Merge pull request #7 from sharedRDM/6-instance-jku

Add JKU instance and improve Docker configuration

Author: lpandath

.github/workflows/instances.yml

@@ -21,11 +21,11 @@ on:
         type: choice
         description: 'Choose the backend instance'
         options:
-          - both
-          - MUG
           - TUG
+          - MUG
+          - JKU
         required: false
-        default: both
+        default: 'TUG'
 
 jobs:
   build-backend-mug:
@@ -128,3 +128,52 @@ jobs:
             ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.DOCKER_TAG }}-tug
           labels: ${{ steps.meta.outputs.labels }}
 
+  build-backend-jku:
+    runs-on: ubuntu-22.04
+    if: ${{ github.event_name != 'workflow_dispatch' || github.event.inputs.instance == 'both' || github.event.inputs.instance == 'JKU' }}
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.inputs.branch || github.ref }}
+
+      - name: Convert repository name to lowercase
+        run: echo "IMAGE_NAME=$(echo '${{ github.repository }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
+
+      - name: Determine Docker tag (from tag or branch)
+        id: get_tag
+        run: |
+          if [[ "${{ github.ref }}" == refs/tags/* ]]; then
+            TAG_NAME="${GITHUB_REF#refs/tags/}"
+          else
+            TAG_NAME="${GITHUB_REF#refs/heads/}"
+          fi
+          echo "DOCKER_TAG=$TAG_NAME" >> $GITHUB_ENV
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push JKU Docker image
+        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+        with:
+          context: .
+          push: true
+          build-args: |
+            INSTANCE_NAME=JKU
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.DOCKER_TAG }}-jku
+          labels: ${{ steps.meta.outputs.labels }}

Dockerfile

@@ -1,60 +1,75 @@
 # syntax=docker/dockerfile:1
-
-# the runner is built
+#==============================================================================
+# STAGE 1: BUILD STAGE
+# Build the application using Maven in an Alpine-based container
+#==============================================================================
 FROM maven:3.9.5-eclipse-temurin-17-alpine AS builder
 
 ARG BUILD_HOME=/home/app
 ARG BUILD_PROFILE=postgres
 
-# Name of the directory
+# instance configuration: JKU, MUG, TUG
 ARG INSTANCE_NAME
 
-RUN mkdir $BUILD_HOME && mkdir -p $BUILD_HOME/.m2/repository && chown -R 1000:0 $BUILD_HOME
+# build directories with proper permissions for non-root user
+RUN mkdir $BUILD_HOME && \
+    mkdir -p $BUILD_HOME/.m2/repository && \
+    chown -R 1000:0 $BUILD_HOME
+
+# Switch to non-root user for security
 USER 1000
 WORKDIR $BUILD_HOME
 
+# copies from instances/${INSTANCE_NAME}/ directory
 COPY instances/${INSTANCE_NAME}/src ./src
 COPY instances/${INSTANCE_NAME}/pom.xml .
 
+# Maven repository volume for caching dependencies
 VOLUME ["/home/app/.m2/repository"]
+
+# build the application
 RUN mvn -Duser.home=$BUILD_HOME -B package -DskipTests -Dquarkus.profile=${BUILD_PROFILE}
 
-# Create a second stage container which will only contain the runtime binaries without build dependencies
+#==============================================================================
+# STAGE 2: RUNTIME STAGE
+# Create a lightweight container with only the required dependencies to run the app
+#==============================================================================
 FROM rockylinux:8.5 AS runner
 
 ARG JAVA_PACKAGE=java-17-openjdk-headless
 ARG RUN_JAVA_VERSION=1.3.8
-
-# path to copy built binaries from builder container
 ARG BUILD_HOME=/home/app
 
 ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'
 
