OBP-API/development/docker/Dockerfile.dev

FROM maven:3.9.6-eclipse-temurin-17

WORKDIR /app

# Copy Maven configuration files
COPY pom.xml .
COPY build.sbt .

# Copy source code and necessary project files
COPY obp-api/ ./obp-api/
COPY obp-commons/ ./obp-commons/
COPY project/ ./project/

# Copy other necessary files for the build
COPY jitpack.yml .
COPY web-app_2_3.dtd .

EXPOSE 8080

# Build the project, skip tests to speed up
RUN mvn install -pl .,obp-commons -am -DskipTests

# Copy entrypoint script that runs mvn with needed JVM flags
COPY development/docker/entrypoint.sh /app/entrypoint.sh
RUN chmod +x /app/entrypoint.sh

# Use script as entrypoint
CMD ["/app/entrypoint.sh"]
feature/OBP API – Docker & Docker Compose Setup 2025-07-15 14:40:32 +00:00			`FROM maven:3.9.6-eclipse-temurin-17`

			`WORKDIR /app`

feature/Copying recursively might inadvertently add sensitive data to the container. SonarQube security warning by: ## Summary of Changes ### 1. Selective File Copying in Dockerfile Instead of using `COPY . .` which copies everything recursively, I've updated the Dockerfile to explicitly copy only the necessary files and directories: - Maven configuration: `pom.xml`, `build.sbt` - Source code directories: `obp-api/`, `obp-commons/`, `project/` - Required build files: `jitpack.yml`, `web-app_2_3.dtd` ### 2. Enhanced .dockerignore I've significantly expanded the `.dockerignore` file to exclude: - IDE files: `.idea/`, `.vscode/`, `.metals/`, etc. - Build artifacts: `target/`, `cache/`, Maven local repository - Sensitive files: Environment files, keys, certificates, passwords - OS files: `.DS_Store`, thumbnails, etc. - Documentation: Most markdown files (keeping license files) - Development files: `ideas/`, `resourcedoc/` ## Security Benefits 1. Reduced attack surface: Only necessary files are included in the Docker image 2. No accidental secrets: Explicit exclusion of common sensitive file patterns 3. Smaller image size: Excluding unnecessary files reduces image size 4. Better maintainability: Clear understanding of what goes into the container ## Build Compatibility The changes maintain full Maven build compatibility by ensuring all necessary files for the build process are still copied: - Maven POM files for dependency management - Source code directories - Build configuration files - The entrypoint script (specifically allowed in .dockerignore) This approach follows Docker security best practices and addresses the SonarQube warning while maintaining the functionality of your build process. 2025-11-27 13:21:54 +00:00			`# Copy Maven configuration files`
			`COPY pom.xml .`
			`COPY build.sbt .`

			`# Copy source code and necessary project files`
			`COPY obp-api/ ./obp-api/`
			`COPY obp-commons/ ./obp-commons/`
			`COPY project/ ./project/`

			`# Copy other necessary files for the build`
			`COPY jitpack.yml .`
			`COPY web-app_2_3.dtd .`
feature/OBP API – Docker & Docker Compose Setup 2025-07-15 14:40:32 +00:00
			`EXPOSE 8080`

			`# Build the project, skip tests to speed up`
			`RUN mvn install -pl .,obp-commons -am -DskipTests`

			`# Copy entrypoint script that runs mvn with needed JVM flags`
feature/Move docker to the development folder 2025-11-27 14:42:03 +00:00			`COPY development/docker/entrypoint.sh /app/entrypoint.sh`
feature/OBP API – Docker & Docker Compose Setup 2025-07-15 14:40:32 +00:00			`RUN chmod +x /app/entrypoint.sh`

			`# Use script as entrypoint`
feature/Copying recursively might inadvertently add sensitive data to the container. SonarQube security warning by: ## Summary of Changes ### 1. Selective File Copying in Dockerfile Instead of using `COPY . .` which copies everything recursively, I've updated the Dockerfile to explicitly copy only the necessary files and directories: - Maven configuration: `pom.xml`, `build.sbt` - Source code directories: `obp-api/`, `obp-commons/`, `project/` - Required build files: `jitpack.yml`, `web-app_2_3.dtd` ### 2. Enhanced .dockerignore I've significantly expanded the `.dockerignore` file to exclude: - IDE files: `.idea/`, `.vscode/`, `.metals/`, etc. - Build artifacts: `target/`, `cache/`, Maven local repository - Sensitive files: Environment files, keys, certificates, passwords - OS files: `.DS_Store`, thumbnails, etc. - Documentation: Most markdown files (keeping license files) - Development files: `ideas/`, `resourcedoc/` ## Security Benefits 1. Reduced attack surface: Only necessary files are included in the Docker image 2. No accidental secrets: Explicit exclusion of common sensitive file patterns 3. Smaller image size: Excluding unnecessary files reduces image size 4. Better maintainability: Clear understanding of what goes into the container ## Build Compatibility The changes maintain full Maven build compatibility by ensuring all necessary files for the build process are still copied: - Maven POM files for dependency management - Source code directories - Build configuration files - The entrypoint script (specifically allowed in .dockerignore) This approach follows Docker security best practices and addresses the SonarQube warning while maintaining the functionality of your build process. 2025-11-27 13:21:54 +00:00			`CMD ["/app/entrypoint.sh"]`