RHCLOUD-34908 Bump base images to ubi9 (RedHatInsights#2906)

.github/workflows/base-image-auto-update.yml

@@ -14,14 +14,14 @@ jobs:
       - name: Set up skopeo
         run: sudo apt-get install -y skopeo
       - name: Check change
-        run: skopeo inspect docker://registry.access.redhat.com/ubi8/openjdk-21-runtime:latest | grep Digest > .baseimage
+        run: skopeo inspect docker://registry.access.redhat.com/ubi9/openjdk-21-runtime:latest | grep Digest > .baseimage
       - name: Do change if the digest changed
         run: |
           git config user.name 'Update-a-Bot'
           git config user.email '[email protected]'
           git add -A
-          git commit -m "Update ubi8/openjdk-21-runtime:latest image digest" || echo "No changes to commit"
+          git commit -m "Update ubi9/openjdk-21-runtime:latest image digest" || echo "No changes to commit"
       - name: Create pull request
         uses: peter-evans/create-pull-request@v6
         with:
-          title: 'Update ubi8/openjdk-21-runtime:latest image digest'
+          title: 'Update ubi9/openjdk-21-runtime:latest image digest'

docker/Dockerfile.notifications-aggregator.jvm

@@ -3,20 +3,18 @@
 ###
 
 # Build the project
-FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build
+FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build
 USER root
 COPY . /home/jboss
 WORKDIR /home/jboss
 RUN ./mvnw clean package -DskipTests -pl :notifications-aggregator -am --no-transfer-progress
 
 # Build the container
-FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest
+FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest
 
 # Update the base image packages
 USER root
 RUN microdnf update --refresh --nodocs && microdnf clean all
-# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image
-RUN rpm -e --nodeps platform-python-setuptools
 USER jboss
 
 ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'

docker/Dockerfile.notifications-backend.jvm

@@ -3,20 +3,18 @@
 ###
 
 # Build the project
-FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build
+FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build
 USER root
 COPY . /home/jboss
 WORKDIR /home/jboss
 RUN ./mvnw clean package -DskipTests -pl :notifications-backend -am --no-transfer-progress
 
 # Build the container
-FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest
+FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest
 
 # Update the base image packages
 USER root
 RUN microdnf update --refresh --nodocs && microdnf clean all
-# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image
-RUN rpm -e --nodeps platform-python-setuptools
 USER jboss
 
 ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'

docker/Dockerfile.notifications-connector-drawer.jvm

@@ -3,20 +3,18 @@
 ###
 
 # Build the project
-FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build
+FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build
 USER root
 COPY . /home/jboss
 WORKDIR /home/jboss
 RUN ./mvnw clean package -Dmaven.test.skip -Dcheckstyle.skip -pl :notifications-connector-drawer -am --no-transfer-progress
 
 # Build the container
-FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest
+FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest
 
 # Update the base image packages
 USER root
 RUN microdnf update --refresh --nodocs && microdnf clean all
-# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image
-RUN rpm -e --nodeps platform-python-setuptools
 USER jboss
 
 ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'

docker/Dockerfile.notifications-connector-email.jvm

@@ -3,20 +3,18 @@
 ###
 
 # Build the project
-FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build
+FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build
 USER root
 COPY . /home/jboss
 WORKDIR /home/jboss
 RUN ./mvnw clean package -Dmaven.test.skip -Dcheckstyle.skip -pl :notifications-connector-email -am --no-transfer-progress
 
 # Build the container
-FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest
+FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest
 
 # Update the base image packages
 USER root
 RUN microdnf update --refresh --nodocs && microdnf clean all
-# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image
-RUN rpm -e --nodeps platform-python-setuptools
 # Add RedHat CAs on OS truststore (check https://certs.corp.redhat.com/ for more details)
 COPY --from=build /home/jboss/recipients-resolver/src/main/resources/mtls-ca-validators.crt /etc/pki/ca-trust/source/anchors/mtls-ca-validators.crt
 RUN update-ca-trust

docker/Dockerfile.notifications-connector-google-chat.jvm

@@ -3,20 +3,18 @@
 ###
 
 # Build the project
-FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build
+FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build
 USER root
 COPY . /home/jboss
 WORKDIR /home/jboss
 RUN ./mvnw clean package -Dmaven.test.skip -Dcheckstyle.skip -pl :notifications-connector-google-chat -am --no-transfer-progress
 
 # Build the container
-FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest
+FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest
 
 # Update the base image packages
 USER root
 RUN microdnf update --refresh --nodocs && microdnf clean all
-# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image
-RUN rpm -e --nodeps platform-python-setuptools
 USER jboss
 
 ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'

docker/Dockerfile.notifications-connector-microsoft-teams.jvm

@@ -3,20 +3,18 @@
 ###
 
 # Build the project
-FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build
+FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build
 USER root
 COPY . /home/jboss
 WORKDIR /home/jboss
 RUN ./mvnw clean package -Dmaven.test.skip -Dcheckstyle.skip -pl :notifications-connector-microsoft-teams -am --no-transfer-progress
 
 # Build the container
-FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest
+FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest
 
 # Update the base image packages
 USER root
 RUN microdnf update --refresh --nodocs && microdnf clean all
-# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image
-RUN rpm -e --nodeps platform-python-setuptools
 USER jboss
 
 ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'

docker/Dockerfile.notifications-connector-servicenow.jvm

@@ -3,20 +3,18 @@
 ###
 
 # Build the project
-FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build
+FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build
 USER root
 COPY . /home/jboss
 WORKDIR /home/jboss
 RUN ./mvnw clean package -Dmaven.test.skip -Dcheckstyle.skip -pl :notifications-connector-servicenow -am --no-transfer-progress
 
 # Build the container
-FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest
+FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest
 
 # Update the base image packages
 USER root
 RUN microdnf update --refresh --nodocs && microdnf clean all
-# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image
-RUN rpm -e --nodeps platform-python-setuptools
 USER jboss
 
 ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'

docker/Dockerfile.notifications-connector-slack.jvm

@@ -3,20 +3,18 @@
 ###
 
 # Build the project
-FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build
+FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build
 USER root
 COPY . /home/jboss
 WORKDIR /home/jboss
 RUN ./mvnw clean package -Dmaven.test.skip -Dcheckstyle.skip -pl :notifications-connector-slack -am --no-transfer-progress
 
 # Build the container
-FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest
+FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest
 
 # Update the base image packages
 USER root
 RUN microdnf update --refresh --nodocs && microdnf clean all
-# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image
-RUN rpm -e --nodeps platform-python-setuptools
 USER jboss
 
 ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'

docker/Dockerfile.notifications-connector-splunk.jvm

@@ -3,20 +3,18 @@
 ###
 
 # Build the project
-FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build
+FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build
 USER root
 COPY . /home/jboss
 WORKDIR /home/jboss
 RUN ./mvnw clean package -Dmaven.test.skip -Dcheckstyle.skip -pl :notifications-connector-splunk -am --no-transfer-progress
 
 # Build the container
-FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest
+FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest
 
 # Update the base image packages
 USER root
 RUN microdnf update --refresh --nodocs && microdnf clean all
-# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image
-RUN rpm -e --nodeps platform-python-setuptools
 USER jboss
 
 ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'

docker/Dockerfile.notifications-connector-webhook.jvm

@@ -3,20 +3,18 @@
 ###
 
 # Build the project
-FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build
+FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build
 USER root
 COPY . /home/jboss
 WORKDIR /home/jboss
 RUN ./mvnw clean package -Dmaven.test.skip -Dcheckstyle.skip -pl :notifications-connector-webhook -am --no-transfer-progress
 
 # Build the container
-FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest
+FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest
 
 # Update the base image packages
 USER root
 RUN microdnf update --refresh --nodocs && microdnf clean all
-# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image
-RUN rpm -e --nodeps platform-python-setuptools
 USER jboss
 
 ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'

docker/Dockerfile.notifications-engine.jvm

@@ -3,20 +3,18 @@
 ###
 
 # Build the project
-FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build
+FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build
 USER root
 COPY . /home/jboss
 WORKDIR /home/jboss
 RUN ./mvnw clean package -DskipTests -pl :notifications-engine -am --no-transfer-progress
 
 # Build the container
-FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest
+FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest
 
 # Update the base image packages
 USER root
 RUN microdnf update --refresh --nodocs && microdnf clean all
-# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image
-RUN rpm -e --nodeps platform-python-setuptools
 USER jboss
 
 ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'

docker/Dockerfile.notifications-recipients-resolver.jvm

@@ -3,20 +3,18 @@
 ###
 
 # Build the project
-FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build
+FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build
 USER root
 COPY . /home/jboss
 WORKDIR /home/jboss
 RUN ./mvnw clean package -Dmaven.test.skip -Dcheckstyle.skip -pl :notifications-recipients-resolver -am --no-transfer-progress
 
 # Build the container
-FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest
+FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest
 
 # Update the base image packages
 USER root
 RUN microdnf update --refresh --nodocs && microdnf clean all
-# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image
-RUN rpm -e --nodeps platform-python-setuptools
 # Add RedHat CAs on OS truststore (check https://certs.corp.redhat.com/ for more details)
 COPY --from=build /home/jboss/recipients-resolver/src/main/resources/mtls-ca-validators.crt /etc/pki/ca-trust/source/anchors/mtls-ca-validators.crt
 RUN update-ca-trust