Viacheslav/GrapheneOS-AttestationServer-Docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
GrapheneOS-AttestationServe…/Dockerfile
MoonDev 17583a3746 Custom domain support
2026-02-06 11:19:50 +03:00

66 lines
2.1 KiB
Docker
Raw Permalink Blame History

FROM eclipse-temurin:21-jdk-jammy AS builder
# Build argument for domain configuration
ARG DOMAIN=attestation.app
WORKDIR /build
RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/*
RUN git clone --depth 1 --recurse-submodules https://github.com/GrapheneOS/AttestationServer.git .
# Patch the server to bind to 0.0.0.0 instead of localhost (::1)
# This is required for Docker networking to work
RUN sed -i 's/new InetSocketAddress("::1", 8080)/new InetSocketAddress("0.0.0.0", 8080)/' \
src/main/java/app/attestation/server/AttestationServer.java
# Patch the domain using the build argument
RUN sed -i "s/attestation.app/${DOMAIN}/g" \
src/main/java/app/attestation/server/AttestationServer.java
RUN chmod +x gradlew && ./gradlew build -x test --no-daemon
# Process static files (replace {{css|...}} and {{js|...}} templates with SRI hashes)
RUN apt-get update && apt-get install -y --no-install-recommends \
openssl sed \
&& rm -rf /var/lib/apt/lists/*
COPY process-static-docker.sh /tmp/process-static.sh
RUN chmod +x /tmp/process-static.sh && /tmp/process-static.sh
# --- Runtime ---
FROM eclipse-temurin:21-jre-jammy
RUN apt-get update && apt-get install -y \
curl \
&& rm -rf /var/lib/apt/lists/*
RUN useradd -r -s /bin/false -u 1000 attestation
WORKDIR /app
# Copy the custom sqlite4java native library from the submodule
# This is built with newer SQLite that supports STRICT tables
RUN mkdir -p /app/libs
COPY --from=builder /build/libs/sqlite4java-prebuilt/libsqlite4java-linux-amd64-1.0.392.so /app/libs/
# Copy all JARs from builder
COPY --from=builder /build/build/libs/*.jar ./libs/
# Copy processed static files
COPY --from=builder /build/static ./static-orig/
COPY entrypoint.sh .
RUN chmod +x /app/entrypoint.sh
# Create directories and set permissions
# /data - for SQLite databases
# /srv/static - for sharing static files with caddy
RUN mkdir -p /data /srv/static && \
chown -R attestation:attestation /app /data /srv/static
EXPOSE 8080
# Run as root initially to fix permissions, entrypoint will drop privileges
ENTRYPOINT ["/app/entrypoint.sh"]
Reference in New Issue View Git Blame Copy Permalink