Fixed Actions & Docker

Author: MarcelCoding

.github/workflows/ci.yaml

@@ -8,6 +8,7 @@ on:
 
 env:
   JAVA_VERSION: 17
+  JAVA_DISTRO: temurin
 
 jobs:
   lint:
@@ -30,37 +31,22 @@ jobs:
       - name: Set up JDK ${{ env.JAVA_VERSION }}
         uses: actions/setup-java@v2
         with:
-          distribution: adopt
           java-version: ${{ env.JAVA_VERSION }}
+          distribution: ${{ env.JAVA_DISTRO }}
 
       - name: Grant execute permission for gradlew
         run: chmod +x gradlew
 
       - name: Lint with Gradle
-        run: ./gradlew checkstyleMain checkstyleTest spotbugsMain spotbugsTest pmdMain pmdTest --stacktrace --no-daemon # javadoc
-
-#      - name: Annotate Checkstyle Issues
-#        uses: jwgmeligmeyling/checkstyle-github-action@master
-#        with:
-#          path: '**/build/reports/checkstyle/*.xml'
-#
-#      - name: Annotate SpotBugs Issues
-#        uses: jwgmeligmeyling/spotbugs-github-action@master
-#        with:
-#          path: '**/build/reports/spotbugs/*.xml'
-#
-#      - name: Annotate PMD Issues
-#        uses: jwgmeligmeyling/pmd-github-action@master
-#        with:
-#          path: '**/build/reports/pmd/*.xml'
+        run: ./gradlew checkstyleMain checkstyleTest spotbugsMain spotbugsTest pmdMain pmdTest --stacktrace --no-daemon
 
   test:
     runs-on: ubuntu-latest
 
     strategy:
       matrix:
-        java-version: [ 11, 16 ]
-        jvm-impl: [ 'hotspot', 'openj9' ]
+        java-version: [ 17 ]
+        java-distro: [ temurin, zulu, liberica, microsoft ]
 
     steps:
       - uses: actions/checkout@v2
@@ -72,21 +58,21 @@ jobs:
           path: |
             ~/.gradle/caches
             ~/.gradle/wrapper
-          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
+          key: ${{ runner.os }}-gradle-${{ matrix.java-distro }}-${{ matrix.java-version }}-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
           restore-keys: |
-            ${{ runner.os }}-gradle-
+            ${{ runner.os }}-gradle-${{ matrix.java-distro }}-${{ matrix.java-version }}-
 
       - name: Set up JDK ${{ matrix.java-version }}
         uses: actions/setup-java@v2
         with:
-          distribution: adopt-${{ matrix.jvm-impl }}
           java-version: ${{ matrix.java-version }}
+          distribution: ${{ matrix.java-distro }}
 
       - name: Grant execute permission for gradlew
         run: chmod +x gradlew
 
       - name: Run tests with Gradle
-        run: ./gradlew test --no-daemon
+        run: ./gradlew test --stacktrace --no-daemon
 
   build:
     needs: [ lint, test ]
@@ -113,14 +99,14 @@ jobs:
       - name: Set up JDK ${{ env.JAVA_VERSION }}
         uses: actions/setup-java@v2
         with:
-          distribution: adopt
           java-version: ${{ env.JAVA_VERSION }}
+          distribution: ${{ env.JAVA_DISTRO }}
 
       - name: Grant execute permission for gradlew
         run: chmod +x gradlew
 
       - name: Build with Gradle
-        run: ./gradlew :${{ matrix.service }}:bootJar --no-daemon
+        run: ./gradlew :${{ matrix.service }}:shadowJar :${{ matrix.service }}:assemble --stacktrace --no-daemon
 
       - uses: actions/upload-artifact@v2
         with:
@@ -131,37 +117,29 @@ jobs:
     needs: build
     runs-on: ubuntu-latest
 
+    permissions:
+      packages: write
+
     strategy:
       matrix:
         service: [ 'server', 'java-daemon', 'admin-panel' ]
-        jvm-impl: [ hotspot, openj9 ]
-        include:
-          - jvm-impl: hotspot
-            platforms: linux/amd64,linux/arm/v7,linux/arm64/v8
-          - jvm-impl: openj9
-            platforms: linux/amd64 #,linux/arm64/v8
-
-    env:
-      IMAGE_NAME: crypticcp/${{ matrix.service }}
 
     steps:
       - uses: actions/checkout@v2
         with:
           submodules: recursive
 
       - name: Docker meta
-        id: docker_meta
-        uses: marcelcoding/ghaction-docker-meta@v1
-        with:
-          tag-edge: true
-          images: |
-            ${{ env.IMAGE_NAME }}
-            ghcr.io/${{ github.repository_owner }}/${{ matrix.service }}
-          tag-semver: |
-            {{version}}
-            {{major}}.{{minor}}
-          flavor: ${{ matrix.jvm-impl }}
-          main-flavor: ${{ matrix.jvm-impl == 'hotspot' }}
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          images: ghcr.io/${{ github.repository_owner }}/${{ matrix.service }}
+          tags: |
+            type=edge
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
 
