diff --git a/.github/workflows/image-workflow-template.yml b/.github/workflows/image-workflow-template.yml
index dca10ebe..57491808 100644
--- a/.github/workflows/image-workflow-template.yml
+++ b/.github/workflows/image-workflow-template.yml
@@ -23,7 +23,7 @@ jobs:
run: docker pull registry.access.redhat.com/ubi9/ubi-minimal:latest
- name: Install CEKit
- uses: cekit/actions-setup-cekit@v1.1.5
+ uses: cekit/actions-setup-cekit@v1.1.7
- name: Build
run: |
diff --git a/README.adoc b/README.adoc
index 25cb917a..4f71c82c 100644
--- a/README.adoc
+++ b/README.adoc
@@ -17,14 +17,14 @@ link:https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI[UBI
link:https://access.redhat.com/documentation/en-us/openjdk/17[Red Hat provide
Product documentation for customers]. Tables of environment variables used for
image configuration are published to
-. These tables are automatically
+. These tables are automatically
updated for every tagged release, and every commit to the development branches.
Older RHEL7 and RHEL8-based image sources are in the `rhel7` and `ubi8` branches respectively.
## How to build the images
-You need to https://cekit.readthedocs.io/en/develop/installation.html[install Cekit] to build these images.
+You need to https://docs.cekit.io/en/latest/handbook/installation/index.html[install Cekit] to build these images.
These sources are prepared and tested for Cekit 4.1.1.
diff --git a/docs/README.adoc b/docs/README.adoc
index 4497651b..ef8f82ec 100644
--- a/docs/README.adoc
+++ b/docs/README.adoc
@@ -1,10 +1,11 @@
-# Red Hat UBI OpenJDK container images
+= Red Hat UBI OpenJDK container images
+:toc: right
This is auto-generated documentation for the
link:https://www.redhat.com/en/blog/introducing-red-hat-universal-base-image[Red
Hat Universal Base Image] (UBI) OpenJDK container images.
-* link:https://github.com/jboss-container-images/openjdk[container image source repository]
+* link:https://rh-openjdk.github.io/redhat-openjdk-containers/[container image source repository]
Container images are available from the
link:https://catalog.redhat.com/software/containers/explore[Red Hat Ecosystem
diff --git a/gendocs.sh b/gendocs.sh
index cf227458..ee35bc30 100755
--- a/gendocs.sh
+++ b/gendocs.sh
@@ -67,18 +67,16 @@ workdir="$(mktemp -td gendocs.XXXXXX)"
cp ./gendocs.py "$workdir/gendocs.py"
cp ./docs/README.adoc "$workdir/README.adoc"
-# documentation for development branches
-addToIndex "\n== Development branches ==\n"
-for branch in ubi8 ubi9; do
- addToIndex "\n=== $branch ===\n"
- handleRef "$branch" "$branch"
-done
-
-# documentation for tagged releases
-addToIndex "\n== Released images =="
-for tag in $(git tag -l 'ubi?-openjdk-containers*' | sort -r); do
- addToIndex "\n=== $tag ===\n"
- handleRef "$tag"
+for ubi in ubi9 ubi8; do
+ UBI=${ubi^^}
+ addToIndex "\n== $UBI\n"
+ addToIndex "\n=== development\n"
+ handleRef "$ubi"
+ for tag in $(git tag -l "${ubi}-openjdk-containers*" | sort -r); do
+ version=${tag/${ubi}-openjdk-containers-/}
+ addToIndex "\n=== $version\n"
+ handleRef "$tag"
+ done
done
asciidoctor "$workdir/README.adoc" -o docs/index.html
diff --git a/modules/jdk/11/module.yaml b/modules/jdk/11/module.yaml
index 7970d454..8c9e50bc 100644
--- a/modules/jdk/11/module.yaml
+++ b/modules/jdk/11/module.yaml
@@ -30,6 +30,7 @@ packages:
modules:
install:
- name: jboss.container.user
+ - name: jboss.container.openjdk
execute:
- script: configure.sh
diff --git a/modules/jdk/17/module.yaml b/modules/jdk/17/module.yaml
index 58990271..3fd1cd48 100644
--- a/modules/jdk/17/module.yaml
+++ b/modules/jdk/17/module.yaml
@@ -29,6 +29,7 @@ packages:
modules:
install:
- name: jboss.container.user
+ - name: jboss.container.openjdk
execute:
- script: configure.sh
diff --git a/modules/jdk/21/module.yaml b/modules/jdk/21/module.yaml
index 585d4599..8e6962b6 100644
--- a/modules/jdk/21/module.yaml
+++ b/modules/jdk/21/module.yaml
@@ -30,6 +30,7 @@ packages:
modules:
install:
