ARTEMIS-3042 Add docker multistage build

This adds the possibility to create an artemis image with just the docker build command.
First the image is downloaded in an Eclipse Temurin installation and later transferred to an alpine image.
Thus, it ensures that only the relevant data is stored in alpine leading to a smaller attack surface.

artemis-docker/Dockerfile-alpine

@@ -0,0 +1,90 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# ActiveMQ Artemis
+
+ARG CURRENT_VERSION=2.17.0
+
+FROM eclipse-temurin:11-jdk as builder
+ARG CURRENT_VERSION
+
+ENV VERSION=$CURRENT_VERSION
+
+RUN apt update -y && apt upgrade -y && apt install tree curl -y
+
+ADD ./prepare-docker.sh /bin/prepareDocker
+WORKDIR /root/artemis-build
+COPY docker-run.sh .
+RUN bash prepareDocker --from-release --artemis-version ${VERSION}
+
+
+FROM alpine:latest
+
+ARG CURRENT_VERSION
+
+ENV VERSION=$CURRENT_VERSION
+
+RUN apk --no-cache add openjdk17-jre-headless bash libaio\
+        --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community
+
+
+LABEL maintainer="Apache ActiveMQ Team"
+# Make sure pipes are considered to determine success, see: https://github.com/hadolint/hadolint/wiki/DL4006
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+WORKDIR /opt
+
+ENV ARTEMIS_USER artemis
+ENV ARTEMIS_PASSWORD artemis
+ENV ANONYMOUS_LOGIN false
+ENV EXTRA_ARGS --http-host 0.0.0.0 --relax-jolokia
+
+# add user and group for artemis
+RUN addgroup  -g 1001 artemis && adduser -u 1002 --ingroup artemis --disabled-password  artemis
+
+USER artemis
+
+COPY --from=builder /root/artemis-build/_TMP_/artemis/${VERSION}/ /opt/activemq-artemis
+
+# Web Server
+EXPOSE 8161 \
+# JMX Exporter
+    9404 \
+# Port for CORE,MQTT,AMQP,HORNETQ,STOMP,OPENWIRE
+    61616 \
+# Port for HORNETQ,STOMP
+    5445 \
+# Port for AMQP
+    5672 \
+# Port for MQTT
+    1883 \
+#Port for STOMP
+    61613
+
+USER root
+
+RUN mkdir /var/lib/artemis-instance && chown -R artemis.artemis /var/lib/artemis-instance
+
+COPY --from=builder /root/artemis-build/_TMP_/artemis/${VERSION}/docker/docker-run.sh /
+
+USER artemis
+
+# Expose some outstanding folders
+VOLUME ["/var/lib/artemis-instance"]
+WORKDIR /var/lib/artemis-instance
+
+ENTRYPOINT ["/docker-run.sh"]
+CMD ["run"]

artemis-docker/Dockerfile-alpine-build

@@ -0,0 +1,83 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# ActiveMQ Artemis
+
+FROM maven:3-eclipse-temurin-11 as builder
+
+
+RUN apt update -y && apt upgrade -y && apt install tree curl -y
+
+WORKDIR /root/artemis-build
+COPY /artemis-docker/docker-run.sh .
+COPY . .
+
+RUN mvn -q clean install -DskipTests -DskipITs -DskipDocs -DskipDocker -DskipDoc
+
+FROM alpine:latest
+
+
+RUN apk --no-cache add openjdk17-jre-headless bash libaio\
+        --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community
+
+
+LABEL maintainer="Apache ActiveMQ Team"
+# Make sure pipes are considered to determine success, see: https://github.com/hadolint/hadolint/wiki/DL4006
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+WORKDIR /opt
+
+ENV ARTEMIS_USER artemis
+ENV ARTEMIS_PASSWORD artemis
+ENV ANONYMOUS_LOGIN false
+ENV EXTRA_ARGS --http-host 0.0.0.0 --relax-jolokia
+
+# add user and group for artemis
+RUN addgroup  -g 1001 artemis && adduser -u 1002 --ingroup artemis --disabled-password  artemis
+
+USER artemis
+
+COPY --chown=artemis:artemis  --from=builder /root/artemis-build/artemis-distribution/target/apache-artemis*-bin/*SNAPSHOT /opt/activemq-artemis/
+
+# Web Server
+EXPOSE 8161 \
+# JMX Exporter
+    9404 \
+# Port for CORE,MQTT,AMQP,HORNETQ,STOMP,OPENWIRE
+    61616 \
+# Port for HORNETQ,STOMP
+    5445 \
+# Port for AMQP
+    5672 \
+# Port for MQTT
+    1883 \
+#Port for STOMP
+    61613
+
+USER root
+
+RUN mkdir /var/lib/artemis-instance && chown -R artemis.artemis /var/lib/artemis-instance
+
+COPY --chown=artemis:artemis  --from=builder /root/artemis-build/artemis-docker/docker-run.sh /var/lib/artemis-instance/docker-run.sh
+
+USER artemis
+
+# Expose some outstanding folders
+VOLUME ["/var/lib/artemis-instance"]
+WORKDIR /var/lib/artemis-instance
+
+ENTRYPOINT ["./docker-run.sh"]
+CMD ["run"]

artemis-docker/Dockerfile-centos7-11

@@ -17,12 +17,29 @@
 
 # ActiveMQ Artemis
 
+ARG CURRENT_VERSION=2.17.0
+
+FROM eclipse-temurin:11-jdk as builder
+ARG CURRENT_VERSION
+
+ENV VERSION=$CURRENT_VERSION
+
+RUN apt update -y && apt upgrade -y && apt install tree curl -y
+
+ADD ./prepare-docker.sh /bin/prepareDocker
+WORKDIR /root/artemis-build
+COPY docker-run.sh .
+RUN bash prepareDocker --from-release --artemis-version ${VERSION}
+
 FROM eclipse-temurin:11-centos7
 LABEL maintainer="Apache ActiveMQ Team"
 # Make sure pipes are considered to determine success, see: https://github.com/hadolint/hadolint/wiki/DL4006
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 WORKDIR /opt
 
