From 02702089749dcb78c935a0f3f3b045da8da3da56 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niklas=20Hu=C3=9Fmann?= Date: Tue, 11 Nov 2025 12:59:36 +0100 Subject: [PATCH 1/2] removed graalvm --- Dockerfile | 59 ++--------------------------------------------------- Jenkinsfile | 45 ++++++++++++++++++++-------------------- 2 files changed, 24 insertions(+), 80 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6f4ef117b..7de6869ee 100644 --- a/Dockerfile +++ b/Dockerfile @@ -127,61 +127,6 @@ RUN mkdir -p /dist/root/.config/jgit RUN touch /dist/root/.config/jgit/config RUN chmod +r /dist/root/ && chmod g+rw /dist/root/.config/jgit/ -# This stage builds a static binary using graal VM. For details see docs/developers.md#GraalVM -FROM graal AS native-image -ENV MAVEN_OPTS='-Dmaven.repo.local=/mvn' -RUN microdnf install gnupg - -# Provide binaries used by apply-ng, so our runs with native-image-agent dont fail -# with "java.io.IOException: Cannot run program "kubectl"..." etc. -RUN microdnf install iproute - -WORKDIR /app - -# Copy only binaries, not jenkins plugins. Avoids having to rebuild native image only plugin changes -COPY --from=downloader /dist/usr/ /usr/ -COPY --from=downloader /dist/app/ /app/ -# copy only resources that we need to compile the binary -COPY --from=maven-build /app/gitops-playground.jar /app/ - -# Create Graal native image config -RUN java -agentlib:native-image-agent=config-output-dir=conf/ -jar gitops-playground.jar || true -# Run again with different params in order to avoid NoSuchMethodException with config file -RUN printf 'registry:\n active: true\njenkins:\n active: true\ncontent:\n examples: true\napplication:\n "yes": true\nfeatures:\n argocd:\n active: true\n env:\n - name: mykey\n value: myValue\n secrets:\n vault:\n mode: "dev"\n exampleApps:\n petclinic:\n baseDomain: "base"' > config.yaml && \ - java -agentlib:native-image-agent=config-merge-dir=conf/ -jar gitops-playground.jar \ - --trace --config-file=config.yaml || true -# Run again with different params in order to avoid NoSuchMethodException with output-config file -RUN java -agentlib:native-image-agent=config-merge-dir=conf/ -jar gitops-playground.jar \ - --yes --output-config-file || true -RUN native-image -Dgroovy.grape.enable=false \ - -H:+ReportExceptionStackTraces \ - -H:ConfigurationFileDirectories=conf/ \ - -H:IncludeResourceBundles=org.eclipse.jgit.internal.JGitText \ - -H:DynamicProxyConfigurationFiles=conf/proxy-config.json \ - -H:DynamicProxyConfigurationResources=proxy-config.json \ - -H:ReflectionConfigurationFiles=conf/reflect-config.json \ - -H:ReflectionConfigurationResources=reflect-config.json \ - --features=com.cloudogu.gitops.graal.groovy.GroovyApplicationRegistrationFeature,com.cloudogu.gitops.graal.groovy.GroovyDgmClassesRegistrationFeature,com.cloudogu.gitops.graal.jgit.JGitReflectionFeature,com.cloudogu.gitops.graal.okhttp.OkHttpReflectionFeature \ - --static \ - --allow-incomplete-classpath \ - --report-unsupported-elements-at-runtime \ - --diagnostics-mode \ - --initialize-at-run-time=org.codehaus.groovy.control.XStreamUtils,groovy.grape.GrapeIvy,org.codehaus.groovy.vmplugin.v8.Java8\$LookupHolder,org.eclipse.jgit.lib.RepositoryCache,org.eclipse.jgit.internal.storage.file.WindowCache,org.eclipse.jgit.transport.HttpAuthMethod\$Digest,org.eclipse.jgit.lib.GpgSigner,io.micronaut.context.env.exp.RandomPropertyExpressionResolver\$LazyInit \ - --initialize-at-build-time \ - --no-fallback \ - --libc=musl \ - --install-exit-handlers \ - -jar gitops-playground.jar \ - apply-ng - - - -FROM alpine AS prod -# copy groovy cli binary from native-image stage -COPY --from=native-image /app/apply-ng app/apply-ng -ENTRYPOINT ["/app/apply-ng"] - - FROM eclipse-temurin:${JDK_VERSION}-jre-alpine AS dev # apply-ng.sh is part of the dev image and allows trying changing groovy code inside the image for debugging @@ -204,7 +149,7 @@ ENTRYPOINT [ "java", \ "/app/src/main/groovy/com/cloudogu/gitops/cli/GitopsPlaygroundCliMainScripted.groovy" ] # Pick final image according to build-arg -FROM ${ENV} +FROM dev ENV HOME=/home \ HELM_CACHE_HOME=/home/.cache/helm \ HELM_CONFIG_HOME=/home/.config/helm \ @@ -248,4 +193,4 @@ LABEL org.opencontainers.image.title="gitops-playground" \ org.opencontainers.image.version="${VCS_REF}" \ org.opencontainers.image.created="${BUILD_DATE}" \ org.opencontainers.image.ref.name="${VCS_REF}" \ - org.opencontainers.image.revision="${VCS_REF}" + org.opencontainers.image.revision="${VCS_REF}" \ No newline at end of file diff --git a/Jenkinsfile b/Jenkinsfile index 3ee09b04e..d96e31aad 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -63,22 +63,18 @@ node('high-cpu') { 'Build images': { stage('Build images') { imageNames += createImageName(git.commitHashShort) - imageNames += createImageName(git.commitHashShort) + '-dev' - images += buildImage(imageNames[0]) - images += buildImage(imageNames[1], '--build-arg ENV=dev') + images += buildImage(imageNames[0], '--build-arg ENV=dev') } } ) parallel( 'Scan image': { stage('Scan image') { - scanForCriticalVulns(imageNames[0],"prod-criticals") - scanForCriticalVulns(imageNames[1], "dev-criticals") scanForAllVulns(imageNames[0], "prod-all") - scanForAllVulns(imageNames[1], "dev-all") + } }, @@ -95,12 +91,25 @@ node('high-cpu') { ).trim() docker.image(imageNames[0]) - .inside("-e KUBECONFIG=${env.WORKSPACE}/.kube/config " + - " --network=host --entrypoint=''") { - sh "/app/apply-ng --yes --trace --internal-registry-port=${registryPort} " + - "--registry --jenkins --content-examples " + - "--argocd --monitoring --vault=dev --ingress-nginx --mailhog --base-url=http://localhost --cert-manager" - } + .inside("--network=host -e KUBECONFIG=${env.WORKSPACE}/.kube/config --entrypoint=''") { + sh """ + /app/scripts/apply-ng.sh \ + --yes \ + --trace \ + --argocd \ + --monitoring \ + --vault=dev \ + --ingress-nginx \ + --mailhog \ + --base-url=http://localhost \ + --cert-manager \ + --registry \ + --jenkins \ + --content-examples + """ + } + + } } ) @@ -158,12 +167,7 @@ node('high-cpu') { if (git.isTag() && env.BRANCH_NAME == 'main') { // Build tags only on main to avoid human errors - - images[1].push() - images[1].push(git.tag + '-dev') - images[1].push('dev') - images[1].push('latest-dev') - images[1].push('main-dev') + images[0].push() images[0].push('latest') images[0].push('main') @@ -173,20 +177,15 @@ node('high-cpu') { currentBuild.description += "\n${imageNames[0]}" } else if (env.BRANCH_NAME == 'main') { - images[1].push() - images[1].push('main-dev') images[0].push() images[0].push('main') currentBuild.description = "${imageNames[0]}" } else if (env.BRANCH_NAME == 'test') { - images[1].push() - images[1].push('test-dev') images[0].push() images[0].push('test') currentBuild.description = createImageName('test') currentBuild.description += "\n${imageNames[0]}" } else if (params.forcePushImage) { - images[1].push() images[0].push() currentBuild.description = imageNames[0] } else { From 5efc6ea1bd9119b598bc673459527a7cc152a05b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niklas=20Hu=C3=9Fmann?