Skip to content

Docker files update#451

Merged
kmgowda merged 2 commits intomasterfrom
kmg-8.0-docker-1
Nov 5, 2025
Merged

Docker files update#451
kmgowda merged 2 commits intomasterfrom
kmg-8.0-docker-1

Conversation

@kmgowda
Copy link
Owner

@kmgowda kmgowda commented Nov 4, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • New Features

    • Added modular driver architecture for better organization and scalability.
    • Added explicit port exposure (9718) and container entry points for SBK applications.

  • Chores

    • Upgraded Gradle build system from version 8.13.0 to 9.2.0.
    • Updated Java runtime base images to version 21 (early access variant).
    • Standardized Docker stage naming conventions across container definitions.
    • Replaced maintainer metadata with standardized labels.

  • Revert

    • Disabled ignite and sbktemplate drivers from build configuration.

@kmgowda
Update docker templates
45081b6 
Signed-off-by: Keshava Munegowda <keshava.gowda@gmail.com>
@kmgowda
Update docker files
0a09fe0 
Signed-off-by: Keshava Munegowda <keshava.gowda@gmail.com>
@coderabbitai
Copy link

coderabbitai bot commented Nov 4, 2025
edited
Loading

Caution

Review failed

Failed to post review comments

Walkthrough

This pull request upgrades the build infrastructure across 40+ Dockerfiles: Gradle base images from 8.13.0 to 9.2.0 and OpenJDK runtime images to EA variants. Build stages are renamed to lowercase; MAINTAINER replaced with LABEL. Dynamic Gradle configuration generation replaces static file copies. Build artifacts reorganized under a drivers project structure with updated Gradle task targets.

Changes

Cohort / File(s) Summary
Base Image & Metadata Updates
Dockerfile-local-build, docker-template, driver-docker-template		 Upgraded Gradle base from 8.13.0-jdk-21 to 9.2.0-jdk21; OpenJDK runtime from openjdk:21-jdk-slim to openjdk:21-ea-jdk-slim. Replaced MAINTAINER with LABEL maintainer. Renamed stages: SbkGradleBuilder → sbkgradlebuilder, SbkApp → sbkapp.
Driver-Specific Dockerfiles (Pattern Refactoring)
dockers/sbk-{activemq,artemis,asyncfile,atomicq,bookkeeper,cassandra,cephs3,concurrentq,conqueue,couchbase,couchdb,csv,db2,derby,dynamodb,elasticsearch,exasol,fdbrecord,file,filestream,foundationdb,h2,hdfs,hive,ignite,jdbc,kafka,leveldb,linkedbq,...}.Dockerfile		 Applied consistent transformations: (1) Gradle image & stage rename; (2) Dynamic generation of build-drivers.gradle and settings-drivers.gradle via RUN echo instead of COPY; (3) Added ENV SBK_PROJECT and APP_HOME; (4) Expanded file copies to include perl, sbk-api, sbk-yal, sbm, sbk-gem, sbk-gem-yal; (5) Created drivers directory; (6) Updated Gradle task from :${SBK_PROJECT}:distTar to :drivers:${SBK_PROJECT}:distTar; (7) Adjusted copy-from and artifact paths to pull from drivers/${SBK_PROJECT}/build/distributions/.
Runtime Image Updates
dockers/sbk-{mariadb,memcached,minio,mongodb,mssql,mysql,nats,natsStream,nsq,null,openio,postgresql,pravega,pulsar,rabbitmq,redis,redpanda,rocketmq,rocksdb,seaweedS3,sqlite,syncq}.Dockerfile		 Switched runtime base image to openjdk:21-ea-jdk-slim; updated stage alias to sbkapp. Modified COPY --from references and artifact extraction paths to align with new driver project layout.
File Runtime Base Update
drivers/file/Dockerfile		 Updated runtime base image from openjdk:11-jre to openjdk:21-jre.
Gradle Settings
settings-drivers.gradle, settings.gradle		 Commented out driver includes: ignite and sbktemplate disabled via line comment (//include) without deletion.

