Add support for JDK21 docker images (#79)

* Add support for JDK21 docker images * Update ubuntu images to 22.04 LTS - Fixes #64 * Separate AzDO build internal & publish stages * Updated versions throughout all tests/processes * Begin deprecating Mariner-cm1 images
2023-09-27 17:38:55 -07:00 · 2023-09-27 17:38:55 -07:00 · d9815259fe
--- a/.devops/build.yml
+++ b/.devops/build.yml
@ -73,63 +73,83 @@ parameters:
        installer_tag: "2.0"
        base_image: "image-repository"
        base_tag: "2.0"
+      ubuntu_21:
+        distro: ubuntu
+        version: 21
+        package: msopenjdk-21
+        image: "image-repository"
+        tag: "image-tag"
+      distroless_21:
+        distro: distroless
+        version: 21
+        package: msopenjdk-21
+        installer_image: "image-repository"
+        installer_tag: "2.0"
+        base_image: "image-repository"
+        base_tag: "2.0"

-jobs:
-  - job: build_internal
-    displayName: "build internal "
-    pool:
-      vmImage: ubuntu-20.04
-    strategy:
-      matrix: ${{ parameters.jobs }}
-    steps:
-      - task: AzureCLI@2
-        inputs: 
-          azureSubscription: 'JEG-Infrastructure'
-          scriptType: 'bash'
-          scriptLocation: 'inlineScript'
-          inlineScript: |
-            az acr login -n msopenjdk
-            docker buildx create --name mybuilder --platform linux/amd64,linux/arm64 --use            
-            if [[ '$(distro)' != 'distroless' ]]; then
-              BUILD_ARGS="--build-arg IMAGE=$(image) --build-arg TAG=$(tag) --build-arg package=$(package)"
-            else
-              BUILD_ARGS="--build-arg INSTALLER_IMAGE=$(installer_image) --build-arg INSTALLER_TAG=$(installer_tag) --build-arg BASE_IMAGE=$(base_image) --build-arg BASE_TAG=$(base_tag) --build-arg package=$(package)"
-            fi
-            docker buildx build --platform linux/amd64,linux/arm64 ${BUILD_ARGS} -t msopenjdk.azurecr.io/internal/private/openjdk/jdk:$(version)-$(distro) -f docker/$(distro)/Dockerfile.$(package)-jdk . --push
-        displayName: build image
+stages:
+- stage: build_internal
+  displayName: "Build Internal"
+  jobs:
+    - job: build_internal
+      displayName: "build internal"
+      pool:
+        vmImage: ubuntu-22.04
+      strategy:
+        matrix: ${{ parameters.jobs }}
+      steps:
+        - task: AzureCLI@2
+          inputs: 
+            azureSubscription: 'JEG-Infrastructure'
+            scriptType: 'bash'
+            scriptLocation: 'inlineScript'
+            inlineScript: |
+              az acr login -n msopenjdk
+              docker buildx create --name mybuilder --platform linux/amd64,linux/arm64 --use            
+              if [[ '$(distro)' != 'distroless' ]]; then
+                BUILD_ARGS="--build-arg IMAGE=$(image) --build-arg TAG=$(tag) --build-arg package=$(package)"
+              else
+                BUILD_ARGS="--build-arg INSTALLER_IMAGE=$(installer_image) --build-arg INSTALLER_TAG=$(installer_tag) --build-arg BASE_IMAGE=$(base_image) --build-arg BASE_TAG=$(base_tag) --build-arg package=$(package)"
+              fi
+              docker buildx build --platform linux/amd64,linux/arm64 ${BUILD_ARGS} -t msopenjdk.azurecr.io/internal/private/openjdk/jdk:$(version)-$(distro) -f docker/$(distro)/Dockerfile.$(package)-jdk . --push
+          displayName: build image

-  - job: wait_for_validation
-    dependsOn: build_internal
-    displayName: wait for validation
-    pool: server
-    steps:
-      - task: ManualValidation@0
-        # 3 days
-        timeoutInMinutes: 4320
-        inputs:
-          instructions: "please validate the build configuration, artifacts, tests, and resume"
-          onTimeout: "resume"
+- stage: validate_and_publish
+  displayName: "Validate & Publish"
+  dependsOn: build_internal
+  jobs:
+    - job: wait_for_validation
+      displayName: wait for validation
+      pool: server
+      steps:
+        - task: ManualValidation@0
+          # 3 days
+          timeoutInMinutes: 4320
+          inputs:
+            instructions: "please validate the build configuration, artifacts, tests, and resume"
+            onTimeout: "resume"