= Date: Tue, 11 Nov 2025 12:59:36 +0100 Subject: [PATCH 2/2] removed graalvm --- Dockerfile | 61 +++-------------------------------------------------- Jenkinsfile | 45 +++++++++++++++++++-------------------- 2 files changed, 25 insertions(+), 81 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6f4ef117b..8f4e469f1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -120,68 +120,13 @@ RUN mv /dist/app/src /dist-dev/src && \ COPY --from=maven-build /app/gitops-playground.jar /dist-dev/gitops-playground.jar # Remove compiled GOP code from jar to avoid duplicate in dev image, allowing for scripting. # Keep generated class Version, to avoid ClassNotFoundException. -RUN zip -d /dist-dev/gitops-playground.jar 'com/cloudogu/gitops/*' -x com/cloudogu/gitops/cli/Version.class +# RUN zip -d /dist-dev/gitops-playground.jar 'com/cloudogu/gitops/*' -x com/cloudogu/gitops/cli/Version.class # Required to prevent Java exceptions resulting from AccessDeniedException by jgit when running arbitrary user RUN mkdir -p /dist/root/.config/jgit RUN touch /dist/root/.config/jgit/config RUN chmod +r /dist/root/ && chmod g+rw /dist/root/.config/jgit/ -# This stage builds a static binary using graal VM. For details see docs/developers.md#GraalVM -FROM graal AS native-image -ENV MAVEN_OPTS='-Dmaven.repo.local=/mvn' -RUN microdnf install gnupg - -# Provide binaries used by apply-ng, so our runs with native-image-agent dont fail -# with "java.io.IOException: Cannot run program "kubectl"..." etc. -RUN microdnf install iproute - -WORKDIR /app - -# Copy only binaries, not jenkins plugins. Avoids having to rebuild native image only plugin changes -COPY --from=downloader /dist/usr/ /usr/ -COPY --from=downloader /dist/app/ /app/ -# copy only resources that we need to compile the binary -COPY --from=maven-build /app/gitops-playground.jar /app/ - -# Create Graal native image config -RUN java -agentlib:native-image-agent=config-output-dir=conf/ -jar gitops-playground.jar || true -# Run again with different params in order to avoid NoSuchMethodException with config file -RUN printf 'registry:\n active: true\njenkins:\n active: true\ncontent:\n examples: true\napplication:\n "yes": true\nfeatures:\n argocd:\n active: true\n env:\n - name: mykey\n value: myValue\n secrets:\n vault:\n mode: "dev"\n exampleApps:\n petclinic:\n baseDomain: "base"' > config.yaml && \ - java -agentlib:native-image-agent=config-merge-dir=conf/ -jar gitops-playground.jar \ - --trace --config-file=config.yaml || true -# Run again with different params in order to avoid NoSuchMethodException with output-config file -RUN java -agentlib:native-image-agent=config-merge-dir=conf/ -jar gitops-playground.jar \ - --yes --output-config-file || true -RUN native-image -Dgroovy.grape.enable=false \ - -H:+ReportExceptionStackTraces \ - -H:ConfigurationFileDirectories=conf/ \ - -H:IncludeResourceBundles=org.eclipse.jgit.internal.JGitText \ - -H:DynamicProxyConfigurationFiles=conf/proxy-config.json \ - -H:DynamicProxyConfigurationResources=proxy-config.json \ - -H:ReflectionConfigurationFiles=conf/reflect-config.json \ - -H:ReflectionConfigurationResources=reflect-config.json \ - --features=com.cloudogu.gitops.graal.groovy.GroovyApplicationRegistrationFeature,com.cloudogu.gitops.graal.groovy.GroovyDgmClassesRegistrationFeature,com.cloudogu.gitops.graal.jgit.JGitReflectionFeature,com.cloudogu.gitops.graal.okhttp.OkHttpReflectionFeature \ - --static \ - --allow-incomplete-classpath \ - --report-unsupported-elements-at-runtime \ - --diagnostics-mode \ - --initialize-at-run-time=org.codehaus.groovy.control.XStreamUtils,groovy.grape.GrapeIvy,org.codehaus.groovy.vmplugin.v8.Java8\$LookupHolder,org.eclipse.jgit.lib.RepositoryCache,org.eclipse.jgit.internal.storage.file.WindowCache,org.eclipse.jgit.transport.HttpAuthMethod\$Digest,org.eclipse.jgit.lib.GpgSigner,io.micronaut.context.env.exp.RandomPropertyExpressionResolver\$LazyInit \ - --initialize-at-build-time \ - --no-fallback \ - --libc=musl \ - --install-exit-handlers \ - -jar gitops-playground.jar \ - apply-ng - - - -FROM alpine AS prod -# copy groovy cli binary from native-image stage -COPY --from=native-image /app/apply-ng app/apply-ng -ENTRYPOINT ["/app/apply-ng"] - - FROM eclipse-temurin:${JDK_VERSION}-jre-alpine AS dev # apply-ng.sh is part of the dev image and allows trying changing groovy code inside the image for debugging @@ -204,7 +149,7 @@ ENTRYPOINT [ "java", \ "/app/src/main/groovy/com/cloudogu/gitops/cli/GitopsPlaygroundCliMainScripted.groovy" ] # Pick final image according to build-arg -FROM ${ENV} +FROM dev ENV HOME=/home \ HELM_CACHE_HOME=/home/.cache/helm \ HELM_CONFIG_HOME=/home/.config/helm \ @@ -248,4 +193,4 @@ LABEL org.opencontainers.image.title="gitops-playground" \ org.opencontainers.image.version="${VCS_REF}" \ org.opencontainers.image.created="${BUILD_DATE}" \ org.opencontainers.image.ref.name="${VCS_REF}" \ - org.opencontainers.image.revision="${VCS_REF}" + org.opencontainers.image.revision="${VCS_REF}" \ No newline at end of file diff --git a/Jenkinsfile b/Jenkinsfile index 3ee09b04e..d96e31aad 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -63,22 +63,18 @@ node('high-cpu') { 'Build images': { stage('Build images') { imageNames += createImageName(git.commitHashShort) - imageNames += createImageName(git.commitHashShort) + '-dev' - images += buildImage(imageNames[0]) - images += buildImage(imageNames[1], '--build-arg ENV=dev') + images += buildImage(imageNames[0], '--build-arg ENV=dev') } } ) parallel( 'Scan image': { stage('Scan image') { - scanForCriticalVulns(imageNames[0],"prod-criticals") - scanForCriticalVulns(imageNames[1], "dev-criticals") scanForAllVulns(imageNames[0], "prod-all") - scanForAllVulns(imageNames[1], "dev-all") + } }, @@ -95,12 +91,25 @@ node('high-cpu') { ).trim() docker.image(imageNames[0]) - .inside("-e KUBECONFIG=${env.WORKSPACE}/.kube/config " + - " --network=host --entrypoint=''") { - sh "/app/apply-ng --yes --trace --internal-registry-port=${registryPort} " + - "--registry --jenkins --content-examples " + - "--argocd --monitoring --vault=dev --ingress-nginx --mailhog --base-url=http://localhost --cert-manager" - } + .inside("--network=host -e KUBECONFIG=${env.WORKSPACE}/.kube/config --entrypoint=''") { + sh """ + /app/scripts/apply-ng.sh \ + --yes \ + --trace \ + --argocd \ + --monitoring \ + --vault=dev \ + --ingress-nginx \ + --mailhog \ + --base-url=http://localhost \ + --cert-manager \ + --registry \ + --jenkins \ + --content-examples + """ + } + + } } ) @@ -158,12 +167,7 @@ node('high-cpu') { if (git.isTag() && env.BRANCH_NAME == 'main') { // Build tags only on main to avoid human errors - - images[1].push() - images[1].push(git.tag + '-dev') - images[1].push('dev') - images[1].push('latest-dev') - images[1].push('main-dev') + images[0].push() images[0].push('latest') images[0].push('main') @@ -173,20 +177,15 @@ node('high-cpu') { currentBuild.description += "\n${imageNames[0]}" } else if (env.BRANCH_NAME == 'main') { - images[1].push() - images[1].push('main-dev') images[0].push() images[0].push('main') currentBuild.description = "${imageNames[0]}" } else if (env.BRANCH_NAME == 'test') { - images[1].push() - images[1].push('test-dev') images[0].push() images[0].push('test') currentBuild.description = createImageName('test') currentBuild.description += "\n${imageNames[0]}" } else if (params.forcePushImage) { - images[1].push() images[0].push() currentBuild.description = imageNames[0] } else {