diff --git a/.github/workflows/base-image-auto-update.yml b/.github/workflows/base-image-auto-update.yml index 9cb89097bc..240c9dcca5 100644 --- a/.github/workflows/base-image-auto-update.yml +++ b/.github/workflows/base-image-auto-update.yml @@ -14,14 +14,14 @@ jobs: - name: Set up skopeo run: sudo apt-get install -y skopeo - name: Check change - run: skopeo inspect docker://registry.access.redhat.com/ubi8/openjdk-21-runtime:latest | grep Digest > .baseimage + run: skopeo inspect docker://registry.access.redhat.com/ubi9/openjdk-21-runtime:latest | grep Digest > .baseimage - name: Do change if the digest changed run: | git config user.name 'Update-a-Bot' git config user.email 'notifications-team@redhat.com' git add -A - git commit -m "Update ubi8/openjdk-21-runtime:latest image digest" || echo "No changes to commit" + git commit -m "Update ubi9/openjdk-21-runtime:latest image digest" || echo "No changes to commit" - name: Create pull request uses: peter-evans/create-pull-request@v6 with: - title: 'Update ubi8/openjdk-21-runtime:latest image digest' + title: 'Update ubi9/openjdk-21-runtime:latest image digest' diff --git a/docker/Dockerfile.notifications-aggregator.jvm b/docker/Dockerfile.notifications-aggregator.jvm index 25e62b8c73..df1bca31d4 100644 --- a/docker/Dockerfile.notifications-aggregator.jvm +++ b/docker/Dockerfile.notifications-aggregator.jvm @@ -3,20 +3,18 @@ ### # Build the project -FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build +FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build USER root COPY . /home/jboss WORKDIR /home/jboss RUN ./mvnw clean package -DskipTests -pl :notifications-aggregator -am --no-transfer-progress # Build the container -FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest +FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest # Update the base image packages USER root RUN microdnf update --refresh --nodocs && microdnf clean all -# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image -RUN rpm -e --nodeps platform-python-setuptools USER jboss ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' diff --git a/docker/Dockerfile.notifications-backend.jvm b/docker/Dockerfile.notifications-backend.jvm index 08378ea57b..f90ac3c69b 100644 --- a/docker/Dockerfile.notifications-backend.jvm +++ b/docker/Dockerfile.notifications-backend.jvm @@ -3,20 +3,18 @@ ### # Build the project -FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build +FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build USER root COPY . /home/jboss WORKDIR /home/jboss RUN ./mvnw clean package -DskipTests -pl :notifications-backend -am --no-transfer-progress # Build the container -FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest +FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest # Update the base image packages USER root RUN microdnf update --refresh --nodocs && microdnf clean all -# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image -RUN rpm -e --nodeps platform-python-setuptools USER jboss ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' diff --git a/docker/Dockerfile.notifications-connector-drawer.jvm b/docker/Dockerfile.notifications-connector-drawer.jvm index 8953d8daab..a63f640d9c 100644 --- a/docker/Dockerfile.notifications-connector-drawer.jvm +++ b/docker/Dockerfile.notifications-connector-drawer.jvm @@ -3,20 +3,18 @@ ### # Build the project -FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build +FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build USER root COPY . /home/jboss WORKDIR /home/jboss RUN ./mvnw clean package -Dmaven.test.skip -Dcheckstyle.skip -pl :notifications-connector-drawer -am --no-transfer-progress # Build the container -FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest +FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest # Update the base image packages USER root RUN microdnf update --refresh --nodocs && microdnf clean all -# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image -RUN rpm -e --nodeps platform-python-setuptools USER jboss ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' diff --git a/docker/Dockerfile.notifications-connector-email.jvm b/docker/Dockerfile.notifications-connector-email.jvm index db6b12f3f7..237f2bddc4 100644 --- a/docker/Dockerfile.notifications-connector-email.jvm +++ b/docker/Dockerfile.notifications-connector-email.jvm @@ -3,20 +3,18 @@ ### # Build the project -FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build +FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build USER root COPY . /home/jboss WORKDIR /home/jboss RUN ./mvnw clean package -Dmaven.test.skip -Dcheckstyle.skip -pl :notifications-connector-email -am --no-transfer-progress # Build the container -FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest +FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest # Update the base image packages USER root RUN microdnf update --refresh --nodocs && microdnf clean all -# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image -RUN rpm -e --nodeps platform-python-setuptools # Add RedHat CAs on OS truststore (check https://certs.corp.redhat.com/ for more details) COPY --from=build /home/jboss/recipients-resolver/src/main/resources/mtls-ca-validators.crt /etc/pki/ca-trust/source/anchors/mtls-ca-validators.crt RUN update-ca-trust diff --git a/docker/Dockerfile.notifications-connector-google-chat.jvm b/docker/Dockerfile.notifications-connector-google-chat.jvm index 062d09deb9..3b2b5b97dd 100644 --- a/docker/Dockerfile.notifications-connector-google-chat.jvm +++ b/docker/Dockerfile.notifications-connector-google-chat.jvm @@ -3,20 +3,18 @@ ### # Build the project -FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build +FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build USER root COPY . /home/jboss WORKDIR /home/jboss RUN ./mvnw clean package -Dmaven.test.skip -Dcheckstyle.skip -pl :notifications-connector-google-chat -am --no-transfer-progress # Build the container -FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest +FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest # Update the base image packages USER root RUN microdnf update --refresh --nodocs && microdnf clean all -# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image -RUN rpm -e --nodeps platform-python-setuptools USER jboss ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' diff --git a/docker/Dockerfile.notifications-connector-microsoft-teams.jvm b/docker/Dockerfile.notifications-connector-microsoft-teams.jvm index 5dfd7601dc..94cc1dec18 100644 --- a/docker/Dockerfile.notifications-connector-microsoft-teams.jvm +++ b/docker/Dockerfile.notifications-connector-microsoft-teams.jvm @@ -3,20 +3,18 @@ ### # Build the project -FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build +FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build USER root COPY . /home/jboss WORKDIR /home/jboss RUN ./mvnw clean package -Dmaven.test.skip -Dcheckstyle.skip -pl :notifications-connector-microsoft-teams -am --no-transfer-progress # Build the container -FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest +FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest # Update the base image packages USER root RUN microdnf update --refresh --nodocs && microdnf clean all -# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image -RUN rpm -e --nodeps platform-python-setuptools USER jboss ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' diff --git a/docker/Dockerfile.notifications-connector-servicenow.jvm b/docker/Dockerfile.notifications-connector-servicenow.jvm index b9c479571b..9e2eb67c0c 100644 --- a/docker/Dockerfile.notifications-connector-servicenow.jvm +++ b/docker/Dockerfile.notifications-connector-servicenow.jvm @@ -3,20 +3,18 @@ ### # Build the project -FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build +FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build USER root COPY . /home/jboss WORKDIR /home/jboss RUN ./mvnw clean package -Dmaven.test.skip -Dcheckstyle.skip -pl :notifications-connector-servicenow -am --no-transfer-progress # Build the container -FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest +FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest # Update the base image packages USER root RUN microdnf update --refresh --nodocs && microdnf clean all -# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image -RUN rpm -e --nodeps platform-python-setuptools USER jboss ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' diff --git a/docker/Dockerfile.notifications-connector-slack.jvm b/docker/Dockerfile.notifications-connector-slack.jvm index 6216ea2ff6..408ff2e457 100644 --- a/docker/Dockerfile.notifications-connector-slack.jvm +++ b/docker/Dockerfile.notifications-connector-slack.jvm @@ -3,20 +3,18 @@ ### # Build the project -FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build +FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build USER root COPY . /home/jboss WORKDIR /home/jboss RUN ./mvnw clean package -Dmaven.test.skip -Dcheckstyle.skip -pl :notifications-connector-slack -am --no-transfer-progress # Build the container -FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest +FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest # Update