feat: add java base image project (#7)

.github/workflows/java-base-image.yaml

@@ -0,0 +1,31 @@
+name: build java base images
+
+on:
+  push:
+    branches: [ "main" ]
+    paths: [ "java-base-image/**" ]
+  pull_request:
+    paths: [ "java-base-image/**" ]
+
+jobs:
+  build-and-push-otel-java-base-images:
+    strategy:
+      matrix:
+        dist: ["corretto", "temurin"]
+        version: ["11", "17"]
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Build Image
+      run: |
+        docker build ./java-base-image -f java-base-image/dockerfiles/${{ matrix.dist }}-${{ matrix.version }}.Dockerfile --tag demtag/java-base-image:${{ matrix.dist }}-${{ matrix.version }}-preview
+    - name: Login to Dockerhub
+      if: github.event_name == 'push' && github.ref_name == 'main'
+      run: docker login --username ${DOCKER_USERNAME} --password ${DOCKER_PASSWORD}
+      env:
+        DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+        DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+    - name: Push Image
+      if: github.event_name == 'push' && github.ref_name == 'main'
+      run: |
+        docker push demtag/java-base-image:${{ matrix.dist }}-${{ matrix.version }}-preview

README.md

@@ -7,6 +7,7 @@ The table gives you an overview of the contents of this repository.
 
 |Image|Description|Dockerhub|
 |---|---|---|
+|[java-base-image](./java-base-image/README.md)|A java image that supports adding custom CA's at runtime and simplifies OpenTelemtry instrumentation|[![Docker Pulls](https://img.shields.io/docker/pulls/demtag/java-base-image)](https://hub.docker.com/r/demtag/java-base-image)|
 |[kubectl](./kubectl/README.md)|Extended kubectl image to make easier deployments from CI/CD systems|[![Docker Pulls](https://img.shields.io/docker/pulls/demtag/kubectl)](https://hub.docker.com/r/demtag/kubectl)|
 |[otel-java-agent](./otel-java-agent/README.md)|Simple container image holding the [OpenTelemtry Java Agent](https://github.com/open-telemetry/opentelemetry-java-instrumentation) that can be used for creating Kubernetes Sidecars|[![Docker Pulls](https://img.shields.io/docker/pulls/demtag/otel-javaagent)](https://hub.docker.com/r/demtag/otel-javaagent)|
 |[helm-oc](./helm-oc/README.md)|Docker Image which contains Helm and Openshift Container Platform CLI|[![Docker Pulls](https://img.shields.io/docker/pulls/demtag/helm-oc)](https://hub.docker.com/r/demtag/helm-oc)|

java-base-image/README.md

@@ -0,0 +1,25 @@
+# Java Base Image
+
+This repository contains the Dockerfiles for our generic java base image that ships with a small startup script, providing essential features that can be useful in some contexts:
+
+* extending your Java Truststore with a set of CA certificates
+* setting a `javaagent` flag for easier instrumentation of monitoring and troubleshooting tools
+
+The configuration is completly done using environment variables.
+
+## Usages
+
+```dockerfile
+FROM demtag/java-base-image:corretto-17
+COPY /some/path/application.jar /app/application.jar
+CMD ["-jar", "/app/backend.jar"] 
+```
+
+## Environment Variables
+
+|Variable|Description|
+|---|---|
+|`JVM_EXTRA_CERTS`|Path to the directory containing all the CA-certificates that should be added to the trust store. Only files ending on `.pem` are respected.|
+|`JAVA_AGENT_LOCATION`|Path to the jar file that should be loaded with the `-javaagent` flag. If this variable is set and the file does not exist, the startup scripts exits with a error code.|
+|`JAVA_SECURITY_SKIP_EGD`|If this variable is set, no `java.security.egd` property will be provided for the java process.|
+|`DEBUG`|If this propert is set, the full startup command will be printed before execution.|

java-base-image/dockerfiles/corretto-11.Dockerfile

@@ -0,0 +1,7 @@
+FROM amazoncorretto:11.0.18
+
+WORKDIR /opt/scripts
+COPY ./scripts/startup.sh startup.sh
+RUN chmod +x startup.sh
+
+ENTRYPOINT ["/opt/scripts/startup.sh"]

java-base-image/dockerfiles/corretto-17.Dockerfile

@@ -0,0 +1,7 @@
+FROM amazoncorretto:17.0.6
+
+WORKDIR /opt/scripts
+COPY ./scripts/startup.sh startup.sh
+RUN chmod +x startup.sh
+
+ENTRYPOINT ["/opt/scripts/startup.sh"]

java-base-image/dockerfiles/temurin-11.Dockerfile

@@ -0,0 +1,7 @@
+FROM eclipse-temurin:11.0.18_10-jdk
+
+WORKDIR /opt/scripts
+COPY ./scripts/startup.sh startup.sh
+RUN chmod +x startup.sh
+
+ENTRYPOINT ["/opt/scripts/startup.sh"]

java-base-image/dockerfiles/temurin-17.Dockerfile

@@ -0,0 +1,7 @@
+FROM eclipse-temurin:17.0.6_10-jdk
+
+WORKDIR /opt/scripts
+COPY ./scripts/startup.sh startup.sh
+RUN chmod +x startup.sh
+
+ENTRYPOINT ["/opt/scripts/startup.sh"]

java-base-image/scripts/startup.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+
+function log() {
+    echo "$(date -u --iso-8601=seconds) [startup-script]: $1"
+}
+
+# If JVM_EXTRA_CERTS is set, add all files at the configured path ending with .pem to the Java Truststore.
+if ! [[ -z "${JVM_EXTRA_CERTS+x}" ]]; then
+    for file in $JVM_EXTRA_CERTS/*.pem; do
+        log "adding ${file} to java truststore."
+        keytool -cacerts -storepass "${JAVA_TRUSTSTORE_PASSWORD:-changeit}" -noprompt -importcert -file "${file}" &> /dev/null
+    done
+fi
+
+# If JAVA_AGENT_LOCATION is set, adding a javaagent argument pointing to the file to the java process.
+# This function also checks if the specified file exists and exits, if not.
+if ! [[ -z "${JAVA_AGENT_LOCATION+x}" ]]; then
+    if [ -f "${JAVA_AGENT_LOCATION}" ]; then
+        log "found java agent at path ${JAVA_AGENT_LOCATION} so adding it to the process."
+        JAVA_OPTS+=" -javaagent:${JAVA_AGENT_LOCATION}"
+    else
+        log "java agent should be at ${JAVA_AGENT_LOCATION} but was not found. Exiting..."
+        exit 1
+    fi
+fi
+
+# If JAVA_SECURITY_SKIP_EGD is set, skip setting the java.security.egd property.
+if [[ -z "${JAVA_SECURITY_SKIP_EGD+x}" ]]; then
+    JAVA_OPTS+=" -Djava.security.egd=file:/dev/./urandom"
+else
+    log "skip setting the java.security.egd property."
+fi
+
+JAVA_OPTS=$(echo "${JAVA_OPTS}" | awk '{$1=$1};1') # Removes trailing whitespaces
+
+# Printing the command that will run out for debug purposes.
+if ! [[ -z "${DEBUG+x}" ]]; then
+    log "command to run process: exec java ${JAVA_OPTS} ${*}"
+fi
+
+exec java "${JAVA_OPTS}" "${@}"