-  - job: build_public
-    displayName: "build public "
-    dependsOn: wait_for_validation
-    pool:
-      vmImage: ubuntu-20.04
-    strategy:
-      matrix: ${{ parameters.jobs }}
-    steps:
-      - task: AzureCLI@2
-        inputs: 
-          azureSubscription: 'JEG-Infrastructure'
-          scriptType: 'bash'
-          scriptLocation: 'inlineScript'
-          inlineScript: |
-            az acr login -n msopenjdk
-            docker buildx create --name mybuilder --platform linux/amd64,linux/arm64 --use            
-            if [[ '$(distro)' != 'distroless' ]]; then
-              BUILD_ARGS="--build-arg IMAGE=$(image) --build-arg TAG=$(tag) --build-arg package=$(package)"
-            else
-              BUILD_ARGS="--build-arg INSTALLER_IMAGE=$(installer_image) --build-arg INSTALLER_TAG=$(installer_tag) --build-arg BASE_IMAGE=$(base_image) --build-arg BASE_TAG=$(base_tag) --build-arg package=$(package)"
-            fi
-            docker buildx build --platform linux/amd64,linux/arm64 ${BUILD_ARGS} -t msopenjdk.azurecr.io/public/openjdk/jdk:$(version)-$(distro) -f docker/$(distro)/Dockerfile.$(package)-jdk . --push
-        displayName: build image
+    - job: build_public
+      displayName: "build public "
+      dependsOn: wait_for_validation
+      pool:
+        vmImage: ubuntu-22.04
+      strategy:
+        matrix: ${{ parameters.jobs }}
+      steps:
+        - task: AzureCLI@2
+          inputs: 
+            azureSubscription: 'JEG-Infrastructure'
+            scriptType: 'bash'
+            scriptLocation: 'inlineScript'
+            inlineScript: |
+              az acr login -n msopenjdk
+              docker buildx create --name mybuilder --platform linux/amd64,linux/arm64 --use            
+              if [[ '$(distro)' != 'distroless' ]]; then
+                BUILD_ARGS="--build-arg IMAGE=$(image) --build-arg TAG=$(tag) --build-arg package=$(package)"
+              else
+                BUILD_ARGS="--build-arg INSTALLER_IMAGE=$(installer_image) --build-arg INSTALLER_TAG=$(installer_tag) --build-arg BASE_IMAGE=$(base_image) --build-arg BASE_TAG=$(base_tag) --build-arg package=$(package)"
+              fi
+              docker buildx build --platform linux/amd64,linux/arm64 ${BUILD_ARGS} -t msopenjdk.azurecr.io/public/openjdk/jdk:$(version)-$(distro) -f docker/$(distro)/Dockerfile.$(package)-jdk . --push
+          displayName: build image
--- a/.github/workflows/build-images.yml
+++ b/.github/workflows/build-images.yml
@ -30,8 +30,8 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        jdkversion: [11, 17] # Only build LTS releases
-        baseimage: ["mariner", "mariner-cm1", "ubuntu", "distroless"]
+        jdkversion: [11, 17, 21] # Only build LTS releases
+        baseimage: ["mariner", "ubuntu", "distroless"]

    steps:
      - uses: actions/checkout@v3
--- a/.github/workflows/check-versions.yml
+++ b/.github/workflows/check-versions.yml
@ -30,7 +30,7 @@ jobs:
      matrix:
        distros: [ "mariner", "distroless", "mariner-cm1", "ubuntu" ]
        jdkvendor: [ "msopenjdk" ]
-        jdkversion: [ { major: "11", expected: "11.0.20.1" }, { major: "17", expected: "17.0.8.1" } ]
+        jdkversion: [ { major: "11", expected: "11.0.20.1" }, { major: "17", expected: "17.0.8.1" }, { major: "21", expected: "21" } ]
    steps:
      - uses: actions/checkout@v3

--- a/.github/workflows/validate-published-images.yml
+++ b/.github/workflows/validate-published-images.yml
@ -25,9 +25,9 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        distros: [ "mariner", "distroless", "mariner-cm1", "ubuntu" ]
+        distros: [ "mariner", "distroless", "ubuntu" ]
        jdkvendor: [ "msopenjdk" ]
-        jdkversion: [ { major: "11", expected: "11.0.20.1" }, { major: "17", expected: "17.0.8.1" } ]
+        jdkversion: [ { major: "11", expected: "11.0.20.1" }, { major: "17", expected: "17.0.8.1" }, { major: "21", expected: "21" } ]
    steps:
      - uses: actions/checkout@v3

@ -40,9 +40,9 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        distros: [ "mariner", "distroless", "mariner-cm1", "ubuntu" ]
+        distros: [ "mariner", "distroless", "ubuntu" ]
        jdkvendor: [ "msopenjdk" ]
-        jdkversion: [ { major: "11", expected: "11.0.20.1" }, { major: "17", expected: "17.0.8.1" } ]
+        jdkversion: [ { major: "11", expected: "11.0.20.1" }, { major: "17", expected: "17.0.8.1" }, { major: "21", expected: "21" } ]
    steps:
      - uses: actions/checkout@v3

