From 0f08018a05f3eff7cacb91d7b3b0fe272f19e269 Mon Sep 17 00:00:00 2001 From: Alexander Mazuruk Date: Wed, 24 Feb 2021 09:30:38 +0100 Subject: Change openjdk baseOS img to integration-java11 Since 7.2.0 integration images switched over to alpine, adjusted Dockerfile to accomodate the switch. Benefits from switching over: * minimal {java11,python} images maintained by integration team * using currently "blessed by seccom" versions (:latest tag used) * should limit spread of legal issues across layers * integration images will be the first to have automated compliance documentation * should limit spread of base layers (contributing to deployment footprint - more base layers = more to download, more to store etc...) Issue-ID: INT-1864 Issue-ID: DCAEGEN2-2420 Signed-off-by: Alexander Mazuruk Change-Id: Iecf2654c6732d796c10838284f0882e8c34dac34 --- Changelog.md | 11 ++++++++--- pom.xml | 3 ++- src/main/resources/Dockerfile | 28 ++++++++++++++-------------- version.properties | 4 ++-- 4 files changed, 26 insertions(+), 20 deletions(-) diff --git a/Changelog.md b/Changelog.md index 98bda85..3b10d37 100644 --- a/Changelog.md +++ b/Changelog.md @@ -4,12 +4,17 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). -## [1.5.2] - 18/03/2021 +## [1.6.0] - 25/03/2021 +### Changed +- Switched Dockerfile to integration image (alpine-based) + +## [1.5.2] - 18/03/2021 - Implement singleton cache for events being processed - Add JUnit tests -## [1.5.1] - 03/02/2021 - +## [1.5.1] - 03/02/2021 +### Added - Add configuration number of threads and limit rate in files processing +### Security - Fix vulnerability - update undertow from 2.0.3.Final to 2.2.3.Final and commons.io from 2.6.0 to 2.8.0 diff --git a/pom.xml b/pom.xml index a6c2187..e978515 100644 --- a/pom.xml +++ b/pom.xml @@ -3,6 +3,7 @@ ============LICENSE_START======================================================= Copyright (C) 2019-2020 Nordix Foundation. Copyright (C) 2020-2021 Nokia. All rights reserved. + Copyright (C) 2021 Samsung Electronics. All rights reserved. ================================================================================ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -33,7 +34,7 @@ org.onap.dcaegen2.services pm-mapper - 1.5.2-SNAPSHOT + 1.6.0-SNAPSHOT dcaegen2-services-pm-mapper diff --git a/src/main/resources/Dockerfile b/src/main/resources/Dockerfile index cfd8372..1142259 100644 --- a/src/main/resources/Dockerfile +++ b/src/main/resources/Dockerfile @@ -1,6 +1,7 @@ # # ============LICENSE_START======================================================= # Copyright (C) 2019-2020 Nordix Foundation. +# Copyright (C) 2021 Samsung Electronics. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,28 +18,27 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= # -FROM openjdk:11.0.7-jre-slim +FROM nexus3.onap.org:10001/onap/integration-java11:8.0.0 WORKDIR /opt/app/pm-mapper -RUN apt-get update && \ - apt-get install --no-install-recommends -y curl nano && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* +ARG user=pm-mapper +ARG group=pm-mapper -RUN mkdir -p /var/log/ONAP +USER root +RUN apk add --no-cache curl && \ + mkdir -p /var/log/ONAP && \ + addgroup $group && adduser --system --disabled-password --no-create-home --ingroup $group $user && \ + chmod u=rwx /var/log/ONAP && \ + chown -R $user:$group /opt/app/pm-mapper /var/log/ONAP -RUN adduser pm-mapper; \ - chmod a+rwx /var/log/ONAP; \ - chown -R pm-mapper /opt/app/pm-mapper - -USER pm-mapper +USER $user COPY ${project.build.directory}/${ext.dep.dir.path}/ ${ext.dep.dir.path}/ -COPY ${project.build.directory}/${JAR} . +COPY --chown=$user:$group ${project.build.directory}/${JAR} . COPY ${project.build.directory}/classes/schemas ./etc/schemas/ COPY ${project.build.directory}/classes/templates ./etc/templates/ -COPY --chown=pm-mapper ${project.build.directory}/classes/logback.xml ./etc/logback.xml +COPY --chown=$user:$group ${project.build.directory}/classes/logback.xml ./etc/logback.xml LABEL git.branch="${git.branch}" \ @@ -55,5 +55,5 @@ LABEL git.branch="${git.branch}" \ git.commit.user.name="${git.commit.user.name}" -ENTRYPOINT ["/usr/local/openjdk-11/bin/java", "-jar", "${project.artifactId}-${project.version}.jar"] +ENTRYPOINT ["java", "-jar", "${project.artifactId}-${project.version}.jar"] ARG JAR diff --git a/version.properties b/version.properties index 3f9d877..eabef1f 100644 --- a/version.properties +++ b/version.properties @@ -1,6 +1,6 @@ major=1 -minor=5 -patch=2 +minor=6 +patch=0 base_version=${major}.${minor}.${patch} release_version=${base_version} snapshot_version=${base_version}-SNAPSHOT -- cgit 1.2.3-korg