Improvements to Docker file

.dockerignore

@@ -10,13 +10,10 @@ Dockerfile
 
 build
 !build/docker
-distribution
-!distribution/target/distribution-base
 documentation
-i18n
-plugins
-starter
-xmppserver
+
+# Any intermediate build stuff.
+**/target
 
 # Deeper stuff
 **/.DS_Store
@@ -25,4 +22,9 @@ xmppserver
 **/.idea
 **/.project
 **/.settings
-**/*.iml
+**/*.iml
+**/*.class
+
+# Make sure mvn stuff is present though.
+!.mvn/wrapper
+!.mvn/wrapper/maven-wrapper.properties

.github/workflows/continuous-integration-workflow.yml

@@ -139,14 +139,21 @@ jobs:
     runs-on: ubuntu-latest
     outputs:
       is_publishable_branch: ${{ steps.check-branch.outputs.is_publishable_branch }}
+      branch_tag: ${{ steps.check-branch.outputs.branch_tag }}
     steps:
       - name: check branch ${{ github.ref }} is either main or a version number
         id: check-branch
         run: |
-          if [[ ${{ github.ref }} == 'refs/heads/main' || ${{ github.ref }} =~ refs\/heads\/[0-9]+\.[0-9]+ ]]; then            
-            echo "is_publishable_branch=true" >> $GITHUB_OUTPUT
+          if [[ ${{ github.ref }} == 'refs/heads/main' ]]; then
+            echo "is_publishable_branch=true" >> "${GITHUB_OUTPUT}"
+            echo "branch_tag=development" >> "${GITHUB_OUTPUT}"
+          elif [[ ]${{ github.ref }} =~ refs\/heads\/[0-9]+\.[0-9]+ ]]; then            
+            echo "is_publishable_branch=true" >> "${GITHUB_OUTPUT}"
+            echo -n "branch_tag=" >> "${GITHUB_OUTPUT}"
+            sed -e '!refs/heads/!!' >> "${GITHUB_OUTPUT}"
           else
-            echo "is_publishable_branch=false" >> $GITHUB_OUTPUT
+            echo "is_publishable_branch=false" >> "${GITHUB_OUTPUT}"
+            echo "branch_tag=rando" >> "${GITHUB_OUTPUT}"
           fi
 
   connectivity:
@@ -230,6 +237,18 @@ jobs:
               - '.github/workflows/continuous-integration-workflow.yml'
               - 'xmppserver/pom.xml'
 
+  docker:
+    name: Build (and maybe push) Docker image
+    needs:
+      - check_branch
+    runs-on: ubuntu-latest
+    steps: # could log into docker hub here, so we can push the image.
+      - name: Build docker image
+        uses: docker/build-push-action@v6
+        with:
+          push: false ## ${{ needs.check_branch.output.is_publishable_branch == 'true' }}
+          tags: openfire:${{ needs.check_branch.outputs.branch_tag }}
+
   sqlserver:
     name: Test SQL Server Upgrades
     needs: [build, should-do-database-upgrade-tests, check_branch]

Dockerfile

@@ -1,19 +1,64 @@
-FROM eclipse-temurin:17
+# This stage extracts all the pom.xml files.
+# It'll get rebuilt with any source change, but that's OK.
+# It doesn't matter what image we're using, really, so we may as well use one of the same images as elsewhere.
+FROM eclipse-temurin:17-jre AS poms
+WORKDIR /usr/src
+COPY . .
+# Wipe any files not called pom.xml or *.jar
+RUN find . -type f -and \! -name pom.xml -and \! -name '*.jar' -delete
+# Clear up any (now) empty diretories
+RUN find . -type d -empty -delete
+
+# Now we build:
+FROM eclipse-temurin:17 AS build
+WORKDIR /tmp/
+RUN mkdir /tmp/m2_repo
+WORKDIR /usr/src
+COPY mvnw ./
+RUN chmod +x mvnw
+RUN mkdir -p .mvn
+COPY .mvn/wrapper .mvn/wrapper
+
+# First, copy in just the pom.xml files and fetch the dependencies:
+COPY --from=poms /usr/src/ .
+# I don't know why we need all three either.
+RUN ./mvnw -e -B dependency:resolve-plugins -Dmaven.test.skip -Dmaven.repo.local=/tmp/m2_repo
+RUN ./mvnw -e -B dependency:go-offline -Dmaven.test.skip -Dmaven.repo.local=/tmp/m2_repo
+RUN ./mvnw -e -B de.qaware.maven:go-offline-maven-plugin:resolve-dependencies -Dmaven.repo.local=/tmp/m2_repo
+
+# Above here is only affected by the pom.xml files, so the cache is stable.
+
+# Now, copy in all the source, and actually build it, skipping the tests.
+COPY . .
+RUN ./mvnw -o -e -B package -Dmaven.test.skip -Dmaven.repo.local=/tmp/m2_repo
+# In case of Windows, break glass.
+RUN sed -i 's/\r//g' /usr/src/distribution/target/distribution-base/bin/openfire.sh
+
+# Might as well create the user in a different stage if only to eliminate
+# the ugly && chaining and increase parallelization
+FROM eclipse-temurin:17-jre AS skeleton-runtime
 
 ENV OPENFIRE_USER=openfire \
     OPENFIRE_DIR=/usr/local/openfire \
     OPENFIRE_DATA_DIR=/var/lib/openfire \
     OPENFIRE_LOG_DIR=/var/log/openfire
 
