Merge pull request #2641 from mercedes-benz/feature-2384-switch-to-te…

…murin Feature 2384 switch to Temurin Java
mercedes-benz · Nov 3, 2023 · e0d9cd7 · e0d9cd7
2 parents fe871ae + 4d3c7b6
commit e0d9cd7
Show file tree

Hide file tree

Showing 46 changed files with 72 additions and 25 deletions.
diff --git a/.github/workflows/release-client-server-pds.yml b/.github/workflows/release-client-server-pds.yml
@@ -31,7 +31,7 @@ permissions:
 
 env:
   ACTIONS_BASE_IMAGE_ALPINE: alpine:3.17
-  ACTIONS_BASE_IMAGE_DEBIAN: debian:testing-slim
+  ACTIONS_BASE_IMAGE_DEBIAN: debian:12-slim
   ACTIONS_SECHUB_REGISTRY: ghcr.io/mercedes-benz/sechub
   ACTIONS_HELM_REGISTRY: "oci://ghcr.io/mercedes-benz/sechub/helm-charts"
 

diff --git a/sechub-pds-solutions/checkmarx/docker/Checkmarx-Debian.dockerfile b/sechub-pds-solutions/checkmarx/docker/Checkmarx-Debian.dockerfile
@@ -12,7 +12,7 @@ ARG BUILD_TYPE
 ARG CHECKMARX_WRAPPER_VERSION=1.1.0
 
 # The base image of the builder
-ARG BUILDER_BASE_IMAGE="debian:testing-slim"
+ARG BUILDER_BASE_IMAGE="debian:12-slim"
 
 # Artifact folder
 ARG ARTIFACT_FOLDER="/artifacts"

diff --git a/sechub-pds-solutions/findsecuritybugs/docker/FindSecurityBugs-Debian.dockerfile b/sechub-pds-solutions/findsecuritybugs/docker/FindSecurityBugs-Debian.dockerfile
@@ -24,7 +24,7 @@ USER root
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
     apt-get --assume-yes upgrade  && \
-    apt-get --assume-yes install dos2unix unzip wget openjdk-17-jre-headless libxml2-utils && \
+    apt-get --assume-yes install dos2unix unzip wget libxml2-utils && \
     apt-get --assume-yes clean
 
 # Install FindSecurityBugs

diff --git a/sechub-pds-solutions/owaspzap/docker/Owasp-Zap-Debian.dockerfile b/sechub-pds-solutions/owaspzap/docker/Owasp-Zap-Debian.dockerfile
@@ -34,7 +34,7 @@ COPY pds-config.json "$PDS_FOLDER/pds-config.json"
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
     apt-get upgrade --assume-yes && \
-    apt-get install --assume-yes openjdk-17-jre firefox-esr wget && \
+    apt-get install --assume-yes firefox-esr wget && \
     apt-get clean
 
 # Install ZAP

diff --git a/sechub-pds-solutions/pds-base/10-create-image.sh b/sechub-pds-solutions/pds-base/10-create-image.sh
@@ -6,9 +6,11 @@ VERSION="$2"
 PDS_VERSION="$3"
 BASE_IMAGE="$4"  # optional
 BUILD_TYPE="$5" # optional
-DEFAULT_BASE_IMAGE="debian:testing-slim"
+DEFAULT_BASE_IMAGE="debian:12-slim"
 DEFAULT_BUILD_TYPE="download"
 
+cd `dirname $0`
+
 usage() {
   cat - <<EOF
 usage: $0 <docker registry> <version tag> <pds version>
@@ -59,6 +61,9 @@ echo ">> Build type: $BUILD_TYPE"
 BUILD_ARGS+=" --build-arg PDS_VERSION=$PDS_VERSION"
 echo ">> SecHub PDS release version: $PDS_VERSION"
 