       - uses: docker/setup-qemu-action@v1
       - uses: docker/setup-buildx-action@v1
@@ -170,53 +148,39 @@ jobs:
         uses: actions/cache@v2
         with:
           path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ matrix.service }}-${{ matrix.jvm-impl }}-${{ github.sha }}
+          key: ${{ runner.os }}-buildx-${{ matrix.service }}-${{ github.sha }}
           restore-keys: |
-            ${{ runner.os }}-buildx-${{ matrix.service }}-${{ matrix.jvm-impl }}-
-
-      - name: Login to Docker Hub
-        if: ${{ github.event_name != 'pull_request' }}
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+            ${{ runner.os }}-buildx-${{ matrix.service }}-
 
       - name: Login to GitHub Container Registry
-        if: ${{ github.event_name != 'pull_request' }}
         uses: docker/login-action@v1
+        if: github.event_name != 'pull_request'
         with:
           registry: ghcr.io
-          username: ${{ github.repository_owner }}
+          username: ${{ github.actor }}
           password: ${{ github.token }}
 
       - uses: actions/download-artifact@v2
         with:
           name: ${{ matrix.service }}
-          path: dist
 
       - name: Build
         uses: docker/build-push-action@v2
         with:
           context: .
           file: ./docker/Dockerfile.github-actions
-          platforms: ${{ matrix.platforms }}
+          platforms: linux/amd64,linux/arm64/v8 #${{ matrix.platforms }} linux/arm/v7,
           push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.docker_meta.outputs.tags }}
-          labels: ${{ steps.docker_meta.outputs.labels }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
           build-args: |
             SERVICE_NAME=${{ matrix.service }}
-            JAVA_VERSION=${{ env.JAVA_VERSION }}
-            JVM_IMPL=${{ matrix.jvm-impl }}
+            JVM_VERSION=${{ env.JAVA_VERSION }}
+          # JVM_IMPL=${{ matrix.jvm-impl }}
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new
 
       - name: Move cache
         run: |
           rm -rf /tmp/.buildx-cache
           mv /tmp/.buildx-cache-new /tmp/.buildx-cache
-
-      - name: Check manifest
-        if: ${{ github.event_name != 'pull_request' }}
-        run: |
-          docker buildx imagetools inspect ${{ env.IMAGE_NAME }}:${{ steps.docker_meta.outputs.version }}
-          docker buildx imagetools inspect ghcr.io/${{ github.repository_owner }}/${{ matrix.service }}:${{ steps.docker_meta.outputs.version }}

admin-panel/build.gradle

@@ -1,6 +1,7 @@
 plugins {
     id 'org.springframework.boot'
     id 'io.spring.dependency-management'
+    id 'com.github.johnrengelman.shadow'
 }
 
 dependencies {

build.gradle

@@ -16,6 +16,7 @@ plugins {
     id 'com.github.spotbugs' version '4.7.5' apply(false)
     id 'org.springframework.boot' version "${springBootVersion}" apply false
     id 'io.spring.dependency-management' version '1.0.11.RELEASE' apply false
+    id 'com.github.johnrengelman.shadow' version '7.1.2' apply false
 }
 
 if (version.toString().endsWith('SNAPSHOT') || version.toString().isBlank()) {

docker/Dockerfile

@@ -1,10 +1,8 @@
-ARG JAVA_VERSION=17
-ARG JVM_IMPL=hotspot
+ARG JVM_VERSION=17
 ARG SERVICE_NAME=server
 
-FROM adoptopenjdk:${JAVA_VERSION}-jdk-${JVM_IMPL} AS builder
-
-ARG SERVICE_NAME=server
+FROM eclipse-temurin:${JVM_VERSION}-jdk-focal AS builder
+ARG SERVICE_NAME
 
 RUN set -o errexit -o nounset \
  && apt-get update \
@@ -13,25 +11,52 @@ RUN set -o errexit -o nounset \
 COPY . /src
 WORKDIR /src
 
-RUN chmod +x ./gradlew \
-    && ./gradlew :${SERVICE_NAME}:bootJar --stacktrace --no-daemon
+RUN set -o errexit -o nounset \
+ && chmod +x ./gradlew \
+ && ./gradlew clean :${SERVICE_NAME}:shadowJar :${SERVICE_NAME}:assemble --stacktrace --no-daemon
+
+FROM eclipse-temurin:${JVM_VERSION}-jdk-focal AS jre
+ARG JVM_VERSION
+ARG SERVICE_NAME
 
