Skip to content

Commit

Permalink
deps: alpine 3.19.1 (#85)
Browse files Browse the repository at this point in the history
also fixes the test job so that it doesn't cache layers when it shouldn't due to differing build args.

Signed-off-by: Adrian Cole <[email protected]>
  • Loading branch information
codefromthecrypt authored and Adrian Cole committed Feb 7, 2024
1 parent 6099b0a commit a21b2c0
Show file tree
Hide file tree
Showing 6 changed files with 34 additions and 29 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ name: deploy
# See https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
on:
push:
tags: '[0-9]+.[0-9]+.[0-9]+**' # Ex. 8.272.10 or 21.0.1_p12
tags: '[0-9]+.[0-9]+.[0-9]+**' # Ex. 8.272.10 or 17.0.10_p7

jobs:
deploy:
Expand Down
19 changes: 13 additions & 6 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,24 +7,31 @@ on:
# We run tests on non-tagged pushes to master that aren't a commit made by the release plugin
push:
tags: ''
branches: master
branches: JDK17
paths-ignore: '**/*.md'
# We also run tests on pull requests targeted at the master branch.
pull_request:
branches: master
branches: JDK17
paths-ignore: '**/*.md'

jobs:
test:
name: test (${{ matrix.name }})
runs-on: ubuntu-22.04 # newest available distribution, aka jellyfish
strategy:
fail-fast: false # don't fail fast as some failures are LTS specific
matrix: # match with maven-enforcer-plugin rules in pom.xml
include:
- name: build-arg
version: 17.0.10_p7
- name: implicit
version: master
steps:
- name: Checkout Repository
uses: actions/checkout@v4
with:
fetch-depth: 1 # only needed to get the sha label
# We can't cache Docker without using buildx because GH actions restricts /var/lib/docker
# That's ok because DOCKER_PARENT_IMAGE is always ghcr.io and local anyway.
- name: Test LTS JDK
run: build-bin/configure_test && build-bin/test 21.0.1_p12
- name: Test latest JDK
run: build-bin/configure_test && build-bin/test
- name: Test
run: build-bin/configure_test && build-bin/test ${{ matrix.version }}
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
# docker_parent_image is the base layer of full and jre image
#
# Use latest version here: https://github.com/orgs/openzipkin/packages/container/package/alpine
ARG docker_parent_image=ghcr.io/openzipkin/alpine:3.19.0
ARG docker_parent_image=ghcr.io/openzipkin/alpine:3.19.1

# java_version and java_home are hard-coded here to allow the following:
# * `docker build https://github.com/openzipkin/docker-java.git`
Expand All @@ -17,7 +17,7 @@ ARG docker_parent_image=ghcr.io/openzipkin/alpine:3.19.0
# When updating, also update the README
# * Use current version from https://pkgs.alpinelinux.org/packages?name=openjdk17, stripping
# the `-rX` at the end.
ARG java_version=17.0.9_p8
ARG java_version=17.0.10_p7
ARG java_home=/usr/lib/jvm/java-17-openjdk

# We copy files from the context into a scratch container first to avoid a problem where docker and
Expand Down
28 changes: 14 additions & 14 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

GitHub Container Registry: [ghcr.io/openzipkin/java](https://github.com/orgs/openzipkin/packages/container/package/java) includes:
* `master` tag: latest commit
* `MAJOR.MINOR.PATCH` tag: release corresponding to a [Current OpenJDK Version](https://pkgs.alpinelinux.org/packages?name=openjdk21)
* `MAJOR.MINOR.PATCH` tag: release corresponding to a [Current OpenJDK Version](https://pkgs.alpinelinux.org/packages?name=openjdk17)

Tags ending in `-jre` include only a JRE where unqualified tags include the full JDK, Maven, and a
few build utilities.
Expand All @@ -15,10 +15,10 @@ This is an internal base layer primarily used in [zipkin](https://github.com/ope

To try the image, run the `java -version` command:
```bash
docker run --rm ghcr.io/openzipkin/java:17.0.9_p8 -version
openjdk version "17.0.9" 2023-10-17
OpenJDK Runtime Environment (build 17.0.9+8-alpine-r0)
OpenJDK 64-Bit Server VM (build 17.0.9+8-alpine-r0, mixed mode, sharing)
$ docker run --rm ghcr.io/openzipkin/java:17.0.10_p7 -version
openjdk version "17.0.10" 2024-01-16
OpenJDK Runtime Environment (build 17.0.10+7-alpine-r0)
OpenJDK 64-Bit Server VM (build 17.0.10+7-alpine-r0, mixed mode, sharing)
```