Sequence Diagram(s)

sequenceDiagram
    participant Build as Build Stage
    participant Runtime as Runtime Stage
    
    rect rgb(220, 240, 255)
    note over Build: Old Flow (Gradle 8.13.0)
    Build->>Build: COPY build-drivers.gradle<br/>(static files)
    Build->>Build: RUN gradle :PROJECT:distTar<br/>(direct project target)
    Build->>Runtime: COPY --from=SbkGradleBuilder<br/>PROJECT/build/distributions/...
    end
    
    rect rgb(240, 255, 220)
    note over Build: New Flow (Gradle 9.2.0)
    Build->>Build: RUN echo > settings-drivers.gradle<br/>(dynamic generation)
    Build->>Build: RUN echo > build-drivers.gradle<br/>(inject drivers reference)
    Build->>Build: RUN gradle :drivers:PROJECT:distTar<br/>(drivers subproject target)
    Build->>Runtime: COPY --from=sbkgradlebuilder<br/>drivers/PROJECT/build/distributions/...
    end
    
    Runtime->>Runtime: Extract tar from drivers path<br/>to /opt/APP_NAME
    Runtime->>Runtime: ENTRYPOINT & EXPOSE configured
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Key areas requiring attention:

  • Consistency verification: Confirm all 30+ driver Dockerfiles follow the same pattern and no driver-specific logic is broken by the unified refactoring.
  • Gradle task paths: Verify the new :drivers:${SBK_PROJECT}:distTar task exists and functions correctly in all driver modules; ensure no build failures from the change.
  • Artifact extraction paths: Confirm the new drivers/${SBK_PROJECT}/build/distributions/ path structure is correct across different driver implementations.
  • Dynamic file generation: Review the RUN echo commands that generate build-drivers.gradle and settings-drivers.gradle to ensure proper syntax and variable interpolation.
  • Gradle settings: Verify that the commented-out includes in settings-drivers.gradle and settings.gradle don't inadvertently break the build or cause confusion.
  • Base image compatibility: Validate that the OpenJDK EA variants (21-ea-jdk-slim, 21-jre) work with all driver implementations.

Poem

🐰 The rabbits hop with glee,
Nine-point-two's the new decree!
Drivers dance in folders neat,
Gradle builds a faster beat,
EA images, fresh and bright—
Our builds now run overnight! 🎉

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)
Check name Status Explanation Resolution
Title check ❓ Inconclusive The title 'Docker files update' is generic and vague, using non-descriptive phrasing that doesn't convey the specific nature of the extensive changes across 50+ Dockerfiles. Provide a more specific title that highlights the main changes, such as 'Update Gradle to 9.2.0, refactor driver builds, and upgrade Java base images' or 'Refactor Docker builds to use drivers project structure with Gradle 9.2.0'.
✅ Passed checks (1 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch kmg-8.0-docker-1

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Nov 4, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 52

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 034895a and 0a09fe0.

📒 Files selected for processing (58)
  • Dockerfile-local-build (1 hunks)
  • docker-template (2 hunks)
  • dockers/sbk (2 hunks)
  • dockers/sbk-activemq (4 hunks)
  • dockers/sbk-artemis (4 hunks)
  • dockers/sbk-asyncfile (4 hunks)
  • dockers/sbk-atomicq (4 hunks)
  • dockers/sbk-bookkeeper (4 hunks)
  • dockers/sbk-cassandra (4 hunks)
  • dockers/sbk-cephs3 (4 hunks)
  • dockers/sbk-concurrentq (4 hunks)
  • dockers/sbk-conqueue (4 hunks)
  • dockers/sbk-couchbase (4 hunks)
  • dockers/sbk-couchdb (4 hunks)
  • dockers/sbk-csv (4 hunks)
  • dockers/sbk-db2 (4 hunks)
  • dockers/sbk-derby (4 hunks)
  • dockers/sbk-dynamodb (4 hunks)
  • dockers/sbk-elasticsearch (4 hunks)
  • dockers/sbk-exasol (4 hunks)
  • dockers/sbk-fdbrecord (4 hunks)
  • dockers/sbk-file (4 hunks)
  • dockers/sbk-filestream (4 hunks)
  • dockers/sbk-foundationdb (4 hunks)
  • dockers/sbk-h2 (4 hunks)
  • dockers/sbk-hdfs (4 hunks)
  • dockers/sbk-hive (4 hunks)
  • dockers/sbk-ignite (2 hunks)
  • dockers/sbk-jdbc (4 hunks)
  • dockers/sbk-kafka (4 hunks)
  • dockers/sbk-leveldb (4 hunks)
  • dockers/sbk-linkedbq (4 hunks)
  • dockers/sbk-mariadb (4 hunks)
  • dockers/sbk-memcached (4 hunks)
  • dockers/sbk-minio (4 hunks)
  • dockers/sbk-mongodb (4 hunks)
  • dockers/sbk-mssql (4 hunks)
  • dockers/sbk-mysql (4 hunks)
  • dockers/sbk-nats (4 hunks)
  • dockers/sbk-natsStream (4 hunks)
  • dockers/sbk-nsq (4 hunks)
  • dockers/sbk-null (4 hunks)
  • dockers/sbk-openio (4 hunks)
  • dockers/sbk-postgresql (4 hunks)
  • dockers/sbk-pravega (4 hunks)
  • dockers/sbk-pulsar (4 hunks)
  • dockers/sbk-rabbitmq (4 hunks)
  • dockers/sbk-redis (4 hunks)
  • dockers/sbk-redpanda (4 hunks)
  • dockers/sbk-rocketmq (4 hunks)
  • dockers/sbk-rocksdb (4 hunks)
  • dockers/sbk-seaweedS3 (4 hunks)
  • dockers/sbk-sqlite (4 hunks)
  • dockers/sbk-syncq (4 hunks)
  • driver-docker-template (3 hunks)
  • drivers/file/Dockerfile (1 hunks)
  • settings-drivers.gradle (1 hunks)
  • settings.gradle (1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: build