- name: jboss.container.user
+ - name: jboss.container.openjdk
execute:
- script: configure.sh
diff --git a/modules/jdk/8/module.yaml b/modules/jdk/8/module.yaml
index a8622bb1..d85cce5c 100644
--- a/modules/jdk/8/module.yaml
+++ b/modules/jdk/8/module.yaml
@@ -29,6 +29,7 @@ packages:
modules:
install:
- name: jboss.container.user
+ - name: jboss.container.openjdk
execute:
- script: configure.sh
diff --git a/modules/jdk/module.yaml b/modules/jdk/module.yaml
new file mode 100644
index 00000000..e805f909
--- /dev/null
+++ b/modules/jdk/module.yaml
@@ -0,0 +1,5 @@
+schema_version: 1
+
+name: "jboss.container.openjdk"
+description: "A dummy descriptor to couple tests with jdk modules"
+version: "0"
diff --git a/modules/jdk/tests/features/openjdk.feature b/modules/jdk/tests/features/openjdk.feature
new file mode 100644
index 00000000..1bace562
--- /dev/null
+++ b/modules/jdk/tests/features/openjdk.feature
@@ -0,0 +1,98 @@
+Feature: Miscellaneous OpenJDK-related unit tests
+
+ @ubi9/openjdk-11
+ @ubi9/openjdk-11-runtime
+ Scenario: Check that only OpenJDK 11 is installed
+ When container is started with args
+ | arg | value |
+ | command | rpm -qa |
+ Then available container log should not contain java-1.8.0
+ Then available container log should not contain java-17
+ Then available container log should not contain java-21
+
+ @ubi9/openjdk-17
+ @ubi9/openjdk-17-runtime
+ Scenario: Check that only OpenJDK 17 is installed
+ When container is started with args
+ | arg | value |
+ | command | rpm -qa |
+ Then available container log should not contain java-1.8.0
+ Then available container log should not contain java-11
+ Then available container log should not contain java-21
+
+ @ubi9/openjdk-21
+ @ubi9/openjdk-21-runtime
+ Scenario: Check that only OpenJDK 21 is installed
+ When container is started with args
+ | arg | value |
+ | command | rpm -qa |
+ Then available container log should not contain java-1.8.0
+ Then available container log should not contain java-11
+ Then available container log should not contain java-17
+
+ @ubi9
+ Scenario: Ensure JAVA_HOME is defined and contains Java
+ When container is started with args
+ | arg | value |
+ | command | bash -c "$JAVA_HOME/bin/java -version" |
+ Then available container log should contain OpenJDK Runtime Environment
+
+ @ubi9
+ Scenario: Check that certain non-UBI packages are not installed
+ When container is started with args
+ | arg | value |
+ | command | rpm -qa |
+ Then available container log should not contain grub
+ Then available container log should not contain os-prober
+ Then available container log should not contain rpm-plugin-systemd-inhibit
+
+ @ubi9/openjdk-11
+ @ubi9/openjdk-11-runtime
+ Scenario: Check that directories from other JDKs are not present (JDK11)
+ When container is started with args
+ | arg | value |
+ | command | ls -1 /usr/lib/jvm |
+ Then available container log should not contain java-1.8.0
+ Then available container log should not contain java-17
+ Then available container log should not contain java-21
+
+ @ubi9/openjdk-17
+ @ubi9/openjdk-17-runtime
+ Scenario: Check that directories from other JDKs are not present (JDK17)
+ When container is started with args
+ | arg | value |
+ | command | ls -1 /usr/lib/jvm |
+ Then available container log should not contain java-1.8.0
+ Then available container log should not contain java-11
+ Then available container log should not contain java-21
+
+ @ubi9/openjdk-21
+ @ubi9/openjdk-21-runtime
+ Scenario: Check that directories from other JDKs are not present (JDK21)
+ When container is started with args
+ | arg | value |
+ | command | ls -1 /usr/lib/jvm |
+ Then available container log should not contain java-1.8.0
+ Then available container log should not contain java-11
+ Then available container log should not contain java-17
+
+ @ubi9
+ Scenario: Ensure LANG is defined and contains UTF-8
+ When container is started with args
+ | arg | value |
