From d37fc6746530fc815c7a0a6afd20eaa3e530b122 Mon Sep 17 00:00:00 2001
From: Clement Escoffier <clement.escoffier@gmail.com>
Date: Mon, 13 Jan 2020 16:10:17 +0100
Subject: [PATCH] Use UBI in the JVM variant of the Dockerfile

I added a note (as a comment) about -XshowSettings:vm. So the user can enable it easily and check the amount of heap used by the application.
---
 .../resources/templates/dockerfile-jvm.ftl    | 33 +++++++++++++------
 .../resources/templates/dockerfile-jvm.ftl    | 28 +++++++++++-----
 2 files changed, 43 insertions(+), 18 deletions(-)

diff --git a/devtools/platform-descriptor-json/src/main/resources/templates/dockerfile-jvm.ftl b/devtools/platform-descriptor-json/src/main/resources/templates/dockerfile-jvm.ftl
index a3c6ea717..5f8ef2967 100644
--- a/devtools/platform-descriptor-json/src/main/resources/templates/dockerfile-jvm.ftl
+++ b/devtools/platform-descriptor-json/src/main/resources/templates/dockerfile-jvm.ftl
@@ -14,21 +14,34 @@
 # docker run -i --rm -p 8080:8080 quarkus/${project_artifactId}-jvm
 #
 ###
-FROM fabric8/java-alpine-openjdk8-jre:1.6.5
-ENV JAVA_OPTIONS="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager"
-ENV AB_ENABLED=jmx_exporter
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1
 
-# Be prepared for running in OpenShift too
-RUN adduser -G root --no-create-home --disabled-password 1001 \
-  && chown -R 1001 /deployments \
-  && chmod -R "g+rwX" /deployments \
-  && chown -R 1001:root /deployments
+ARG JAVA_PACKAGE=java-1.8.0-openjdk-headless
+ARG RUN_JAVA_VERSION=1.3.5
+
+ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'
+
+# Install java and the run-java script
+# Also set up permissions for user `1001`
+RUN microdnf install openssl curl ca-certificates ${JAVA_PACKAGE} \
+    && microdnf update \
+    && microdnf clean all \
+    && mkdir /deployments \
+    && chown 1001 /deployments \
+    && chmod "g+rwX" /deployments \
+    && chown 1001:root /deployments \
+    && curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh \
+    && chown 1001 /deployments/run-java.sh \
+    && chmod 540 /deployments/run-java.sh \
+    && echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/lib/security/java.security
+
+# Configure the JAVA_OPTIONS, you can add -XshowSettings:vm to also display the heap size.
+ENV JAVA_OPTIONS="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager"
 
 COPY ${build_dir}/lib/* /deployments/lib/
 COPY ${build_dir}/*-runner.jar /deployments/app.jar
-EXPOSE 8080
 
-# run with user 1001
+EXPOSE 8080
 USER 1001
 
 ENTRYPOINT [ "/deployments/run-java.sh" ]
diff --git a/independent-projects/tools/common/src/test/resources/templates/dockerfile-jvm.ftl b/independent-projects/tools/common/src/test/resources/templates/dockerfile-jvm.ftl
index c36cbd78d..5c0839381 100644
--- a/independent-projects/tools/common/src/test/resources/templates/dockerfile-jvm.ftl
+++ b/independent-projects/tools/common/src/test/resources/templates/dockerfile-jvm.ftl
@@ -14,18 +14,30 @@
 # docker run -i --rm -p 8080:8080 quarkus/${project_artifactId}-jvm
 #
 ###
-FROM fabric8/java-alpine-openjdk8-jre
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1
+
+ARG JAVA_PACKAGE=java-1.8.0-openjdk-headless
+ARG RUN_JAVA_VERSION=1.3.5
+
+# Install java and the run-java script
+# Also set up permissions for user `1001`
+RUN microdnf install ${JAVA_PACKAGE} \
+&& microdnf clean all \
+&& mkdir /deployments \
+&& chown 1001 /deployments \
+&& chmod "g+rwX" /deployments \
+&& chown 1001:root /deployments \
+&& curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh \
+&& chown 1001 /deployments/run-java.sh \
+&& chmod 550 /deployments/run-java.sh \
+&& echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/lib/security/java.security
+
 ENV JAVA_OPTIONS="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager"
-ENV AB_ENABLED=jmx_exporter
+
 COPY ${build_dir}/lib/* /deployments/lib/
 COPY ${build_dir}/*-runner.jar /deployments/app.jar
-EXPOSE 8080
 
-# run with user 1001 and be prepared for be running in OpenShift too
-RUN adduser -G root --no-create-home --disabled-password 1001 \
-  && chown -R 1001 /deployments \
-  && chmod -R "g+rwX" /deployments \
-  && chown -R 1001:root /deployments
+EXPOSE 8080
 USER 1001
 
 ENTRYPOINT [ "/deployments/run-java.sh" ]
\ No newline at end of file