kaniko is unmaintained, switch to jib

verinice-veo#1116
SerNet · Nov 28, 2024 · eb2e8b1 · eb2e8b1
1 parent 872eee1
commit eb2e8b1
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 76 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -33,17 +33,19 @@ build:
   stage: build
   rules:
     - when: on_success
+  variables:
+    IMAGE_NAME: eu.gcr.io/veo-projekt/veo-reporting
+    GOOGLE_APPLICATION_CREDENTIALS: $GCR_ACCESS_TOKEN
   script:
     - env
-    - ./gradlew -i -PciBuildNumer=$CI_PIPELINE_ID -PciJobName=$CI_PROJECT_NAME/$CI_COMMIT_REF_NAME build -x check
-    - echo "PROJECT_VERSION=$(./gradlew -q properties --property version| awk '/^version:/ {print $2}')" >> variables.env
+    - |-
+      ADDITIONAL_TAGS="pipeline-id-${CI_PIPELINE_ID}"
+      if [ -n "$CI_COMMIT_TAG" ]; then export ADDITIONAL_TAGS="$ADDITIONAL_TAGS,$CI_COMMIT_TAG";
+        if [ "$CI_COMMIT_REF_NAME" = "main" ]; then export ADDITIONAL_TAGS="$ADDITIONAL_TAGS,latest"; fi;
+      fi;
+      if [ "$CI_COMMIT_REF_NAME" = "develop" ]; then export ADDITIONAL_TAGS="$ADDITIONAL_TAGS,develop"; fi;
+    - ./gradlew -i -PciBuildNumer=$CI_PIPELINE_ID -PciJobName=$CI_PROJECT_NAME/$CI_COMMIT_REF_NAME -PciCommitId=$CI_COMMIT_SHA jib -Djib.to.image="$IMAGE_NAME:gitlab-git-${CI_COMMIT_SHA}" -Djib.to.tags="$ADDITIONAL_TAGS"
   interruptible: true
-  artifacts:
-    expire_in: 1 week
-    reports:
-      dotenv: variables.env
-    paths:
-      - build/libs
   cache:
     - key: gradle
       paths:
@@ -88,40 +90,6 @@ check:
         - build
       policy: pull
 
-docker_image:
-  stage: docker_image
-  rules:
-    - when: on_success
-  interruptible: true
-  needs:
-   - build
-  image:
-    name: gcr.io/kaniko-project/executor:v1.23.2-debug
-    entrypoint: [""]
-
-  variables:
-    IMAGE_NAME: eu.gcr.io/veo-projekt/veo-reporting
-    # this does not work in Gitlab < 15.7, so we need the before_script workaround
-    # GOOGLE_APPLICATION_CREDENTIALS: $GCR_ACCESS_TOKEN
-
-  before_script:
-    - export GOOGLE_APPLICATION_CREDENTIALS=${GCR_ACCESS_TOKEN}
-
-  script:
-    - |-
-      DESTINATION_ARG="--destination $IMAGE_NAME:gitlab-git-${CI_COMMIT_SHA} --destination $IMAGE_NAME:pipeline-id-${CI_PIPELINE_ID}"
-      if [ -n "$CI_COMMIT_TAG" ]; then export DESTINATION_ARG="$DESTINATION_ARG --destination $IMAGE_NAME:$CI_COMMIT_TAG";
-        if [ "$CI_COMMIT_REF_NAME" = "main" ]; then export DESTINATION_ARG="$DESTINATION_ARG --destination $IMAGE_NAME:latest"; fi;
-      fi;
-      if [ "$CI_COMMIT_REF_NAME" = "develop" ]; then export DESTINATION_ARG="$DESTINATION_ARG --destination $IMAGE_NAME:develop"; fi;
-    - /kaniko/executor
-      --context "${CI_PROJECT_DIR}"
-      --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
-      $DESTINATION_ARG
-      --build-arg JAR_FILE="build/libs/veo-reporting-${PROJECT_VERSION}.jar"
-      --label org.opencontainers.image.version="${PROJECT_VERSION}"
-      --label org.opencontainers.image.revision=${CI_COMMIT_SHA}
-
 trigger_deployment:
   stage: deployment
   only:

diff --git a/Dockerfile b/Dockerfile
diff --git a/build.gradle b/build.gradle
@@ -7,6 +7,7 @@ plugins {
     id "com.gorylenko.gradle-git-properties" version "2.4.2"
     id 'pmd'
     id "com.diffplug.spotless" version "6.25.0"
+    id 'com.google.cloud.tools.jib' version '3.4.4'
 }
 
 version = '0.43.0-SNAPSHOT'
@@ -98,6 +99,30 @@ bootRun {
     environment 'spring.output.ansi.console-available', true
 }
 
+jib {
+    from {
+        image = 'gcr.io/distroless/java21-debian12:nonroot'
+    }
+    container {
+        labels = project.provider {
+            [
+                'org.opencontainers.image.title':"vernice.veo reporting",
+                'org.opencontainers.image.description':"Backend of the verinice.veo-reporting web application.",
+                'org.opencontainers.image.ref.name':'verinice.veo-reporting',
+                'org.opencontainers.image.vendor':"SerNet GmbH",
+                'org.opencontainers.image.authors':'[email protected]',
+                'org.opencontainers.image.licenses':'AGPL-3.0',
+                'org.opencontainers.image.source':'https://github.com/verinice/verinice-veo-reporting',
+                'org.opencontainers.image.version': project.version,
+                'org.opencontainers.image.revision': rootProject.getProperty('ciCommitId')
+            ]
+        }
+        environment = ['JDK_JAVA_OPTIONS':'-Djdk.serialFilter=maxbytes=0']
+        user = 'nonroot'
+        ports = ['8080']
+    }
+}
+
 testing {
     suites {
         test{