switch to using ubi as the standard github build with Docker

.dockerignore

@@ -1,6 +1,5 @@
 .github/
 .idea/
-contrib/ci/
 contrib/docker/
 contrib/elasticsearch/
 contrib/helm/

.github/workflows/maven-ci.yml

@@ -9,7 +9,7 @@ on: # yamllint disable-line rule:truthy
 
 jobs:
   build:
-    name: Standard build on Java ${{ matrix.java-version }} with compiler target ${{ matrix.java-compiler }}
+    name: UBI8 standard build on Java ${{ matrix.java-version }} with compiler target ${{ matrix.java-compiler }}
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
@@ -24,24 +24,29 @@ jobs:
     continue-on-error: ${{ matrix.experimental }}
 
     steps:
-      - name: Checkout repo
+      - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Configure Java & Maven
-        uses: actions/setup-java@v4
-        with:
-          java-version: '${{ matrix.java-version }}'
-          cache: "maven"
-          distribution: "corretto"
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
 
-      - name: Build with Maven
-        run: mvn -B -e -ntp "-Dstyle.color=always" -Dmaven.compiler.release=${{ matrix.java-compiler }} verify
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
-      - name: Verify Changed Files
-        run: contrib/ci/detect-changes.sh
+      - name: Build
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: false
+          file: contrib/docker/Dockerfile.ubi8
+          build-args: |
+            java_version=${{ matrix.java-version }}
+            java_compiler=${{ matrix.java-compiler }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
 
-  ubi8-build:
-    name: UBI8 standard build with Docker on Java 11 with compiler target 11
+  centos7-build:
+    name: Centos7 standard build on Java 11 with compiler target 11
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -58,10 +63,28 @@ jobs:
         with:
           context: .
           push: false
-          file: contrib/docker/Dockerfile.ubi8
+          file: contrib/docker/Dockerfile
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
+  macos-build:
+    name: MacOS standard build on Java 11 with compiler target 11
+    runs-on: macos-14
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Configure Java
+        uses: actions/setup-java@v4
+        with:
+          java-version: '11'
+          cache: 'maven'
+          distribution: 'corretto'
+          overwrite-settings: false
+
+      - name: Build with Maven
+        run: mvn -B -e -ntp "-Dstyle.color=always" clean verify -Pdist
+
   site-build:
     name: Standard maven site build
     runs-on: ubuntu-latest
@@ -98,6 +121,26 @@ jobs:
       - name: Build with Maven
         run: mvn -B -e -ntp "-Dstyle.color=always" -PerrorProne verify -DskipTests
 
+  detect-changes-build:
+    name: Maven build to detect formatter changes
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Configure Java
+        uses: actions/setup-java@v4
+        with:
+          java-version: '11'
+          cache: 'maven'
+          distribution: 'corretto'
+
+      - name: Build with Maven
+        run: mvn -B -e -ntp "-Dstyle.color=always" clean package -DskipTests
+
+      - name: Verify Changed Files
+        run: contrib/ci/detect-changes.sh
+
   slack-notify:
     if: ${{ github.event_name == 'push' && github.repository == 'NationalSecurityAgency/emissary' }}
     needs: build

DEVELOPING.md

@@ -601,18 +601,8 @@ a non-root user.
 
 ### Build Emissary Docker Image
 
-Maven can be used to create the docker image. There is a profile that was created to run the docker image build that, by default,
-has been turned off. We'll need to add the docker profile, along with the dist profile, to trigger an assembly. From the
-project root, run the following maven command:
-
-```
-mvn clean install -Pdist,docker
-```
-
-Alternatively, we can use Docker directly. First run a full maven build and then run the ```docker build``` command:
-
+We can use Docker directly to build Emissary:
 ```
-mvn clean install -Pdist
 docker build -f contrib/docker/Dockerfile . -t emissary
 ```
 

contrib/docker/Dockerfile

@@ -1,28 +1,71 @@
-FROM centos:7
+ARG IMG_NAME=centos
+ARG IMG_TAG=7
+FROM ${IMG_NAME}:${IMG_TAG} AS base
 
