updated docker flows

commjoen · commjoen · commit 4030405d935a · 2025-07-23T07:18:13.000+02:00
diff --git a/.github/workflows/build-preview.yml b/.github/workflows/build-preview.yml
@@ -22,6 +22,16 @@ jobs:
           distribution: "oracle"
           cache: "maven"
 
+      - name: Extract version from pom.xml
+        id: extract-version
+        run: |
+          VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+          DOCKER_VERSION=${VERSION%-SNAPSHOT}
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "docker_version=$DOCKER_VERSION" >> $GITHUB_OUTPUT
+          echo "Detected version: $VERSION"
+          echo "Docker version: $DOCKER_VERSION"
+
       - name: Build application
         run: |
           echo "Building WrongSecrets application..."
@@ -33,8 +43,8 @@ jobs:
 
       - name: Build Docker image
         run: |
-          echo "Building Docker image..."
-          docker build -t wrongsecrets-preview .
+          echo "Building Docker image with version ${{ steps.extract-version.outputs.docker_version }}..."
+          docker build --build-arg argBasedVersion="${{ steps.extract-version.outputs.docker_version }}" -t wrongsecrets-preview .
           echo "Docker image built successfully"
           docker save wrongsecrets-preview > wrongsecrets-preview.tar
 
diff --git a/.github/workflows/pr-preview.yml b/.github/workflows/pr-preview.yml
@@ -35,6 +35,16 @@ jobs:
       - name: Build application
         run: ./mvnw --no-transfer-progress clean package -DskipTests
 
+      - name: Extract version from pom.xml
+        id: extract-version
+        run: |
+          VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+          DOCKER_VERSION=${VERSION%-SNAPSHOT}
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "docker_version=$DOCKER_VERSION" >> $GITHUB_OUTPUT
+          echo "Detected version: $VERSION"
+          echo "Docker version: $DOCKER_VERSION"
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
@@ -62,6 +72,8 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            argBasedVersion=${{ steps.extract-version.outputs.docker_version }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
@@ -149,11 +161,25 @@ jobs:
           distribution: "oracle"
           cache: "maven"
 
+      - name: Extract PR version
+        id: extract-pr-version
+        working-directory: pr-code
+        run: |
+          VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+          DOCKER_VERSION=${VERSION%-SNAPSHOT}
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "docker_version=$DOCKER_VERSION" >> $GITHUB_OUTPUT
+          echo "PR version: $VERSION"
+          echo "PR Docker version: $DOCKER_VERSION"
+
       - name: Build PR version
         working-directory: pr-code
         run: |
+          echo "Building PR version..."
           ./mvnw --no-transfer-progress clean package -DskipTests
-          docker build -t wrongsecrets-pr .
+          echo "PR JAR built successfully"
+          docker build --build-arg argBasedVersion="${{ steps.extract-pr-version.outputs.docker_version }}" -t wrongsecrets-pr .
+          echo "PR Docker image built successfully"
 
       - name: Set up JDK 23 for main
         uses: actions/setup-java@v4
@@ -162,11 +188,25 @@ jobs:
           distribution: "oracle"
           cache: "maven"
 
+      - name: Extract main version
+        id: extract-main-version
+        working-directory: main-code
+        run: |
+          VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+          DOCKER_VERSION=${VERSION%-SNAPSHOT}
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "docker_version=$DOCKER_VERSION" >> $GITHUB_OUTPUT
+          echo "Main version: $VERSION"
+          echo "Main Docker version: $DOCKER_VERSION"
+
       - name: Build main version
         working-directory: main-code
         run: |
+          echo "Building main version..."
           ./mvnw --no-transfer-progress clean package -DskipTests
-          docker build -t wrongsecrets-main .
+          echo "Main JAR built successfully"
+          docker build --build-arg argBasedVersion="${{ steps.extract-main-version.outputs.docker_version }}" -t wrongsecrets-main .
+          echo "Main Docker image built successfully"
 
