Skip to content

Commit b5634ed

Browse files
sarahchen6sarahchen6
authored
Merge pull request #95 from DataDog/sarahchen6/change-base-image
Replace cimg base image with ubuntu:latest
2 parents dc4d8e1 + cfe0938 commit b5634ed

File tree

2 files changed

+93
-30
lines changed

2 files changed

+93
-30
lines changed

.github/workflows/ci.yml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,7 @@ on:
77
branches:
88
- master
99
schedule:
10-
# Tuesday at 10. One day after the CircleCI scheduled upddate
11-
# See: https://github.com/CircleCI-Public/cimg-base/blob/main/.circleci/schedule.json
12-
- cron: '0 10 * * 2'
10+
- cron: '0 0 * * 0'
1311
workflow_dispatch:
1412

1513
jobs:

Dockerfile

Lines changed: 92 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,47 @@ ARG LATEST_VERSION
44
FROM eclipse-temurin:${LATEST_VERSION}-jdk-noble AS temurin-latest
55

66
# Intermediate image used to prune cruft from JDKs and squash them all.
7-
FROM cimg/base:current-22.04 AS all-jdk
7+
FROM ubuntu:24.04 AS all-jdk
88
ARG LATEST_VERSION
99

10+
RUN <<-EOT
11+
set -eux
12+
apt-get update
13+
apt-get install -y sudo
14+
groupadd --gid 1001 non-root-group
15+
useradd --uid 1001 --gid non-root-group -m non-root-user
16+
echo "non-root-user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/non-root-user
17+
chmod 0440 /etc/sudoers.d/non-root-user
18+
mkdir -p /home/non-root-user/.config
19+
chown -R non-root-user:non-root-group /home/non-root-user/.config
20+
apt-get clean
21+
rm -rf /var/lib/apt/lists/*
22+
EOT
23+
24+
USER non-root-user
25+
WORKDIR /home/non-root-user
26+
27+
RUN <<-EOT
28+
set -eux
29+
sudo apt-get update
30+
sudo apt-get install -y curl tar apt-transport-https ca-certificates gnupg locales jq git gh yq lsb-release lsof
31+
sudo locale-gen en_US.UTF-8
32+
sudo git config --system --add safe.directory "*"
33+
34+
sudo mkdir -p /tmp/docker-install
35+
sudo curl -fsSL "https://download.docker.com/linux/static/stable/$(uname -m)/docker-24.0.7.tgz" | sudo tar -xz -C /tmp/docker-install
36+
sudo mv /tmp/docker-install/docker/docker /usr/local/bin/
37+
sudo rm -rf /tmp/docker-install
38+
sudo mkdir -p /usr/local/lib/docker/cli-plugins
39+
sudo curl -fsSL "https://github.com/docker/compose/releases/download/v2.24.6/docker-compose-linux-$(uname -m)" -o /usr/local/lib/docker/cli-plugins/docker-compose
40+
sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
41+
42+
sudo apt-get clean
43+
sudo rm -rf /var/lib/apt/lists/*
44+
EOT
45+
46+
ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
47+
1048
COPY --from=eclipse-temurin:8-jdk-jammy /opt/java/openjdk /usr/lib/jvm/8
1149
COPY --from=eclipse-temurin:11-jdk-jammy /opt/java/openjdk /usr/lib/jvm/11
1250
COPY --from=eclipse-temurin:17-jdk-jammy /opt/java/openjdk /usr/lib/jvm/17
@@ -26,23 +64,26 @@ COPY --from=ibm-semeru-runtimes:open-17-jdk-jammy /opt/java/openjdk /usr/lib/jvm
2664
COPY --from=ghcr.io/graalvm/native-image-community:17-ol9 /usr/lib64/graalvm/graalvm-community-java17 /usr/lib/jvm/graalvm17
2765
COPY --from=ghcr.io/graalvm/native-image-community:21-ol9 /usr/lib64/graalvm/graalvm-community-java21 /usr/lib/jvm/graalvm21
2866

