Push Docker images to ECR Public#10
Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates CI/CD to build and push Prism Docker images to ECR Public, while also upgrading the Java and Ruby toolchains/dependencies so builds can succeed with the new pipelines.
Changes:
- Upgrade Java build/tooling to Java 17 (including base images and Gradle configuration).
- Upgrade Ruby GC app to Ruby 4.0 and refresh Gem dependencies/lockfile.
- Replace the prior CI workflow with new GitHub Actions workflows that run tests and (on
masterpushes) build & push images to ECR Public.
Reviewed changes
Copilot reviewed 10 out of 12 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
shared/build.gradle |
Bumps Hadoop/Parquet dependencies for the shared base layer. |
shared/Dockerfile |
Updates shared base image to Corretto 17 (AL2023) and refreshes Hadoop download/verification steps. |
gc/Gemfile |
Updates bricolage version for the GC app. |
gc/Gemfile.lock |
Refreshes locked Ruby dependencies and Bundler version. |
gc/Dockerfile |
Moves GC app container build/runtime to Ruby 4.0 images and streamlines Gemfile copy. |
gc/.ruby-version |
Sets local Ruby version to 4.0. |
build.gradle |
Switches Gradle subprojects to Java 17 and updates Lombok. |
README.md |
Updates prerequisite JDK version to 17. |
.github/workflows/pull-request.yml |
Adds PR workflow to run tests via the composite action. |
.github/workflows/master.yml |
Adds master workflow to run tests then build/push Java and Ruby images to ECR Public. |
.github/workflows/ci.yml |
Removes the previous combined CI workflow. |
.github/actions/test/action.yml |
Adds a composite action to standardize Java setup + Gradle test execution. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| WORKDIR /tmp | ||
| RUN curl -sSfO "https://archive.apache.org/dist/hadoop/common/hadoop-${HADOOP_VERSION}/hadoop-${HADOOP_VERSION}.tar.gz{,.sha512,.asc}" | ||
| RUN curl -sSf https://downloads.apache.org/hadoop/common/KEYS | gpg --import | ||
| RUN curl -sSfLO "https://dlcdn.apache.org/hadoop/common/hadoop-${HADOOP_VERSION}/hadoop-${HADOOP_VERSION}.tar.gz{,.sha512,.asc}" |
There was a problem hiding this comment.
curl is being given a quoted URL containing {,.sha512,.asc}. Shell brace expansion does not occur inside quotes, so this will fetch a literal URL and likely fail to download the .sha512/.asc files, breaking the subsequent sha512sum -c/gpg --verify steps. Remove the quotes (or download each file explicitly) so the three artifacts are actually downloaded.
| RUN curl -sSfLO "https://dlcdn.apache.org/hadoop/common/hadoop-${HADOOP_VERSION}/hadoop-${HADOOP_VERSION}.tar.gz{,.sha512,.asc}" | |
| RUN curl -sSfLO https://dlcdn.apache.org/hadoop/common/hadoop-${HADOOP_VERSION}/hadoop-${HADOOP_VERSION}.tar.gz{,.sha512,.asc} |
There was a problem hiding this comment.
{,.sha512,.asc} is expanded by curl
This PR also includes Java/Ruby upgrades to build successfully.
cc @cookpad/infra @shimpeko