-RUN yum update -y \
-    && rpm --import https://yum.corretto.aws/corretto.key \
-    && curl -L -o /etc/yum.repos.d/corretto.repo https://yum.corretto.aws/corretto.repo \
-    && yum install -y java-11-amazon-corretto-devel \
-    && yum clean all -y \
-    && rm -rf /var/cache/yum
+ARG java_version=11
+ARG user=emissary
+ARG group=emissary
+ARG uid=1000
+ARG gid=1000
 
-ADD target/emissary-*-dist.tar.gz /opt
+ENV JAVA_TOOL_OPTIONS -Dfile.encoding=UTF8
+ENV PROJECT_BASE=/opt/emissary
 
-RUN ls -al /opt && \
-    version=`ls /opt | grep emissary- | awk '{ print $1 }'` && \
-    echo "Linking /opt/${version} to /opt/emissary" && \
-    ln -s /opt/${version} /opt/emissary && \
-    mkdir -p /opt/emissary/localoutput && \
-    chmod -R a+rw /opt/emissary
+RUN rpm --import https://yum.corretto.aws/corretto.key \
+     && curl -L -o /etc/yum.repos.d/corretto.repo https://yum.corretto.aws/corretto.repo \
+     && yum install -y java-${java_version}-amazon-corretto-devel \
+     && yum install -y which \
+     && groupadd -g ${gid} ${group} \
+     && useradd -u ${uid} -g ${group} -m -s /bin/bash ${user} \
+     && yum clean all -y \
+     && rm -rf /var/cache/yum
 
-ENV PROJECT_BASE=/opt/emissary
+
+
+FROM base AS build
+
+ARG maven_version=3.9.6
+ENV MAVEN_OPTS -Xms512M -Xmx1024M -Xss1M -Djava.awt.headless=true
+ENV MAVEN_HOME /opt/maven
+
+RUN curl -L -o /tmp/maven.tar.gz https://dlcdn.apache.org/maven/maven-3/${maven_version}/binaries/apache-maven-${maven_version}-bin.tar.gz \
+     && tar xvf /tmp/maven.tar.gz -C /opt \
+     && ln -s /opt/apache-maven-${maven_version} ${MAVEN_HOME} \
+     && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn
+
+COPY . /opt/emissary
+RUN chown -R ${user}:${group} /opt/emissary \
+    && chmod -R 744 /opt/emissary  \
+    && (rm -f .mvn-classpath || true)
+
+USER ${user}
+WORKDIR /opt/emissary
+RUN --mount=type=cache,uid=${uid},gid=${gid},target=/home/${user}/.m2 \
+    mvn -V -B -e -ntp "-Dstyle.color=always" clean verify -Pdist
+
+
+FROM base
+
+COPY --from=build /opt/emissary/target/emissary-*-dist.tar.gz /tmp
+
+RUN tar -xf /tmp/emissary-*-dist.tar.gz -C /opt/ \
+    && version=`ls /opt | grep emissary- | awk '{ print $1 }'`  \
+    && echo "Linking /opt/${version} to /opt/emissary"  \
+    && ln -s /opt/${version} /opt/emissary  \
+    && mkdir -p /opt/emissary/localoutput  \
+    && mkdir -p /opt/emissary/target/data  \
+    && chmod -R a+rw /opt/emissary \
+    && chown -R ${user}:${group} /opt/emissary* \
+    && rm -f /tmp/*
+
+USER ${user}
 
