feat(java): add Java Dockerfile templates#16
Merged
Conversation
Implements issue #14. Covers JVM and GraalVM Native Image workflows with Maven/Gradle dep-caching, distroless runtimes, and a devcontainer. - Dockerfile.java: eclipse-temurin:21-jdk-jammy builder with ARG BUILD_TOOL=maven|gradle; dep manifests copied before source for layer-cache optimisation; runtime gcr.io/distroless/java21-debian12:nonroot - Dockerfile.java.native: GraalVM native-image-community:21-ol9 builder compiles to a native binary; runtime distroless/cc-debian12:nonroot - Dockerfile.java.chainguard: cgr.dev/chainguard/maven builder + cgr.dev/chainguard/jre runtime; ARG BASE_TAG=latest avoids DL3007; digest-pinning documented - Dockerfile.lambda: eclipse-temurin builder + public.ecr.aws/lambda/java:21; SnapStart notes included - Dockerfile.devcontainer: mcr.microsoft.com/devcontainers/java:1-21-bookworm with Gradle (pinned), jq, curl; apt versions pinned (DL3008) - .devcontainer/devcontainer.json: Language Support for Java, Maven, Gradle, Test Runner, Spring Initializr, Spring Boot extensions - .dockerignore: excludes target/, build/, .gradle/, *.class, stale *.jar - README.md: JVM vs GraalVM trade-off table, Maven/Gradle dep-cache patterns, Spring Boot layered JARs, Lambda SnapStart, digest-pinning, JLink custom JRE docs, hardening checklist Closes #14
The builder stage inherits from an ARG-constructed alias (${BUILD_TOOL}-deps).
Hadolint treats the variable reference as an untagged image — adding a
per-line ignore since the tag concept does not apply to internal stages.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Dockerfile.java—eclipse-temurin:21-jdk-jammybuilder withARG BUILD_TOOL=maven|gradle; dep manifests (pom.xml / build.gradle) copied before source for layer-cache optimisation; runtimegcr.io/distroless/java21-debian12:nonrootDockerfile.java.native—ghcr.io/graalvm/native-image-community:21-ol9builder compiles to a native binary viamvn -Pnative native:compile; runtimedistroless/cc-debian12:nonroot(glibc-linked)Dockerfile.java.chainguard—cgr.dev/chainguard/mavenbuilder +cgr.dev/chainguard/jreruntime;ARG BASE_TAG=latestavoids DL3007; digest-pinning documented in headerDockerfile.lambda—eclipse-temurinbuilder +public.ecr.aws/lambda/java:21; SnapStart notes in commentsDockerfile.devcontainer—mcr.microsoft.com/devcontainers/java:1-21-bookwormwith Gradle (pinned), jq, curl; apt versions pinned (DL3008 clean).devcontainer/devcontainer.json— Language Support for Java, Maven, Gradle, Test Runner, Spring Initializr, Spring Boot extensions.dockerignore— excludestarget/,build/,.gradle/,*.class, stale*.jarREADME.md— JVM vs GraalVM trade-off table, Maven/Gradle dep-cache patterns, Spring Boot layered JARs, Lambda SnapStart, digest-pinning workflow, JLink custom JRE docs, hardening checklistREADME.md— Java added to intro sentence and ecosystems list; removed from "Coming soon"Test plan
npm run lintpasses (markdownlint, hadolint, prettier — all clean)docker build --build-arg BUILD_TOOL=maven -f dockerfiles/java/Dockerfile.java .in a Maven projectdocker build --build-arg BUILD_TOOL=gradle -f dockerfiles/java/Dockerfile.java .in a Gradle projectmvn dependency:go-offlinedocker build --build-arg APP_NAME=<bin> -f dockerfiles/java/Dockerfile.java.native .in a Spring Boot 3 project with native profiledockerfiles/java/in VS Code Dev Containers and verify extensions loadCloses #14