diff --git a/Dockerfile b/Dockerfile
index 3f0ce20457c99e0ee18c15593507194b70c5876a..7a9c4c6c3912c00331339562714765c72017c03b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,6 +4,8 @@
FROM node:12.20.1-alpine as frontend
+ARG MB_EDITION=oss
+
WORKDIR /app/source
ENV FC_LANG en-US LC_CTYPE en_US.UTF-8
@@ -19,6 +21,8 @@ RUN yarn install --frozen-lockfile
# Build currently doesn't work on > Java 11 (i18n utils are busted) so build on 8 until we fix this
FROM adoptopenjdk/openjdk8:alpine as backend
+ARG MB_EDITION=oss
+
WORKDIR /app/source
ENV FC_LANG en-US LC_CTYPE en_US.UTF-8
@@ -44,6 +48,8 @@ RUN lein deps
# Build currently doesn't work on > Java 11 (i18n utils are busted) so build on 8 until we fix this
FROM adoptopenjdk/openjdk8:alpine as builder
+ARG MB_EDITION=oss
+
WORKDIR /app/source
ENV FC_LANG en-US LC_CTYPE en_US.UTF-8
@@ -67,13 +73,6 @@ RUN curl https://download.clojure.org/install/linux-install-1.10.1.708.sh -o /tm
chmod +x /tmp/linux-install-1.10.1.708.sh && \
sh /tmp/linux-install-1.10.1.708.sh
-# import AWS RDS cert into /etc/ssl/certs/java/cacerts
-RUN curl https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem -o rds-combined-ca-bundle.pem && \
- /opt/java/openjdk/bin/keytool -noprompt -import -trustcacerts -alias aws-rds \
- -file rds-combined-ca-bundle.pem \
- -keystore /etc/ssl/certs/java/cacerts \
- -keypass changeit -storepass changeit
-
COPY --from=frontend /app/source/. .
COPY --from=backend /app/source/. .
COPY --from=backend /root/. /root/
@@ -82,7 +81,7 @@ COPY --from=backend /root/. /root/
COPY . .
# build the app
-RUN INTERACTIVE=false bin/build
+RUN INTERACTIVE=false MB_EDITION=$MB_EDITION bin/build
# ###################
# # STAGE 2: runner
@@ -95,7 +94,14 @@ WORKDIR /app
ENV FC_LANG en-US LC_CTYPE en_US.UTF-8
# dependencies
-RUN apk -U upgrade && apk add --no-cache bash ttf-dejavu fontconfig
+RUN apk -U upgrade && \
+ apk add --update --no-cache bash ttf-dejavu fontconfig curl java-cacerts && \
+ mkdir -p /app/certs && \
+ curl https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem -o /app/certs/rds-combined-ca-bundle.pem && \
+ /opt/java/openjdk/bin/keytool -noprompt -import -trustcacerts -alias aws-rds -file /app/certs/rds-combined-ca-bundle.pem -keystore /etc/ssl/certs/java/cacerts -keypass changeit -storepass changeit && \
+ curl https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem -o /app/certs/DigiCertGlobalRootG2.crt.pem && \
+ /opt/java/openjdk/bin/keytool -noprompt -import -trustcacerts -alias azure-cert -file /app/certs/DigiCertGlobalRootG2.crt.pem -keystore /etc/ssl/certs/java/cacerts -keypass changeit -storepass changeit && \
+ mkdir -p /plugins && chmod a+rwx /plugins
# add fixed cacerts
COPY --from=builder /etc/ssl/certs/java/cacerts /opt/java/openjdk/lib/security/cacerts
@@ -105,9 +111,6 @@ RUN mkdir -p bin target/uberjar
COPY --from=builder /app/source/target/uberjar/metabase.jar /app/target/uberjar/
COPY --from=builder /app/source/bin/start /app/bin/
-# create the plugins directory, with writable permissions
-RUN mkdir -p /plugins && chmod a+rwx /plugins
-
# expose our default runtime port
EXPOSE 3000
diff --git a/bin/docker/build_image.sh b/bin/docker/build_image.sh
deleted file mode 100755
index ef5ee94eb44b1d1b65fd80b959fc94ae1854ab83..0000000000000000000000000000000000000000
--- a/bin/docker/build_image.sh
+++ /dev/null
@@ -1,112 +0,0 @@
-#! /usr/bin/env bash
-
-set -e
-
-BASEDIR=$(dirname $0)
-PROJECT_ROOT="$BASEDIR/../.."