## Release process
Expand All @@ -37,21 +37,21 @@ before continuing. Notably, this avoids missing CVE fixes by mistake.

Build the [Dockerfile](Dockerfile) using the current version without the
revision classifier from here:
* https://pkgs.alpinelinux.org/packages?name=openjdk21
* https://pkgs.alpinelinux.org/packages?name=openjdk17
```bash
# Note 17.0.9_p8 not 17.0.9_p8-r0!
./build-bin/build 17.0.9_p8
# Note 17.0.10_p7 not 17.0.10_p7-r0!
./build-bin/build 17.0.10_p7
```

Next, verify the built image matches that version:
```bash
docker run --rm openzipkin/java:test -version
openjdk version "17.0.9" 2023-10-17
OpenJDK Runtime Environment (build 17.0.9+8-alpine-r0)
OpenJDK 64-Bit Server VM (build 17.0.9+8-alpine-r0, mixed mode, sharing)
$ docker run --rm openzipkin/java:test -version
openjdk version "17.0.10" 2024-01-16
OpenJDK Runtime Environment (build 17.0.10+7-alpine-r0)
OpenJDK 64-Bit Server VM (build 17.0.10+7-alpine-r0, mixed mode, sharing)
```

To release the image, push a tag matching the arg to `build-bin/build` (ex `17.0.9_p8`).
To release the image, push a tag matching the arg to `build-bin/build` (ex `17.0.10_p7`).
This triggers a [GitHub Actions](https://github.com/openzipkin/docker-java/actions) job to push the image.

## java.lang.ClassNotFoundException
Expand Down Expand Up @@ -81,7 +81,7 @@ This builds JDK and JRE images over our [Alpine Linux](https://github.com/openzi
base layer. If you have any platform CVEs that relate to the Alpine version, check there first and
cut a new version as necessary.

Specifically, this adds [Alpine's OpenJDK](https://pkgs.alpinelinux.org/packages?name=openjdk21)
Specifically, this adds [Alpine's OpenJDK](https://pkgs.alpinelinux.org/packages?name=openjdk17)
package as well as Maven (to reduce image layers). If there is a concern about CVEs, check to see if
there is a newer JDK available and release it.

Expand Down
4 changes: 2 additions & 2 deletions build-bin/docker/docker_args
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ if [ -n "${DOCKER_TARGET}" ]; then
fi

# When non-empty, becomes the base layer including tag appropriate for the image being built.
# e.g. ghcr.io/openzipkin/java:21.0.1_p12-jre
# e.g. ghcr.io/openzipkin/java:17.0.10_p7-jre
#
# This is not required to be a base (FROM scratch) image like ghcr.io/openzipkin/alpine:3.12.3
# See https://docs.docker.com/glossary/#parent-image
Expand All @@ -60,7 +60,7 @@ if [ -n "${ALPINE_VERSION}" ]; then
docker_args="${docker_args} --build-arg alpine_version=${ALPINE_VERSION}"
fi

# When non-empty, becomes the build-arg java_version. e.g. "21.0.1_p12"
# When non-empty, becomes the build-arg java_version. e.g. "17.0.10_p7"
# Used to align base layers from https://github.com/orgs/openzipkin/packages/container/package/java
if [ -n "${JAVA_VERSION}" ]; then
docker_args="${docker_args} --build-arg java_version=${JAVA_VERSION}"
Expand Down
6 changes: 2 additions & 4 deletions install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,7 @@
# the License.

# Install OS packages that support most software we build
# * openjdk21-jdk: smaller than openjdk21, which includes docs and demos
# * openjdk21-jmods: needed for module support
# * openjdk17-jdk: smaller than openjdk17, which includes docs and demos
# * binutils: needed for some node modules and jlink --strip-debug
# * tar: BusyBox built-in tar doesn't support --strip=1
# * wget: BusyBox built-in wget doesn't support --tries=3
Expand All @@ -32,8 +31,7 @@ maven_version=${2?maven_version is required. ex 3.9.6}
java_major_version=$(echo ${java_version}| cut -f1 -d .)
package=openjdk${java_major_version}

apk --no-cache add \
${package}-jmods=~${java_version} ${package}-jdk=~${java_version} binutils tar wget
apk --no-cache add ${package}-jdk=~${java_version} binutils tar wget

# Typically, only amd64 is tested in CI: Run commands that ensure binaries match current arch.
if ! java -version || ! jar --version || ! jlink --version; then maybe_log_crash; fi
Expand Down

0 comments on commit a21b2c0

Please sign in to comment.