29-
RUN sudo apt-get -y update && sudo apt-get -y install curl
3067
# See: https://gist.github.com/wavezhang/ba8425f24a968ec9b2a8619d7c2d86a6
3168
RUN <<-EOT
3269
set -eux
3370
sudo mkdir -p /usr/lib/jvm/oracle8
34-
curl -L --fail "https://javadl.oracle.com/webapps/download/AutoDL?BundleId=246284_165374ff4ea84ef0bbd821706e29b123" | sudo tar -xvzf - -C /usr/lib/jvm/oracle8 --strip-components 1
71+
sudo curl -L --fail "https://javadl.oracle.com/webapps/download/AutoDL?BundleId=252034_8a1589aa0fe24566b4337beee47c2d29" | sudo tar -xvzf - -C /usr/lib/jvm/oracle8 --strip-components 1
3572
EOT
3673

3774
# Install Ubuntu's OpenJDK 17 and fix broken symlinks:
3875
# some files in /usr/lib/jvm/ubuntu17 are symlinks to /etc/java-17-openjdk/, so we just copy all symlinks targets.
3976
RUN <<-EOT
4077
set -eux
41-
sudo apt-get install openjdk-17-jdk
78+
sudo apt-get update
79+
sudo apt-get install -y openjdk-17-jdk
4280
sudo mv /usr/lib/jvm/java-17-openjdk-amd64 /usr/lib/jvm/ubuntu17
81+
sudo mkdir -p /usr/lib/jvm/ubuntu17/conf/ /usr/lib/jvm/ubuntu17/lib/
4382
sudo cp -rf --remove-destination /etc/java-17-openjdk/* /usr/lib/jvm/ubuntu17/conf/
4483
sudo cp -rf --remove-destination /etc/java-17-openjdk/* /usr/lib/jvm/ubuntu17/lib/
4584
sudo cp -f --remove-destination /etc/java-17-openjdk/jvm-amd64.cfg /usr/lib/jvm/ubuntu17/lib/
85+
sudo apt-get clean
86+
sudo rm -rf /var/lib/apt/lists/*
4687
EOT
4788

4889
# Remove cruft from JDKs that is not used in the build process.
@@ -65,28 +106,52 @@ COPY --from=all-jdk /usr/lib/jvm/21 /usr/lib/jvm/21
65106
COPY --from=all-jdk /usr/lib/jvm/${LATEST_VERSION} /usr/lib/jvm/${LATEST_VERSION}
66107

67108
# Base image with minimum requirements to build the project.
68-
# Based on CircleCI Base Image with Ubuntu 22.04.3 LTS, present in most runners.
69-
FROM cimg/base:current-22.04 AS base
109+
# Based on the latest Ubuntu LTS image.
110+
FROM ubuntu:24.04 AS base
70111
ARG LATEST_VERSION
71112
ENV LATEST_VERSION=${LATEST_VERSION}
72113

73114
# https://docs.github.com/en/packages/learn-github-packages/connecting-a-repository-to-a-package
74115
LABEL org.opencontainers.image.source=https://github.com/DataDog/dd-trace-java-docker-build
75116

76-
# Replace Docker Compose and yq versions by latest and remove docker-switch from CircleCI Base Image for security purposes.
77117
RUN <<-EOT
78-
set -eu
79-
dockerPluginDir=/usr/local/lib/docker/cli-plugins
80-
sudo curl -sSL "https://github.com/docker/compose/releases/latest/download/docker-compose-linux-$(uname -m)" -o $dockerPluginDir/docker-compose
81-
sudo chmod +x $dockerPluginDir/docker-compose
82-
sudo sudo update-alternatives --remove docker-compose /usr/local/bin/compose-switch
83-
sudo rm -f /usr/local/bin/compose-switch
84-
sudo rm /usr/local/bin/{install-man-page.sh,yq*}
85-
curl -sSL "https://github.com/mikefarah/yq/releases/latest/download/yq_linux_$(dpkg --print-architecture).tar.gz" | sudo tar -xz -C /usr/local/bin --wildcards --no-anchored 'yq_linux_*'
86-
sudo mv /usr/local/bin/yq{_linux_*,}
87-
sudo chown root:root /usr/local/bin/yq
118+
set -eux
119+
apt-get update
120+
apt-get install -y sudo
121+
groupadd --gid 1001 non-root-group
122+
useradd --uid 1001 --gid non-root-group -m non-root-user
123+
echo "non-root-user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/non-root-user
124+
chmod 0440 /etc/sudoers.d/non-root-user
125+
mkdir -p /home/non-root-user/.config
126+
chown -R non-root-user:non-root-group /home/non-root-user/.config
127+
apt-get clean
128+
rm -rf /var/lib/apt/lists/*
88129
EOT
89130

