KollectTools/Docker-Images
18
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

build: Update libraries to latest version

Browse Source
This commit is contained in:
Fadhli Azhari
2026-04-30 09:52:04 +08:00
parent 1f3c4e2102
commit 58e25ebd4d
8 changed files with 117 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ci/java-builder/Dockerfile
+28 -18
View File
@@ -1,24 +1,27 @@
# KollectAI CI — Java Builder Image
#
# Pre-baked build environment for backend + plugin CI jobs.
# Contains: Java 21, Maven 3.9.9, Node.js + pnpm, buf CLI, OWASP NVD
# Contains: Java 25, Maven 3.9.x, Node.js 24 + pnpm 11, buf CLI, OWASP NVD
# database, ORAS CLI, common dependencies.
#
# Build:
# docker build -t 192.168.1.72/kollect-tools/ci/java-builder:latest ci/java-builder/
# docker build -t kcr.kollect.biz/kollect-tools/ci/java-builder:latest ci/java-builder/
#
# Usage in CI:
# container:
# image: 192.168.1.72/kollect-tools/ci/java-builder:latest
# image: kcr.kollect.biz/kollect-tools/ci/java-builder:latest
#
# RUN order is cache-optimised: most stable / most expensive layers come
# first, most volatile / cheapest layers come last. Bumping a version
# only invalidates that layer and everything below it, so volatile pins
# (pnpm, buf) live near the bottom to avoid forcing OWASP NVD or Maven
# downloads to re-run.
ARG JAVA_VERSION=25
FROM eclipse-temurin:${JAVA_VERSION}-jdk-jammy
ARG MAVEN_VERSION=3.9.14
ARG OWASP_DC_VERSION=12.1.1
ARG NVD_API_KEY=""
# ─────────────────────────────────────────────────────────────────────
# System dependencies
# System dependencies + Node.js
# ─────────────────────────────────────────────────────────────────────
ARG NODE_MAJOR=24
@@ -40,6 +43,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
# ─────────────────────────────────────────────────────────────────────
# Maven
# ─────────────────────────────────────────────────────────────────────
ARG MAVEN_VERSION=3.9.15
ENV MAVEN_HOME=/opt/maven
ENV PATH="${MAVEN_HOME}/bin:${PATH}"
@@ -56,6 +60,8 @@ RUN curl -fsSL "https://dlcdn.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
#
# Rebuild this image weekly to keep the NVD database fresh.
# ─────────────────────────────────────────────────────────────────────
ARG OWASP_DC_VERSION=12.2.1
ARG NVD_API_KEY=""
ENV OWASP_DATA_DIR=/opt/owasp/dependency-check-data
RUN mkdir -p "${OWASP_DATA_DIR}" \
@@ -65,17 +71,11 @@ RUN mkdir -p "${OWASP_DATA_DIR}" \
-q || true
# ─────────────────────────────────────────────────────────────────────
# pnpm — via corepack (ships with Node.js)
# ORAS CLI — for uploading artifacts to Harbor.
# Low-volatility static binary; placed before buf/pnpm so a bump here
# (rare) doesn't invalidate them.
# ─────────────────────────────────────────────────────────────────────
ARG PNPM_VERSION=10.15.0
RUN corepack enable \
&& corepack prepare "pnpm@${PNPM_VERSION}" --activate
# ─────────────────────────────────────────────────────────────────────
# ORAS CLI — for uploading artifacts to Harbor
# ─────────────────────────────────────────────────────────────────────
ARG ORAS_VERSION=1.2.2
ARG ORAS_VERSION=1.3.2
RUN curl -fsSL "https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz" \
| tar -xz -C /usr/local/bin oras
@@ -85,12 +85,22 @@ RUN curl -fsSL "https://github.com/oras-project/oras/releases/download/v${ORAS_V