the base image packages USER root RUN microdnf update --refresh --nodocs && microdnf clean all -# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image -RUN rpm -e --nodeps platform-python-setuptools USER jboss ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' diff --git a/docker/Dockerfile.notifications-connector-splunk.jvm b/docker/Dockerfile.notifications-connector-splunk.jvm index d5d0e68648..79202275a1 100644 --- a/docker/Dockerfile.notifications-connector-splunk.jvm +++ b/docker/Dockerfile.notifications-connector-splunk.jvm @@ -3,20 +3,18 @@ ### # Build the project -FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build +FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build USER root COPY . /home/jboss WORKDIR /home/jboss RUN ./mvnw clean package -Dmaven.test.skip -Dcheckstyle.skip -pl :notifications-connector-splunk -am --no-transfer-progress # Build the container -FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest +FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest # Update the base image packages USER root RUN microdnf update --refresh --nodocs && microdnf clean all -# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image -RUN rpm -e --nodeps platform-python-setuptools USER jboss ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' diff --git a/docker/Dockerfile.notifications-connector-webhook.jvm b/docker/Dockerfile.notifications-connector-webhook.jvm index dfc6983623..812bfc63d5 100644 --- a/docker/Dockerfile.notifications-connector-webhook.jvm +++ b/docker/Dockerfile.notifications-connector-webhook.jvm @@ -3,20 +3,18 @@ ### # Build the project -FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build +FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build USER root COPY . /home/jboss WORKDIR /home/jboss RUN ./mvnw clean package -Dmaven.test.skip -Dcheckstyle.skip -pl :notifications-connector-webhook -am --no-transfer-progress # Build the container -FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest +FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest # Update the base image packages USER root RUN microdnf update --refresh --nodocs && microdnf clean all -# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image -RUN rpm -e --nodeps platform-python-setuptools USER jboss ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' diff --git a/docker/Dockerfile.notifications-engine.jvm b/docker/Dockerfile.notifications-engine.jvm index ab090d1dfc..a0d4fdf321 100644 --- a/docker/Dockerfile.notifications-engine.jvm +++ b/docker/Dockerfile.notifications-engine.jvm @@ -3,20 +3,18 @@ ### # Build the project -FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build +FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build USER root COPY . /home/jboss WORKDIR /home/jboss RUN ./mvnw clean package -DskipTests -pl :notifications-engine -am --no-transfer-progress # Build the container -FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest +FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest # Update the base image packages USER root RUN microdnf update --refresh --nodocs && microdnf clean all -# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image -RUN rpm -e --nodeps platform-python-setuptools USER jboss ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' diff --git a/docker/Dockerfile.notifications-recipients-resolver.jvm b/docker/Dockerfile.notifications-recipients-resolver.jvm index 5210e93a3a..fd83e914f7 100644 --- a/docker/Dockerfile.notifications-recipients-resolver.jvm +++ b/docker/Dockerfile.notifications-recipients-resolver.jvm @@ -3,20 +3,18 @@ ### # Build the project -FROM registry.access.redhat.com/ubi8/openjdk-21:latest AS build +FROM registry.access.redhat.com/ubi9/openjdk-21:latest AS build USER root COPY . /home/jboss WORKDIR /home/jboss RUN ./mvnw clean package -Dmaven.test.skip -Dcheckstyle.skip -pl :notifications-recipients-resolver -am --no-transfer-progress # Build the container -FROM registry.access.redhat.com/ubi8/openjdk-21-runtime:latest +FROM registry.access.redhat.com/ubi9/openjdk-21-runtime:latest # Update the base image packages USER root RUN microdnf update --refresh --nodocs && microdnf clean all -# Temporary workaround for packages affected by a CVE and not needed to run our app which is why we're removing them from the base image -RUN rpm -e --nodeps platform-python-setuptools # Add RedHat CAs on OS truststore (check https://certs.corp.redhat.com/ for more details) COPY --from=build /home/jboss/recipients-resolver/src/main/resources/mtls-ca-validators.crt /etc/pki/ca-trust/source/anchors/mtls-ca-validators.crt RUN update-ca-trust