamole-docker-BUILD \ - BUILD_DEPENDENCIES=" \ - maven \ - openjdk-8-jdk-headless" + BUILD_DIR=/tmp/guacamole-docker-BUILD # Add configuration scripts -COPY guacamole-docker/bin /opt/guacamole/bin/ +COPY guacamole-docker/bin/ /opt/guacamole/bin/ # Copy source to container for sake of build COPY . "$BUILD_DIR" -# Build latest guacamole-client and authentication -RUN apt-get update && \ - apt-get install -y --no-install-recommends $BUILD_DEPENDENCIES && \ - /opt/guacamole/bin/build-guacamole.sh "$BUILD_DIR" /opt/guacamole && \ - rm -Rf "$BUILD_DIR" && \ - rm -Rf /var/lib/apt/lists/* && \ - apt-get purge -y --auto-remove $BUILD_DEPENDENCIES +# Run the build itself +RUN /opt/guacamole/bin/build-guacamole.sh "$BUILD_DIR" /opt/guacamole + +# For the runtime image, we start with the official Tomcat distribution +FROM tomcat:${TOMCAT_VERSION}-${TOMCAT_JRE} + +# This is where the build artifacts go in the runtime image +WORKDIR /opt/guacamole + +# Copy artifacts from builder image into this image +COPY --from=builder /opt/guacamole/ . # Start Guacamole under Tomcat, listening on 0.0.0.0:8080 EXPOSE 8080 From ac50375ad526ba6f1453ca10e32b6f393e6e486d Mon Sep 17 00:00:00 2001 From: Carl Harris Date: Sat, 7 Oct 2017 10:09:18 -0400 Subject: [PATCH 2/5] GUACAMOLE-408: don't try to clean up the local Maven repository There's no need to clean up the local Maven repository after the build, since only the artifacts we want are copied to the runtime image. For reasons not investigated, attempting to remove the local repository directory fails because the directory is in use after the build. --- guacamole-docker/bin/build-guacamole.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/guacamole-docker/bin/build-guacamole.sh b/guacamole-docker/bin/build-guacamole.sh index 4df6289f0..41e01b500 100755 --- a/guacamole-docker/bin/build-guacamole.sh +++ b/guacamole-docker/bin/build-guacamole.sh @@ -54,7 +54,6 @@ mkdir -p "$DESTINATION" cd "$BUILD_DIR" mvn package -rm -Rf ~/.m2 # # Copy guacamole.war to destination From 70db9a4c42418fdc520e4f3d6414a0e753a79266 Mon Sep 17 00:00:00 2001 From: Carl Harris Date: Sat, 7 Oct 2017 10:12:49 -0400 Subject: [PATCH 3/5] GUACAMOLE-408: exclude generated HTML files from rat validation When building inside of the Docker container, some files with generated HTML are being validated by RAT and failing due to the lack of a license header. When building outside of Docker, this problem does not occur. Not sure why these paths don't fail when building outside of the container, and I don't know enough about the plugin that generates these files to understand why it behaves differently inside of the container. Nonetheless, I think these excludes seem reasonable. --- extensions/guacamole-auth-cas/pom.xml | 1 + extensions/guacamole-auth-duo/pom.xml | 1 + extensions/guacamole-auth-openid/pom.xml | 1 + guacamole/pom.xml | 1 + 4 files changed, 4 insertions(+) diff --git a/extensions/guacamole-auth-cas/pom.xml b/extensions/guacamole-auth-cas/pom.xml index e76c50b88..b517e6cd1 100644 --- a/extensions/guacamole-auth-cas/pom.xml +++ b/extensions/guacamole-auth-cas/pom.xml @@ -185,6 +185,7 @@ **/*.json src/licenses/**/* src/main/resources/templates/*.html + src/main/resources/generated/** diff --git a/extensions/guacamole-auth-duo/pom.xml b/extensions/guacamole-auth-duo/pom.xml index 