-# install java and the run-java script and set up permissions for the unprivileged 1001 container user
-RUN dnf install -y openssl tzdata-java curl ca-certificates ${JAVA_PACKAGE} \
-    && dnf clean all -y \
-    && mkdir /deployments \
-    && chown 1001 /deployments \
-    && chmod "g+rwX" /deployments \
-    && chown 1001:root /deployments \
-    && curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh \
-    && chown 1001 /deployments/run-java.sh \
-    && chmod 540 /deployments/run-java.sh \
-    && echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/lib/security/java.security
-
-# configure the JAVA_OPTIONS, you can add -XshowSettings:vm to also display the heap size.
+# install runtime dependencies and set up deployment directory
+RUN dnf install -y openssl tzdata-java curl ca-certificates ${JAVA_PACKAGE} && \
+    dnf clean all -y && \
+    # Create deployment directory with proper permissions
+    mkdir /deployments && \
+    chown 1001 /deployments && \
+    chmod "g+rwX" /deployments && \
+    chown 1001:root /deployments && \
+    # Download and install run-java script for optimized JVM startup
+    curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh && \
+    chown 1001 /deployments/run-java.sh && \
+    chmod 540 /deployments/run-java.sh && \
+    # Optimize JVM random number generation for faster startup
+    echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/lib/security/java.security
+
+# configure JVM options for Quarkus application
 ENV JAVA_OPTIONS="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager -Duser.home=/deployments"
 
-# copy runtime binaries to /deployments folder on runner container, the run-java script will pick this up
-# and start the application
+# copy compiled application from builder stage
 COPY --from=builder $BUILD_HOME/target/quarkus-app/lib/ /deployments/lib/
 COPY --from=builder $BUILD_HOME/target/quarkus-app/*.jar /deployments/
 COPY --from=builder $BUILD_HOME/target/quarkus-app/app/ /deployments/app/
 COPY --from=builder $BUILD_HOME/target/quarkus-app/quarkus/ /deployments/quarkus/
 
+# expose application port
 EXPOSE 8080
 
-# for Openshift based unprivilegued Kubernetes environments, we will set the user to 1001
+# user 1001 is standard for OpenShift and Kubernetes environments
 USER 1001
 
 ENTRYPOINT [ "/deployments/run-java.sh" ]

README.md

@@ -6,21 +6,27 @@ This repository manages DAMAP backend deployments for different institutions usi
 
 - **TUG** - Graz University of Technology
 - **MUG** - Medical University of Graz
+- **JKU** - Johannes Kepler University Linz
 
 ## Structure
 
 ```
 instances/
 ├── TUG/
-│   ├── src/                    # TUG-specific source code  
+│   ├── src/                    
 │   │   ├── main/java/at/tugraz/damap/...
 │   │   └── main/resources/...
-│   └── pom.xml                 # TUG Maven configuration
+│   └── pom.xml                 
 ├── MUG/
-│   ├── src/                    # MUG-specific source code
+│   ├── src/                    
 │   │   ├── main/java/at/medunigraz/damap/...
 │   │   └── main/resources/...
-│   └── pom.xml                 # MUG Maven configuration
+│   └── pom.xml                
+├── JKU/
+│   ├── src/                   
+│   │   ├── main/java/at/jku/damap/...
+│   │   └── main/resources/...
+│   └── pom.xml                 
 ```
 
 ## Usage
@@ -34,6 +40,9 @@ docker build --build-arg INSTANCE_NAME=TUG -t damap-backend-tug .
 
 # Build MUG backend
 docker build --build-arg INSTANCE_NAME=MUG -t damap-backend-mug .
+
+# Build JKU backend
+docker build --build-arg INSTANCE_NAME=JKU -t damap-backend-jku .
 ```
 
 **On Mac (ARM64/M1/M2):**
@@ -43,5 +52,8 @@ docker build --platform linux/amd64 --build-arg INSTANCE_NAME=TUG -t damap-backe
 
 # Build MUG backend
 docker build --platform linux/amd64 --build-arg INSTANCE_NAME=MUG -t damap-backend-mug .
+
+# Build JKU backend
+docker build --platform linux/amd64 --build-arg INSTANCE_NAME=JKU -t damap-backend-jku .
 ```