+ | command | bash -c "$JAVA_HOME/bin/java -XshowSettings:properties -version" |
+ Then available container log should contain file.encoding = UTF-8
+
+ @ubi9
+ Scenario: Ensure tar is installed (OPENJDK-1165)
+ When container is started with args
+ | arg | value |
+ | command | tar |
+ Then available container log should not contain command not found
+
+ @ubi9
+ Scenario: Ensure tzdata RPM is properly installed (OPENJDK-2519)
+ When container is started with args
+ | arg | value |
+ | command | rpm -V tzdata |
+ Then available container log should not contain missing
diff --git a/modules/jre/11/module.yaml b/modules/jre/11/module.yaml
index b252ca91..aa6ad0ff 100644
--- a/modules/jre/11/module.yaml
+++ b/modules/jre/11/module.yaml
@@ -30,6 +30,7 @@ packages:
modules:
install:
- name: jboss.container.user
+ - name: jboss.container.openjdk
execute:
- script: configure.sh
diff --git a/modules/jre/17/module.yaml b/modules/jre/17/module.yaml
index 45ec65f8..88e87617 100644
--- a/modules/jre/17/module.yaml
+++ b/modules/jre/17/module.yaml
@@ -29,6 +29,7 @@ packages:
modules:
install:
- name: jboss.container.user
+ - name: jboss.container.openjdk
execute:
- script: configure.sh
diff --git a/modules/jre/21/module.yaml b/modules/jre/21/module.yaml
index 834bcb77..5a2ff731 100644
--- a/modules/jre/21/module.yaml
+++ b/modules/jre/21/module.yaml
@@ -29,6 +29,7 @@ packages:
modules:
install:
- name: jboss.container.user
+ - name: jboss.container.openjdk
execute:
- script: configure.sh
diff --git a/modules/jre/8/module.yaml b/modules/jre/8/module.yaml
index 05724772..0188c81e 100644
--- a/modules/jre/8/module.yaml
+++ b/modules/jre/8/module.yaml
@@ -29,6 +29,7 @@ packages:
modules:
install:
- name: jboss.container.user
+ - name: jboss.container.openjdk
execute:
- script: configure.sh
diff --git a/modules/jvm/tests/features/gc.feature b/modules/jvm/tests/features/gc.feature
new file mode 100644
index 00000000..1118081e
--- /dev/null
+++ b/modules/jvm/tests/features/gc.feature
@@ -0,0 +1,61 @@
+@ubi9
+Feature: Openshift OpenJDK GC tests
+
+ Scenario: Check default GC configuration
+ Given container is started as uid 1000
+ Then container log should contain -XX:+UseParallelGC
+ And container log should contain -XX:MinHeapFreeRatio=10
+ And container log should contain -XX:MaxHeapFreeRatio=20
+ And container log should contain -XX:GCTimeRatio=4
+
+ Scenario: Check GC_MIN_HEAP_FREE_RATIO GC configuration
+ Given container is started with env
+ | variable | value |
+ | GC_MIN_HEAP_FREE_RATIO | 5 |
+ Then container log should contain -XX:MinHeapFreeRatio=5
+
+ Scenario: Check GC_MAX_HEAP_FREE_RATIO GC configuration
+ Given container is started with env
+ | variable | value |
+ | GC_MAX_HEAP_FREE_RATIO | 50 |
+ Then container log should contain -XX:MaxHeapFreeRatio=50
+
+ Scenario: Check GC_TIME_RATIO GC configuration
+ Given container is started with env
+ | variable | value |
+ | GC_TIME_RATIO | 5 |
+ Then container log should contain -XX:GCTimeRatio=5
+
+ Scenario: Check GC_ADAPTIVE_SIZE_POLICY_WEIGHT GC configuration
+ Given container is started with env
+ | variable | value |
+ | GC_ADAPTIVE_SIZE_POLICY_WEIGHT | 80 |
+ Then container log should contain -XX:AdaptiveSizePolicyWeight=80
+
+ Scenario: Check GC_MAX_METASPACE_SIZE GC configuration
+ Given container is started with env
+ | variable | value |
+ | GC_MAX_METASPACE_SIZE | 120 |
+ Then container log should contain -XX:MaxMetaspaceSize=120m
+
+ Scenario: Check GC_CONTAINER_OPTIONS configuration
+ Given container is started with env
+ | variable | value |
+ | GC_CONTAINER_OPTIONS | -XX:+UseG1GC |
+ Then container log should contain -XX:+UseG1GC
+ And container log should not contain -XX:+UseParallelGC
+
+ Scenario: Check GC_METASPACE_SIZE GC configuration
+ Given container is started with env
+ | variable | value |
+ | GC_METASPACE_SIZE | 120 |
+ Then container log should contain -XX:MetaspaceSize=120m
