feature: build local openjdk image #28
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
loliveiracodacy
approved these changes
Feb 8, 2023
|
Closed in favour of another PR that fixes this in a simpler way. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This builds an openjdk base image using the same commands as the upstream, simplified for our use case.
This is a quite simple build, and we don't often need to upgrade openjdk version. Mostly we just upgrade due to issues with the overall base image (ubuntu:20.04). This allow us to respond faster to those issues.
In particular, currently there is an unpatched high vulnerability in openssl for the eclipse-temurin docker image that will cause all our pipelines to fail docker scan. If we use our own openjdk build that will not be an issue because we'll be getting the latest ubuntu 20.04 image that already has this vulnerability patched.
In addition, because this introduces no major changes to how the build process of codacy/base, we can always set
BASE_IMAGE_OPENJDKin the makefile to some upstream provider, if we ever need to.