Improvements to Docker file

.dockerignore

@@ -10,13 +10,10 @@ Dockerfile
 
 build
 !build/docker
-distribution
-!distribution/target/distribution-base
 documentation
-i18n
-plugins
-starter
-xmppserver
+
+# Any intermediate build stuff.
+**/target
 
 # Deeper stuff
 **/.DS_Store
@@ -25,4 +22,9 @@ xmppserver
 **/.idea
 **/.project
 **/.settings
-**/*.iml
+**/*.iml
+**/*.class
+
+# Make sure mvn stuff is present though.
+!.mvn/wrapper
+!.mvn/wrapper/maven-wrapper.properties

.github/workflows/continuous-integration-workflow.yml

@@ -139,14 +139,21 @@ jobs:
     runs-on: ubuntu-latest
     outputs:
       is_publishable_branch: ${{ steps.check-branch.outputs.is_publishable_branch }}
+      branch_tag: ${{ steps.check-branch.outputs.branch_tag }}
     steps:
       - name: check branch ${{ github.ref }} is either main or a version number
         id: check-branch
         run: |
-          if [[ ${{ github.ref }} == 'refs/heads/main' || ${{ github.ref }} =~ refs\/heads\/[0-9]+\.[0-9]+ ]]; then            
-            echo "is_publishable_branch=true" >> $GITHUB_OUTPUT
+          if [[ ${{ github.ref }} == 'refs/heads/main' ]]; then
+            echo "is_publishable_branch=true" >> "${GITHUB_OUTPUT}"
+            echo "branch_tag=latest" >> "${GITHUB_OUTPUT}"
+          elif [[ ]${{ github.ref }} =~ refs\/heads\/[0-9]+\.[0-9]+ ]]; then            
+            echo "is_publishable_branch=true" >> "${GITHUB_OUTPUT}"
+            echo -n "branch_tag=" >> "${GITHUB_OUTPUT}"
+            sed -e '!refs/heads/!!' >> "${GITHUB_OUTPUT}"
           else
-            echo "is_publishable_branch=false" >> $GITHUB_OUTPUT
+            echo "is_publishable_branch=false" >> "${GITHUB_OUTPUT}"
+            echo "branch_tag=rando" >> "${GITHUB_OUTPUT}"
           fi
 
   connectivity:
@@ -230,6 +237,18 @@ jobs:
               - '.github/workflows/continuous-integration-workflow.yml'
               - 'xmppserver/pom.xml'
 
+  docker:
+    name: Build (and maybe push) Docker image
+    needs:
+      - check_branch
+    runs-on: ubuntu-latest
+    steps: # could log into docker hub here, so we can push the image.
+      - name: Build docker image
+        uses: docker/build-push-action@v6
+        with:
+          push: false ## ${{ needs.check_branch.output.is_publishable_branch == 'true' }}
+          tags: openfire:${{ needs.check_branch.outputs.branch_tag }}
+
   sqlserver:
     name: Test SQL Server Upgrades
     needs: [build, should-do-database-upgrade-tests, check_branch]

