Dockerfile

FROM eclipse-temurin:21-jdk-jammy AS builder

# Build argument for domain configuration
ARG DOMAIN=attestation.app

WORKDIR /build

RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/*

RUN git clone --depth 1 --recurse-submodules https://github.com/GrapheneOS/AttestationServer.git .

# Patch the server to bind to 0.0.0.0 instead of localhost (::1)
# This is required for Docker networking to work
RUN sed -i 's/new InetSocketAddress("::1", 8080)/new InetSocketAddress("0.0.0.0", 8080)/' \
    src/main/java/app/attestation/server/AttestationServer.java

# Patch the domain using the build argument
RUN sed -i "s/attestation.app/${DOMAIN}/g" \
     src/main/java/app/attestation/server/AttestationServer.java

RUN chmod +x gradlew && ./gradlew build -x test --no-daemon

# Process static files (replace {{css|...}} and {{js|...}} templates with SRI hashes)
RUN apt-get update && apt-get install -y --no-install-recommends \
    openssl sed \
    && rm -rf /var/lib/apt/lists/*

COPY process-static-docker.sh /tmp/process-static.sh
RUN chmod +x /tmp/process-static.sh && /tmp/process-static.sh

# --- Runtime ---
FROM eclipse-temurin:21-jre-jammy

RUN apt-get update && apt-get install -y \
    curl \
    && rm -rf /var/lib/apt/lists/*

RUN useradd -r -s /bin/false -u 1000 attestation

WORKDIR /app

# Copy the custom sqlite4java native library from the submodule
# This is built with newer SQLite that supports STRICT tables
RUN mkdir -p /app/libs
COPY --from=builder /build/libs/sqlite4java-prebuilt/libsqlite4java-linux-amd64-1.0.392.so /app/libs/

# Copy all JARs from builder
COPY --from=builder /build/build/libs/*.jar ./libs/

# Copy processed static files
COPY --from=builder /build/static ./static-orig/

COPY entrypoint.sh .
RUN chmod +x /app/entrypoint.sh

# Create directories and set permissions
# /data - for SQLite databases
# /srv/static - for sharing static files with caddy
RUN mkdir -p /data /srv/static && \
    chown -R attestation:attestation /app /data /srv/static

EXPOSE 8080

# Run as root initially to fix permissions, entrypoint will drop privileges
ENTRYPOINT ["/app/entrypoint.sh"]
first commit 2026-02-05 23:16:18 +03:00			`FROM eclipse-temurin:21-jdk-jammy AS builder`

Custom domain support 2026-02-06 11:19:50 +03:00			`# Build argument for domain configuration`
			`ARG DOMAIN=attestation.app`

first commit 2026-02-05 23:16:18 +03:00			`WORKDIR /build`

			`RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/*`

			`RUN git clone --depth 1 --recurse-submodules https://github.com/GrapheneOS/AttestationServer.git .`

			`# Patch the server to bind to 0.0.0.0 instead of localhost (::1)`
			`# This is required for Docker networking to work`
			`RUN sed -i 's/new InetSocketAddress("::1", 8080)/new InetSocketAddress("0.0.0.0", 8080)/' \`
			`src/main/java/app/attestation/server/AttestationServer.java`

Custom domain support 2026-02-06 11:19:50 +03:00			`# Patch the domain using the build argument`
			`RUN sed -i "s/attestation.app/${DOMAIN}/g" \`
			`src/main/java/app/attestation/server/AttestationServer.java`
first commit 2026-02-05 23:16:18 +03:00
			`RUN chmod +x gradlew && ./gradlew build -x test --no-daemon`

			`# Process static files (replace {{css\|...}} and {{js\|...}} templates with SRI hashes)`
			`RUN apt-get update && apt-get install -y --no-install-recommends \`
			`openssl sed \`
			`&& rm -rf /var/lib/apt/lists/*`

			`COPY process-static-docker.sh /tmp/process-static.sh`
			`RUN chmod +x /tmp/process-static.sh && /tmp/process-static.sh`

			`# --- Runtime ---`
			`FROM eclipse-temurin:21-jre-jammy`

			`RUN apt-get update && apt-get install -y \`
			`curl \`
			`&& rm -rf /var/lib/apt/lists/*`

			`RUN useradd -r -s /bin/false -u 1000 attestation`

			`WORKDIR /app`

			`# Copy the custom sqlite4java native library from the submodule`
			`# This is built with newer SQLite that supports STRICT tables`
			`RUN mkdir -p /app/libs`
			`COPY --from=builder /build/libs/sqlite4java-prebuilt/libsqlite4java-linux-amd64-1.0.392.so /app/libs/`

			`# Copy all JARs from builder`
			`COPY --from=builder /build/build/libs/*.jar ./libs/`

			`# Copy processed static files`
			`COPY --from=builder /build/static ./static-orig/`

			`COPY entrypoint.sh .`
			`RUN chmod +x /app/entrypoint.sh`

			`# Create directories and set permissions`
			`# /data - for SQLite databases`
			`# /srv/static - for sharing static files with caddy`
			`RUN mkdir -p /data /srv/static && \`
			`chown -R attestation:attestation /app /data /srv/static`

			`EXPOSE 8080`

			`# Run as root initially to fix permissions, entrypoint will drop privileges`
			`ENTRYPOINT ["/app/entrypoint.sh"]`