# parity. Backend Java codegen lives in the Maven build (protobuf-maven-
# plugin), not buf, so no protoc plugins are needed in this image.
# ─────────────────────────────────────────────────────────────────────
ARG BUF_VERSION=1.55.0
ARG BUF_VERSION=1.69.0
RUN curl -fsSL "https://github.com/bufbuild/buf/releases/download/v${BUF_VERSION}/buf-Linux-x86_64" \
-o /usr/local/bin/buf \
&& chmod +x /usr/local/bin/buf
# ─────────────────────────────────────────────────────────────────────
# pnpm — via corepack (ships with Node.js).
# Last because it's the most volatile pin and corepack prepare is the
# cheapest layer; bumping pnpm shouldn't force any other layer to rebuild.
# ─────────────────────────────────────────────────────────────────────
ARG PNPM_VERSION=11.0.1
RUN corepack enable \
&& corepack prepare "pnpm@${PNPM_VERSION}" --activate
WORKDIR /workspace
# Verify installation
ci/java-builder/README.md
+13 -13
View File
@@ -4,12 +4,12 @@ Pre-baked build environment for KollectAI-ETL backend and plugin CI jobs.
## What's included
- Java 21 (Eclipse Temurin)
- Maven 3.9.9
- Java 25 (Eclipse Temurin)
- Maven 3.9.15
- Pre-cached Maven dependencies (Spring Boot, Flink, MyBatis, etc.)
- Pre-installed `plugin-api` in local Maven repo
- OWASP NVD database snapshot
- Node.js + pnpm (via corepack)
- Node.js 24 + pnpm 11 (via corepack)
- [buf](https://buf.build) CLI — for `buf lint` parity with pre-push
- ORAS CLI (Harbor artifact uploads)
- git, jq, curl
@@ -22,8 +22,8 @@ Pre-baked build environment for KollectAI-ETL backend and plugin CI jobs.
## Build
```bash
docker build -t 192.168.1.72/kollect-tools/ci/java-builder:latest ci/java-builder/
docker push 192.168.1.72/kollect-tools/ci/java-builder:latest
docker build -t kcr.kollect.biz/kollect-tools/ci/java-builder:latest ci/java-builder/
docker push kcr.kollect.biz/kollect-tools/ci/java-builder:latest
```
### Build args
@@ -31,12 +31,12 @@ docker push 192.168.1.72/kollect-tools/ci/java-builder:latest
| Arg | Default | Description |
|-----|---------|-------------|
| `JAVA_VERSION` | `25` | Eclipse Temurin JDK version |
| `MAVEN_VERSION` | `3.9.14` | Maven version |
| `OWASP_DC_VERSION` | `12.1.1` | OWASP Dependency-Check version |
| `MAVEN_VERSION` | `3.9.15` | Maven version |
| `OWASP_DC_VERSION` | `12.2.1` | OWASP Dependency-Check version |
| `NODE_MAJOR` | `24` | Node.js major version |
| `PNPM_VERSION` | `10.15.0` | pnpm version (corepack-activated) |
| `BUF_VERSION` | `1.55.0` | buf CLI version |
| `ORAS_VERSION` | `1.2.2` | ORAS CLI version |
| `PNPM_VERSION` | `11.0.1` | pnpm version (corepack-activated) |
| `BUF_VERSION` | `1.69.0` | buf CLI version |
| `ORAS_VERSION` | `1.3.2` | ORAS CLI version |
| `NVD_API_KEY` | (empty) | Optional NVD API key — speeds up the OWASP database update during image build |
## Usage in CI
@@ -46,7 +46,7 @@ jobs:
test:
runs-on: ubuntu-latest
container:
image: 192.168.1.72/kollect-tools/ci/java-builder:latest
image: kcr.kollect.biz/kollect-tools/ci/java-builder:latest
steps:
- uses: actions/checkout@v6
- run: ./mvnw -f backend/etl/pom.xml test -Dgroups=unit -q
@@ -57,8 +57,8 @@ jobs:
Rebuild weekly to keep the OWASP NVD database fresh:
```bash
docker build --no-cache -t 192.168.1.72/kollect-tools/ci/java-builder:latest ci/java-builder/
docker push 192.168.1.72/kollect-tools/ci/java-builder:latest
docker build --no-cache -t kcr.kollect.biz/kollect-tools/ci/java-builder:latest ci/java-builder/
docker push kcr.kollect.biz/kollect-tools/ci/java-builder:latest
```
When `pom.xml` files change (new dependencies), rebuild to update the cached deps layer.