131+
USER non-root-user
132+
WORKDIR /home/non-root-user
133+
134+
RUN <<-EOT
135+
set -eux
136+
sudo apt-get update
137+
sudo apt-get install -y curl tar apt-transport-https ca-certificates gnupg socat less debian-goodies autossh ca-certificates-java python3-pip locales jq git gh yq lsb-release lsof
138+
sudo locale-gen en_US.UTF-8
139+
sudo git config --system --add safe.directory "*"
140+
141+
sudo mkdir -p /tmp/docker-install
142+
sudo curl -fsSL "https://download.docker.com/linux/static/stable/$(uname -m)/docker-24.0.7.tgz" | sudo tar -xz -C /tmp/docker-install
143+
sudo mv /tmp/docker-install/docker/docker /usr/local/bin/
144+
sudo rm -rf /tmp/docker-install
145+
sudo mkdir -p /usr/local/lib/docker/cli-plugins
146+
sudo curl -fsSL "https://github.com/docker/compose/releases/download/v2.24.6/docker-compose-linux-$(uname -m)" -o /usr/local/lib/docker/cli-plugins/docker-compose
147+
sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
148+
149+
sudo apt-get clean
150+
sudo rm -rf /var/lib/apt/lists/*
151+
EOT
152+
153+
ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
154+
90155
COPY --from=default-jdk /usr/lib/jvm /usr/lib/jvm
91156

92157
COPY autoforward.py /usr/local/bin/autoforward
@@ -98,19 +163,13 @@ COPY autoforward.py /usr/local/bin/autoforward
98163
RUN <<-EOT
99164
set -eux
100165
sudo apt-get update
101-
sudo apt-get install --no-install-recommends apt-transport-https socat
102-
sudo apt-get install --no-install-recommends vim less debian-goodies
103-
sudo apt-get install --no-install-recommends autossh
104-
sudo apt-get install ca-certificates-java
105-
sudo apt install python3-pip
106-
sudo apt-get -y clean
107-
sudo rm -rf /var/lib/apt/lists/*
108-
pip3 install awscli
109-
pip3 install requests requests-unixsocket2
110-
pip3 cache purge
166+
sudo pip3 install --break-system-packages awscli requests requests-unixsocket2
167+
sudo pip3 cache purge
111168
sudo chmod +x /usr/local/bin/autoforward
112169
sudo curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
113170
sudo chmod +x /usr/local/bin/datadog-ci
171+
sudo apt-get clean
172+
sudo rm -rf /var/lib/apt/lists/*
114173
EOT
115174

116175
# IBM specific env variables
@@ -134,13 +193,19 @@ FROM base AS variant
134193
ARG VARIANT_LOWER
135194
ARG VARIANT_UPPER
136195

196+
USER non-root-user
197+
WORKDIR /home/non-root-user
198+
137199
COPY --from=all-jdk /usr/lib/jvm/${VARIANT_LOWER} /usr/lib/jvm/${VARIANT_LOWER}
138200
ENV JAVA_${VARIANT_UPPER}_HOME=/usr/lib/jvm/${VARIANT_LOWER}
139201
ENV JAVA_${VARIANT_LOWER}_HOME=/usr/lib/jvm/${VARIANT_LOWER}
140202

141203
# Full image for debugging, contains all JDKs.
142204
FROM base AS full
143205

206+
USER non-root-user
207+
WORKDIR /home/non-root-user
208+
144209
COPY --from=all-jdk /usr/lib/jvm/7 /usr/lib/jvm/7
145210
COPY --from=all-jdk /usr/lib/jvm/zulu8 /usr/lib/jvm/zulu8
146211
COPY --from=all-jdk /usr/lib/jvm/zulu11 /usr/lib/jvm/zulu11

0 commit comments

Comments
 (0)