diff --git a/.github/workflows/code-freeze.yml b/.github/workflows/code-freeze.yml index f14e3ad8..8f9f79e4 100644 --- a/.github/workflows/code-freeze.yml +++ b/.github/workflows/code-freeze.yml @@ -33,6 +33,9 @@ jobs: # Code freeze if branch-regex matches codefreeze_if_branch_match: + permissions: + contents: write + pull-requests: write needs: codefreeze_branch_check uses: adoptium/.github/.github/workflows/code-freeze.yml@main if: (github.event_name == 'pull_request_target' || (github.event_name == 'issue_comment' && github.event.issue.pull_request)) && needs.codefreeze_branch_check.outputs.regex-matches == 'true' diff --git a/docker_templates/alpine-linux.Dockerfile.j2 b/docker_templates/alpine-linux.Dockerfile.j2 index 816c4a69..9344dd20 100644 --- a/docker_templates/alpine-linux.Dockerfile.j2 +++ b/docker_templates/alpine-linux.Dockerfile.j2 @@ -15,7 +15,7 @@ RUN set -eux; \ ca-certificates p11-kit-trust \ # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8 musl-locales musl-locales-lang \ -{% include 'partials/binutils.j2' -%} + {%- include 'partials/binutils.j2' %} tzdata \ # Contains `csplit` used for splitting multiple certificates in one file to multiple files, since keytool can # only import one at a time. diff --git a/docker_templates/nanoserver.Dockerfile.j2 b/docker_templates/nanoserver.Dockerfile.j2 index 15a10abb..31be4098 100644 --- a/docker_templates/nanoserver.Dockerfile.j2 +++ b/docker_templates/nanoserver.Dockerfile.j2 @@ -22,4 +22,4 @@ RUN echo Verifying install ... \ {% endif -%} && echo java {% if version|int >= 11 %}--{% else %}-{% endif %}version && java {% if version|int >= 11 %}--{% else %}-{% endif %}version \ && echo Complete. -{% include 'partials/jshell.j2' %} \ No newline at end of file +{% include 'partials/jshell.j2' %} diff --git a/docker_templates/partials/arch-variable.j2 b/docker_templates/partials/arch-variable.j2 index b40f728d..9e32b584 100644 --- a/docker_templates/partials/arch-variable.j2 +++ b/docker_templates/partials/arch-variable.j2 @@ -4,4 +4,4 @@ ARCH="$(apk --print-arch)"; \ {%- elif os == "ubi9-minimal" %} ARCH="$(rpm --query --queryformat='%{ARCH}' rpm)"; \ -{%- endif -%} \ No newline at end of file +{%- endif -%} diff --git a/docker_templates/partials/binutils.j2 b/docker_templates/partials/binutils.j2 index d81e9ce8..b4b7872d 100644 --- a/docker_templates/partials/binutils.j2 +++ b/docker_templates/partials/binutils.j2 @@ -1,5 +1,5 @@ - {% if image_type == "jdk" and version|int >= 13 -%} +{% if image_type == "jdk" and version|int >= 13 %} # jlink --strip-debug on 13+ needs objcopy: https://github.com/docker-library/openjdk/issues/351 # Error: java.io.IOException: Cannot run program "objcopy": error=2, No such file or directory binutils \ - {% endif -%} +{%- endif -%} diff --git a/docker_templates/partials/multi-arch-install.j2 b/docker_templates/partials/multi-arch-install.j2 index 5ad1f5bb..4f8a9e6a 100644 --- a/docker_templates/partials/multi-arch-install.j2 +++ b/docker_templates/partials/multi-arch-install.j2 @@ -27,4 +27,4 @@ RUN set -eux; \ --strip-components 1 \ --no-same-owner \ ; \ - rm -f /tmp/openjdk.tar.gz ${JAVA_HOME}/lib/src.zip; \ No newline at end of file + rm -f /tmp/openjdk.tar.gz ${JAVA_HOME}/lib/src.zip; diff --git a/docker_templates/partials/version-check-windows.j2 b/docker_templates/partials/version-check-windows.j2 index fa4c2daa..3c0df1f4 100644 --- a/docker_templates/partials/version-check-windows.j2 +++ b/docker_templates/partials/version-check-windows.j2 @@ -4,4 +4,4 @@ RUN Write-Host 'Verifying install ...'; \ {% endif -%} Write-Host 'java {% if version|int >= 11 %}--{% else %}-{% endif %}version'; java {% if version|int >= 11 %}--{% else %}-{% endif %}version; \ \ - Write-Host 'Complete.' \ No newline at end of file + Write-Host 'Complete.' diff --git a/docker_templates/partials/version-check.j2 b/docker_templates/partials/version-check.j2 index 50afca76..d019ebd9 100644 --- a/docker_templates/partials/version-check.j2 +++ b/docker_templates/partials/version-check.j2 @@ -7,4 +7,4 @@ RUN set -eux; \ echo "javac {% if version|int >= 11 %}--{% else %}-{% endif %}version"; javac {% if version|int >= 11 %}--{% else %}-{% endif %}version; \ {% endif -%} echo "java {% if version|int >= 11 %}--{% else %}-{% endif %}version"; java {% if version|int >= 11 %}--{% else %}-{% endif %}version; \ - echo "Complete." \ No newline at end of file + echo "Complete." diff --git a/docker_templates/servercore.Dockerfile.j2 b/docker_templates/servercore.Dockerfile.j2 index 56521ab7..92698025 100644 --- a/docker_templates/servercore.Dockerfile.j2 +++ b/docker_templates/servercore.Dockerfile.j2 @@ -31,4 +31,4 @@ RUN Write-Host ('Downloading {{ arch_data.download_url }} ...'); \ Remove-Item openjdk.msi -Force {% include 'partials/version-check-windows.j2' %} -{% include 'partials/jshell.j2' %} \ No newline at end of file +{% include 'partials/jshell.j2' %} diff --git a/docker_templates/ubuntu.Dockerfile.j2 b/docker_templates/ubuntu.Dockerfile.j2 index 68534423..f5c13653 100644 --- a/docker_templates/ubuntu.Dockerfile.j2 +++ b/docker_templates/ubuntu.Dockerfile.j2 @@ -19,7 +19,7 @@ RUN set -eux; \ # utilities for keeping Ubuntu and OpenJDK CA certificates in sync # https://github.com/adoptium/containers/issues/293 ca-certificates p11-kit \ -{% include 'partials/binutils.j2' -%} + {%- include 'partials/binutils.j2' %} tzdata \ # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8 locales \ diff --git a/test_generate_dockerfiles.py b/test_generate_dockerfiles.py index 2e2f0b72..8a8f32e1 100644 --- a/test_generate_dockerfiles.py +++ b/test_generate_dockerfiles.py @@ -157,6 +157,81 @@ def test_jdk11plus_jshell_cmd(self): expected_string = 'CMD ["jshell"]' self.assertNotIn(expected_string, rendered_template) + def test_binutils_inclusion(self): + template_name = "ubuntu.Dockerfile.j2" + template = self.env.get_template(template_name) + + # Binutils should be included for jdk images with version >= 13 + with self.subTest("jdk 13+ should include binutils"): + context = { + "version": 13, + "image_type": "jdk", + "os": "ubuntu", + "arch_data": {}, + } + rendered_template = template.render(**context) + self.assertIn("binutils", rendered_template) + + # Binutils should not be included for jre images regardless of version + with self.subTest("jre 13+ should not include binutils"): + context = { + "version": 13, + "image_type": "jre", + "os": "ubuntu", + "arch_data": {}, + } + rendered_template = template.render(**context) + self.assertNotIn("binutils", rendered_template) + + # Binutils should not be included for jdk images with version < 13 + with self.subTest("jdk < 13 should not include binutils"): + context = { + "version": 12, + "image_type": "jdk", + "os": "ubuntu", + "arch_data": {}, + } + rendered_template = template.render(**context) + self.assertNotIn("binutils", rendered_template) + + def test_arch_data_population(self): + template_name = "ubuntu.Dockerfile.j2" + template = self.env.get_template(template_name) + + # Simulate API response + arch_data = { + "amd64": { + "download_url": "http://fake-url.com", + "checksum": "fake-checksum", + } + } + + context = { + "version": 11, + "image_type": "jdk", + "os": "ubuntu", + "arch_data": arch_data, + } + rendered_template = template.render(**context) + + self.assertIn("http://fake-url.com", rendered_template) + self.assertIn("fake-checksum", rendered_template) + + def test_entrypoint_rendering(self): + template_name = "entrypoint.sh.j2" + template = self.env.get_template(template_name) + + context = { + "image_type": "jdk", + "os": "ubuntu", + "version": 11, + } + rendered_template = template.render(**context) + + # Ensure that the entrypoint script contains expected commands + self.assertIn("update-ca-certificates", rendered_template) + self.assertIn("exec \"$@\"", rendered_template) + if __name__ == "__main__": unittest.main()