sync ubi10 branch with ubi9 changes #605
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This should fix the gendocs action. Signed-off-by: Jonathan Dowland <jdowland@redhat.com>
Bump cekit/actions-setup-cekit to v1.1.7
Signed-off-by: Jonathan Dowland <jdowland@redhat.com>
Bump container version for next release
Signed-off-by: Jonathan Dowland <jdowland@redhat.com>
[OPENJDK-3696] Remove JDK11 modules/descriptors
Signed-off-by: Jonathan Dowland <jdowland@redhat.com>
We currently move scripts into place by executing a configure.sh script, and changing ownership and permissions etc. However, in the majority of cases we could instead declare where scripts should be installed using artifacts:. The advantages are: smaller sources; more declarative; more uniform ownership (default root:root); no need to chown (set the permissions on the script in git directly). Also addresses OPENJDK-2814 (running user shouldn't own /opt/jboss/container) Signed-off-by: Jonathan Dowland <jdowland@redhat.com>
[OPENJDK-3655] set more sensible permissions on scripts
Update Maven to 3.9.9. https://issues.redhat.com/browse/OPENJDK-3142 Signed-off-by: Jonathan Dowland <jdowland@redhat.com>
Signed-off-by: Jonathan Dowland <jdowland@redhat.com>
Bump versions for next release
[OPENJDK-3142] Maven 3.9.9
https://issues.redhat.com/browse/OPENJDK-3935 Signed-off-by: Jonathan Dowland <jdowland@redhat.com>
This adds tests to ensure certain scripts have the correct permissions. https://issues.redhat.com/browse/OPENJDK-3935 Signed-off-by: Jonathan Dowland <jdowland@redhat.com>
…missions [OPENJDK-3935] Fix script permissions for artifacts
Amongst other things, this allows GitHub to provide links back from Container Images to the source repository that built them (if we publish Container Images to GHCR.) See <https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys> Signed-off-by: Jonathan Dowland <jdowland@redhat.com>
This reverts commit 20a5342.
Adjust the permissions of installed files such that files that
should be executable have o+x.
Remove unnecessary chowns and chmods that set g+w etc on files
that should not be modified by running applications anyway.
The results should be:
$ podman run --rm -ti ubi9/openjdk-21:latest find /opt/jboss /usr/local/s2i -type f -printf "%M %u:%g %h/%f\n"
-rw-r--r-- root:root /opt/jboss/container/openjdk/jdk/jvm-options
-rw-r--r-- root:root /opt/jboss/container/s2i/core/s2i-core
-rw-r--r-- root:root /opt/jboss/container/maven/default/maven.sh
-rw-r--r-- root:root /opt/jboss/container/maven/default/jboss-settings.xml
-rw-r--r-- root:root /opt/jboss/container/maven/s2i/maven-overrides
-rw-r--r-- root:root /opt/jboss/container/maven/s2i/maven-s2i
-rw-r--r-- root:root /opt/jboss/container/java/proxy/proxy-options
-rw-r--r-- root:root /opt/jboss/container/java/proxy/parse-proxy-url.sh
-rw-r--r-- root:root /opt/jboss/container/java/proxy/translate-no-proxy.sh
-rwxr-xr-x root:root /opt/jboss/container/java/run/run-java.sh
-rwxr-xr-x root:root /opt/jboss/container/java/jvm/debug-options
-rwxr-xr-x root:root /opt/jboss/container/java/jvm/java-default-options
-rw-r--r-- root:root /opt/jboss/container/java/s2i/maven-overrides
-rw-r--r-- root:root /opt/jboss/container/java/s2i/maven-s2i-overrides
-rw-r--r-- root:root /opt/jboss/container/java/s2i/s2i-core-hooks
-rw-r--r-- root:root /opt/jboss/container/util/logging/logging.sh
-rwxr-xr-x root:root /usr/local/s2i/run
-rwxr-xr-x root:root /usr/local/s2i/save-artifacts
-rwxr-xr-x root:root /usr/local/s2i/assemble
-rwxr-xr-x root:root /usr/local/s2i/usage
Signed-off-by: Jonathan Dowland <jdowland@redhat.com>
…acts [OPENJDK-4008] Revert artifacts changes that resulted in use of lookaside cache
Signed-off-by: Jonathan Dowland <jdowland@redhat.com>
Refactor the three rsync calls into a common function, adopting the fix from OPENJDK-2850 to avoid trying to change the permissions on destination directories. Signed-off-by: Jonathan Dowland <jdowland@redhat.com>
Signed-off-by: Jonathan Dowland <jdowland@redhat.com>
label images with opencontainers 'source' label
…onfiguration [OPENJDK-3975] tests for custom configuration and data
Wildfly, who use our image sources, require group-write permission to this file. Signed-off-by: Jonathan Dowland <jdowland@redhat.com>
Also: add branch labels (e.g. ubi9) Signed-off-by: Jonathan Dowland <jdowland@redhat.com>
[OPENJDK-4024] adjust permissions on jboss-settings.xml
…-jira Add an action to label/unlabel PRs with JIRA URIs
Signed-off-by: Jonathan Dowland <jdowland@redhat.com>
This line originates in ubi9 branch where there are two files in the source (save-artifacts and assemble). When there is only one file, as in the ubi10 branch, the install command copies it to the destination path instead of _underneath_ it. Signed-off-by: Jonathan Dowland <jdowland@redhat.com>
|
This has regressed #555 . I'll push a fix for that here. |
This was reversed by syncing ubi9. Signed-off-by: Jonathan Dowland <jdowland@redhat.com>
|
runtime test stalled on |
|
@jerboaa this is going to be necessary every now and then until UBI10 goes GA. I'm wondering whether we waive reviews for merges from ubi9 to ubi10. I'm not sure since they're never clean (as this PR shows). I don't want to lean on your time too much. WDYT? |
jerboaa
approved these changes
Sep 3, 2025
Comment on lines
4
to
5
| @ubi9/openjdk-17 | ||
| @ubi9/openjdk-21 |
There was a problem hiding this comment.
Do those tags need an update? for @ubi10?
There was a problem hiding this comment.
Yes they do, thanks for catching!
Signed-off-by: Jonathan Dowland <jdowland@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a merge of recent changes to ubi9 into ubi10 and resolve conflicts.
Two new commits on top to resolve ubi10 specific problems
Note that this will introduce the fixlabel GHA action for ubi10 going forward. So I will have to file JIRAs for branch-sync merges after this one.