From eb2e8b10ff8dc4b2407228ce647ada2ecfc8b209 Mon Sep 17 00:00:00 2001 From: Jochen Kemnade Date: Fri, 22 Nov 2024 08:06:59 +0100 Subject: [PATCH] kaniko is unmaintained, switch to jib verinice-veo#1116 --- .gitlab-ci.yml | 52 ++++++++++---------------------------------------- Dockerfile | 34 --------------------------------- build.gradle | 25 ++++++++++++++++++++++++ 3 files changed, 35 insertions(+), 76 deletions(-) delete mode 100644 Dockerfile diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index bde06d4..e7e91ae 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -33,17 +33,19 @@ build: stage: build rules: - when: on_success + variables: + IMAGE_NAME: eu.gcr.io/veo-projekt/veo-reporting + GOOGLE_APPLICATION_CREDENTIALS: $GCR_ACCESS_TOKEN script: - env - - ./gradlew -i -PciBuildNumer=$CI_PIPELINE_ID -PciJobName=$CI_PROJECT_NAME/$CI_COMMIT_REF_NAME build -x check - - echo "PROJECT_VERSION=$(./gradlew -q properties --property version| awk '/^version:/ {print $2}')" >> variables.env + - |- + ADDITIONAL_TAGS="pipeline-id-${CI_PIPELINE_ID}" + if [ -n "$CI_COMMIT_TAG" ]; then export ADDITIONAL_TAGS="$ADDITIONAL_TAGS,$CI_COMMIT_TAG"; + if [ "$CI_COMMIT_REF_NAME" = "main" ]; then export ADDITIONAL_TAGS="$ADDITIONAL_TAGS,latest"; fi; + fi; + if [ "$CI_COMMIT_REF_NAME" = "develop" ]; then export ADDITIONAL_TAGS="$ADDITIONAL_TAGS,develop"; fi; + - ./gradlew -i -PciBuildNumer=$CI_PIPELINE_ID -PciJobName=$CI_PROJECT_NAME/$CI_COMMIT_REF_NAME -PciCommitId=$CI_COMMIT_SHA jib -Djib.to.image="$IMAGE_NAME:gitlab-git-${CI_COMMIT_SHA}" -Djib.to.tags="$ADDITIONAL_TAGS" interruptible: true - artifacts: - expire_in: 1 week - reports: - dotenv: variables.env - paths: - - build/libs cache: - key: gradle paths: @@ -88,40 +90,6 @@ check: - build policy: pull -docker_image: - stage: docker_image - rules: - - when: on_success - interruptible: true - needs: - - build - image: - name: gcr.io/kaniko-project/executor:v1.23.2-debug - entrypoint: [""] - - variables: - IMAGE_NAME: eu.gcr.io/veo-projekt/veo-reporting - # this does not work in Gitlab < 15.7, so we need the before_script workaround - # GOOGLE_APPLICATION_CREDENTIALS: $GCR_ACCESS_TOKEN - - before_script: - - export GOOGLE_APPLICATION_CREDENTIALS=${GCR_ACCESS_TOKEN} - - script: - - |- - DESTINATION_ARG="--destination $IMAGE_NAME:gitlab-git-${CI_COMMIT_SHA} --destination $IMAGE_NAME:pipeline-id-${CI_PIPELINE_ID}" - if [ -n "$CI_COMMIT_TAG" ]; then export DESTINATION_ARG="$DESTINATION_ARG --destination $IMAGE_NAME:$CI_COMMIT_TAG"; - if [ "$CI_COMMIT_REF_NAME" = "main" ]; then export DESTINATION_ARG="$DESTINATION_ARG --destination $IMAGE_NAME:latest"; fi; - fi; - if [ "$CI_COMMIT_REF_NAME" = "develop" ]; then export DESTINATION_ARG="$DESTINATION_ARG --destination $IMAGE_NAME:develop"; fi; - - /kaniko/executor - --context "${CI_PROJECT_DIR}" - --dockerfile "${CI_PROJECT_DIR}/Dockerfile" - $DESTINATION_ARG - --build-arg JAR_FILE="build/libs/veo-reporting-${PROJECT_VERSION}.jar" - --label org.opencontainers.image.version="${PROJECT_VERSION}" - --label org.opencontainers.image.revision=${CI_COMMIT_SHA} - trigger_deployment: stage: deployment only: diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index d7530d1..0000000 --- a/Dockerfile +++ /dev/null @@ -1,34 +0,0 @@ -FROM eclipse-temurin:21-jdk AS builder - -WORKDIR /builder - -ARG JAR_FILE=build/libs/*.jar - -# Copy the jar file to the working directory and rename it to application.jar -COPY ${JAR_FILE} application.jar -# Extract the jar file using an efficient layout -RUN java -Djarmode=tools -jar application.jar extract --layers --destination extracted - -FROM gcr.io/distroless/java21-debian12:nonroot - -LABEL org.opencontainers.image.title="vernice.veo reporting" -LABEL org.opencontainers.image.description="Backend of the verinice.veo-reporting web application." -LABEL org.opencontainers.image.ref.name=verinice.veo-reporting -LABEL org.opencontainers.image.vendor="SerNet GmbH" -LABEL org.opencontainers.image.authors=verinice@sernet.de -LABEL org.opencontainers.image.licenses=AGPL-3.0 -LABEL org.opencontainers.image.source=https://github.com/verinice/verinice-veo-reporting - -ENV JDK_JAVA_OPTIONS "-Djdk.serialFilter=maxbytes=0" - -USER nonroot - -WORKDIR /app -EXPOSE 8080 - -COPY --chown=nonroot:nonroot --from=builder /builder/extracted/dependencies/ ./ -COPY --chown=nonroot:nonroot --from=builder /builder/extracted/spring-boot-loader/ ./ -COPY --chown=nonroot:nonroot --from=builder /builder/extracted/snapshot-dependencies/ ./ -COPY --chown=nonroot:nonroot --from=builder /builder/extracted/application/ ./ - -CMD ["application.jar"] diff --git a/build.gradle b/build.gradle index 464d009..c04f4d8 100644 --- a/build.gradle +++ b/build.gradle @@ -7,6 +7,7 @@ plugins { id "com.gorylenko.gradle-git-properties" version "2.4.2" id 'pmd' id "com.diffplug.spotless" version "6.25.0" + id 'com.google.cloud.tools.jib' version '3.4.4' } version = '0.43.0-SNAPSHOT' @@ -98,6 +99,30 @@ bootRun { environment 'spring.output.ansi.console-available', true } +jib { + from { + image = 'gcr.io/distroless/java21-debian12:nonroot' + } + container { + labels = project.provider { + [ + 'org.opencontainers.image.title':"vernice.veo reporting", + 'org.opencontainers.image.description':"Backend of the verinice.veo-reporting web application.", + 'org.opencontainers.image.ref.name':'verinice.veo-reporting', + 'org.opencontainers.image.vendor':"SerNet GmbH", + 'org.opencontainers.image.authors':'verinice@sernet.de', + 'org.opencontainers.image.licenses':'AGPL-3.0', + 'org.opencontainers.image.source':'https://github.com/verinice/verinice-veo-reporting', + 'org.opencontainers.image.version': project.version, + 'org.opencontainers.image.revision': rootProject.getProperty('ciCommitId') + ] + } + environment = ['JDK_JAVA_OPTIONS':'-Djdk.serialFilter=maxbytes=0'] + user = 'nonroot' + ports = ['8080'] + } +} + testing { suites { test{