From 199dbb1942de50444354616f3affa16f8b1cabb4 Mon Sep 17 00:00:00 2001 From: tomjo Date: Fri, 10 Nov 2023 16:41:28 +0100 Subject: [PATCH] feat: remove binary builds: since we depend on java serialization the tool should be java version independent. A binary build would contain only 1 specific jvm version. --- .github/workflows/build.yaml | 61 +++++++- .github/workflows/native_build.yaml | 221 ---------------------------- .github/workflows/pr.yaml | 5 - .github/workflows/release.yaml | 8 +- Dockerfile | 22 ++- README.md | 8 +- 6 files changed, 76 insertions(+), 249 deletions(-) delete mode 100644 .github/workflows/native_build.yaml diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index bd698ae..8b4adb4 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -9,6 +9,10 @@ on: required: false type: boolean default: false + sign: + required: false + type: boolean + default: false workflow_call: inputs: version: @@ -18,6 +22,10 @@ on: required: false type: boolean default: false + sign: + required: false + type: boolean + default: false defaults: run: @@ -29,6 +37,10 @@ permissions: packages: write id-token: write +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + jobs: build: runs-on: ubuntu-22.04 @@ -49,16 +61,25 @@ jobs: with: generate-job-summary: true dependency-graph: generate-and-submit + - name: Install cosign + if: ${{ inputs.sign }} + uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2 + with: + cosign-release: 'v2.1.1' + - name: Set up QEMU + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - name: Build env: ORG_GRADLE_PROJECT_projectVersion: ${{ inputs.version }} - QUARKUS_PACKAGE_TYPE: uber-jar + QUARKUS_PACKAGE_TYPE: "uber-jar" run: ./gradlew build - name: Integration tests env: ORG_GRADLE_PROJECT_projectVersion: ${{ inputs.version }} - QUARKUS_PACKAGE_TYPE: uber-jar + QUARKUS_PACKAGE_TYPE: "uber-jar" run: ./gradlew quarkusIntTest - name: Upload build reports if: always() @@ -74,10 +95,44 @@ jobs: path: build/quarkus-build/gen/debezium-offsetfile-conv-${{ inputs.version }}-runner.jar - name: Rename jar run: mv "build/debezium-offsetfile-conv-${{ inputs.version }}-runner.jar" "debezium-offsetfile-conv-${{ inputs.version }}.jar" - - name: Add binary to release + - name: Add jar to release if: github.event_name == 'release' && ${{ inputs.upload }} uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15 with: tag_name: ${{ inputs.version }} files: | debezium-offsetfile-conv-${{ inputs.version }}.jar + - name: Build fast-jar for container + env: + ORG_GRADLE_PROJECT_projectVersion: ${{ inputs.version }} + QUARKUS_PACKAGE_TYPE: "fast-jar" + run: ./gradlew build + - name: Registry login + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract docker metadata (tags, labels) + id: meta + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Build and push + id: build-and-push + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 + with: + context: . + platforms: linux/amd64,linux/arm64 + push: ${{ inputs.upload }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + - name: Sign image + if: ${{ inputs.sign }} + env: + TAGS: ${{ steps.meta.outputs.tags }} + DIGEST: ${{ steps.build-and-push.outputs.digest }} + run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} + diff --git a/.github/workflows/native_build.yaml b/.github/workflows/native_build.yaml deleted file mode 100644 index 566acde..0000000 --- a/.github/workflows/native_build.yaml +++ /dev/null @@ -1,221 +0,0 @@ -name: Native Build - -on: - workflow_dispatch: - inputs: - version: - required: true - type: string - upload: - required: false - type: boolean - default: false - sign: - required: false - type: boolean - default: false - workflow_call: - inputs: - version: - required: true - type: string - upload: - required: false - type: boolean - default: false - sign: - required: false - type: boolean - default: false - -defaults: - run: - shell: bash - -permissions: - contents: write - pull-requests: write - packages: write - id-token: write - -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} - -jobs: - build-native-linux-x64: - name: build-native-linux-x64 - runs-on: ubuntu-22.04 - steps: - - name: Checkout - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - with: - fetch-depth: '0' - - name: Set up JDK - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 - with: - java-version: '17.0.7' - distribution: 'liberica' - architecture: 'x64' - - uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 #v1.1.0 - - name: Set up Gradle - uses: gradle/gradle-build-action@842c587ad8aa4c68eeba24c396e15af4c2e9f30a # v2.9.0 - with: - generate-job-summary: true - dependency-graph: generate-and-submit - - name: Install cosign - if: ${{ inputs.sign }} - uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2 - with: - cosign-release: 'v2.1.1' - - name: Set up QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - - name: Build native (linux x64) - env: - ORG_GRADLE_PROJECT_projectVersion: ${{ inputs.version }} - QUARKUS_PACKAGE_TYPE: native - QUARKUS_NATIVE_CONTAINERBUILD: true - run: ./gradlew -x test build - - name: Upload binary - if: ${{ inputs.upload }} - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 - with: - name: debezium-offsetfile-conv-linux-amd64-${{ inputs.version }} - path: build/debezium-offsetfile-conv-${{ inputs.version }}-runner - - name: Rename binary - run: cp "build/debezium-offsetfile-conv-${{ inputs.version }}-runner" "debezium-offsetfile-conv-linux-amd64-${{ inputs.version }}" - - name: Add binary to release - if: github.event_name == 'release' && ${{ inputs.upload }} - uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15 - with: - tag_name: ${{ inputs.version }} - files: | - debezium-offsetfile-conv-linux-amd64-${{ inputs.version }} - - name: Registry login - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract docker metadata (tags, labels) - id: meta - uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - name: Build and push - id: build-and-push - uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 - with: - context: . - platforms: linux/amd64,linux/arm64 - push: ${{ inputs.upload }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max - - name: Sign image - if: ${{ inputs.sign }} - env: - TAGS: ${{ steps.meta.outputs.tags }} - DIGEST: ${{ steps.build-and-push.outputs.digest }} - run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} - - build-native-windows-x64: - name: build-native-windows-x64 - runs-on: windows-2022 - steps: - - name: Checkout - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - with: - fetch-depth: '0' - - name: Set up JDK - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 - with: - java-version: '17.0.7' - distribution: 'liberica' - architecture: 'x64' - - uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 #v1.1.0 - - name: Set up Gradle - uses: gradle/gradle-build-action@842c587ad8aa4c68eeba24c396e15af4c2e9f30a # v2.9.0 - with: - generate-job-summary: true - dependency-graph: generate-and-submit - - name: Set up GraalVM (Java ${{ matrix.java-version }}) - uses: graalvm/setup-graalvm@6c7d417a1ef253f4d667a69e6a5716927746e251 # v1.1.4.2 - with: - distribution: 'graalvm' - java-version: '17.0.7' - components: 'native-image' - github-token: ${{ secrets.GITHUB_TOKEN }} - native-image-job-reports: 'true' - - name: Build native (windows x64) - env: - ORG_GRADLE_PROJECT_projectVersion: ${{ inputs.version }} - QUARKUS_PACKAGE_TYPE: native - run: ./gradlew -x test build - - name: Upload binary - if: ${{ inputs.upload }} - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 - with: - name: debezium-offsetfile-conv-windows-amd64-${{ inputs.version }}.exe - path: build/debezium-offsetfile-conv-${{ inputs.version }}-runner.exe - - name: Rename binary - run: mv "build/debezium-offsetfile-conv-${{ inputs.version }}-runner.exe" "debezium-offsetfile-conv-windows-amd64-${{ inputs.version }}.exe" - - name: Add binary to release - if: github.event_name == 'release' && ${{ inputs.upload }} - uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15 - with: - tag_name: ${{ inputs.version }} - files: | - debezium-offsetfile-conv-windows-amd64-${{ inputs.version }}.exe - - build-native-macos: - name: build-native-macos - runs-on: macos-12 - steps: - - name: Checkout - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - with: - fetch-depth: '0' - - name: Set up JDK - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 - with: - java-version: '17.0.7' - distribution: 'liberica' - architecture: 'x64' - - uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 #v1.1.0 - - name: Set