Skip to content

Commit

Permalink
Apply infra updates from docker-java repo
Browse files Browse the repository at this point in the history
Bumps the version of the Zipkin Docker Java image and OS used by GH Action runners and applies the same conventions to Dockerfile.

Fixes the trivy intermittent issue; See aquasecurity/trivy#7668
  • Loading branch information
shakuzen committed Nov 27, 2024
1 parent b3bca5a commit 0680326
Show file tree
Hide file tree
Showing 7 changed files with 13 additions and 10 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/create_release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ on: # yamllint disable-line rule:truthy

jobs:
create_release:
runs-on: ubuntu-22.04 # newest available distribution, aka jellyfish
runs-on: ubuntu-24.04 # newest available distribution, aka numbat
steps:
- name: Checkout Repository
uses: actions/checkout@v4
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ on: # yamllint disable-line rule:truthy

jobs:
deploy:
runs-on: ubuntu-22.04 # newest available distribution, aka jellyfish
runs-on: ubuntu-24.04 # newest available distribution, aka numbat
steps:
- name: Checkout Repository
uses: actions/checkout@v4
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/docker_push.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ on: # yamllint disable-line rule:truthy

jobs:
docker_push:
runs-on: ubuntu-22.04 # newest available distribution, aka jellyfish
runs-on: ubuntu-24.04 # newest available distribution, aka numbat
steps:
- name: Checkout Repository
uses: actions/checkout@v4
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ on: # yamllint disable-line rule:truthy
jobs:
lint:
name: lint
runs-on: ubuntu-22.04 # newest available distribution, aka jellyfish
runs-on: ubuntu-24.04 # newest available distribution, aka numbat
# skip commits made by the release plugin
if: "!contains(github.event.head_commit.message, 'maven-release-plugin')"
steps:
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/security.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ on: # yamllint disable-line rule:truthy
jobs:
security:
name: security
runs-on: ubuntu-22.04 # newest available distribution, aka jellyfish
runs-on: ubuntu-24.04 # newest available distribution, aka numbat
# skip commits made by the release plugin
if: "!contains(github.event.head_commit.message, 'maven-release-plugin')"
steps:
Expand All @@ -38,6 +38,9 @@ jobs:
- name: Run Trivy vulnerability and secret scanner
uses: aquasecurity/trivy-action@master
id: trivy
env: # See https://github.com/aquasecurity/trivy/discussions/7668

Check warning on line 41 in .github/workflows/security.yml

View workflow job for this annotation

GitHub Actions / lint

41:14 [comments] too few spaces before comment
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
with:
scan-type: 'fs'
scan-ref: '.' # scan the entire repository
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ on: # yamllint disable-line rule:truthy
jobs:
test:
name: test (JDK ${{ matrix.java_version }})
runs-on: ubuntu-22.04 # newest available distribution, aka jellyfish
runs-on: ubuntu-24.04 # newest available distribution, aka numbat
if: "!contains(github.event.head_commit.message, 'maven-release-plugin')"
strategy:
fail-fast: false # don't fail fast as some failures are LTS specific
Expand Down
8 changes: 4 additions & 4 deletions docker/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -11,18 +11,18 @@ ARG zipkin_version=3.4.2
# Use latest version here: https://github.com/orgs/openzipkin/packages/container/package/java
# This is defined in many places because Docker has no "env" script functionality unless you use
# docker-compose: When updating, update everywhere.
ARG java_version=21.0.4_p7
ARG java_version=21.0.5_p11

# We copy files from the context into a scratch container first to avoid a problem where docker and
# docker-compose don't share layer hashes https://github.com/docker/compose/issues/883 normally.
# COPY --from= works around the issue.
FROM scratch as scratch
FROM scratch AS scratch

COPY . /code/

# This version is only used during the install process. Try to be consistent as it reduces layers,
# which reduces downloads.
FROM ghcr.io/openzipkin/java:${java_version} as install
FROM ghcr.io/openzipkin/java:${java_version} AS install

WORKDIR /code
# Conditions aren't supported in Dockerfile instructions, so we copy source even if it isn't used.
Expand All @@ -41,7 +41,7 @@ ENV MAVEN_PROJECT_BASEDIR=/code
RUN /code/build-bin/maven/maven_build_or_unjar io.zipkin.gcp zipkin-module-gcp ${VERSION} module

# zipkin version should match zipkin.version in /code/pom.xml
FROM ghcr.io/openzipkin/zipkin:$zipkin_version as zipkin-gcp
FROM ghcr.io/openzipkin/zipkin:$zipkin_version AS zipkin-gcp
LABEL org.opencontainers.image.description="Zipkin with Google Cloud on OpenJDK and Alpine Linux"
LABEL org.opencontainers.image.source=https://github.com/openzipkin/zipkin-gcp

Expand Down

0 comments on commit 0680326

Please sign in to comment.