diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 64c6076dd151404e1c90838b184432ea1841e853..f1cd4dd97d00a273bdcf0969cb090265aa26a699 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -4,6 +4,8 @@ variables:
NSHMP_HAZ_WS_IMAGE: ${CODE_REGISTRY_IMAGE}/nshmp-haz-ws:${ENVIRONMENT}-${CI_COMMIT_SHORT_SHA}
REPORTS_DIR: build/reports
+image: ${CI_REGISTRY}/devops/images/usgs/java:11
+
# Do not run for merge requests
workflow:
rules:
@@ -70,11 +72,12 @@ default:
##
# Docker in Docker
##
+
.dind:
- image: ${DEVOPS_REGISTRY}docker:19.03-git
+ image: ${CI_REGISTRY}/devops/images/docker:20
services:
- alias: docker
- name: ${DEVOPS_REGISTRY}docker:19.03-dind
+ name: ${CI_REGISTRY}/devops/images/docker:20-dind
variables:
DOCKER_DRIVER: overlay2
@@ -142,22 +145,13 @@ default:
variables:
DOCKERFILE: Dockerfile
DOCKER_BUILD_ARGS: |
- BUILD_IMAGE=${DEVOPS_REGISTRY}usgs/amazoncorretto:11
- FROM_IMAGE=${DEVOPS_REGISTRY}usgs/amazoncorretto:11
+ BUILD_IMAGE=${CI_REGISTRY}/devops/images/usgs/java:11
+ FROM_IMAGE=${CI_REGISTRY}/devops/images/usgs/java:11
IMAGE_TAG: ${ENVIRONMENT}-${CI_COMMIT_SHORT_SHA}
PUSH_DOCKER: 'false'
REGISTRY_IMAGE: ${CI_REGISTRY_IMAGE}
TAG: build
-####
-# Java Templates
-####
-
-##
-# General Java setup
-##
-.java:
- image: ${DEVOPS_REGISTRY}usgs/amazoncorretto:11
####
# Stage: build
@@ -180,8 +174,8 @@ CHS Registry:
TAG: build
variables:
DOCKER_BUILD_ARGS: |
- BUILD_IMAGE=${DEVOPS_REGISTRY}usgs/amazoncorretto:11
- FROM_IMAGE=${DEVOPS_REGISTRY}usgs/amazoncorretto:11
+ BUILD_IMAGE=${CI_REGISTRY}/devops/images/usgs/java:11
+ FROM_IMAGE=${CI_REGISTRY}/devops/images/usgs/java:11
CI_COMMIT_BRANCH=${CI_COMMIT_BRANCH}
CI_PROJECT_URL=${CI_PROJECT_URL}
PUSH_DOCKER: 'true'
@@ -206,15 +200,13 @@ Container Registry:
TAG: nshmp
variables:
DOCKER_BUILD_ARGS: |
- BUILD_IMAGE=${DEVOPS_REGISTRY}usgs/amazoncorretto:11
- FROM_IMAGE=${DEVOPS_REGISTRY}usgs/amazoncorretto:11
+ BUILD_IMAGE=${CI_REGISTRY}/devops/images/usgs/java:11
+ FROM_IMAGE=${CI_REGISTRY}/devops/images/usgs/java:11
CI_COMMIT_BRANCH=${CI_COMMIT_BRANCH}
CI_PROJECT_URL=${CI_PROJECT_URL}
UPSTREAM_PATH: ghsc/nshmp/nshmp-haz
Build Project:
- extends:
- - .java
script:
- ./gradlew assemble
stage: build
@@ -225,8 +217,6 @@ Build Project:
Markdown Lint:
allow_failure: true
- extends:
- - .java
needs: []
script:
- ./gradlew nodeInstall
@@ -240,8 +230,6 @@ NSHM Tests:
reports:
junit: ${JUNIT_FILES}
coverage: '/Total.*?([0-9]{1,3})%/'
- extends:
- - .java
needs: []
parallel:
matrix:
@@ -257,8 +245,6 @@ NSHM Tests:
YAML Lint:
allow_failure: true
- extends:
- - .java
needs: []
script:
- ./gradlew nodeInstall