docker-template

# Runtime Container
FROM openjdk:21-jdk-slim as SbkApp
FROM openjdk:21-ea-jdk-slim AS sbkapp
Copy link

@coderabbitai coderabbitai bot Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Template should not reference the EA OpenJDK tag

The template runtime stage now points to openjdk:21-ea-jdk-slim. That tag is an unmaintained early-access build with many known vulnerabilities, so every downstream image inheriting from this template would inherit the risk.(snyk.io) Please pin the template to a supported GA tag such as openjdk:21-jdk-slim (or another maintained JDK 21 runtime).(docker.aityp.com)

-FROM openjdk:21-ea-jdk-slim  AS sbkapp
+FROM openjdk:21-jdk-slim AS sbkapp
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
FROM openjdk:21-ea-jdk-slim AS sbkapp
FROM openjdk:21-jdk-slim AS sbkapp
🤖 Prompt for AI Agents 
In docker-template around line 46, the runtime stage references the early-access
image tag "openjdk:21-ea-jdk-slim"; replace it with a supported GA tag such as
"openjdk:21-jdk-slim" (or another maintained JDK 21 runtime) so downstream
images do not inherit the EA build and its vulnerabilities; update the FROM line
accordingly and ensure any related documentation or CI that expects the EA tag
is adjusted to use the GA tag.

Dockerfile-local-build

FROM openjdk:21-jdk-slim
MAINTAINER Keshava Munegowda <keshava.gowda@gmail.com>
FROM openjdk:21-ea-jdk-slim
Copy link

@coderabbitai coderabbitai bot Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Revert to GA JDK base image

Switching to openjdk:21-ea-jdk-slim pulls an early-access build that is not intended for production use and is currently flagged with multiple unresolved CVEs. Please stick with the supported GA tag (e.g., openjdk:21-jdk-slim) or another maintained alternative.(adoptium.net)

🤖 Prompt for AI Agents 
In Dockerfile-local-build around line 13, the base image uses the early-access
tag openjdk:21-ea-jdk-slim which is not GA and carries unresolved CVEs; change
the FROM line to a GA/stable tag (for example openjdk:21-jdk-slim or another
supported OpenJDK distribution) so the Dockerfile pulls a maintained, secure JDK
image, and update any documentation or CI that references the old tag.

dockers/sbk

# Runtime Container
FROM openjdk:21-jdk-slim as SbkApp
FROM openjdk:21-ea-jdk-slim AS sbkapp
Copy link

@coderabbitai coderabbitai bot Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Replace the EA OpenJDK base image. The runtime stage now pulls openjdk:21-ea-jdk-slim, which is an unsupported early-access build from the deprecated OpenJDK Docker repo, so it won’t receive security fixes and can disappear without notice. Swap to a GA image such as Eclipse Temurin 21.(github.com)