-
-DOCKERHUB_NAMESPACE=metabase
-
-if [ ! -z "$MB_EDITION" ] && [ "$MB_EDITION" != ee ] && [ "$MB_EDITION" != oss ]; then
- echo "MB_EDITION must be either 'ee' or 'oss'."
- exit 1
-fi
-
-BUILD_TYPE=$1
-if [ -z $BUILD_TYPE ]; then
- echo "usage: $0 <source|release> <release-name> [--publish]"
- exit 1
-fi
-
-MB_TAG=$2
-if [ -z $MB_TAG ]; then
- echo "usage: $0 <source|release> <release-name> [--publish] [--latest]"
- exit 1
-fi
-
-if [ "$3" == "--publish" ]; then
- PUBLISH="YES"
-fi
-
-if [ "$4" == "--latest" ]; then
- LATEST="YES"
-fi
-
-if [ "$PUBLISH" == "YES" ] && [ -z "$DOCKERHUB_USERNAME" -o -z "$DOCKERHUB_PASSWORD" ]; then
- echo "In order to publish an image to Dockerhub you must set \$DOCKERHUB_USERNAME and \$DOCKERHUB_PASSWORD before running."
- exit 1
-fi
-
-# TODO: verify we have access to docker cmd and minimum version?
-
-
-if [ "$BUILD_TYPE" == "release" ]; then
- if [ "$MB_EDITION" = ee ]; then
- DOCKERHUB_REPO=metabase-enterprise
- else
- DOCKERHUB_REPO=metabase
- fi
-
- DOCKER_IMAGE="${DOCKERHUB_NAMESPACE}/${DOCKERHUB_REPOSITORY}:${MB_TAG}"
-
- echo "Building Docker image ${DOCKER_IMAGE} from official Metabase release ${MB_TAG}"
-
- # download the official version of Metabase which matches our tag
- curl -L -f -o ${BASEDIR}/metabase.jar https://downloads.metabase.com/enterprise/${MB_TAG}/metabase.jar
-
- if [[ $? -ne 0 ]]; then
- echo "Download failed!"
- exit 1
- fi
-else
- DOCKERHUB_REPOSITORY=metabase-head
- DOCKER_IMAGE="${DOCKERHUB_NAMESPACE}/${DOCKERHUB_REPOSITORY}:${MB_TAG}"
-
- echo "Building Docker image ${DOCKER_IMAGE} from local source"
-
- # trigger a full build
- ${PROJECT_ROOT}/bin/build
-
- if [ $? -eq 1 ]; then
- echo "Build failed!"
- exit 1
- fi
-
- # copy our built uberjar so that we can add it to our image
- cp ${PROJECT_ROOT}/target/uberjar/metabase.jar ${BASEDIR}/metabase.jar
-fi
-
-
-# now tell docker to build our image
-# TODO: —-no-cache=true
-docker build -t ${DOCKER_IMAGE} $BASEDIR
-
-# TODO: validate our built docker image
-
-
-if [ "$PUBLISH" == "YES" ]; then
- echo "Publishing image ${DOCKER_IMAGE} to Dockerhub"
-
- # make sure that we are logged into dockerhub
- docker login --username="${DOCKERHUB_USERNAME}" --password="${DOCKERHUB_PASSWORD}"
-
- # push the built image to dockerhub
- docker push ${DOCKER_IMAGE}
-
- # TODO: quick check against dockerhub to see that our new image made it
-
- if [ "$LATEST" == "YES" ]; then
- # tag our recent versioned image as "latest"
- docker tag -f ${DOCKER_IMAGE} ${DOCKERHUB_NAMESPACE}/${DOCKERHUB_REPOSITORY}:latest
-
- # then push it as well
- docker push ${DOCKERHUB_NAMESPACE}/${DOCKERHUB_REPOSITORY}:latest
-
- # TODO: validate push succeeded
- fi
-fi
-
-# TODO: cleanup after ourselves and remove the Metabase binary we downloaded
-rm -f ${BASEDIR}/metabase.jar
-
-echo "Done"