-RUN apt-get update -qq \
-    && apt-get install -yqq sudo \
-    && adduser --disabled-password --quiet --system --home $OPENFIRE_DATA_DIR --gecos "Openfire XMPP server" --group $OPENFIRE_USER \
-    && rm -rf /var/lib/apt/lists/*
+RUN apt-get update -qq
+RUN apt-get install -yyq adduser
+RUN adduser --disabled-password --quiet --system --home $OPENFIRE_DATA_DIR --gecos "Openfire XMPP server" --group $OPENFIRE_USER
 
-COPY ./build/docker/entrypoint.sh /sbin/entrypoint.sh
-RUN chmod 755 /sbin/entrypoint.sh
+# Final stage, build the runtime container:
+FROM eclipse-temurin:17-jre AS runtime
+
+ENV OPENFIRE_USER=openfire \
+    OPENFIRE_DIR=/usr/local/openfire \
+    OPENFIRE_DATA_DIR=/var/lib/openfire \
+    OPENFIRE_LOG_DIR=/var/log/openfire
 
-COPY --chown=openfire:openfire ./distribution/target/distribution-base /usr/local/openfire
+COPY --from=skeleton-runtime /etc/passwd /etc/shadow /etc/group /etc/
+COPY --chown=openfire::openfire --from=skeleton-runtime $OPENFIRE_DATA_DIR $OPENFIRE_DATA_DIR
+COPY --chmod=0755 --from=build /usr/src/build/docker/entrypoint.sh /sbin/entrypoint.sh
+COPY --chown=openfire:openfire --from=build /usr/src/distribution/target/distribution-base /usr/local/openfire
 RUN mv ${OPENFIRE_DIR}/conf ${OPENFIRE_DIR}/conf_org \
     && mv ${OPENFIRE_DIR}/plugins ${OPENFIRE_DIR}/plugins_org \
     && mv ${OPENFIRE_DIR}/resources/security ${OPENFIRE_DIR}/resources/security_org
@@ -23,4 +68,5 @@ WORKDIR /usr/local/openfire
 
 EXPOSE 3478 3479 5005 5222 5223 5229 5262 5263 5275 5276 7070 7443 7777 9090 9091
 VOLUME ["${OPENFIRE_DATA_DIR}"]
+VOLUME ["${OPENFIRE_LOG_DIR}"]
 ENTRYPOINT [ "/sbin/entrypoint.sh" ]

build/docker/entrypoint.sh

@@ -17,13 +17,14 @@ initialize_data_dir() {
 
   # initialize the data volume
   if [[ ! -d ${OPENFIRE_DATA_DIR}/conf ]]; then
-    sudo -HEu ${OPENFIRE_USER} cp -a ${OPENFIRE_DIR}/conf_org ${OPENFIRE_DATA_DIR}/conf
-    sudo -HEu ${OPENFIRE_USER} cp -a ${OPENFIRE_DIR}/plugins_org ${OPENFIRE_DATA_DIR}/plugins
-    sudo -HEu ${OPENFIRE_USER} cp -a ${OPENFIRE_DIR}/resources/security_org ${OPENFIRE_DATA_DIR}/conf/security
+    cp -a ${OPENFIRE_DIR}/conf_org ${OPENFIRE_DATA_DIR}/conf
+    cp -a ${OPENFIRE_DIR}/plugins_org ${OPENFIRE_DATA_DIR}/plugins
+    cp -a ${OPENFIRE_DIR}/resources/security_org ${OPENFIRE_DATA_DIR}/conf/security
   fi
-  sudo -HEu ${OPENFIRE_USER} mkdir -p ${OPENFIRE_DATA_DIR}/{plugins,embedded-db}
-  sudo -HEu ${OPENFIRE_USER} rm -rf ${OPENFIRE_DATA_DIR}/plugins/admin
-  sudo -HEu ${OPENFIRE_USER} ln -sf ${OPENFIRE_DIR}/plugins_org/admin ${OPENFIRE_DATA_DIR}/plugins/admin
+  mkdir -p ${OPENFIRE_DATA_DIR}/{plugins,embedded-db}
+  rm -rf ${OPENFIRE_DATA_DIR}/plugins/admin
+  ln -sf ${OPENFIRE_DIR}/plugins_org/admin ${OPENFIRE_DATA_DIR}/plugins/admin
+  chown -R ${OPENFIRE_USER}:${OPENFIRE_USER} ${OPENFIRE_DATA_DIR}
 
   # create version file
   CURRENT_VERSION=

mvnw

@@ -50,7 +50,7 @@ fi
 cygwin=false;
 darwin=false;
 mingw=false
-case "`uname`" in
+case "$(uname)" in
   CYGWIN*) cygwin=true ;;
   MINGW*) mingw=true;;
   Darwin*) darwin=true
@@ -68,7 +68,7 @@ esac
 
 if [ -z "$JAVA_HOME" ] ; then
   if [ -r /etc/gentoo-release ] ; then
-    JAVA_HOME=`java-config --jre-home`
+    JAVA_HOME=$(java-config --jre-home)
   fi
 fi
 

pom.xml

@@ -222,6 +222,12 @@
 
             <plugins>
 
+                <plugin>
+                    <groupId>de.qaware.maven</groupId>
+                    <artifactId>go-offline-maven-plugin</artifactId>
+                    <version>1.2.8</version>
+                </plugin>
+
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-jar-plugin</artifactId>