Last time, I posted about building an ACI (Application Container Image) using OS packages, and in particular how I was using this to build a Java base image.
The reason for wanting a Java base image was - of course - to run Java applications. In particular, I wanted to be able to do this direct from Maven, which is (still) the dominant build tool for Java.
Spotify has a pretty good maven plugin for Docker, so I started with that. It was pretty simple to add support for ACI.
With my ACI plugin for maven, building an ACI image requires registering the plugin in the pom.xml, along with configuring the command line, like this. It’s still more work than I would like, but it is very copy-and-pastable.
This was pretty easy to implement. The biggest challenge was creating a library for writing ACIs from Java: appc-java. ACI are not that different from Docker images. One huge difference was that it is possible to build an ACI securely (i.e. without requiring root or running arbitrary code) because ACIs are designed to be buildable without running code. Dockerfiles make for a great demo, but they are very difficult to secure.
It’s also much faster to just write a tarfile than it is to spin up a container!
I’m not sure yet whether I should try to contribute this work back into Spotify’s plugin, or whether I should make this a permanent fork. On the one hand, contributing back is good manners, but on the other ACI feels like something that is genuinely new, with a lot of capabilities that would be much harder to maintain in a Docker plugin. I’m going to keep tinkering and see how it goes!