-
Notifications
You must be signed in to change notification settings - Fork 78
Expand file tree
/
Copy pathDockerfileSecure
More file actions
69 lines (57 loc) · 2.97 KB
/
DockerfileSecure
File metadata and controls
69 lines (57 loc) · 2.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# Builder Stage
FROM eclipse-temurin:21-jre-noble
# Create liquibase user
RUN groupadd --gid 1001 liquibase && \
useradd --uid 1001 --gid liquibase --create-home --home-dir /liquibase liquibase && \
chown liquibase:root /liquibase && \
chmod g+rx /liquibase
# Download and install Liquibase
WORKDIR /liquibase
ARG LIQUIBASE_SECURE_VERSION=5.1.0
ARG LB_SECURE_SHA256=53b0373042d8ad7ebff44f930d0a79da2fa0a2a93c96d92cd18aa9934a205c97
# Add metadata labels
LABEL org.opencontainers.image.description="Liquibase Secure Container Image"
LABEL org.opencontainers.image.licenses="LicenseRef-Liquibase-EULA"
LABEL org.opencontainers.image.licenses.url="https://www.liquibase.com/eula"
LABEL org.opencontainers.image.vendor="Liquibase"
LABEL org.opencontainers.image.version="${LIQUIBASE_SECURE_VERSION}"
LABEL org.opencontainers.image.documentation="https://docs.liquibase.com"
# Download and install Liquibase
WORKDIR /liquibase
RUN wget -q -O liquibase-secure-${LIQUIBASE_SECURE_VERSION}.tar.gz "https://repo.liquibase.com/releases/secure/${LIQUIBASE_SECURE_VERSION}/liquibase-secure-${LIQUIBASE_SECURE_VERSION}.tar.gz" && \
echo "$LB_SECURE_SHA256 *liquibase-secure-${LIQUIBASE_SECURE_VERSION}.tar.gz" | sha256sum -c - && \
tar -xzf liquibase-secure-${LIQUIBASE_SECURE_VERSION}.tar.gz && \
rm liquibase-secure-${LIQUIBASE_SECURE_VERSION}.tar.gz && \
ln -s /liquibase/liquibase /usr/local/bin/liquibase && \
ln -s /liquibase/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh && \
liquibase --version
ARG LPM_VERSION=0.3.1
ARG LPM_SHA256=c21d5df31a5af30e355186d1f0cebc203f6e4f60522a37505b0702db6927b5ca
ARG LPM_SHA256_ARM=207177f3f701944326883156549f81a7826d1928addcc1880aee73df2a4703b9
# Download and Install lpm
RUN apt-get update && \
apt-get -yqq install unzip --no-install-recommends && \
rm -rf /var/lib/apt/lists/* && \
mkdir /liquibase/bin && \
arch="$(dpkg --print-architecture)" && \
case "$arch" in \
amd64) DOWNLOAD_ARCH="" ;; \
arm64) DOWNLOAD_ARCH="-arm64" && LPM_SHA256=$LPM_SHA256_ARM ;; \
*) echo >&2 "error: unsupported architecture '$arch'" && exit 1 ;; \
esac && wget -q -O lpm-${LPM_VERSION}-linux${DOWNLOAD_ARCH}.zip "https://github.com/liquibase/liquibase-package-manager/releases/download/v${LPM_VERSION}/lpm-${LPM_VERSION}-linux${DOWNLOAD_ARCH}.zip" && \
echo "$LPM_SHA256 *lpm-${LPM_VERSION}-linux${DOWNLOAD_ARCH}.zip" | sha256sum -c - && \
unzip lpm-${LPM_VERSION}-linux${DOWNLOAD_ARCH}.zip -d bin/ && \
rm lpm-${LPM_VERSION}-linux${DOWNLOAD_ARCH}.zip && \
apt-get purge -y --auto-remove unzip && \
ln -s /liquibase/bin/lpm /usr/local/bin/lpm && \
lpm --version
# Set LIQUIBASE_HOME environment variable
ENV LIQUIBASE_HOME=/liquibase
# Marker which indicates this is a Liquibase docker container
ENV DOCKER_LIQUIBASE=true
COPY docker-entrypoint.sh ./
COPY liquibase.docker.properties ./
# Set user and group
USER liquibase:liquibase
ENTRYPOINT ["/liquibase/docker-entrypoint.sh"]
CMD ["--help"]