[#182563382] - Change e2e container to not run as root (#16)

* [#182563382] - Change e2e container to not run as root

* [#182563382] - Delete settings.xml from docker image and configure surefire reports directory

ci/build-docker-e2e-image

@@ -25,7 +25,6 @@ mkdir -p ${docker_context_dir}
 cp -rp \
   e2e-tests/pom.xml \
   e2e-tests/src \
-  ci/e2e-tests/e2e-exec-pom.xml \
   .mvn \
   mvnw \
   ${docker_context_dir}

ci/e2e-tests/Dockerfile

@@ -26,6 +26,9 @@ RUN ./mvnw -P -dnastack -B -Presolve-dependencies initialize
 RUN ./mvnw -P -dnastack -B de.qaware.maven:go-offline-maven-plugin:resolve-dependencies
 RUN ./mvnw -P -dnastack -B versions:set -DnewVersion=${APP_VERSION}
 
+# Delete settings*.xml files that contain GitHub credentials
+RUN rm /root/.m2/settings*.xml
+
 # Now add sources, which will bust the cache.
 ADD target/src ./src
 
@@ -35,7 +38,7 @@ ADD target/src ./src
 #     org.apache.maven.artifact.resolver.MultipleArtifactsNotFoundException: Missing:
 # then update the version number of surefire-junit4 in pom.xml under the
 # dynamicDependencies section of go-offline-maven-plugin configuration.
-RUN ./mvnw -P -dnastack -B -o package
+RUN ./mvnw -P -dnastack -B -o process-test-classes
 
 
 ##
@@ -45,18 +48,32 @@ RUN ./mvnw -P -dnastack -B -o package
 # This stage uses a JRE rather than JDK because it doesn't have to build anything; it just runs the fat jar
 # produced by the previous stage.
 FROM amazoncorretto:17-alpine
+
 ARG APP_NAME
 ARG APP_VERSION
 
-ADD target/e2e-exec-pom.xml /pom.xml
-ADD target/.mvn /.mvn
-ADD target/mvnw /
-COPY --from=0 /build/target/wes-service-e2e-tests-*.jar /e2e-tests.jar
-RUN ./mvnw -B de.qaware.maven:go-offline-maven-plugin:resolve-dependencies
+# Create a non-root user
+RUN adduser -D -h /home/testuser testuser
+
+USER root
+RUN mkdir /target && chown testuser /target
+
+# Copy required files from build stage into image
+COPY --from=build --chown=testuser /build/target/ /home/testuser/target
+COPY --from=build --chown=testuser /root/.m2/ /home/testuser/.m2/
+COPY --chown=testuser target/pom.xml /home/testuser/pom.xml
+COPY --chown=testuser target/.mvn /home/testuser/.mvn
+COPY --chown=testuser target/mvnw /home/testuser
+
+USER testuser
+
+WORKDIR /home/testuser
+
+ENV E2E_SCREENSHOT_DIR /target
 
 # If the container has a memory limit, that limit (in bytes) is present in a file under /sys/fs/cgroup
 # In Linux 5.10.76, the value comes from memory.max.
 # If the container doesn't have a set memory limit, the file contains "max", hence we fall back to a default value of 2GiB
 # In Linux 5.4.129, the value comes from memory/memory.limit_in_bytes
 # If the container doesn't have a set memory limit, the file will be blank, hence we fall back to a default value of 2Gib
-ENTRYPOINT ["./mvnw", "-B", "-o", "test"]
+ENTRYPOINT ["./mvnw", "-B", "-o", "-DreportsDirectory=/target/surefire-reports", "test"]

e2e-tests/pom.xml

@@ -17,6 +17,7 @@
         <maven.compiler.target>${java.version}</maven.compiler.target>
         <maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
         <maven-surefire-plugin.version>3.0.0-M5</maven-surefire-plugin.version>
+        <reportsDirectory/>
         <junit.version>5.8.2</junit.version>
         <restassured.version>4.5.1</restassured.version>
         <slf4j.version>2.0.1</slf4j.version>
@@ -172,75 +173,19 @@
                     </compilerArgs>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-shade-plugin</artifactId>
-                <version>3.2.4</version>
-                <executions>
-                    <execution>
-                        <phase>package</phase>
-                        <goals>
-                            <goal>shade</goal>
-                        </goals>
-                        <configuration>
-                            <filters>
-                                <filter>
-                                    <!-- filter out signature files from signed dependencies, else repackaging fails with security ex -->
-                                    <artifact>*:*</artifact>
-                                    <excludes>
-                                        <exclude>META-INF/*.SF</exclude>
-                                        <exclude>META-INF/*.DSA</exclude>
-                                        <exclude>META-INF/*.RSA</exclude>
-                                    </excludes>
-                                </filter>
-                            </filters>
-                        </configuration>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>build-helper-maven-plugin</artifactId>
-                <version>1.9.1</version>
-                <executions>
-                    <!-- This ensures our compiled tests land in the fat jar -->
-                    <execution>
-                        <id>add-source</id>
-                        <phase>generate-sources</phase>
-                        <goals>
-                            <goal>add-source</goal>
-                        </goals>
-                        <configuration>
-                            <sources>
-                                <source>${project.basedir}/src/test/java/</source>
-                            </sources>
-                        </configuration>
-                    </execution>
-                    <!-- This ensures that the resources files also land in the fat jar (for example, simplelogger.properties)  -->
-                    <execution>
-                        <id>add-resource</id>
-                        <phase>generate-resources</phase>
-                        <goals>
-                            <goal>add-resource</goal>
-                        </goals>
-                        <configuration>
-                            <resources>
-                                <resource>
-                                    <directory>${project.basedir}/src/test/resources</directory>
-                                </resource>
-                            </resources>
-                        </configuration>
-                    </execution>
-                </executions>
-            </plugin>
+
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
                 <version>${maven-surefire-plugin.version}</version>
                 <configuration>
-                    <skipTests>true</skipTests>
+                    <reportsDirectory>${reportsDirectory}</reportsDirectory>
+                    <dependenciesToScan>
+                        <dependency>com.dnastack:actuator-e2e-test</dependency>
+                    </dependenciesToScan>
                 </configuration>
             </plugin>
+
             <plugin>
                 <groupId>de.qaware.maven</groupId>
                 <artifactId>go-offline-maven-plugin</artifactId>