Replace cimg base image with ubuntu:latest

[sarahchen6]

With our transition from CircleCI to Gitlab, we want to replace the cimg base image with the smaller, faster, safer ubuntu:24.04 image.

[delner]

General Docker changes look good to me. Not sure how to answer the question about pip and --break-system-packages.

[bric3]

I believe the built image is missing a few tools used in the scripts here and there in dd-trace-java.

Got a few questions / remarks though, that may be addressed later.

1. I noticed the versioning is based on year + month

   dd-trace-java-docker-build/build

   Line 212 in 3c26d22

   version="$(date +%y.%m)"

   Since this is like a major change shall we label this differently? That said this could affect other part of the build pipelines.

2. Circle CI image appear to use the circleci user, this requires commands to be run as sudo. Should we reproduce this behavior?

[sarahchen6]

Since this is like a major change shall we label this differently? That said this could affect other part of the build pipelines.

@bric3 What do you mean by labelling differently? From this PR, it seems like the intention is to label each image by when it was last pulled, so year/month seems to make sense 🤔

[sarahchen6]

Circle CI image appear to use the circleci user, this requires commands to be run as sudo. Should we reproduce this behavior?

@bric3 Good point! Looking into this, it seems like it is good security practice for the Dockerfile to run as a non-root user (one ref). However, we can still install everything at the root without using the sudo command and just switch to a non-root user during runtime at the end.

[PerfectSlayer]

Looking good.

Few comments about cleaning it up further:

• Is the yq, docker and docker-compose still needed? I used to install them manually to override the outdated version from the CircleCI image but I don't know if they are used.
• Similarly I don't know if autoforward is still used 🤷
• And I ask to @smola what ubuntu17 is for and if it is still relevant

Do you know how to test the image from your PR in the CI to test it?

[PerfectSlayer]

@smola Do you remember why we added the ubuntu17 variant in the first place in #56 ?
Is there some difference with Temurin / OpenJDK 17?

[PerfectSlayer]

You might want to revisit the cron time too:
https://github.com/DataDog/dd-trace-java-docker-build/blob/master/.github/workflows/ci.yml#L10-L12

[bric3]

For the tags, it's just that the current image inherit cimg, while this PR changes it to ubuntu, I pondered on making the change of the base image more visible via tags.

[sarahchen6]

Testing the image build with dd-trace-java PR: DataDog/dd-trace-java#8841

[bric3]

🎉