Dockerize Admin API Application

[Suraj-kumar00]

📋 Description

JIRA ID:

This PR introduces Docker support for the Admin API application, enabling consistent and containerized builds.
This PR resolves issue PSMRI/AMRIT#59

---

✅ Type of Change

• 🐞 Bug fix (non-breaking change which resolves an issue)
• ✨ New feature (non-breaking change which adds functionality)
• 🔥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
• 🛠 Refactor (change that is neither a fix nor a new feature)
• ⚙️ Config change (configuration file or build script updates)
• 📚 Documentation (updates to docs or readme)
• 🧪 Tests (adding new or updating existing tests)
• 🎨 UI/UX (changes that affect the user interface)
• 🚀 Performance (improves performance)
• 🧹 Chore (miscellaneous changes that don't modify src or test files)

---

ℹ️ Additional Information

Summary by CodeRabbit

• New Features

  • Added a Dockerfile for building and running the application in a containerized environment.
  • Introduced a new environment-specific configuration file for Docker deployments.

• Chores

  • Updated .gitignore to exclude .env files.
  • Added Maven plugin configuration for packaging the application.

• Style

  • Removed a trailing newline from an environment properties file.

[coderabbitai]

Walkthrough

A multi-stage Dockerfile was added to build and run a Java application using Maven and Eclipse Temurin JDK images. The .gitignore was updated to exclude .env files. The Maven pom.xml was updated to include the spring-boot-maven-plugin for packaging. A new Docker-specific properties file was introduced, and a minor formatting change was made to an existing properties file.

Changes

File(s)	Change Summary
Dockerfile	Added a multi-stage build for Java app with Maven and Eclipse Temurin images.
.gitignore	Added .env to ignored files under a new "environment" section.
pom.xml	Added spring-boot-maven-plugin with repackage goal to plugins.
src/main/environment/admin_docker.properties	Added new Docker-specific environment properties file with parameterized values.
src/main/environment/admin_ci.properties	Removed trailing newline; no content changes.

Sequence Diagram(s)

sequenceDiagram
    participant Developer
    participant Docker Build (Maven)
    participant Docker Runtime (JRE)
    participant Java App

    Developer->>Docker Build (Maven): Build Docker image
    Docker Build (Maven)->>Docker Build (Maven): Copy source, run Maven package
    Docker Build (Maven)->>Docker Runtime (JRE): Copy WAR file
    Docker Runtime (JRE)->>Java App: Start app with java -jar app.war

Loading

Poem

In Docker’s embrace, our app now sails,
With Maven’s magic, it never fails.
New configs for Docker, secrets kept tight,
.env now hidden, out of sight.
Spring Boot repackaged, ready to run—
A rabbit’s work here is never done! 🐇

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

Dockerfile (4)

1-7: Optimize build layers & ensure tests run in CI.

• Use a .dockerignore (e.g., to exclude target/, .git/, IDE files) to minimize the build context.
• Separate dependency download into its own layer to leverage caching:

 WORKDIR /app
-COPY . .
-RUN mvn clean package -DskipTests -Dgit.skip=true
+COPY pom.xml mvnw* ./
+RUN mvn dependency:go-offline -B
+COPY src ./src
+RUN mvn clean package -DskipTests -Dgit.skip=true

• Note: skipping tests (-DskipTests) speeds up image builds but may mask regressions. Ensure your CI pipeline runs the full test suite.

---

12-13: Review removal of default Tomcat applications.

Deleting everything under webapps/* also removes management and monitoring apps (e.g., manager, host-manager). If you only intend to clear the ROOT context, narrow the command:

-RUN rm -rf /usr/local/tomcat/webapps/*
+RUN rm -rf /usr/local/tomcat/webapps/ROOT

---

16-16: Avoid hardcoding the WAR filename & enhance flexibility.

Locking to adminapi-v3.0.0.war will break on version bumps. Switch to a wildcard or ARG:

- COPY --from=build /app/target/adminapi-v3.0.0.war /usr/local/tomcat/webapps/ROOT.war
+ ARG WAR_FILE=adminapi-*.war
+ COPY --from=build /app/target/${WAR_FILE} /usr/local/tomcat/webapps/ROOT.war

---

18-21: Enhance container security & observability.