--- a/build-all-images.sh
+++ b/build-all-images.sh
@ -1,7 +1,7 @@
 #!/bin/bash

 # Set expected JDK versions after the images are built
-declare -a jdkversions=( ["11"]="11.0.17" ["17"]="17.0.5" ["8"]="1.8.0_352" )
+declare -a jdkversions=( ["11"]="11.0.20.1" ["17"]="17.0.8.1" ["21"]="21" ["8"]="1.8.0_382" )

 # Set the base MCR repo
 basemcr="mcr.microsoft.com/openjdk/jdk"
--- a/docker/distroless/Dockerfile.msopenjdk-21-jdk
+++ b/docker/distroless/Dockerfile.msopenjdk-21-jdk
@ -0,0 +1,57 @@
+ARG INSTALLER_IMAGE="mcr.microsoft.com/cbl-mariner/base/core"
+ARG INSTALLER_TAG="2.0"
+ARG BASE_IMAGE="mcr.microsoft.com/cbl-mariner/distroless/base"
+ARG BASE_TAG="2.0"
+
+FROM ${INSTALLER_IMAGE}:${INSTALLER_TAG} AS installer
+
+ARG JDK_URL="https://aka.ms/download-jdk/microsoft-jdk-21-linux-ARCH.tar.gz"
+
+# Add dynamically linked packages: zlib
+# Distroless base image already has tzdata ca-certificates openssl glibc
+# Create a non-root user and group (just like .NET's image)
+RUN mkdir /staging \
+    && tdnf install -y --releasever=2.0 --installroot /staging zlib \
+    && tdnf install -y gawk shadow-utils ca-certificates tar \
+    && groupadd --system --gid=101 app \
+    && adduser --uid 101 --gid 101 --shell /bin/false --system app \
+    && install -d -m 0755 -o 101 -g 101 "/staging/home/app" \
+    && rootOrAppRegex='^\(root\|app\):' \
+    && cat /etc/passwd | grep $rootOrAppRegex > "/staging/etc/passwd" \
+    && cat /etc/group | grep $rootOrAppRegex > "/staging/etc/group"
+
+# Get JDK
+RUN mkdir -p /usr/lib/jvm && \
+    if [ $(uname -m) = "x86_64" ]; then \
+        JDK_URL=${JDK_URL/ARCH/x64}; \
+    else \
+        JDK_URL=${JDK_URL/ARCH/aarch64}; \
+    fi && \
+    curl --silent -L ${JDK_URL} -o /jdk.tar.gz && \
+    tar -xzf /jdk.tar.gz -C / && \
+    rm /jdk.tar.gz && \
+    mv /jdk-2* /usr/jdk
+
+# Clean up staging
+RUN rm -rf /staging/etc/tdnf \
+    && rm -rf /staging/run/* \
+    && rm -rf /staging/var/cache/tdnf \
+    && rm -rf /staging/var/lib/rpm \
+    && rm -rf /staging/usr/share/doc \
+    && rm -rf /staging/usr/share/man \
+    && rm -rf /usr/jdk/man /usr/jdk/lib/src.zip \
+    && find /staging/var/log -type f -size +0 -delete
+
+FROM ${BASE_IMAGE}:${BASE_TAG}
+
+LABEL "Author"="Microsoft"
+LABEL "Support"="Microsoft OpenJDK Support <openjdk-support@microsoft.com>"
+
+COPY --from=installer /staging/ /
+COPY --from=installer /usr/jdk/ /usr/jdk/
+COPY --from=installer --chown=101:101 /staging/home/app /home/app
+
+ENV JAVA_HOME=/usr/jdk
+ENV PATH="$PATH:$JAVA_HOME/bin"
+
+ENTRYPOINT [ "/usr/jdk/bin/java" ]
--- a/docker/mariner/Dockerfile.msopenjdk-21-jdk
+++ b/docker/mariner/Dockerfile.msopenjdk-21-jdk
@ -0,0 +1,23 @@
+ARG IMAGE="mcr.microsoft.com/cbl-mariner/base/core"
+ARG TAG="2.0"
+FROM ${IMAGE}:${TAG}
+
+LABEL "Author"="Microsoft"
+LABEL "Support"="Microsoft OpenJDK Support <openjdk-support@microsoft.com>"
+
+ARG package="msopenjdk-21"
+ARG PKGS="tzdata ca-certificates freetype shadow-utils"
+
+ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
+ENV JAVA_HOME=/usr/lib/jvm/msopenjdk-21
+
+RUN tdnf install -y ${package} ${PKGS} && \
+    tdnf clean all && \
+    groupadd --system --gid=101 app && \
+    adduser --uid 101 --gid 101 --system app && \
+    install -d -m 0755 -o 101 -g 101 "/home/app" && \
+    rm -rf /var/cache/tdnf && \
+    rm -rf /usr/lib/jvm/${package}/lib/src.zip && \
+    echo java -Xshare:dump && \
+    java -Xshare:dump
+
--- a/docker/test-only/ubuntu/Dockerfile
+++ b/docker/test-only/ubuntu/Dockerfile
@ -1,6 +1,6 @@
 # DisableDockerDetector "Used for testing purposes only"
 ARG IMAGE="ubuntu"
-ARG UBUNTU_VERSION="20.04"
+ARG UBUNTU_VERSION="22.04"
 ARG JAVA_VERSION="17"