 WORKDIR /opt/emissary
 
+VOLUME /opt/emissary/target/data
 VOLUME /opt/emissary/localoutput
 
-EXPOSE 8000 8001
+EXPOSE 8001
 
 ENTRYPOINT ["./emissary"]
 

contrib/docker/Dockerfile.ubi8

@@ -1,32 +1,32 @@
 ARG IMG_NAME=redhat/ubi8
 ARG IMG_TAG=8.8-1067
-FROM ${IMG_NAME}:${IMG_TAG} as base
+FROM ${IMG_NAME}:${IMG_TAG} AS base
 
 ARG java_version=11
 ARG user=emissary
 ARG group=emissary
 ARG uid=1000
 ARG gid=1000
 
-ENV JAVA_HOME /usr/lib/jvm/java-${java_version}-amazon-corretto
 ENV JAVA_TOOL_OPTIONS -Dfile.encoding=UTF8
 ENV PROJECT_BASE=/opt/emissary
 
 RUN rpm --import https://yum.corretto.aws/corretto.key \
      && curl -L -o /etc/yum.repos.d/corretto.repo https://yum.corretto.aws/corretto.repo \
-     && yum install -y java-${java_version}-amazon-corretto-devel \
+     && dnf install -y java-${java_version}-amazon-corretto-devel \
      && dnf install -y langpacks-en glibc-all-langpacks \
      && groupadd -g ${gid} ${group} \
      && useradd -u ${uid} -g ${group} -m -s /bin/sh ${user} \
-     && yum clean all -y \
+     && dnf clean all -y \
      && rm -rf /var/cache/yum
 
 
 
-FROM base as build
+FROM base AS build
 
 ARG maven_version=3.9.6
-ENV MAVEN_OPTS -Xms512M -Xmx1024M -Xss1M -XX:MaxPermSize=128M -Djava.awt.headless=true
+ARG java_compiler=11
+ENV MAVEN_OPTS -Xms512M -Xmx1024M -Xss1M -Djava.awt.headless=true
 ENV MAVEN_HOME /opt/maven
 
 RUN curl -L -o /tmp/maven.tar.gz https://dlcdn.apache.org/maven/maven-3/${maven_version}/binaries/apache-maven-${maven_version}-bin.tar.gz \
@@ -41,7 +41,8 @@ RUN chown -R ${user}:${group} /opt/emissary \
 
 USER ${user}
 WORKDIR /opt/emissary
-RUN --mount=type=cache,uid=${uid},gid=${gid},target=/home/${user}/.m2 mvn -B -e -ntp "-Dstyle.color=always" clean verify -Pdist
+RUN --mount=type=cache,uid=${uid},gid=${gid},target=/home/${user}/.m2 \
+    mvn -V -B -e -ntp "-Dstyle.color=always" -Dmaven.compiler.release=${java_compiler} clean verify -Pdist
 
 
 

pom.xml

@@ -1574,41 +1574,6 @@
         <directory>${project.basedir}/target-idea</directory>
       </build>
     </profile>
-    <profile>
-      <id>docker</id>
-      <build>
-        <plugins>
-          <plugin>
-            <groupId>org.codehaus.mojo</groupId>
-            <artifactId>exec-maven-plugin</artifactId>
-            <version>3.1.0</version>
-            <executions>
-              <execution>
-                <id>docker-build</id>
-                <goals>
-                  <goal>exec</goal>
-                </goals>
-                <phase>install</phase>
-                <configuration>
-                  <executable>docker</executable>
-                  <workingDirectory>${project.basedir}</workingDirectory>
-                  <arguments>
-                    <argument>build</argument>
-                    <argument>-f</argument>
-                    <argument>contrib/docker/Dockerfile</argument>
-                    <argument>-t</argument>
-                    <argument>${project.artifactId}:${project.version}</argument>
-                    <argument>-t</argument>
-                    <argument>${project.artifactId}:latest</argument>
-                    <argument>.</argument>
-                  </arguments>
-                </configuration>
-              </execution>
-            </executions>
-          </plugin>
-        </plugins>
-      </build>
-    </profile>
     <profile>
       <id>jdk-release-flag</id>
       <activation>