up Gradle - uses: gradle/gradle-build-action@842c587ad8aa4c68eeba24c396e15af4c2e9f30a # v2.9.0 - with: - generate-job-summary: true - dependency-graph: generate-and-submit - - name: Set up GraalVM (Java ${{ matrix.java-version }}) - uses: graalvm/setup-graalvm@6c7d417a1ef253f4d667a69e6a5716927746e251 # v1.1.4.2 - with: - distribution: 'graalvm' - java-version: '17.0.7' - components: 'native-image' - github-token: ${{ secrets.GITHUB_TOKEN }} - native-image-job-reports: 'true' - - name: Build native (macOS) - env: - ORG_GRADLE_PROJECT_projectVersion: ${{ inputs.version }} - QUARKUS_PACKAGE_TYPE: native - run: ./gradlew -x test build - - name: Upload binary - if: ${{ inputs.upload }} - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 - with: - name: debezium-offsetfile-conv-darwin-amd64-${{ inputs.version }} - path: build/debezium-offsetfile-conv-${{ inputs.version }}-runner - - name: Rename binary - run: mv "build/debezium-offsetfile-conv-${{ inputs.version }}-runner" "debezium-offsetfile-conv-darwin-amd64-${{ inputs.version }}" - - name: Add binary to release - if: github.event_name == 'release' && ${{ inputs.upload }} - uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15 - with: - tag_name: ${{ inputs.version }} - files: | - debezium-offsetfile-conv-darwin-amd64-${{ inputs.version }} diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index b0f8c27..baff6a5 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -27,11 +27,6 @@ jobs: uses: ./.github/workflows/build.yaml with: version: ${{ needs.determine_version.outputs.version }} - native_build: - needs: determine_version - uses: ./.github/workflows/native_build.yaml - with: - version: ${{ needs.determine_version.outputs.version }} owasp: needs: determine_version uses: ./.github/workflows/owasp.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 7b140a9..36401ce 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -21,14 +21,8 @@ jobs: build: needs: determine_version uses: ./.github/workflows/build.yaml - with: - version: ${{ needs.determine_version.outputs.version }} - upload: true - secrets: inherit - native_build: - needs: determine_version - uses: ./.github/workflows/native_build.yaml with: version: ${{ needs.determine_version.outputs.version }} upload: true sign: true + secrets: inherit diff --git a/Dockerfile b/Dockerfile index bc9f39f..3dc69f6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,16 @@ -FROM quay.io/quarkus/quarkus-micro-image:2.0-2023-10-01 -WORKDIR /work/ -RUN chown 1001 /work \ - && chmod "g+rwX" /work \ - && chown 1001:root /work -COPY --chown=1001:root build/*-runner /work/application +FROM registry.access.redhat.com/ubi8/openjdk-11:1.17 -USER 1001 +ENV LANGUAGE='en_US:en' -ENTRYPOINT ["./application"] +# We make four distinct layers so if there are application changes the library layers can be re-used +COPY --chown=185 build/quarkus-app/lib/ /deployments/lib/ +COPY --chown=185 build/quarkus-app/*.jar /deployments/ +COPY --chown=185 build/quarkus-app/app/ /deployments/app/ +COPY --chown=185 build/quarkus-app/quarkus/ /deployments/quarkus/ + +USER 185 +ENV AB_JOLOKIA_OFF="true" +ENV JAVA_OPTS_APPEND="-Djava.util.logging.manager=org.jboss.logmanager.LogManager" +ENV JAVA_APP_JAR="/deployments/quarkus-run.jar" + +ENTRYPOINT [ "/opt/jboss/container/java/run/run-java.sh" ] diff --git a/README.md b/README.md index 67b0aa2..e30d7fe 100644 --- a/README.md +++ b/README.md @@ -34,15 +34,15 @@ Commands: ## Installation -### Pre-built binaries +### Pre-built jar -You can download pre-built binaries from the latest GitHub release: https://github.com/tomjo/debezium-offsetfile-conv/releases/latest +You can download the pre-built jar file from the latest GitHub release: https://github.com/tomjo/debezium-offsetfile-conv/releases/latest ### Container image Images available at https://ghcr.io/tomjo/debezium-offsetfile-conv -### From source +### Building from source Requires Java 17 (or later). @@ -50,6 +50,4 @@ Requires Java 17 (or later). ./gradlew build ``` -It is built with the [quarkus](https://quarkus.io) framework, so specify environment variable `QUARKUS_PACKAGE_TYPE` to build the different variants (uber-jar, native). - The container build requires a container build tool that handles Dockerfile such as Docker, Podman, Kaniko, ...