       # Alternative approach: Pull the PR image from registry
       # - name: Log in to GitHub Container Registry
diff --git a/.github/workflows/version-sync-check.yml b/.github/workflows/version-sync-check.yml
@@ -0,0 +1,60 @@
+name: Version Sync Check
+
+on:
+  pull_request:
+    paths:
+      - 'pom.xml'
+      - 'Dockerfile'
+      - 'Dockerfile.web'
+  push:
+    branches: [master, main]
+
+jobs:
+  version-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up JDK 23
+        uses: actions/setup-java@v4
+        with:
+          java-version: "23"
+          distribution: "oracle"
+          cache: "maven"
+
+      - name: Validate version consistency
+        run: |
+          chmod +x ./scripts/validate-versions.sh
+          ./scripts/validate-versions.sh
+
+      - name: Comment on PR if versions are out of sync
+        if: failure() && github.event_name == 'pull_request'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const comment = `🚨 **Version Sync Issue Detected**
+
+            The versions in your Dockerfiles don't match the version in \`pom.xml\`.
+
+            **🔧 To fix this automatically:**
+            \`\`\`bash
+            ./scripts/sync-versions.sh
+            git add Dockerfile Dockerfile.web
+            git commit -m "Sync versions with pom.xml"
+            \`\`\`
+
+            **📋 Current status:**
+            - The \`validate-versions.sh\` script found mismatched versions
+            - Please ensure all Docker build arguments match the Maven project version
+            - This helps maintain consistency across all deployment methods
+
+            ---
+            <sub>Automated version check by GitHub Actions</sub>`;
+
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: comment
+            });
diff --git a/.github/workflows/visual-diff.yml b/.github/workflows/visual-diff.yml
@@ -28,13 +28,23 @@ jobs:
           distribution: "oracle"
           cache: "maven"
 
+      - name: Extract PR version
+        id: extract-pr-version
+        working-directory: pr-code
+        run: |
+          VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+          DOCKER_VERSION=${VERSION%-SNAPSHOT}
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "docker_version=$DOCKER_VERSION" >> $GITHUB_OUTPUT
+          echo "PR version: $VERSION"
+
       - name: Build PR version
         working-directory: pr-code
         run: |
           echo "Building PR version..."
           ./mvnw --no-transfer-progress clean package -DskipTests
           echo "PR JAR built successfully"
-          docker build -t wrongsecrets-pr .
+          docker build --build-arg argBasedVersion="${{ steps.extract-pr-version.outputs.docker_version }}" -t wrongsecrets-pr .
           echo "PR Docker image built successfully"
 
       - name: Set up JDK 23 for main build
@@ -44,13 +54,23 @@ jobs:
           distribution: "oracle"
           cache: "maven"
 
+      - name: Extract main version
+        id: extract-main-version
+        working-directory: main-code
+        run: |
+          VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+          DOCKER_VERSION=${VERSION%-SNAPSHOT}
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "docker_version=$DOCKER_VERSION" >> $GITHUB_OUTPUT
+          echo "Main version: $VERSION"
+
       - name: Build main version
         working-directory: main-code
         run: |
           echo "Building main version..."
           ./mvnw --no-transfer-progress clean package -DskipTests
           echo "Main JAR built successfully"
-          docker build -t wrongsecrets-main .
+          docker build --build-arg argBasedVersion="${{ steps.extract-main-version.outputs.docker_version }}" -t wrongsecrets-main .
           echo "Main Docker image built successfully"
           docker build -t wrongsecrets-main .
 
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
 FROM bellsoft/liberica-openjre-debian:23.0.2-9-cds AS builder
 WORKDIR /builder
 
-ARG argBasedVersion="1.12.1"
+ARG argBasedVersion="1.12.3B2"
 
