From 628d0d9f77fc3bda07617a6ba5815448c6ba8bd7 Mon Sep 17 00:00:00 2001
From: chas galey <chas.galey@sncorp.com>
Date: Wed, 3 Jan 2024 09:33:52 -0700
Subject: [PATCH 1/2] propose migration of docker file to eclipse jdk

---
 Dockerfile | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index e027f83cd..8581c0499 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,9 +1,27 @@
-FROM openjdk:17.0.2-slim as build
+FROM eclipse-temurin:17-ubi9-minimal as build
 COPY . /mms
 WORKDIR /mms
+
+RUN if [ -d "./certs" ]; then \
+        mv certs/*.pem /etc/pki/ca-trust/source/anchors/ ; \
+        /usr/bin/update-ca-trust extract ; \
+        ln -sf /etc/pki/ca-trust/extracted/java/cacerts "$JAVA_HOME/lib/security/cacerts" ; \
+    fi
+
+RUN microdnf install -y findutils
+
 RUN ./gradlew --no-daemon bootJar --warning-mode all
 
 RUN find . -type f -name example-*.jar -not -iname '*javadoc*' -not -iname '*sources*' -exec cp '{}' '/app.jar' ';'
+
+FROM eclipse-temurin:17-ubi9-minimal
+
+WORKDIR /opt/mms
+COPY --from=build /app.jar /opt/mms/app.jar
+COPY --from=build /etc/pki/ca-trust /etc/pki/
+
 ENV JDK_JAVA_OPTIONS "-XX:MaxRAMPercentage=90.0"
-ENTRYPOINT ["java", "--add-opens", "java.base/java.lang=ALL-UNNAMED", "-jar", "/app.jar"]
+ENV USE_SYSTEM_CA_CERTS "true"
+
+CMD ["java", "-Djdk.tls.client.protocols=TLSv1.2,TLSv1.3", "--add-opens", "java.base/java.lang=ALL-UNNAMED", "-jar", "/opt/mms/app.jar"]
 EXPOSE 8080

From 2903cf421b1c3429b39819d62a54751df9b20b5b Mon Sep 17 00:00:00 2001
From: chas galey <chas.galey@sncorp.com>
Date: Wed, 3 Jan 2024 09:34:37 -0700
Subject: [PATCH 2/2] add gitignore changes

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index d9defa701..661bad695 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,7 @@
 application.properties
 localhost-env.json
 .vscode
+certs/
 
 ### STS ###
 .apt_generated