-FROM adoptopenjdk:${JAVA_VERSION}-jre-${JVM_IMPL} AS extractor
+WORKDIR /src
 
-ARG SERVICE_NAME=server
+COPY --from=builder /src/${SERVICE_NAME}/build/libs/${SERVICE_NAME}-*-all.jar ${SERVICE_NAME}.jar
+
+RUN set -o errexit -o nounset \
+ && jdeps \
+     --ignore-missing-deps \
+     -q \
+     --multi-release ${JVM_VERSION} \
+     --print-module-deps \
+     ./${SERVICE_NAME}.jar > jre-deps.info \
+ && jlink \
+     --add-modules $(cat jre-deps.info) \
+     --strip-debug \
+     --no-man-pages \
+     --no-header-files \
+     --compress 2 \
+     --output ./jre
+
+FROM eclipse-temurin:${JVM_VERSION}-jdk-focal AS extractor
+ARG SERVICE_NAME
 
 WORKDIR /src
 
-COPY --from=builder /src/${SERVICE_NAME}/build/libs/${SERVICE_NAME}*.jar cryptic.jar
-RUN java -Djarmode=layertools -jar cryptic.jar extract
+COPY --from=builder /src/${SERVICE_NAME}/build/libs/${SERVICE_NAME}-*.jar ${SERVICE_NAME}.jar
+RUN java -Djarmode=layertools -jar ${SERVICE_NAME}.jar extract
+
+FROM ubuntu:focal
+ARG SERVICE_NAME
 
-FROM adoptopenjdk:${JAVA_VERSION}-jre-${JVM_IMPL}
+ENV JAVA_HOME=/opt/jre
+ENV PATH="/opt/jre/bin:${PATH}"
 
 ENV HTTP_PORT=8080
 ENV MANAGEMENT_PORT=8081
 
-ARG CRYPTIC_USER=cryptic
-ARG CRYPTIC_GROUP=cryptic
+ARG CRYPTIC_USER=cryptic-${SERVICE_NAME}
+ARG CRYPTIC_GROUP=cryptic-${SERVICE_NAME}
 ARG DATA_DIR=/data
 
 RUN set -o errexit -o nounset \
@@ -42,24 +67,34 @@ RUN set -o errexit -o nounset \
  && chown --recursive ${CRYPTIC_USER}:${CRYPTIC_GROUP} /home/${CRYPTIC_USER} \
  \
  && apt-get update \
- && apt-get install -y --no-install-recommends curl jq \
- && rm -rf /var/lib/apt/lists/*
+ && apt-get install -y --no-install-recommends curl jq ca-certificates \
+ && rm -rf /var/lib/apt/lists/* \
+ \
+ && curl -fsSL https://raw.githubusercontent.com/fabric8io-images/run-java-sh/master/fish-pepper/run-java-sh/fp-files/run-java.sh -so /opt/run-java.sh \
+ && chmod +x /opt/run-java.sh
+
+COPY --from=jre /src/jre ${JAVA_HOME}
 
 WORKDIR ${DATA_DIR}
 
+ENV JAVA_APP_DIR=${DATA_DIR}
+ENV JAVA_MAIN_CLASS=org.springframework.boot.loader.JarLauncher
+ENV JAVA_APP_NAME=cryptic-${SERVICE_NAME}
+ENV JAVA_CLASSPATH=/opt/cryptic-${SERVICE_NAME}
+
 USER ${CRYPTIC_USER}:${CRYPTIC_GROUP}
 VOLUME ${DATA_DIR}
 
 EXPOSE ${HTTP_PORT}
 EXPOSE ${MANAGEMENT_PORT}
 
-COPY --from=extractor /src/dependencies/ /opt/cryptic
-COPY --from=extractor /src/spring-boot-loader/ /opt/cryptic
-COPY --from=extractor /src/snapshot-dependencies/ /opt/cryptic
-COPY --from=extractor /src/application/ /opt/cryptic
+COPY --from=extractor /src/dependencies/ /opt/cryptic-${SERVICE_NAME}
+COPY --from=extractor /src/spring-boot-loader/ /opt/cryptic-${SERVICE_NAME}
+COPY --from=extractor /src/snapshot-dependencies/ /opt/cryptic-${SERVICE_NAME}
+COPY --from=extractor /src/application/ /opt/cryptic-${SERVICE_NAME}
 
-ENTRYPOINT ["java", "-cp", "/opt/cryptic", "org.springframework.boot.loader.JarLauncher"]
+ENTRYPOINT ["/opt/run-java.sh"]
 
-HEALTHCHECK --start-period=10s --interval=30s --timeout=3s --retries=3 \
-            CMD curl --silent --fail --request GET "http://localhost:${MANAGEMENT_PORT}/actuator/health" \
-                | jq --exit-status '.status == "UP"' || exit 1
+#HEALTHCHECK --start-period=10s --interval=30s --timeout=3s --retries=3 \
+#            CMD curl --silent --fail --request GET "http://localhost:${MANAGEMENT_PORT}/actuator/health" \
+#                | jq --exit-status '.status == "UP"' || exit 1