+echo "Copying install-java scripts into the docker directory"
+cp --recursive --force ../../sechub-solutions-shared/install-java/ docker/
+
 # Use Docker BuildKit
 # nesessary for switching between build stages
 export BUILDKIT_PROGRESS=plain

diff --git a/sechub-pds-solutions/pds-base/docker/.gitignore b/sechub-pds-solutions/pds-base/docker/.gitignore
@@ -0,0 +1,3 @@
+# install-java/ is copied by the build scripts from ../../../sechub-solutions-shared/
+# so we exclude it here from git
+install-java/
diff --git a/sechub-pds-solutions/pds-base/docker/PDS-Debian.dockerfile b/sechub-pds-solutions/pds-base/docker/PDS-Debian.dockerfile
@@ -12,6 +12,8 @@ ARG PDS_VERSION
 ARG BUILD_TYPE
 ARG GO="go1.20.4.linux-amd64.tar.gz"
 
+# possible values: temurin, openj9, openjdk
+ARG JAVA_DISTRIBUTION="temurin"
 # possible values: 17
 ARG JAVA_VERSION="17"
 
@@ -42,7 +44,7 @@ RUN mkdir --parent "$PDS_ARTIFACT_FOLDER" "$DOWNLOAD_FOLDER"
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
     apt-get upgrade --assume-yes --quiet && \
-    apt-get install --quiet --assume-yes wget w3m git "openjdk-$JAVA_VERSION-jdk-headless" && \
+    apt-get install --quiet --assume-yes wget w3m git && \
     apt-get clean
 
 # Install Go
@@ -60,6 +62,12 @@ RUN cd "$DOWNLOAD_FOLDER" && \
     # remove go tar.gz
     rm "$GO"
 
+COPY --chmod=755 install-java/debian "$DOWNLOAD_FOLDER/install-java/"
+
+# Install Java
+RUN cd "$DOWNLOAD_FOLDER/install-java/" && \
+    ./install-java.sh "$JAVA_DISTRIBUTION" "$JAVA_VERSION" jdk
+
 # Copy clone script
 COPY --chmod=755 clone.sh "$BUILD_FOLDER/clone.sh"
 
@@ -134,8 +142,9 @@ LABEL org.opencontainers.image.title="SecHub PDS Base Image"
 LABEL org.opencontainers.image.description="The base image for the SecHub Product Delegation Server (PDS)"
 LABEL maintainer="SecHub FOSS Team"
 
-ARG PDS_ARTIFACT_FOLDER
+ARG JAVA_DISTRIBUTION
 ARG JAVA_VERSION
+ARG PDS_ARTIFACT_FOLDER
 ARG PDS_VERSION
 
 # env vars in container
@@ -169,9 +178,15 @@ COPY --from=builder "$PDS_ARTIFACT_FOLDER" "$PDS_FOLDER"
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
     apt-get upgrade --assume-yes --quiet && \
-    apt-get install --assume-yes --quiet "openjdk-$JAVA_VERSION-jre-headless" tree && \
+    apt-get install --assume-yes --quiet tree && \
     apt-get clean
 
+COPY --chmod=755 install-java/debian "$DOWNLOAD_FOLDER/install-java/"
+
+# Install Java
+RUN cd "$DOWNLOAD_FOLDER/install-java/" && \
+    ./install-java.sh "$JAVA_DISTRIBUTION" "$JAVA_VERSION" jre
+
 # Copy run script into the container
 COPY run.sh /run.sh
 

diff --git a/sechub-pds-solutions/pds-base/env b/sechub-pds-solutions/pds-base/env
@@ -1,5 +1,5 @@
 # Base Image
-BASE_IMAGE=debian:testing-slim
+BASE_IMAGE=debian:12-slim
 