@@ -272,8 +258,6 @@ Unit Tests:
reports:
junit: ${JUNIT_FILES}
coverage: '/Total.*?([0-9]{1,3})%/'
- extends:
- - .java
needs: []
script:
- ./gradlew check
@@ -292,7 +276,6 @@ Trigger nshmp-haz-ws CDK:
- *staging-env
- *production-env
script:
- - apk add curl
- |
if [ "${ENVIRONMENT}" == 'production' ]; then
REF="production";
diff --git a/Dockerfile b/Dockerfile
index eaaf180b28295cfc72fee3a4bdb79ad86fade06c..35dacdf7c5af1f77f6532a5f49a0fb56619493c6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -19,6 +19,7 @@
#
# docker run \
# --env CLASS_NAME="nshmp-haz class name" \
+# --volume "/path/to/sites:/app/sites.geojson" \
# --volume "/path/to/model:/app/model" \
# --volume "/path/to/output:/app/output" \
# usgs/nshmp-haz:production-latest
@@ -27,8 +28,8 @@
# docker build -t nshmp-haz .
####
-ARG BUILD_IMAGE=usgs/amazoncorretto:11
-ARG FROM_IMAGE=usgs/amazoncorretto:11
+ARG BUILD_IMAGE=code.usgs.gov:5001/devops/images/usgs/java:11
+ARG FROM_IMAGE=code.usgs.gov:5001/devops/images/usgs/java:11
####
# Builder image: Build jar file.
@@ -43,6 +44,8 @@ WORKDIR /app
COPY . .
+USER root
+
RUN ./gradlew assemble
####
@@ -66,10 +69,16 @@ VOLUME [ "${MODEL_PATH}", "${OUTPUT_PATH}" ]
WORKDIR /app
-COPY --from=builder /app/build/libs/nshmp-haz.jar .
-COPY scripts scripts
+USER root
+
+RUN yum install -y jq && \
+ chown -R usgs-user:usgs-user /app
+
+USER usgs-user
+
+COPY --from=builder --chown=usgs-user:usgs-user /app/build/libs/nshmp-haz.jar .
+COPY --chown=usgs-user:usgs-user scripts scripts
-RUN yum install -y jq \
- && echo "{}" > "${CONFIG_FILE}"
+RUN echo "{}" > "${CONFIG_FILE}"
ENTRYPOINT [ "bash", "scripts/docker-entrypoint.sh" ]
diff --git a/docs/pages/Using-Docker.md b/docs/pages/Using-Docker.md
index 501d12566a66914f746aea275f4fb7b739fab7d8..c2c80909099542fea969864855b49e15ebecb643 100644
--- a/docs/pages/Using-Docker.md
+++ b/docs/pages/Using-Docker.md
@@ -84,7 +84,7 @@ docker pull usgs/nshmp-haz:latest
docker run \
--env CLASS_NAME="HazardCalc" \
--volume "$(pwd)/nshm-hawaii:/app/model" \
- --volume "$(pwd)/sites.geojson" \
+ --volume "$(pwd)/sites.geojson:/app/sites.geojson" \
--volume "$(pwd)/hawaii-hazard-output:/app/output" \
usgs/nshmp-haz
```
@@ -107,7 +107,7 @@ docker run \
--env CLASS_NAME="DisaggCalc" \
--env RETURN_PERIOD=475 \
--volume "$(pwd)/nshm-hawaii:/app/model" \
- --volume "$(pwd)/sites.geojson" \
+ --volume "$(pwd)/sites.geojson:/app/sites.geojson" \
--volume "$(pwd)/hawaii-disagg-output:/app/output" \
usgs/nshmp-haz:latest
```
@@ -129,7 +129,7 @@ docker pull usgs/nshmp-haz:latest
docker run \
--env CLASS_NAME="RateCalc" \
--volume "$(pwd)/nshm-hawaii:/app/model" \