-FROM openjdk:21-ea-jdk-slim  AS sbkapp
+FROM eclipse-temurin:21-jre-jammy AS sbkapp
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
FROM openjdk:21-ea-jdk-slim AS sbkapp
FROM eclipse-temurin:21-jre-jammy AS sbkapp
🤖 Prompt for AI Agents 
In dockers/sbk around line 96, the Dockerfile uses the unsupported early-access
image "openjdk:21-ea-jdk-slim"; replace it with a GA JDK image (for example
"eclipse-temurin:21-jdk-slim" or another Temurin/Adoptium 21 GA variant) to
ensure security updates and stability, keep the same stage alias (AS sbkapp),
and optionally pin a specific tag or digest to avoid unexpected upstream
changes.

dockers/sbk-artemis
Comment on lines +49 to 55
FROM openjdk:21-ea-jdk-slim AS sbkapp
ENV APP_NAME=sbk
ENV SBK_PROJECT=artemis
ENV APP_HOME=/opt/${APP_NAME}

COPY --from=SbkGradleBuilder ${APP_HOME}/${SBK_PROJECT}/build/distributions/${APP_NAME}-*.tar /opt/${APP_NAME}.tar
COPY --from=sbkgradlebuilder ${APP_HOME}/drivers/${SBK_PROJECT}/build/distributions/${APP_NAME}-*.tar /opt/${APP_NAME}.tar

Copy link

@coderabbitai coderabbitai bot Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Switch off the EA OpenJDK base

openjdk:21-ea-jdk-slim is an early-access build (not supported for production) and has multiple unresolved CVEs in its dependency chain. (adoptium.net) Please migrate to a GA image such as openjdk:21-jdk-slim before promoting this Dockerfile.

-FROM openjdk:21-ea-jdk-slim  AS sbkapp
+FROM openjdk:21-jdk-slim AS sbkapp
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
FROM openjdk:21-ea-jdk-slim AS sbkapp
ENV APP_NAME=sbk
ENV SBK_PROJECT=artemis
ENV APP_HOME=/opt/${APP_NAME}
COPY --from=SbkGradleBuilder ${APP_HOME}/${SBK_PROJECT}/build/distributions/${APP_NAME}-*.tar /opt/${APP_NAME}.tar
COPY --from=sbkgradlebuilder ${APP_HOME}/drivers/${SBK_PROJECT}/build/distributions/${APP_NAME}-*.tar /opt/${APP_NAME}.tar
FROM openjdk:21-jdk-slim AS sbkapp
ENV APP_NAME=sbk
ENV SBK_PROJECT=artemis
ENV APP_HOME=/opt/${APP_NAME}
COPY --from=sbkgradlebuilder ${APP_HOME}/drivers/${SBK_PROJECT}/build/distributions/${APP_NAME}-*.tar /opt/${APP_NAME}.tar
🤖 Prompt for AI Agents 
In dockers/sbk-artemis around lines 49 to 55, the Dockerfile currently uses the
early-access base image `openjdk:21-ea-jdk-slim`; replace it with the GA image
`openjdk:21-jdk-slim` (or a specific digest-tagged GA release) to avoid EA
vulnerabilities, then rebuild and test the image to ensure no runtime
incompatibilities; update any CI/pipeline documentation or caching layers that
reference the old tag.

dockers/sbk-asyncfile
Comment on lines +49 to 55
FROM openjdk:21-ea-jdk-slim AS sbkapp
ENV APP_NAME=sbk
ENV SBK_PROJECT=asyncfile
ENV APP_HOME=/opt/${APP_NAME}

COPY --from=SbkGradleBuilder ${APP_HOME}/${SBK_PROJECT}/build/distributions/${APP_NAME}-*.tar /opt/${APP_NAME}.tar
COPY --from=sbkgradlebuilder ${APP_HOME}/drivers/${SBK_PROJECT}/build/distributions/${APP_NAME}-*.tar /opt/${APP_NAME}.tar

Copy link

@coderabbitai coderabbitai bot Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Avoid shipping the asyncfile image on openjdk:21-ea-jdk-slim.
The Docker openjdk line is deprecated; only pre-release Early Access tags remain, and maintainers direct users to supported alternatives such as Eclipse Temurin or Amazon Corretto.(github.com) The 21-ea-jdk-slim tag you’ve selected currently lists numerous unresolved high/critical CVEs, so adopting it regresses the security posture of this container.(snyk.io) Please base the runtime stage on a supported GA image (e.g. eclipse-temurin:21-jdk-slim) instead.