 # Resource limits
 MEMORY_LIMIT=300M

diff --git a/sechub-pds-solutions/pmd/docker-compose_pds_pmd.yaml b/sechub-pds-solutions/pmd/docker-compose_pds_pmd.yaml
@@ -5,7 +5,7 @@ services:
     pds-pmd:
         build:
             args:
-                - BASE_IMAGE=debian:testing-slim
+                - BASE_IMAGE=debian:12-slim
             context: docker/
             dockerfile: PMD-Debian.dockerfile
         container_name: pds-pmd

diff --git a/sechub-pds-solutions/pmd/docker-compose_pds_pmd_cluster.yaml b/sechub-pds-solutions/pmd/docker-compose_pds_pmd_cluster.yaml
@@ -5,7 +5,7 @@ services:
   pds-pmd:
     build:
       args:
-        - BASE_IMAGE=debian:testing-slim
+        - BASE_IMAGE=debian:12-slim
       context: docker/
       dockerfile: PMD-Debian.dockerfile
     env_file:

diff --git a/sechub-pds-solutions/pmd/docker-compose_pds_pmd_cluster_object_storage.yaml b/sechub-pds-solutions/pmd/docker-compose_pds_pmd_cluster_object_storage.yaml
@@ -5,7 +5,7 @@ services:
     pds-pmd:
         build:
             args:
-                - BASE_IMAGE=debian:testing-slim
+                - BASE_IMAGE=debian:12-slim
             context: docker/
             dockerfile: PMD-Debian.dockerfile
         env_file:

diff --git a/sechub-pds-solutions/pmd/docker-compose_pds_pmd_external-network.yaml b/sechub-pds-solutions/pmd/docker-compose_pds_pmd_external-network.yaml
@@ -5,7 +5,7 @@ services:
     pds-pmd:
         build:
             args:
-                - BASE_IMAGE=debian:testing-slim
+                - BASE_IMAGE=debian:12-slim
             context: docker/
             dockerfile: PMD-Debian.dockerfile
         container_name: pds-pmd

diff --git a/sechub-solution/01-start-single-docker-compose-alpine.sh b/sechub-solution/01-start-single-docker-compose-alpine.sh
@@ -11,6 +11,9 @@ source ../sechub-solutions-shared/scripts/9999-env-file-helper.sh
 setup_environment_file ".env" "env"
 setup_environment_file "$ENVIRONMENT_FILE" "env-sechub"
 
+echo "Copying install-java scripts into the docker directory"
+cp --recursive --force ../sechub-solutions-shared/install-java/ docker/
+
 # Use Docker BuildKit
 export BUILDKIT_PROGRESS=plain
 export DOCKER_BUILDKIT=1

diff --git a/sechub-solution/01-start-single-docker-compose-fedora.sh b/sechub-solution/01-start-single-docker-compose-fedora.sh
@@ -11,6 +11,9 @@ source ../sechub-solutions-shared/scripts/9999-env-file-helper.sh
 setup_environment_file ".env" "env"
 setup_environment_file "$ENVIRONMENT_FILE" "env-sechub"
 
+echo "Copying install-java scripts into the docker directory"
+cp --recursive --force ../sechub-solutions-shared/install-java/ docker/
+
 # Use Docker BuildKit
 export BUILDKIT_PROGRESS=plain
 export DOCKER_BUILDKIT=1

diff --git a/sechub-solution/01-start-single-docker-compose-rocky.sh b/sechub-solution/01-start-single-docker-compose-rocky.sh
@@ -11,6 +11,9 @@ source ../sechub-solutions-shared/scripts/9999-env-file-helper.sh
 setup_environment_file ".env" "env"
 setup_environment_file "$ENVIRONMENT_FILE" "env-sechub"
 
+echo "Copying install-java scripts into the docker directory"
+cp --recursive --force ../sechub-solutions-shared/install-java/ docker/
+
 # Use Docker BuildKit
 export BUILDKIT_PROGRESS=plain
 export DOCKER_BUILDKIT=1

diff --git a/sechub-solution/01-start-single-docker-compose-ubuntu.sh b/sechub-solution/01-start-single-docker-compose-ubuntu.sh
@@ -11,6 +11,9 @@ source ../sechub-solutions-shared/scripts/9999-env-file-helper.sh
 setup_environment_file ".env" "env"
 setup_environment_file "$ENVIRONMENT_FILE" "env-sechub"
 
+echo "Copying install-java scripts into the docker directory"
+cp --recursive --force ../sechub-solutions-shared/install-java/ docker/
+
 # Use Docker BuildKit
 export BUILDKIT_PROGRESS=plain
 export DOCKER_BUILDKIT=1

diff --git a/sechub-solution/01-start-single-docker-compose.sh b/sechub-solution/01-start-single-docker-compose.sh
@@ -14,6 +14,9 @@ source ../sechub-solutions-shared/scripts/9999-env-file-helper.sh
 setup_environment_file ".env" "env"
 setup_environment_file "$ENVIRONMENT_FILE" "env-sechub"
 
+echo "Copying install-java scripts into the docker directory"
+cp --recursive --force ../sechub-solutions-shared/install-java/ docker/
+
 # Use Docker BuildKit
 export BUILDKIT_PROGRESS=plain
 export DOCKER_BUILDKIT=1

diff --git a/sechub-solution/10-create-image-alpine.sh b/sechub-solution/10-create-image-alpine.sh
@@ -87,6 +87,9 @@ if [ -n "$SECHUB_SERVER_VERSION" ] ; then
   echo "  from released version: v${SECHUB_SERVER_VERSION}-server"
 fi
 
+echo "Copying install-java scripts into the docker directory"
+cp --recursive --force ../sechub-solutions-shared/install-java/ docker/
+
 # Docker BuildKit settings
 export BUILDKIT_PROGRESS=plain
 export DOCKER_BUILDKIT=1

diff --git a/sechub-solution/10-create-image-debian.sh b/sechub-solution/10-create-image-debian.sh
@@ -55,6 +55,9 @@ Building SecHub server image
   based on image: $BASE_IMAGE
 EOF
 
+echo "Copying install-java scripts into the docker directory"
+cp --recursive --force ../sechub-solutions-shared/install-java/ docker/
+
 # Docker BuildKit settings
 export BUILDKIT_PROGRESS=plain
 export DOCKER_BUILDKIT=1

diff --git a/sechub-solution/docker-compose_sechub-debian.yaml b/sechub-solution/docker-compose_sechub-debian.yaml
@@ -5,7 +5,7 @@ services:
   sechub:
     build:
       args:
-        - BASE_IMAGE=debian:testing-slim
+        - BASE_IMAGE=debian:12-slim
         - BUILD_TYPE=${BUILD_TYPE}
         - JAVA_DISTRIBUTION=${JAVA_DISTRIBUTION}
         - JAVA_VERSION=${JAVA_VERSION}

diff --git a/sechub-solution/docker-compose_sechub_cluster.yaml b/sechub-solution/docker-compose_sechub_cluster.yaml
@@ -5,7 +5,7 @@ services:
   sechub:
     build:
       args:
-        - BASE_IMAGE=debian:testing-slim
+        - BASE_IMAGE=debian:12-slim
         - BUILD_TYPE=${BUILD_TYPE}
         - JAVA_DISTRIBUTION=${JAVA_DISTRIBUTION}
         - JAVA_VERSION=${JAVA_VERSION}

diff --git a/sechub-solution/docker-compose_sechub_cluster_object_storage.yaml b/sechub-solution/docker-compose_sechub_cluster_object_storage.yaml
@@ -5,7 +5,7 @@ services:
   sechub:
     build:
       args:
-        - BASE_IMAGE=debian:testing-slim
+        - BASE_IMAGE=debian:12-slim
         - BUILD_TYPE=${BUILD_TYPE}
         - JAVA_DISTRIBUTION=${JAVA_DISTRIBUTION}
         - JAVA_VERSION=${JAVA_VERSION}

diff --git a/sechub-solution/docker-compose_sechub_cluster_object_storage_resource_limits.yaml b/sechub-solution/docker-compose_sechub_cluster_object_storage_resource_limits.yaml
@@ -5,7 +5,7 @@ services:
   sechub:
     build:
       args:
-        - BASE_IMAGE=debian:testing-slim
+        - BASE_IMAGE=debian:12-slim
         - BUILD_TYPE=${BUILD_TYPE}
         - JAVA_DISTRIBUTION=${JAVA_DISTRIBUTION}
         - JAVA_VERSION=${JAVA_VERSION}

diff --git a/sechub-solution/docker-compose_sechub_cluster_resource_limits.yaml b/sechub-solution/docker-compose_sechub_cluster_resource_limits.yaml
@@ -5,7 +5,7 @@ services:
   sechub:
     build:
       args:
-        - BASE_IMAGE=debian:testing-slim
+        - BASE_IMAGE=debian:12-slim
         - BUILD_TYPE=${BUILD_TYPE}
         - JAVA_DISTRIBUTION=${JAVA_DISTRIBUTION}
         - JAVA_VERSION=${JAVA_VERSION}

diff --git a/sechub-solution/docker-compose_sechub_resource_limits-debian.yaml b/sechub-solution/docker-compose_sechub_resource_limits-debian.yaml
@@ -5,7 +5,7 @@ services:
   sechub:
     build:
       args:
-        - BASE_IMAGE=debian:testing-slim
+        - BASE_IMAGE=debian:12-slim
         - BUILD_TYPE=${BUILD_TYPE}
         - JAVA_DISTRIBUTION=${JAVA_DISTRIBUTION}
         - JAVA_VERSION=${JAVA_VERSION}

diff --git a/sechub-solution/docker/.gitignore b/sechub-solution/docker/.gitignore
@@ -0,0 +1,3 @@
+# install-java/ is copied by the build scripts from ../../sechub-solutions-shared/
+# so we exclude it here from git
+install-java/
diff --git a/sechub-solution/docker/SecHub-Alpine.dockerfile b/sechub-solution/docker/SecHub-Alpine.dockerfile
@@ -15,7 +15,7 @@ ARG TAG=""
 ARG BRANCH=""
 
 # possible values: temurin, openj9, openjdk
-ARG JAVA_DISTRIBUTION="openjdk"
+ARG JAVA_DISTRIBUTION="temurin"
 
 # possible values: 17
 ARG JAVA_VERSION="17"

diff --git a/sechub-solution/docker/SecHub-Debian.dockerfile b/sechub-solution/docker/SecHub-Debian.dockerfile
@@ -22,7 +22,7 @@ ARG BRANCH=""
 ARG GO="go1.20.4.linux-${TARGETARCH}.tar.gz"
 
 # possible values: temurin, openj9, openjdk
-ARG JAVA_DISTRIBUTION="openjdk"
+ARG JAVA_DISTRIBUTION="temurin"
 # possible values: 17
 ARG JAVA_VERSION="17"
 

diff --git a/sechub-solution/docker/SecHub-Fedora.dockerfile b/sechub-solution/docker/SecHub-Fedora.dockerfile
@@ -8,7 +8,7 @@
 ARG BASE_IMAGE
 
 # Inject the target architecture
-# For more information: 
+# For more information:
 # - https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
 ARG TARGETARCH
 
@@ -20,7 +20,7 @@ ARG TAG=""
 ARG BRANCH=""
 
 # possible values: temurin, openj9, openjdk
-ARG JAVA_DISTRIBUTION="openjdk"
+ARG JAVA_DISTRIBUTION="temurin"
 # possible values: 17
 ARG JAVA_VERSION="17"
 

diff --git a/sechub-solution/docker/SecHub-Rocky.dockerfile b/sechub-solution/docker/SecHub-Rocky.dockerfile
@@ -22,7 +22,7 @@ ARG BRANCH=""
 ARG GO="go1.20.4.linux-${TARGETARCH}.tar.gz"
 
 # possible values: temurin, openj9, openjdk
-ARG JAVA_DISTRIBUTION="openjdk"
+ARG JAVA_DISTRIBUTION="temurin"
 # possible values: 17
 ARG JAVA_VERSION="17"
 

diff --git a/sechub-solution/env b/sechub-solution/env
@@ -16,7 +16,7 @@ SECHUB_VERSION="1.2.0"
 GO="go1.20.4.linux-amd64.tar.gz"
 
 # possible values: temurin, openj9, openjdk
-JAVA_DISTRIBUTION="openjdk"
+JAVA_DISTRIBUTION="temurin"
 
 # Which Java version to use
 # Not all Java versions are available

diff --git a/...ocker/install-java/alpine/install-java.sh → ...hared/install-java/alpine/install-java.sh b/...ocker/install-java/alpine/install-java.sh → ...hared/install-java/alpine/install-java.sh
diff --git a/...er/install-java/alpine/install-openjdk.sh → ...ed/install-java/alpine/install-openjdk.sh b/...er/install-java/alpine/install-openjdk.sh → ...ed/install-java/alpine/install-openjdk.sh
diff --git a/...er/install-java/alpine/install-temurin.sh → ...ed/install-java/alpine/install-temurin.sh b/...er/install-java/alpine/install-temurin.sh → ...ed/install-java/alpine/install-temurin.sh
diff --git a/...ocker/install-java/debian/install-java.sh → ...hared/install-java/debian/install-java.sh b/...ocker/install-java/debian/install-java.sh → ...hared/install-java/debian/install-java.sh
diff --git a/...ker/install-java/debian/install-openj9.sh → ...red/install-java/debian/install-openj9.sh b/...ker/install-java/debian/install-openj9.sh → ...red/install-java/debian/install-openj9.sh
diff --git a/...er/install-java/debian/install-openjdk.sh → ...ed/install-java/debian/install-openjdk.sh b/...er/install-java/debian/install-openjdk.sh → ...ed/install-java/debian/install-openjdk.sh
diff --git a/...er/install-java/debian/install-temurin.sh → ...ed/install-java/debian/install-temurin.sh b/...er/install-java/debian/install-temurin.sh → ...ed/install-java/debian/install-temurin.sh
diff --git a/...ocker/install-java/fedora/install-java.sh → ...hared/install-java/fedora/install-java.sh b/...ocker/install-java/fedora/install-java.sh → ...hared/install-java/fedora/install-java.sh
diff --git a/...ker/install-java/fedora/install-openj9.sh → ...red/install-java/fedora/install-openj9.sh b/...ker/install-java/fedora/install-openj9.sh → ...red/install-java/fedora/install-openj9.sh
diff --git a/...er/install-java/fedora/install-openjdk.sh → ...ed/install-java/fedora/install-openjdk.sh b/...er/install-java/fedora/install-openjdk.sh → ...ed/install-java/fedora/install-openjdk.sh
diff --git a/...er/install-java/fedora/install-temurin.sh → ...ed/install-java/fedora/install-temurin.sh b/...er/install-java/fedora/install-temurin.sh → ...ed/install-java/fedora/install-temurin.sh
diff --git a/...docker/install-java/rocky/install-java.sh → ...shared/install-java/rocky/install-java.sh b/...docker/install-java/rocky/install-java.sh → ...shared/install-java/rocky/install-java.sh
diff --git a/...cker/install-java/rocky/install-openj9.sh → ...ared/install-java/rocky/install-openj9.sh b/...cker/install-java/rocky/install-openj9.sh → ...ared/install-java/rocky/install-openj9.sh
diff --git a/...ker/install-java/rocky/install-openjdk.sh → ...red/install-java/rocky/install-openjdk.sh b/...ker/install-java/rocky/install-openjdk.sh → ...red/install-java/rocky/install-openjdk.sh
diff --git a/...ker/install-java/rocky/install-temurin.sh → ...red/install-java/rocky/install-temurin.sh b/...ker/install-java/rocky/install-temurin.sh → ...red/install-java/rocky/install-temurin.sh