 FROM ${IMAGE}:${UBUNTU_VERSION}
--- a/docker/ubuntu/Dockerfile.msopenjdk-11-jdk
+++ b/docker/ubuntu/Dockerfile.msopenjdk-11-jdk
@ -1,6 +1,6 @@
 # DisableDockerDetector "Base image is obtained from internal registry"
 ARG IMAGE="ubuntu"
-ARG TAG="20.04"
+ARG TAG="22.04"
 FROM ${IMAGE}:${TAG}

 LABEL "Author"="Microsoft"
@ -14,7 +14,7 @@ RUN DEBIAN_FRONTEND=noninteractive && \
    apt-get -qq install --no-install-recommends tzdata ca-certificates fontconfig locales apt-transport-https wget && \
    echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && \
    locale-gen en_US.UTF-8 && \
-    wget -q https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb && \
+    wget -q https://packages.microsoft.com/config/ubuntu/22.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb && \
    dpkg -i packages-microsoft-prod.deb && \
    apt-get -qq update && \
    apt-get -qq install $package && \
--- a/docker/ubuntu/Dockerfile.msopenjdk-17-jdk
+++ b/docker/ubuntu/Dockerfile.msopenjdk-17-jdk
@ -1,6 +1,6 @@
 # DisableDockerDetector "Base image is obtained from internal registry"
 ARG IMAGE="ubuntu"
-ARG TAG="20.04"
+ARG TAG="22.04"
 FROM ${IMAGE}:${TAG}

 LABEL "Author"="Microsoft"
@ -14,7 +14,7 @@ RUN DEBIAN_FRONTEND=noninteractive && \
    apt-get -qq install --no-install-recommends tzdata ca-certificates fontconfig locales apt-transport-https wget binutils && \
    echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && \
    locale-gen en_US.UTF-8 && \
-    wget -q https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb && \
+    wget -q https://packages.microsoft.com/config/ubuntu/22.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb && \
    dpkg -i packages-microsoft-prod.deb && \
    apt-get -qq update && \
    apt-get -qq install $package && \
--- a/docker/ubuntu/Dockerfile.msopenjdk-21-jdk
+++ b/docker/ubuntu/Dockerfile.msopenjdk-21-jdk
@ -0,0 +1,36 @@
+# DisableDockerDetector "Base image is obtained from internal registry"
+ARG IMAGE="ubuntu"
+ARG TAG="22.04"
+FROM ${IMAGE}:${TAG}
+
+LABEL "Author"="Microsoft"
+LABEL "Support"="Microsoft OpenJDK Support <openjdk-support@microsoft.com>"
+
+ARG package=msopenjdk-21
+
+RUN DEBIAN_FRONTEND=noninteractive && \
+    apt-get -qq update && \
+    apt-get -qq upgrade && \
+    apt-get -qq install --no-install-recommends tzdata ca-certificates fontconfig locales apt-transport-https wget binutils && \
+    echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && \
+    locale-gen en_US.UTF-8 && \
+    wget -q https://packages.microsoft.com/config/ubuntu/22.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb && \
+    dpkg -i packages-microsoft-prod.deb && \
+    apt-get -qq update && \
+    apt-get -qq install $package && \
+    apt-get -qq purge apt-transport-https wget && \
+    apt-get -qq autoremove --purge && \
+    rm -rf /var/lib/apt/lists/* && \
+    echo java -Xshare:dump && \
+    java -Xshare:dump && \
+    if [ $(uname -m) = "x86_64" ]; then ARCH="amd64"; else ARCH="arm64"; fi && \
+    rm -rf ./usr/lib/jvm/msopenjdk-21-${ARCH}/lib/src.zip && \
+    ln -s /usr/lib/jvm/msopenjdk-21-${ARCH} /usr/lib/jvm/msopenjdk-21
+
+RUN groupadd --system --gid=101 app \
+    && adduser --uid 101 --gid 101 --system app \
+    && install -d -m 0755 -o 101 -g 101 "/home/app"
+
+ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
+
+ENV JAVA_HOME=/usr/lib/jvm/msopenjdk-21