build(deps): allow dependabot to manage container-embedded mysql/postgres driver versions

[chadlwilson]

Description of Change

Changes docker scripting to extract versions from the Maven POM for the drivers; allowing them to be updated with dependabot for security reasons, and avoiding need for special manual PRs.

Related minor tweaks

• avoided unnecessary use of exec-maven-plugin
• switched scripts to prefer modern #!/usr/bin/env bash, largely to avoid using ancient bash on MacOS.
• speeds up docker test workflows by only building what is necessary to scan

Related issues

N/A

Have test cases been added to cover the new functionality?

yes (already there)

[Copilot]

Pull request overview

Updates the Docker build/publish tooling so the MySQL/PostgreSQL JDBC driver versions embedded in the container image are sourced from Maven POM properties (so Dependabot can update them), while also modernizing various helper scripts and speeding up Docker CI workflows.

Changes:

• Adds driver.postgresql.version / driver.mysql.version properties to the parent POM and wires them into core integration-test profiles.
• Updates Docker build/publish scripts + Dockerfile to pass driver versions as build args and download driver jars from a Maven repository path.
• Modernizes multiple shell scripts (#!/usr/bin/env bash, strict mode) and tweaks GitHub workflows to build only what’s needed for Docker scan tests.

Reviewed changes

Copilot reviewed 18 out of 18 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
sha256_cli.sh	Modernizes bash invocation/strict mode for the dependency-check CLI download helper.
release_stats.sh	Modernizes bash invocation/strict mode for GitHub release stats helper.
publish-docker.sh	Removed; publishing logic moved to docker-publish.sh.
prepare-release.sh	Uses mvn help:evaluate for version extraction; modern shebang/strict mode.
pom.xml	Introduces POM properties for Postgres/MySQL driver versions.
list-changes.sh	Modern shebang/strict mode; quotes git revision range.
docker-test.sh	Modern shebang/strict mode; uses mvn help:evaluate for version.
docker-shell.sh	Modern shebang/strict mode; uses mvn help:evaluate for version.
docker-pullcount.sh	Modern shebang/strict mode for Docker Hub pull count helper.
docker-publish.sh	New script: publishes multi-arch image using driver versions read from the POM.
docker-build.sh	Reads version + driver versions from the POM and passes them into the Docker build.
coverity_scan.sh	Removed legacy Travis/Coverity script.
core/pom.xml	Uses shared driver version properties for MySQL/Postgres integration-test profiles.
README.md	Updates docker build instructions to reference ./docker-build.sh.
Dockerfile	Removes hardcoded driver versions; downloads driver jars from Maven repo based on build args.
.github/workflows/release.yml	Switches to new docker scripts and builds only cli module for scan target.
.github/workflows/pull_requests.yml	Switches to new docker scripts and builds only cli module for scan target.
.github/workflows/build.yml	Switches to new docker scripts and builds only cli module for scan target.

Comments suppressed due to low confidence (1)

docker-test.sh:3

• With set -u enabled, this script can fail with an “unbound variable” error if $USER is not set in the environment (it’s referenced later when computing uid/gid and setting -e user=...). Consider avoiding $USER entirely (e.g., derive user/uid/gid via id) or providing a default (${USER:-...}) so the script is robust in non-interactive/CI shells.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.