-FROM openjdk:21-ea-jdk-slim  AS sbkapp
+FROM eclipse-temurin:21-jdk-slim AS sbkapp
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
FROM openjdk:21-ea-jdk-slim AS sbkapp
ENV APP_NAME=sbk
ENV SBK_PROJECT=asyncfile
ENV APP_HOME=/opt/${APP_NAME}
COPY --from=SbkGradleBuilder ${APP_HOME}/${SBK_PROJECT}/build/distributions/${APP_NAME}-*.tar /opt/${APP_NAME}.tar
COPY --from=sbkgradlebuilder ${APP_HOME}/drivers/${SBK_PROJECT}/build/distributions/${APP_NAME}-*.tar /opt/${APP_NAME}.tar
FROM eclipse-temurin:21-jdk-slim AS sbkapp
ENV APP_NAME=sbk
ENV SBK_PROJECT=asyncfile
ENV APP_HOME=/opt/${APP_NAME}
COPY --from=sbkgradlebuilder ${APP_HOME}/drivers/${SBK_PROJECT}/build/distributions/${APP_NAME}-*.tar /opt/${APP_NAME}.tar
🤖 Prompt for AI Agents 
In dockers/sbk-asyncfile around lines 49 to 55, the Dockerfile uses the
deprecated early-access image openjdk:21-ea-jdk-slim which has unresolved CVEs;
replace that base with a supported GA JDK image such as
eclipse-temurin:21-jdk-slim (or another approved vendor like
amazoncorretto:21-jdk-slim) for the runtime stage, update the FROM line
accordingly, and verify the new image tag is available and compatible with the
app (adjust any subsequent paths or environment assumptions if needed).

dockers/sbk-rocksdb

# Runtime Container
FROM openjdk:21-jdk-slim as SbkApp
FROM openjdk:21-ea-jdk-slim AS sbkapp
Copy link

@coderabbitai coderabbitai bot Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Avoid the unpatched EA OpenJDK runtime

Line 49 pulls openjdk:21-ea-jdk-slim, which is an early-access build frozen with unresolved high/critical CVEs.(snyk.io) To stay on a supported JDK 21 stream, switch to a GA image such as openjdk:21-jdk-slim (or any vendor-supported equivalent).(docker.aityp.com)

-FROM openjdk:21-ea-jdk-slim  AS sbkapp
+FROM openjdk:21-jdk-slim AS sbkapp
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
FROM openjdk:21-ea-jdk-slim AS sbkapp
FROM openjdk:21-jdk-slim AS sbkapp
🤖 Prompt for AI Agents 
In dockers/sbk-rocksdb around line 49, the Dockerfile uses the early-access
image tag openjdk:21-ea-jdk-slim which contains unpatched/unsupported CVEs;
update the FROM line to use a GA, vendor-supported JDK 21 image (for example
openjdk:21-jdk-slim or another vendor-provided 21.x-slim image) so the build
uses a patched, supported runtime and rebuild the image to verify no downstream
incompatibilities.

dockers/sbk-seaweedS3
Comment on lines +50 to +55
FROM openjdk:21-ea-jdk-slim AS sbkapp
ENV APP_NAME=sbk
ENV SBK_PROJECT=seaweeds3
ENV APP_HOME=/opt/${APP_NAME}

COPY --from=SbkGradleBuilder ${APP_HOME}/${SBK_PROJECT}/build/distributions/${APP_NAME}-*.tar /opt/${APP_NAME}.tar
COPY --from=sbkgradlebuilder ${APP_HOME}/drivers/${SBK_PROJECT}/build/distributions/${APP_NAME}-*.tar /opt/${APP_NAME}.tar
Copy link

@coderabbitai coderabbitai bot Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Revert to a supported JDK base image

Line 50: openjdk:21-ea-jdk-slim is an early-access build that has not been patched and currently carries multiple high-severity CVEs (e.g., unresolved OpenSSL and glibc issues), so we would be shipping an image with known vulnerabilities. Please stick to a maintained GA tag such as openjdk:21-jdk-slim (or another supported distribution) instead.

