mirror of
https://github.com/digital-asset/daml.git
synced 2024-09-20 01:07:18 +03:00
Use Distroless for the Java Docker base image. (#6537)
* Use Distroless for the Java Docker base image. We switched away from Distroless because it was causing issues with `docker pull` when you had Docker configured to use `gcloud` for authentication, but weren't actually authenticated. Adding `docker-credential-gcloud` to dev-env should hopefully fix this, meaning we can switch back to a base image that is better-maintained. CHANGELOG_BEGIN CHANGELOG_END * Bump rules_docker to v0.14.3. This fixes an issue when running `bazel sync`: ``` ERROR: java.io.IOException: Error downloading [http://central.maven.org/maven2/javax/servlet/javax.servlet-api/3.0.1/javax.servlet-api-3.0.1.jar] to [...]/external/javax_servlet_api/javax.servlet-api-3.0.1.jar: Unknown host: central.maven.org ```
This commit is contained in:
parent
d3a69b31cd
commit
7f7eaa35e7
@ -737,10 +737,11 @@ container_deps()
|
||||
load("@io_bazel_rules_docker//container:container.bzl", "container_pull")
|
||||
|
||||
container_pull(
|
||||
name = "openjdk_base",
|
||||
registry = "docker.io",
|
||||
repository = "openjdk",
|
||||
tag = "8-alpine",
|
||||
name = "java_base",
|
||||
digest = "sha256:7cef6d99241bc86e09659d41842e3656a1cab99adf0e440a44d2858c8e52a71a",
|
||||
registry = "gcr.io",
|
||||
repository = "distroless/java",
|
||||
tag = "8",
|
||||
)
|
||||
|
||||
load("@io_bazel_rules_docker//java:image.bzl", java_image_repositories = "repositories")
|
||||
|
6
deps.bzl
6
deps.bzl
@ -151,9 +151,9 @@ def daml_deps():
|
||||
if "io_bazel_rules_docker" not in native.existing_rules():
|
||||
http_archive(
|
||||
name = "io_bazel_rules_docker",
|
||||
url = "https://github.com/bazelbuild/rules_docker/releases/download/v0.12.1/rules_docker-v0.12.1.tar.gz",
|
||||
strip_prefix = "rules_docker-0.12.1",
|
||||
sha256 = "14ac30773fdb393ddec90e158c9ec7ebb3f8a4fd533ec2abbfd8789ad81a284b",
|
||||
url = "https://github.com/bazelbuild/rules_docker/releases/download/v0.14.3/rules_docker-v0.14.3.tar.gz",
|
||||
strip_prefix = "rules_docker-0.14.3",
|
||||
sha256 = "6287241e033d247e9da5ff705dd6ef526bac39ae82f3d17de1b69f8cb313f9cd",
|
||||
)
|
||||
|
||||
if "com_google_protobuf" not in native.existing_rules():
|
||||
|
1
dev-env/bin/docker-credential-gcloud
Symbolic link
1
dev-env/bin/docker-credential-gcloud
Symbolic link
@ -0,0 +1 @@
|
||||
../lib/dade-exec-nix-tool
|
@ -180,7 +180,7 @@ conformance_test(
|
||||
|
||||
java_image(
|
||||
name = "app-image",
|
||||
base = "@openjdk_base//image",
|
||||
base = "@java_base//image",
|
||||
main_class = "com.daml.ledger.on.memory.Main",
|
||||
resources = ["src/app/resources/logback.xml"],
|
||||
visibility = ["//visibility:public"],
|
||||
|
@ -178,7 +178,7 @@ genrule(
|
||||
|
||||
container_image(
|
||||
name = "sandbox-image-base",
|
||||
base = "@openjdk_base//image",
|
||||
base = "@java_base//image",
|
||||
cmd = None,
|
||||
directory = "/usr/bin",
|
||||
files = [
|
||||
|
@ -222,8 +222,9 @@ in rec {
|
||||
# Cloud tools
|
||||
aws = pkgs.awscli;
|
||||
gcloud = pkgs.google-cloud-sdk;
|
||||
bq = gcloud;
|
||||
bq = gcloud;
|
||||
gsutil = gcloud;
|
||||
docker-credential-gcloud = gcloud;
|
||||
# used to set up the webide CI pipeline in azure-cron.yml
|
||||
docker-credential-gcr = pkgs.docker-credential-gcr;
|
||||
# Note: we need to pin Terraform to 0.11 until nixpkgs includes a version
|
||||
|
Loading…
Reference in New Issue
Block a user