mirror of
https://github.com/digital-asset/daml.git
synced 2024-09-20 01:07:18 +03:00
Use Distroless for the Java Docker base image. (#6537)
* Use Distroless for the Java Docker base image. We switched away from Distroless because it was causing issues with `docker pull` when you had Docker configured to use `gcloud` for authentication, but weren't actually authenticated. Adding `docker-credential-gcloud` to dev-env should hopefully fix this, meaning we can switch back to a base image that is better-maintained. CHANGELOG_BEGIN CHANGELOG_END * Bump rules_docker to v0.14.3. This fixes an issue when running `bazel sync`: ``` ERROR: java.io.IOException: Error downloading [http://central.maven.org/maven2/javax/servlet/javax.servlet-api/3.0.1/javax.servlet-api-3.0.1.jar] to [...]/external/javax_servlet_api/javax.servlet-api-3.0.1.jar: Unknown host: central.maven.org ```
This commit is contained in:
parent
d3a69b31cd
commit
7f7eaa35e7
@ -737,10 +737,11 @@ container_deps()
|
|||||||
load("@io_bazel_rules_docker//container:container.bzl", "container_pull")
|
load("@io_bazel_rules_docker//container:container.bzl", "container_pull")
|
||||||
|
|
||||||
container_pull(
|
container_pull(
|
||||||
name = "openjdk_base",
|
name = "java_base",
|
||||||
registry = "docker.io",
|
digest = "sha256:7cef6d99241bc86e09659d41842e3656a1cab99adf0e440a44d2858c8e52a71a",
|
||||||
repository = "openjdk",
|
registry = "gcr.io",
|
||||||
tag = "8-alpine",
|
repository = "distroless/java",
|
||||||
|
tag = "8",
|
||||||
)
|
)
|
||||||
|
|
||||||
load("@io_bazel_rules_docker//java:image.bzl", java_image_repositories = "repositories")
|
load("@io_bazel_rules_docker//java:image.bzl", java_image_repositories = "repositories")
|
||||||
|
6
deps.bzl
6
deps.bzl
@ -151,9 +151,9 @@ def daml_deps():
|
|||||||
if "io_bazel_rules_docker" not in native.existing_rules():
|
if "io_bazel_rules_docker" not in native.existing_rules():
|
||||||
http_archive(
|
http_archive(
|
||||||
name = "io_bazel_rules_docker",
|
name = "io_bazel_rules_docker",
|
||||||
url = "https://github.com/bazelbuild/rules_docker/releases/download/v0.12.1/rules_docker-v0.12.1.tar.gz",
|
url = "https://github.com/bazelbuild/rules_docker/releases/download/v0.14.3/rules_docker-v0.14.3.tar.gz",
|
||||||
strip_prefix = "rules_docker-0.12.1",
|
strip_prefix = "rules_docker-0.14.3",
|
||||||
sha256 = "14ac30773fdb393ddec90e158c9ec7ebb3f8a4fd533ec2abbfd8789ad81a284b",
|
sha256 = "6287241e033d247e9da5ff705dd6ef526bac39ae82f3d17de1b69f8cb313f9cd",
|
||||||
)
|
)
|
||||||
|
|
||||||
if "com_google_protobuf" not in native.existing_rules():
|
if "com_google_protobuf" not in native.existing_rules():
|
||||||
|
1
dev-env/bin/docker-credential-gcloud
Symbolic link
1
dev-env/bin/docker-credential-gcloud
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../lib/dade-exec-nix-tool
|
@ -180,7 +180,7 @@ conformance_test(
|
|||||||
|
|
||||||
java_image(
|
java_image(
|
||||||
name = "app-image",
|
name = "app-image",
|
||||||
base = "@openjdk_base//image",
|
base = "@java_base//image",
|
||||||
main_class = "com.daml.ledger.on.memory.Main",
|
main_class = "com.daml.ledger.on.memory.Main",
|
||||||
resources = ["src/app/resources/logback.xml"],
|
resources = ["src/app/resources/logback.xml"],
|
||||||
visibility = ["//visibility:public"],
|
visibility = ["//visibility:public"],
|
||||||
|
@ -178,7 +178,7 @@ genrule(
|
|||||||
|
|
||||||
container_image(
|
container_image(
|
||||||
name = "sandbox-image-base",
|
name = "sandbox-image-base",
|
||||||
base = "@openjdk_base//image",
|
base = "@java_base//image",
|
||||||
cmd = None,
|
cmd = None,
|
||||||
directory = "/usr/bin",
|
directory = "/usr/bin",
|
||||||
files = [
|
files = [
|
||||||
|
@ -222,8 +222,9 @@ in rec {
|
|||||||
# Cloud tools
|
# Cloud tools
|
||||||
aws = pkgs.awscli;
|
aws = pkgs.awscli;
|
||||||
gcloud = pkgs.google-cloud-sdk;
|
gcloud = pkgs.google-cloud-sdk;
|
||||||
bq = gcloud;
|
bq = gcloud;
|
||||||
gsutil = gcloud;
|
gsutil = gcloud;
|
||||||
|
docker-credential-gcloud = gcloud;
|
||||||
# used to set up the webide CI pipeline in azure-cron.yml
|
# used to set up the webide CI pipeline in azure-cron.yml
|
||||||
docker-credential-gcr = pkgs.docker-credential-gcr;
|
docker-credential-gcr = pkgs.docker-credential-gcr;
|
||||||
# Note: we need to pin Terraform to 0.11 until nixpkgs includes a version
|
# Note: we need to pin Terraform to 0.11 until nixpkgs includes a version
|
||||||
|
Loading…
Reference in New Issue
Block a user