implemented signal handling #3470

- also updated Alpine version - and fixed a typo
mercedes-benz · Oct 17, 2024 · ed68afc · ed68afc
1 parent cdb5c25
commit ed68afc
Show file tree

Hide file tree

Showing 8 changed files with 72 additions and 42 deletions.
diff --git a/.github/workflows/release-client-server-pds.yml b/.github/workflows/release-client-server-pds.yml
@@ -33,7 +33,7 @@ permissions:
   pull-requests: write
 
 env:
-  ACTIONS_BASE_IMAGE_ALPINE: alpine:3.17
+  ACTIONS_BASE_IMAGE_ALPINE: alpine:3.20
   ACTIONS_BASE_IMAGE_DEBIAN: debian:12-slim
   ACTIONS_SECHUB_REGISTRY: ghcr.io/mercedes-benz/sechub
   ACTIONS_HELM_REGISTRY: "oci://ghcr.io/mercedes-benz/sechub/helm-charts"

diff --git a/.github/workflows/release-webui.yml b/.github/workflows/release-webui.yml
@@ -21,7 +21,7 @@ permissions:
   pull-requests: write
 
 env:
-  ACTIONS_BASE_IMAGE_ALPINE: alpine:3.17
+  ACTIONS_BASE_IMAGE_ALPINE: alpine:3.20
   ACTIONS_BASE_IMAGE_DEBIAN: debian:12-slim
   ACTIONS_SECHUB_REGISTRY: ghcr.io/mercedes-benz/sechub
   ACTIONS_HELM_REGISTRY: "oci://ghcr.io/mercedes-benz/sechub/helm-charts"

diff --git a/sechub-developertools/scripts/container/postgres/Dockerfile b/sechub-developertools/scripts/container/postgres/Dockerfile
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: MIT
 
-FROM alpine:3.14
+FROM alpine:3.20
 
 ARG DATABASE_FOLDER=/database
 ENV PGDATA="$DATABASE_FOLDER/data"

diff --git a/sechub-pds-solutions/tern/tests/alpine/Alpine.dockerfile b/sechub-pds-solutions/tern/tests/alpine/Alpine.dockerfile
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: MIT
 
-FROM alpine:3.18
+FROM alpine:3.20
 
 ENV DATA="/data"
 

diff --git a/sechub-solution/10-create-image-alpine.sh b/sechub-solution/10-create-image-alpine.sh
@@ -16,7 +16,7 @@ usage: $0 <docker registry> <version tag> <base image> [<SecHub server release v
 Builds a docker image of SecHub server
 for <docker registry> with tag <version tag>.
 Required:
-- <base image> ; An Alpine based image. Example: alpine:3.17
+- <base image> ; An Alpine based image. Example: alpine:3.20
 Optional:
 - <SecHub server release version> parameter (mandatory for build type "download")
   See https://github.com/mercedes-benz/sechub/releases

diff --git a/sechub-solution/docker-compose_sechub-alpine.yaml b/sechub-solution/docker-compose_sechub-alpine.yaml
@@ -5,7 +5,7 @@ services:
   sechub:
     build:
       args:
-        - BASE_IMAGE=alpine:3.17
+        - BASE_IMAGE=alpine:3.20
         - BUILD_TYPE=${BUILD_TYPE}
         - JAVA_DISTRIBUTION=${JAVA_DISTRIBUTION}
         - JAVA_VERSION=${JAVA_VERSION}

diff --git a/sechub-solution/docker/run.sh b/sechub-solution/docker/run.sh
@@ -3,12 +3,27 @@
 
 SLEEP_TIME_IN_WAIT_LOOP="2h"
 
+###########################
+# Trap and process signals
+trap trigger_shutdown INT QUIT TERM
+
+trigger_shutdown()
+{
+  if [ -n "$PID_JAVA_SERVER" ] ; then
+    echo "`basename $0`: Caught shutdown signal! Sending SIGTERM to Java server process $PID_JAVA_SERVER"
+    kill -TERM "$PID_JAVA_SERVER"
+    # Wait until Java server process has ended
+    wait "$PID_JAVA_SERVER"
+  fi
+  exit
+}
+###########################
+
 check_variable() {
   value="$1"
   name="$2"
 
-  if [ -z "$value" ]
-  then
+  if [ -z "$value" ] ; then
     echo "Mandatory environment variable $name not set."
     exit 1
   fi
@@ -28,6 +43,13 @@ wait_loop() {
   done
 }
 
+keep_container_alive_or_exit() {
+  if [ "$KEEP_CONTAINER_ALIVE_AFTER_CRASH" = "true" ] ; then
+    echo "[ERROR] SecHub server crashed, but keeping the container alive."
+    wait_loop
+  fi
+}
+
 init_scheduler_settings() {
   if [ -z "$SECHUB_CONFIG_TRIGGER_NEXTJOB_DELAY" ] ; then
     export SECHUB_CONFIG_TRIGGER_NEXTJOB_DELAY="10000"
@@ -37,7 +59,26 @@ init_scheduler_settings() {
   export SECHUB_CONFIG_TRIGGER_NEXTJOB_INITIALDELAY=$(( $SECHUB_CONFIG_TRIGGER_NEXTJOB_DELAY / 10 * $(shuf -i 0-10 -n 1) ))
 }
 