104b5942b..6f7037cc8 100644 --- a/extensions/guacamole-auth-duo/pom.xml +++ b/extensions/guacamole-auth-duo/pom.xml @@ -186,6 +186,7 @@ **/*.json src/licenses/**/* src/main/resources/templates/*.html + src/main/resources/generated/** src/main/resources/lib/DuoWeb/**/* src/main/java/com/duosecurity/duoweb/**/* diff --git a/extensions/guacamole-auth-openid/pom.xml b/extensions/guacamole-auth-openid/pom.xml index 4076998f1..e5cb9b63d 100644 --- a/extensions/guacamole-auth-openid/pom.xml +++ b/extensions/guacamole-auth-openid/pom.xml @@ -185,6 +185,7 @@ **/*.json src/licenses/**/* src/main/resources/templates/*.html + src/main/resources/generated/** diff --git a/guacamole/pom.xml b/guacamole/pom.xml index 4784cdabd..2afb743d8 100644 --- a/guacamole/pom.xml +++ b/guacamole/pom.xml @@ -223,6 +223,7 @@ src/main/webapp/app/*/templates/*.html + src/main/webapp/generated/** **/*.json src/licenses/**/* From 65c16ce90e0dd8500911435c5f0a6610370d1684 Mon Sep 17 00:00:00 2001 From: Carl Harris Date: Sat, 7 Oct 2017 20:31:24 -0400 Subject: [PATCH 4/5] GUACAMOLE-408: revert changes to rat excludes The excludes for rat should include everything in .gitignore, so these explicit excludes are not needed. --- extensions/guacamole-auth-cas/pom.xml | 1 - extensions/guacamole-auth-duo/pom.xml | 1 - extensions/guacamole-auth-openid/pom.xml | 1 - guacamole/pom.xml | 1 - 4 files changed, 4 deletions(-) diff --git a/extensions/guacamole-auth-cas/pom.xml b/extensions/guacamole-auth-cas/pom.xml index b517e6cd1..e76c50b88 100644 --- a/extensions/guacamole-auth-cas/pom.xml +++ b/extensions/guacamole-auth-cas/pom.xml @@ -185,7 +185,6 @@ **/*.json src/licenses/**/* src/main/resources/templates/*.html - src/main/resources/generated/** diff --git a/extensions/guacamole-auth-duo/pom.xml b/extensions/guacamole-auth-duo/pom.xml index 6f7037cc8..104b5942b 100644 --- a/extensions/guacamole-auth-duo/pom.xml +++ b/extensions/guacamole-auth-duo/pom.xml @@ -186,7 +186,6 @@ **/*.json src/licenses/**/* src/main/resources/templates/*.html - src/main/resources/generated/** src/main/resources/lib/DuoWeb/**/* src/main/java/com/duosecurity/duoweb/**/* diff --git a/extensions/guacamole-auth-openid/pom.xml b/extensions/guacamole-auth-openid/pom.xml index e5cb9b63d..4076998f1 100644 --- a/extensions/guacamole-auth-openid/pom.xml +++ b/extensions/guacamole-auth-openid/pom.xml @@ -185,7 +185,6 @@ **/*.json src/licenses/**/* src/main/resources/templates/*.html - src/main/resources/generated/** diff --git a/guacamole/pom.xml b/guacamole/pom.xml index 2afb743d8..4784cdabd 100644 --- a/guacamole/pom.xml +++ b/guacamole/pom.xml @@ -223,7 +223,6 @@ src/main/webapp/app/*/templates/*.html - src/main/webapp/generated/** **/*.json src/licenses/**/* From e42a875f08096f8f130828ce133053457b5d8d4b Mon Sep 17 00:00:00 2001 From: Carl Harris Date: Sat, 7 Oct 2017 20:35:20 -0400 Subject: [PATCH 5/5] GUACAMOLE-408: don't exclude .gitignore in .dockerignore Because the .gitignore files are needed for configuring implicit excludes for rat, .dockerignore must not exclude these files when copying files into the image build context. --- .dockerignore | 1 - 1 file changed, 1 deletion(-) diff --git a/.dockerignore b/.dockerignore index cea180242..629ad03ea 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,6 +1,5 @@ .git -**/.gitignore **/*~ **/target/