-FROM openjdk:21-ea-jdk-slim  AS sbkapp
+FROM openjdk:21-jdk-slim AS sbkapp

(snyk.io)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
FROM openjdk:21-ea-jdk-slim AS sbkapp
ENV APP_NAME=sbk
ENV SBK_PROJECT=seaweeds3
ENV APP_HOME=/opt/${APP_NAME}
COPY --from=SbkGradleBuilder ${APP_HOME}/${SBK_PROJECT}/build/distributions/${APP_NAME}-*.tar /opt/${APP_NAME}.tar
COPY --from=sbkgradlebuilder ${APP_HOME}/drivers/${SBK_PROJECT}/build/distributions/${APP_NAME}-*.tar /opt/${APP_NAME}.tar
FROM openjdk:21-jdk-slim AS sbkapp
ENV APP_NAME=sbk
ENV SBK_PROJECT=seaweeds3
ENV APP_HOME=/opt/${APP_NAME}
COPY --from=sbkgradlebuilder ${APP_HOME}/drivers/${SBK_PROJECT}/build/distributions/${APP_NAME}-*.tar /opt/${APP_NAME}.tar
🤖 Prompt for AI Agents 
In dockers/sbk-seaweedS3 around lines 50 to 55 the Dockerfile uses the
early-access base image openjdk:21-ea-jdk-slim which contains unpatched
high-severity CVEs; update the FROM line to a supported GA tag (for example
openjdk:21-jdk-slim or another officially maintained distribution), rebuild the
image, and re-run your container vulnerability scan to confirm the CVEs are
resolved.

dockers/sbk-syncq

# Runtime Container
FROM openjdk:21-jdk-slim as SbkApp
FROM openjdk:21-ea-jdk-slim AS sbkapp
Copy link

@coderabbitai coderabbitai bot Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Avoid EA JDK in the runtime stage

The runtime stage now depends on openjdk:21-ea-jdk-slim, which is an early-access build explicitly marked as non-production and carries open CVEs. Please revert to a GA-supported base image so we stay on patched, supported bits.(adoptium.net)

🤖 Prompt for AI Agents 
In dockers/sbk-syncq around line 50, the Dockerfile uses an early-access JDK
image "openjdk:21-ea-jdk-slim" for the runtime stage which is non-production and
may contain unpatched CVEs; replace this EA image with a GA-supported, long-term
supported base (for example an official OpenJDK LTS image like
openjdk:17-jdk-slim or a vendor-supported runtime such as
eclipse-temurin:17-jre-jammy or similar GA tag), update any downstream
references if the major version changes, and ensure the image tag is pinned to a
specific GA version to keep builds reproducible and secure.

drivers/file/Dockerfile

# Runtime Container
FROM openjdk:11-jre
FROM openjdk:21-jre
Copy link

@coderabbitai coderabbitai bot Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Runtime base image tag is invalid. openjdk:21-jre no longer exists because the upstream OpenJDK images stopped publishing JRE variants, so any build targeting this tag will fail. Switch to a maintained JRE image such as Eclipse Temurin 21.(docker.com)

-FROM openjdk:21-jre
+FROM eclipse-temurin:21-jre
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
FROM openjdk:21-jre
FROM eclipse-temurin:21-jre
🤖 Prompt for AI Agents 
In drivers/file/Dockerfile at line 39, the base image tag "openjdk:21-jre" is
invalid because OpenJDK stopped publishing JRE variants; replace it with a
maintained Temurin JRE image such as "eclipse-temurin:21-jre" (or if you prefer
a slim/jdk variant, use "eclipse-temurin:21-jdk-slim" or "openjdk:21-jdk-slim"),
update the FROM line accordingly, then rebuild the image to verify the Docker
build succeeds.

settings-drivers.gradle
include 'drivers:mongodb'
include 'drivers:rocksdb'
include 'drivers:ignite'
//include 'drivers:ignite'
Copy link

@coderabbitai coderabbitai bot Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Don’t drop the Ignite driver include. Commenting this line removes drivers:ignite from the Gradle build, so the Ignite driver can no longer be compiled or packaged. Unless Ignite support is intentionally being removed everywhere, please restore the include to avoid breaking existing driver builds.

-//include 'drivers:ignite'
+include 'drivers:ignite'
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
//include 'drivers:ignite'
include 'drivers:ignite'
🤖 Prompt for AI Agents 
In settings-drivers.gradle around line 34 the include for 'drivers:ignite' was
commented out, which removes the Ignite driver from the Gradle build; restore
the include by uncommenting the line so that drivers:ignite is included again in
the build (i.e., change the commented line back to include 'drivers:ignite'),
and ensure no other build files reference a removed module so compilation and
packaging of the Ignite driver succeed.

@kmgowda kmgowda merged commit 3c1c59e into master Nov 5, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kmgowda