-localserver() {
+init_s3_settings() {
+  # Set storage variables for Java Spring app:
+  check_variable "$S3_ENDPOINT" "S3_ENDPOINT"
+  export SECHUB_STORAGE_S3_ENDPOINT="$S3_ENDPOINT"
+  check_variable "$S3_BUCKETNAME" "S3_BUCKETNAME"
+  export SECHUB_STORAGE_S3_BUCKETNAME="$S3_BUCKETNAME"
+  check_variable "$S3_ACCESSKEY" "S3_ACCESSKEY"
+  export SECHUB_STORAGE_S3_ACCESSKEY="$S3_ACCESSKEY"
+  check_variable "$S3_SECRETKEY" "S3_SECRETKEY"
+  export SECHUB_STORAGE_S3_SECRETKEY="$S3_SECRETKEY"
+
+  cat - <<EOF
+Using S3 object storage:
+- Endpoint: $S3_ENDPOINT
+- Bucket: $S3_BUCKETNAME
+EOF
+}
+
+# Mode "localserver" is meant for local development
+prepare_localserver_startup() {
   check_setup
 
   profiles="dev,real_products,mocked_notifications"
@@ -87,15 +128,10 @@ localserver() {
   export SECHUB_NOTIFICATION_EMAIL_FROM="example@example.org"
   export SECHUB_NOTIFICATION_SMTP_HOSTNAME="example.org"
 
-  echo "Starting up SecHub server"
-  java $java_debug_options \
-    -Dfile.encoding=UTF-8 \
-    -Dserver.port=8443 \
-    -Dserver.address=0.0.0.0 \
-    -jar /sechub/sechub-server*.jar
+  SECHUB_SERVER_JAVA_OPTIONS="-Dserver.port=8443 -Dserver.address=0.0.0.0"
 }
 
-startup_server() {
+prepare_server_startup() {
   check_variable "$SPRING_PROFILES_ACTIVE" "SPRING_PROFILES_ACTIVE"
 
   # Initial job scheduling settings
@@ -131,18 +167,13 @@ SecHub server settings:
 - Job scheduling is activated every ${SECHUB_CONFIG_TRIGGER_NEXTJOB_DELAY}ms
 - Job scheduling initial delay: ${SECHUB_CONFIG_TRIGGER_NEXTJOB_INITIALDELAY}ms
 
-Starting up SecHub server
 EOF
-  java $java_debug_options \
-    -Dfile.encoding=UTF-8 \
-    -XX:InitialRAMPercentage=50 \
-    -XX:MaxRAMPercentage=80 \
-    -XshowSettings:vm \
-    -jar /sechub/sechub-server*.jar
+
+  SECHUB_SERVER_JAVA_OPTIONS="-XX:InitialRAMPercentage=50 -XX:MaxRAMPercentage=80 -XshowSettings:vm"
 }
 
 #####################################
-echo "Starting run script: run.sh $@"
+echo "Starting run script: $0 $@"
 echo "Java version:"
 java --version
 
@@ -153,26 +184,25 @@ if [ "$JAVA_ENABLE_DEBUG" = "true" ] ; then
 fi
 
 if [ "$S3_ENABLED" = "true" ] ; then
-  # Set storage variables for Java Spring app:
-  export SECHUB_STORAGE_S3_ENDPOINT="$S3_ENDPOINT"
-  export SECHUB_STORAGE_S3_BUCKETNAME="$S3_BUCKETNAME"
-  export SECHUB_STORAGE_S3_ACCESSKEY="$S3_ACCESSKEY"
-  export SECHUB_STORAGE_S3_SECRETKEY="$S3_SECRETKEY"
-
-  cat - <<EOF
-Using S3 object storage:
-- Endpoint: $S3_ENDPOINT
-- Bucket: $S3_BUCKETNAME
-EOF
+  init_s3_settings
 fi
 
-# Startup SecHub server
+# Prepare SecHub server startup
 case "$SECHUB_START_MODE" in
-  localserver) localserver ;;
-  server) startup_server ;;
+  localserver) prepare_localserver_startup ;;
+  server) prepare_server_startup ;;
   *) wait_loop ;;
 esac
 
-if [ "$KEEP_CONTAINER_ALIVE_AFTER_CRASH" = "true" ] ; then
-  wait_loop
-fi
+echo "Starting up SecHub server"
+java $java_debug_options \
+  -Dfile.encoding=UTF-8 \
+  $SECHUB_SERVER_JAVA_OPTIONS \
+  -jar /sechub/sechub-server*.jar &
+
+# Get process pid and wait until it ends
+#   The pid is needed by function trigger_shutdown() in case we receive a termination signal.
+PID_JAVA_SERVER=$!
+wait "$PID_JAVA_SERVER"
+
+keep_container_alive_or_exit
diff --git a/sechub-solution/helm/sechub-server/templates/deployment.yaml b/sechub-solution/helm/sechub-server/templates/deployment.yaml
@@ -429,7 +429,7 @@ spec:
 # --------------------------------------------------------------------------------------------- #
         - name: SECHUB_START_MODE
           value: "server"
-        # When debug flag is set, rest call reponse error messages do also contains stacktraces.
+        # When debug flag is set, rest call reponse error messages do also contain stacktraces.
         - name: SECHUB_SERVER_DEBUG
           value: "false"
         # Loglevel of Hikari database connection pooling