Dockerfile

@@ -1,19 +1,67 @@
-FROM openjdk:11-jre
+# This stage extracts all the pom.xml files.
+# It'll get rebuilt with any source change, but that's OK.
+# It doesn't matter what image we're using, really, so we may as well use one of the same images as elsewhere.
+FROM eclipse-temurin:17-jre AS poms
+WORKDIR /usr/src
+COPY . .
+# Wipe any files not called pom.xml or *.jar
+RUN find . -type f -and \! -name pom.xml -and \! -name '*.jar' -delete
+# Clear up any (now) empty diretories
+RUN find . -type d -empty -delete
+
+# Now we build:
+FROM eclipse-temurin:17 AS build
+WORKDIR /tmp/
+RUN mkdir /tmp/m2_home
+ENV M2_HOME=/tmp/m2_home
+WORKDIR /usr/src
+COPY mvnw ./
+RUN chmod +x mvnw
+RUN mkdir -p .mvn
+COPY .mvn/wrapper .mvn/wrapper
+
+# First, copy in just the pom.xml files and fetch the dependencies:
+COPY --from=poms /usr/src/ .
+RUN ./mvnw -e -B help:evaluate -Dexpression=project.modules -Doutput=/tmp/projects.xml
+RUN cat /tmp/projects.xml| grep '<string>' | sed -e 's/^.*string>\(.*\)<\/string.*$/\1/g' >/tmp/projects.txt
+RUN ./mvnw -pl plugins -e -B help:evaluate -Dexpression=project.modules -Doutput=/tmp/projects.xml
+RUN cat /tmp/projects.xml| grep '<string>' | sed -e 's/^.*string>\(.*\)<\/string.*$/plugins\/\1/g' >>/tmp/projects.txt
+RUN for project in $(cat /tmp/projects.txt); do ./mvnw -pl $project  -e -B dependency:go-offline; done
+RUN ./mvnw -e -B dependency:go-offline
+# Above here is only affected by the pom.xml files, so the cache is stable.
+
+# Now, copy in all the source, and actually build it, skipping the tests.
+COPY . .
+RUN ./mvnw -e -B package -Dmaven.test.skip
+
+# Might as well create the user in a different stage if only to eliminate
+# the ugly && chaining and increase parallelization
+FROM eclipse-temurin:17-jre AS skeleton-runtime
 
 ENV OPENFIRE_USER=openfire \
     OPENFIRE_DIR=/usr/local/openfire \
     OPENFIRE_DATA_DIR=/var/lib/openfire \
     OPENFIRE_LOG_DIR=/var/log/openfire
 
-RUN apt-get update -qq \
-    && apt-get install -yqq sudo \
-    && adduser --disabled-password --quiet --system --home $OPENFIRE_DATA_DIR --gecos "Openfire XMPP server" --group $OPENFIRE_USER \
-    && rm -rf /var/lib/apt/lists/*
+RUN apt-get update -qq
+RUN apt-get install -yyq adduser
+RUN adduser --disabled-password --quiet --system --home $OPENFIRE_DATA_DIR --gecos "Openfire XMPP server" --group $OPENFIRE_USER
+
+# Final stage, build the runtime container:
+FROM eclipse-temurin:17-jre AS runtime
 
-COPY ./build/docker/entrypoint.sh /sbin/entrypoint.sh
-RUN chmod 755 /sbin/entrypoint.sh
+RUN apt-get update -qq
+RUN apt-get install -yyq sudo
+
+ENV OPENFIRE_USER=openfire \
+    OPENFIRE_DIR=/usr/local/openfire \
+    OPENFIRE_DATA_DIR=/var/lib/openfire \
+    OPENFIRE_LOG_DIR=/var/log/openfire
 
-COPY --chown=openfire:openfire ./distribution/target/distribution-base /usr/local/openfire
+COPY --from=skeleton-runtime /etc/passwd /etc/shadow /etc/group /etc/
+COPY --chown=openfire::openfire --from=skeleton-runtime $OPENFIRE_DATA_DIR $OPENFIRE_DATA_DIR
+COPY --chmod=0755 --from=build /usr/src/build/docker/entrypoint.sh /sbin/entrypoint.sh
+COPY --chown=openfire:openfire --from=build /usr/src/distribution/target/distribution-base /usr/local/openfire
 RUN mv ${OPENFIRE_DIR}/conf ${OPENFIRE_DIR}/conf_org \
     && mv ${OPENFIRE_DIR}/plugins ${OPENFIRE_DIR}/plugins_org \
     && mv ${OPENFIRE_DIR}/resources/security ${OPENFIRE_DIR}/resources/security_org
@@ -23,4 +71,5 @@ WORKDIR /usr/local/openfire
 
 EXPOSE 3478 3479 5005 5222 5223 5229 5262 5263 5275 5276 7070 7443 7777 9090 9091
 VOLUME ["${OPENFIRE_DATA_DIR}"]
+VOLUME ["${OPENFIRE_LOG_DIR}"]
 ENTRYPOINT [ "/sbin/entrypoint.sh" ]