- --volume "$(pwd)/sites.geojson" \
+ --volume "$(pwd)/sites.geojson:/app/sites.geojson" \
--volume "$(pwd)/hawaii-rate-output:/app/output" \
usgs/nshmp-haz
```
diff --git a/gradle/app-version.gradle b/gradle/app-version.gradle
index c0f4c3c4c23fa00d78ca1a4d5d4af2e67101f91c..7bf56dc983b77e834ae8abf2b4b2a6cedca32298 100644
--- a/gradle/app-version.gradle
+++ b/gradle/app-version.gradle
@@ -1,11 +1,12 @@
tasks.withType(JavaCompile) {
doFirst {
- try {
- apply plugin: "com.palantir.git-version"
+ apply plugin: "com.palantir.git-version"
+
+ def versionFile = new File("${projectDir}/src/main/resources/version/nshmp-haz-version.json")
+ new File(versionFile.getParent()).mkdirs()
- def versionFile = new File("${projectDir}/src/main/resources/version/nshmp-haz-version.json")
- new File(versionFile.getParent()).mkdirs()
+ try {
def details = versionDetails()
def ciProjectUrl = System.getenv("CI_PROJECT_URL")
def branch = System.getenv("CI_COMMIT_BRANCH")
@@ -23,7 +24,9 @@ tasks.withType(JavaCompile) {
def json = groovy.json.JsonOutput.toJson(versionInfo)
versionFile.write(groovy.json.JsonOutput.prettyPrint(json))
} catch (Exception e) {
- println("Failed to create version file.")
+ println("Failed to create version file. Writing blank file.")
+ println(e)
+ versionFile.write('{}')
}
}
}
diff --git a/ws.Dockerfile b/ws.Dockerfile
index 69a5349a03560334b0405d7dff28a20d098963ac..3a61732e451a3b758fd1b946e4412165512b957a 100644
--- a/ws.Dockerfile
+++ b/ws.Dockerfile
@@ -13,12 +13,12 @@
#
# Run locally:
# docker run -p 8080:8080
-# -v "path/to/models:/models"
+# -v "path/to/model:/app/model"
# nshmp-haz-ws
####
-ARG BUILD_IMAGE=usgs/amazoncorretto:11
-ARG FROM_IMAGE=usgs/amazoncorretto:11
+ARG BUILD_IMAGE=code.usgs.gov:5001/devops/images/usgs/java:11
+ARG FROM_IMAGE=code.usgs.gov:5001/devops/images/usgs/java:11
####
# Builder image: Build jar file.
@@ -35,6 +35,8 @@ WORKDIR /app
COPY . .
+USER root
+
RUN ./gradlew assemble
####
@@ -46,12 +48,20 @@ LABEL maintainer="Peter Powers <pmpowers@usgs.gov>, Brandon Clayton <bclayton@us
ENV CONTEXT_PATH="/"
ENV JAVA_OPTS="-Xms2g -Xmx8g"
-ENV MODELS_DIRECTORY="/model"
+ENV MODELS_DIRECTORY="/app/model"
WORKDIR /app
-COPY --from=builder /app/build/libs/nshmp-haz.jar .
-COPY --from=builder /app/nshms.yml .
+USER root
+
+RUN mkdir /asset-output \
+ && chown -R usgs-user:usgs-user /app \
+ && chown -R usgs-user:usgs-user /asset-output
+
+USER usgs-user
+
+COPY --from=builder --chown=usgs-user:usgs-user /app/build/libs/nshmp-haz.jar .
+COPY --from=builder --chown=usgs-user:usgs-user /app/nshms.yml .
VOLUME [ "${MODELS_DIRECTORY}" ]