• Run Tomcat as a non-root user (e.g., USER tomcat) to reduce attack surface.
• Add a HEALTHCHECK so orchestrators can detect unhealthy instances:

HEALTHCHECK --interval=30s --timeout=5s \
  CMD curl -f http://localhost:8080/ || exit 1

• Optionally declare VOLUME /usr/local/tomcat/logs to persist logs outside the container.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0bf8de9 and 26b46bf.

📒 Files selected for processing (1)

• Dockerfile (1 hunks)

[drtechie]

Looks fine mostly.
We haven't had tomcat in the stack before.

Are you able to hit the API and see logs?
Does /swagger-ui.html work?

[drtechie]

Please package this for CI profile

[Suraj-kumar00]

noted.

[Suraj-kumar00]

Looks fine mostly. We haven't had tomcat in the stack before.

Are you able to hit the API and see logs? Does /swagger-ui.html work?

Oh so, I mean I have researched about it and found .war files are designed to be deployed on a servlet container like Tomcat, Jetty, or WildFly.

So if we don't want the tomcat stack. we can do this:

We can build a .jar instead of .war
In pom.xml, change:

<packaging>jar</packaging>

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

Dockerfile (1)

9-10: Ensure CI Maven profile is used
As previously requested, consider defining a dedicated ci profile in pom.xml or adding -Pci to your mvn invocation to separate Docker-specific settings from CI builds.

🧹 Nitpick comments (5)

Dockerfile (5)

1-3: Optimize dependency caching by splitting COPY steps
To leverage Docker layer caching, copy only the pom.xml first and run dependency resolution before copying the full source. This avoids redownloading all dependencies on every code change.

-FROM maven:3.9.6-eclipse-temurin-17 AS build
+FROM maven:3.9.6-eclipse-temurin-17 AS build

 WORKDIR /app
-COPY . .
+COPY pom.xml ./
+RUN --mount=type=cache,target=/root/.m2 mvn dependency:go-offline -DskipTests
+COPY . .

---

4-7: Add a .dockerignore to reduce build context
By introducing a .dockerignore (excluding target/, .git/, IDE files, etc.), you can dramatically shrink the build context and speed up Docker builds.

---

8-11: Require BuildKit for cache mounts
The --mount=type=cache syntax relies on Docker BuildKit. Please document (e.g., export DOCKER_BUILDKIT=1) in your README or CI config to avoid unexplained build failures in non-BuildKit environments.

---

12-14: Consider using a slimmer base image
You can further reduce runtime image size by switching to a distroless or Alpine-based JRE, such as gcr.io/distroless/java17-debian11 or similar minimal images.

---

20-22: Enhance container health and operation
Consider adding:

1. A HEALTHCHECK instruction (e.g., curl --fail http://localhost:8080/actuator/health || exit 1).
2. Using CMD instead of ENTRYPOINT if you need to override at runtime.
3. Running the process as a non-root user for better security.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8cef98f and 9f38ba2.

⛔ Files ignored due to path filters (2)

• logs/admin-api.log.json.2025-05-05.gz is excluded by !**/*.gz
• logs/admin-api.log.json.2025-05-06.gz is excluded by !**/*.gz

📒 Files selected for processing (4)

• Dockerfile (1 hunks)
• pom.xml (1 hunks)
• src/main/environment/admin_ci.properties (1 hunks)
• src/main/environment/admin_docker.properties (1 hunks)

✅ Files skipped from review due to trivial changes (3)

• pom.xml
• src/main/environment/admin_ci.properties
• src/main/environment/admin_docker.properties

🔇 Additional comments (1)

Dockerfile (1)

15-19: Verify executable WAR packaging and specify artifact name
Running java -jar app.war only works if the WAR is built as an executable (embedded servlet) via the Spring Boot plugin. Confirm your pom.xml packaging (jar vs war) and plugin settings. Also avoid wildcards by copying the explicit filename:

COPY --from=build /app/target/${project.artifactId}-${project.version}.war app.war

[sonarqubecloud]

Quality Gate failed

Failed conditions
E Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE