Skip to content

Replace cimg base image with ubuntu:latest #95

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sarahchen6 merged 15 commits into from
May 22, 2025
Merged

Replace cimg base image with ubuntu:latest #95

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
c9cf4e8
Replace cimg base image with ubuntu:24.04
sarahchen6 May 13, 2025
de584c0
Clean a few lines
sarahchen6 May 14, 2025
066b8b8
Change run commands to heredoc formatting
sarahchen6 May 14, 2025
685c31a
Update to 8u451
sarahchen6 May 14, 2025
b9cdb74
Add non-root user
sarahchen6 May 15, 2025
d89a8a4
Add locale variables
sarahchen6 May 15, 2025
c2651ab
Change to ubuntu:latest and clean up
sarahchen6 May 16, 2025
71b1d02
Add missing clean
sarahchen6 May 16, 2025
fc4238c
Update non-root-group
sarahchen6 May 16, 2025
0bb9f22
Add dependencies
sarahchen6 May 16, 2025
f89444d
Adjust non-root-group folder permissions
sarahchen6 May 16, 2025
39156b9
Fix non-root-ser
sarahchen6 May 19, 2025
dd57309
Re-order installation
sarahchen6 May 19, 2025
727afce
Add missing packages and change WORKDIR setting order
sarahchen6 May 20, 2025
cfe0938
Add lsof
sarahchen6 May 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 1 addition & 3 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,7 @@ on:
branches:
- master
schedule:
# Tuesday at 10. One day after the CircleCI scheduled upddate
# See: https://github.com/CircleCI-Public/cimg-base/blob/main/.circleci/schedule.json
- cron: '0 10 * * 2'
- cron: '0 0 * * 0'
workflow_dispatch:

jobs:
Expand Down
119 changes: 92 additions & 27 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,47 @@ ARG LATEST_VERSION
FROM eclipse-temurin:${LATEST_VERSION}-jdk-noble AS temurin-latest

# Intermediate image used to prune cruft from JDKs and squash them all.
FROM cimg/base:current-22.04 AS all-jdk
FROM ubuntu:24.04 AS all-jdk
ARG LATEST_VERSION

RUN <<-EOT
set -eux
apt-get update
apt-get install -y sudo
groupadd --gid 1001 non-root-group
useradd --uid 1001 --gid non-root-group -m non-root-user
echo "non-root-user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/non-root-user
chmod 0440 /etc/sudoers.d/non-root-user
mkdir -p /home/non-root-user/.config
chown -R non-root-user:non-root-group /home/non-root-user/.config
apt-get clean
rm -rf /var/lib/apt/lists/*
EOT

USER non-root-user
WORKDIR /home/non-root-user

RUN <<-EOT
set -eux
sudo apt-get update
sudo apt-get install -y curl tar apt-transport-https ca-certificates gnupg locales jq git gh yq lsb-release lsof
sudo locale-gen en_US.UTF-8
sudo git config --system --add safe.directory "*"

sudo mkdir -p /tmp/docker-install
sudo curl -fsSL "https://download.docker.com/linux/static/stable/$(uname -m)/docker-24.0.7.tgz" | sudo tar -xz -C /tmp/docker-install
sudo mv /tmp/docker-install/docker/docker /usr/local/bin/
sudo rm -rf /tmp/docker-install
sudo mkdir -p /usr/local/lib/docker/cli-plugins
sudo curl -fsSL "https://github.com/docker/compose/releases/download/v2.24.6/docker-compose-linux-$(uname -m)" -o /usr/local/lib/docker/cli-plugins/docker-compose
sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-compose

sudo apt-get clean
sudo rm -rf /var/lib/apt/lists/*
EOT

ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'

COPY --from=eclipse-temurin:8-jdk-jammy /opt/java/openjdk /usr/lib/jvm/8
COPY --from=eclipse-temurin:11-jdk-jammy /opt/java/openjdk /usr/lib/jvm/11
COPY --from=eclipse-temurin:17-jdk-jammy /opt/java/openjdk /usr/lib/jvm/17
Expand All @@ -26,23 +64,26 @@ COPY --from=ibm-semeru-runtimes:open-17-jdk-jammy /opt/java/openjdk /usr/lib/jvm
COPY --from=ghcr.io/graalvm/native-image-community:17-ol9 /usr/lib64/graalvm/graalvm-community-java17 /usr/lib/jvm/graalvm17
COPY --from=ghcr.io/graalvm/native-image-community:21-ol9 /usr/lib64/graalvm/graalvm-community-java21 /usr/lib/jvm/graalvm21

RUN sudo apt-get -y update && sudo apt-get -y install curl
# See: https://gist.github.com/wavezhang/ba8425f24a968ec9b2a8619d7c2d86a6
RUN <<-EOT
set -eux
sudo mkdir -p /usr/lib/jvm/oracle8
curl -L --fail "https://javadl.oracle.com/webapps/download/AutoDL?BundleId=246284_165374ff4ea84ef0bbd821706e29b123" | sudo tar -xvzf - -C /usr/lib/jvm/oracle8 --strip-components 1
sudo curl -L --fail "https://javadl.oracle.com/webapps/download/AutoDL?BundleId=252034_8a1589aa0fe24566b4337beee47c2d29" | sudo tar -xvzf - -C /usr/lib/jvm/oracle8 --strip-components 1
EOT

# Install Ubuntu's OpenJDK 17 and fix broken symlinks:
# some files in /usr/lib/jvm/ubuntu17 are symlinks to /etc/java-17-openjdk/, so we just copy all symlinks targets.
RUN <<-EOT
set -eux
sudo apt-get install openjdk-17-jdk
sudo apt-get update
sudo apt-get install -y openjdk-17-jdk
sudo mv /usr/lib/jvm/java-17-openjdk-amd64 /usr/lib/jvm/ubuntu17
sudo mkdir -p /usr/lib/jvm/ubuntu17/conf/ /usr/lib/jvm/ubuntu17/lib/
sudo cp -rf --remove-destination /etc/java-17-openjdk/* /usr/lib/jvm/ubuntu17/conf/
sudo cp -rf --remove-destination /etc/java-17-openjdk/* /usr/lib/jvm/ubuntu17/lib/
sudo cp -f --remove-destination /etc/java-17-openjdk/jvm-amd64.cfg /usr/lib/jvm/ubuntu17/lib/
sudo apt-get clean
sudo rm -rf /var/lib/apt/lists/*
EOT

# Remove cruft from JDKs that is not used in the build process.
Expand All @@ -65,28 +106,52 @@ COPY --from=all-jdk /usr/lib/jvm/21 /usr/lib/jvm/21
COPY --from=all-jdk /usr/lib/jvm/${LATEST_VERSION} /usr/lib/jvm/${LATEST_VERSION}

# Base image with minimum requirements to build the project.
# Based on CircleCI Base Image with Ubuntu 22.04.3 LTS, present in most runners.
FROM cimg/base:current-22.04 AS base
# Based on the latest Ubuntu LTS image.
FROM ubuntu:24.04 AS base
ARG LATEST_VERSION
ENV LATEST_VERSION=${LATEST_VERSION}

# https://docs.github.com/en/packages/learn-github-packages/connecting-a-repository-to-a-package
LABEL org.opencontainers.image.source=https://github.com/DataDog/dd-trace-java-docker-build

# Replace Docker Compose and yq versions by latest and remove docker-switch from CircleCI Base Image for security purposes.
RUN <<-EOT
set -eu
dockerPluginDir=/usr/local/lib/docker/cli-plugins
sudo curl -sSL "https://github.com/docker/compose/releases/latest/download/docker-compose-linux-$(uname -m)" -o $dockerPluginDir/docker-compose
sudo chmod +x $dockerPluginDir/docker-compose
sudo sudo update-alternatives --remove docker-compose /usr/local/bin/compose-switch
sudo rm -f /usr/local/bin/compose-switch
sudo rm /usr/local/bin/{install-man-page.sh,yq*}
curl -sSL "https://github.com/mikefarah/yq/releases/latest/download/yq_linux_$(dpkg --print-architecture).tar.gz" | sudo tar -xz -C /usr/local/bin --wildcards --no-anchored 'yq_linux_*'
sudo mv /usr/local/bin/yq{_linux_*,}
sudo chown root:root /usr/local/bin/yq
set -eux
apt-get update
apt-get install -y sudo
groupadd --gid 1001 non-root-group
useradd --uid 1001 --gid non-root-group -m non-root-user
echo "non-root-user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/non-root-user
chmod 0440 /etc/sudoers.d/non-root-user
mkdir -p /home/non-root-user/.config
chown -R non-root-user:non-root-group /home/non-root-user/.config
apt-get clean
rm -rf /var/lib/apt/lists/*
EOT

USER non-root-user
WORKDIR /home/non-root-user

RUN <<-EOT
set -eux
sudo apt-get update
sudo apt-get install -y curl tar apt-transport-https ca-certificates gnupg socat less debian-goodies autossh ca-certificates-java python3-pip locales jq git gh yq lsb-release lsof
sudo locale-gen en_US.UTF-8
sudo git config --system --add safe.directory "*"

sudo mkdir -p /tmp/docker-install
sudo curl -fsSL "https://download.docker.com/linux/static/stable/$(uname -m)/docker-24.0.7.tgz" | sudo tar -xz -C /tmp/docker-install
sudo mv /tmp/docker-install/docker/docker /usr/local/bin/
sudo rm -rf /tmp/docker-install
sudo mkdir -p /usr/local/lib/docker/cli-plugins
sudo curl -fsSL "https://github.com/docker/compose/releases/download/v2.24.6/docker-compose-linux-$(uname -m)" -o /usr/local/lib/docker/cli-plugins/docker-compose
sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-compose

sudo apt-get clean
sudo rm -rf /var/lib/apt/lists/*
EOT

ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'

COPY --from=default-jdk /usr/lib/jvm /usr/lib/jvm

COPY autoforward.py /usr/local/bin/autoforward
Expand All @@ -98,19 +163,13 @@ COPY autoforward.py /usr/local/bin/autoforward
RUN <<-EOT
set -eux
sudo apt-get update
sudo apt-get install --no-install-recommends apt-transport-https socat
sudo apt-get install --no-install-recommends vim less debian-goodies
sudo apt-get install --no-install-recommends autossh
sudo apt-get install ca-certificates-java
sudo apt install python3-pip
sudo apt-get -y clean
sudo rm -rf /var/lib/apt/lists/*
pip3 install awscli
pip3 install requests requests-unixsocket2
pip3 cache purge
sudo pip3 install --break-system-packages awscli requests requests-unixsocket2
sudo pip3 cache purge
sudo chmod +x /usr/local/bin/autoforward
sudo curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
sudo chmod +x /usr/local/bin/datadog-ci
sudo apt-get clean
sudo rm -rf /var/lib/apt/lists/*
EOT

# IBM specific env variables
Expand All @@ -134,13 +193,19 @@ FROM base AS variant
ARG VARIANT_LOWER
ARG VARIANT_UPPER

USER non-root-user
WORKDIR /home/non-root-user

COPY --from=all-jdk /usr/lib/jvm/${VARIANT_LOWER} /usr/lib/jvm/${VARIANT_LOWER}
ENV JAVA_${VARIANT_UPPER}_HOME=/usr/lib/jvm/${VARIANT_LOWER}
ENV JAVA_${VARIANT_LOWER}_HOME=/usr/lib/jvm/${VARIANT_LOWER}

# Full image for debugging, contains all JDKs.
FROM base AS full

USER non-root-user
WORKDIR /home/non-root-user

COPY --from=all-jdk /usr/lib/jvm/7 /usr/lib/jvm/7
COPY --from=all-jdk /usr/lib/jvm/zulu8 /usr/lib/jvm/zulu8
COPY --from=all-jdk /usr/lib/jvm/zulu11 /usr/lib/jvm/zulu11
Expand Down