 COPY --chown=wrongsecrets target/wrongsecrets-${argBasedVersion}-SNAPSHOT.jar application.jar
 RUN java -Djarmode=tools -jar application.jar extract --layers --destination extracted
diff --git a/Dockerfile.web b/Dockerfile.web
@@ -1,5 +1,5 @@
-FROM jeroenwillemsen/wrongsecrets:1.12.2A-no-vault
-ARG argBasedVersion="1.12.2A-no-vault"
+FROM jeroenwillemsen/wrongsecrets:1.12.3B2-no-vault
+ARG argBasedVersion="1.12.3B2-no-vault"
 ARG CANARY_URLS="http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp"
 ARG CTF_ENABLED=false
 ARG HINTS_ENABLED=true
diff --git a/docs/VERSION_MANAGEMENT.md b/docs/VERSION_MANAGEMENT.md
@@ -0,0 +1,142 @@
+# Version Management Guide
+
+This document explains how version synchronization works across the WrongSecrets project.
+
+## Overview
+
+The project maintains version consistency between:
+- `pom.xml` (Maven project version)
+- `Dockerfile` (Docker build argument)
+- `Dockerfile.web` (Docker build argument and base image)
+
+## Version Schema
+
+```
+pom.xml version:        1.12.3B2-SNAPSHOT
+Dockerfile version:     1.12.3B2
+Dockerfile.web version: 1.12.3B2-no-vault
+```
+
+## Automated Solutions
+
+### 1. GitHub Actions Integration
+
+All build workflows now automatically extract the version from `pom.xml`:
+
+```yaml
+- name: Extract version from pom.xml
+  id: extract-version
+  run: |
+    VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+    DOCKER_VERSION=${VERSION%-SNAPSHOT}
+    echo "docker_version=$DOCKER_VERSION" >> $GITHUB_OUTPUT
+
+- name: Build Docker image
+  run: |
+    docker build --build-arg argBasedVersion="${{ steps.extract-version.outputs.docker_version }}" -t image .
+```
+
+### 2. Version Sync Scripts
+
+#### Validate Versions
+```bash
+./scripts/validate-versions.sh
+```
+Checks if all versions are consistent and reports mismatches.
+
+#### Auto-Sync Versions
+```bash
+./scripts/sync-versions.sh
+```
+Automatically updates Dockerfiles to match `pom.xml` version.
+
+#### Build with Version Sync
+```bash
+./scripts/build-with-version-sync.sh
+```
+Builds both Docker images with correct versions from `pom.xml`.
+
+### 3. CI/CD Integration
+
+The `version-sync-check.yml` workflow:
+- ✅ Runs on PR/push when version files change
+- ✅ Validates version consistency
+- ✅ Comments on PRs with fix instructions if mismatched
+- ✅ Prevents version drift
+
+## Manual Process
+
+### When Updating Versions
+
+1. **Update pom.xml version**:
+   ```xml
+   <version>1.13.0-SNAPSHOT</version>
+   ```
+
+2. **Run sync script**:
+   ```bash
+   ./scripts/sync-versions.sh
+   ```
+
+3. **Verify changes**:
+   ```bash
+   ./scripts/validate-versions.sh
+   ```
+
+4. **Commit all changes**:
+   ```bash
+   git add pom.xml Dockerfile Dockerfile.web
+   git commit -m "Bump version to 1.13.0"
+   ```
+
+## Workflow Integration
+
+### All Build Workflows Include:
+
+1. **Version Extraction**: Gets version from `pom.xml`
+2. **Dynamic Build Args**: Passes version to Docker build
+3. **Validation**: Ensures JAR file matches expected name
+4. **Logging**: Shows which versions are being used
+
+### Benefits:
+
+- ✅ **Single Source of Truth**: `pom.xml` is the authoritative version
+- ✅ **No Manual Updates**: Dockerfiles auto-sync with Maven version
+- ✅ **CI Validation**: Catches version mismatches early
+- ✅ **Consistent Builds**: Same version used across all environments
+
+## Troubleshooting
+
+### Common Issues:
+
+1. **JAR Not Found**: Version mismatch between build arg and actual JAR name
+   - **Solution**: Run `./scripts/sync-versions.sh`
+
+2. **Docker Build Fails**: Hard-coded version in Dockerfile
+   - **Solution**: Use `--build-arg argBasedVersion=...`
+
+3. **CI Version Mismatch**: Manual updates to Dockerfiles
+   - **Solution**: Let CI extract from `pom.xml` dynamically
+
+### Debug Commands:
+
+```bash
+# Check current versions
+mvn help:evaluate -Dexpression=project.version -q -DforceStdout
+grep "argBasedVersion" Dockerfile Dockerfile.web
+
+# Test build with current version
+VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+DOCKER_VERSION=${VERSION%-SNAPSHOT}
+docker build --build-arg argBasedVersion="$DOCKER_VERSION" .
+```
+
+## Best Practices
+
+1. **Always use scripts** for version updates
+2. **Never hard-code versions** in CI workflows
+3. **Run validation** before committing changes
+4. **Update pom.xml first**, then sync other files
+5. **Test builds locally** before pushing
+
+This system ensures version consistency and eliminates manual synchronization errors!
diff --git a/scripts/build-with-version-sync.sh b/scripts/build-with-version-sync.sh
diff --git a/scripts/sync-versions.sh b/scripts/sync-versions.sh
diff --git a/scripts/validate-versions.sh b/scripts/validate-versions.sh