+ARG CURRENT_VERSION
+
+ENV VERSION=$CURRENT_VERSION
 ENV ARTEMIS_USER artemis
 ENV ARTEMIS_PASSWORD artemis
 ENV ANONYMOUS_LOGIN false
@@ -36,7 +53,7 @@ RUN groupadd -g 1001 -r artemis && useradd -r -u 1001 -g artemis artemis \
 
 USER artemis
 
-ADD . /opt/activemq-artemis
+COPY --from=builder /root/artemis-build/_TMP_/artemis/${VERSION}/ /opt/activemq-artemis
 
 # Web Server
 EXPOSE 8161 \
@@ -57,7 +74,7 @@ USER root
 
 RUN mkdir /var/lib/artemis-instance && chown -R artemis.artemis /var/lib/artemis-instance
 
-COPY ./docker/docker-run.sh /
+COPY --from=builder /root/artemis-build/_TMP_/artemis/${VERSION}/docker/docker-run.sh /
 
 USER artemis
 

artemis-docker/Dockerfile-centos7-11-build

@@ -0,0 +1,79 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# ActiveMQ Artemis
+
+FROM maven:3-eclipse-temurin-11 as builder
+
+RUN apt update -y && apt upgrade -y && apt install tree curl -y
+
+WORKDIR /root/artemis-build
+COPY /artemis-docker/docker-run.sh .
+COPY . .
+
+RUN mvn -q clean install -DskipTests -DskipITs -DskipDocs -DskipDocker -DskipDoc
+
+FROM eclipse-temurin:11-centos7
+LABEL maintainer="Apache ActiveMQ Team"
+# Make sure pipes are considered to determine success, see: https://github.com/hadolint/hadolint/wiki/DL4006
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+WORKDIR /opt
+
+ENV ARTEMIS_USER artemis
+ENV ARTEMIS_PASSWORD artemis
+ENV ANONYMOUS_LOGIN false
+ENV EXTRA_ARGS --http-host 0.0.0.0 --relax-jolokia
+
+USER root
+
+# add user and group for artemis
+RUN groupadd -g 1001 -r artemis && useradd -r -u 1001 -g artemis artemis \
+ && yum install -y libaio && yum -y clean all
+
+USER artemis
+
+COPY --chown=artemis:artemis  --from=builder /root/artemis-build/artemis-distribution/target/apache-artemis*-bin/*SNAPSHOT /opt/activemq-artemis/
+
+# Web Server
+EXPOSE 8161 \
+# JMX Exporter
+    9404 \
+# Port for CORE,MQTT,AMQP,HORNETQ,STOMP,OPENWIRE
+    61616 \
+# Port for HORNETQ,STOMP
+    5445 \
+# Port for AMQP
+    5672 \
+# Port for MQTT
+    1883 \
+#Port for STOMP
+    61613
+
+USER root
+
+RUN mkdir /var/lib/artemis-instance && chown -R artemis.artemis /var/lib/artemis-instance
+
+COPY --chown=artemis:artemis  --from=builder /root/artemis-build/artemis-docker/docker-run.sh /var/lib/artemis-instance/docker-run.sh
+
+USER artemis
+
+# Expose some outstanding folders
+VOLUME ["/var/lib/artemis-instance"]
+WORKDIR /var/lib/artemis-instance
+
+ENTRYPOINT ["./docker-run.sh"]
+CMD ["run"]

artemis-docker/Dockerfile-ubuntu-11

@@ -17,8 +17,27 @@
 
 # ActiveMQ Artemis
 
+ARG CURRENT_VERSION=2.17.0
+
+FROM eclipse-temurin:11-jdk as builder
+ARG CURRENT_VERSION
+
+ENV VERSION=$CURRENT_VERSION
+
+RUN apt update -y && apt upgrade -y && apt install tree curl -y
+
+ADD ./prepare-docker.sh /bin/prepareDocker
+WORKDIR /root/artemis-build
+COPY docker-run.sh .
+RUN bash prepareDocker --from-release --artemis-version ${VERSION}
+
 FROM eclipse-temurin:11
 LABEL maintainer="Apache ActiveMQ Team"
+
+ARG CURRENT_VERSION
+
+ENV VERSION=$CURRENT_VERSION
+
 # Make sure pipes are considered to determine success, see: https://github.com/hadolint/hadolint/wiki/DL4006
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 WORKDIR /opt
@@ -36,7 +55,8 @@ RUN groupadd -g 1001 -r artemis && useradd -r -u 1001 -g artemis artemis \
 
 USER artemis
 
-ADD . /opt/activemq-artemis
+COPY --from=builder /root/artemis-build/_TMP_/artemis/${VERSION}/ /opt/activemq-artemis
+
 
 # Web Server
 EXPOSE 8161 \
@@ -57,7 +77,8 @@ USER root
 
 RUN mkdir /var/lib/artemis-instance && chown -R artemis.artemis /var/lib/artemis-instance
 
-COPY ./docker/docker-run.sh /
+COPY --from=builder /root/artemis-build/_TMP_/artemis/${VERSION}/docker/docker-run.sh /
+
 
 USER artemis