+ And container log should not contain integer expression expected
+
+ Scenario: Check GC_METASPACE_SIZE constrained by GC_MAX_METASPACE_SIZE GC configuration
+ Given container is started with env
+ | variable | value |
+ | GC_METASPACE_SIZE | 120 |
+ | GC_MAX_METASPACE_SIZE | 90 |
+ Then container log should contain -XX:MaxMetaspaceSize=90m
+ And container log should contain -XX:MetaspaceSize=90m
diff --git a/modules/jvm/tests/features/memory.feature b/modules/jvm/tests/features/memory.feature
new file mode 100644
index 00000000..53cd373a
--- /dev/null
+++ b/modules/jvm/tests/features/memory.feature
@@ -0,0 +1,41 @@
+Feature: OPENJDK-559 JVM Memory tests
+
+ @ubi9
+ Scenario: Check default JVM max heap configuration
+ Given container is started as uid 1000
+ Then container log should contain -XX:MaxRAMPercentage=80.0
+
+ @ubi9
+ Scenario: Check configured JVM max heap configuration and ensure JAVA_MAX_MEM_RATIO accepts floats but only takes whole number part
+ Given container is started with env
+ | variable | value |
+ | JAVA_MAX_MEM_RATIO | 90.4 |
+ Then container log should contain -XX:MaxRAMPercentage=90.0
+
+ @ubi9
+ Scenario: Ensure JAVA_MAX_MEM_RATIO accepts Integers
+ Given container is started with env
+ | variable | value |
+ | JAVA_MAX_MEM_RATIO | 90 |
+ Then container log should contain -XX:MaxRAMPercentage=90.0
+
+ @ubi9
+ Scenario: Ensure JAVA_MAX_MEM_RATIO=0 disables parameter
+ Given container is started with env
+ | variable | value |
+ | JAVA_MAX_MEM_RATIO | 0 |
+ Then container log should not contain -XX:MaxRAMPercentage
+
+ @ubi9
+ Scenario: Check default JVM initial heap configuration is unspecified
+ Given container is started as uid 1000
+ Then container log should not contain -XX:InitialRAMPercentage
+ And container log should not contain -Xms
+
+ # Not the runtime images
+ @ubi9/openjdk-11
+ @ubi9/openjdk-17
+ @ubi9/openjdk-21
+ Scenario: Ensure Maven doesn't use MaxRAMPercentage=80
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from spring-boot-sample-simple
+ Then s2i build log should match regex INFO Using MAVEN_OPTS.*-XX:MaxRAMPercentage=25.0$
diff --git a/modules/jvm/tests/features/runtime.feature b/modules/jvm/tests/features/runtime.feature
new file mode 100644
index 00000000..fcd338d3
--- /dev/null
+++ b/modules/jvm/tests/features/runtime.feature
@@ -0,0 +1,69 @@
+@ubi9/openjdk-11
+@ubi9/openjdk-17
+@ubi9/openjdk-21
+Feature: Openshift OpenJDK Runtime tests
+
+ @ubi9
+ Scenario: Check JAVA_OPTS overrides defaults
+ Given container is started with env
+ | variable | value |
+ | JAVA_OPTS | --show-version |
+ Then container log should not contain -XX:MaxRAMPercentage
+
+ @ubi9
+ Scenario: Check empty JAVA_OPTS overrides defaults
+ Given container is started with env
+ | variable | value |
+ | JAVA_OPTS | |
+ Then container log should not contain -XX:MaxRAMPercentage
+
+ @ubi9
+ Scenario: Check JAVA_OPTS overrides JAVA_OPTS_APPEND
+ Given container is started with env
+ | variable | value |
+ | JAVA_OPTS | -verbose:gc |
+ | JAVA_OPTS_APPEND | -Xint |
+ Then container log should contain -verbose:gc
+ And container log should not contain -Xint
+
+ @ubi9
+ Scenario: Check JAVA_APP_NAME can contain spaces (OPENJDK-1551)
+ Given container is started with env
+ | variable | value |
+ | JAVA_APP_NAME | foo bar |
+ Then container log should not contain exec: bar': not found
+
+ @ubi9
+ Scenario: Check default JAVA_APP_DIR (OPENJDK-2034)
+ When container is ready
+ Then available container log should contain INFO running in /deployments
+
+ @ubi9
+ Scenario: Check custom JAVA_APP_DIR (OPENJDK-2034)
+ Given container is started with env
+ | variable | value |
+ | JAVA_APP_DIR | /home/default |
+ Then available container log should contain INFO running in /home/default
+
+ @ubi9
+ Scenario: Check relative path JAVA_APP_DIR (OPENJDK-2034)
+ Given container is started with env
+ | variable | value |
+ | JAVA_APP_DIR | . |
+ Then available container log should contain INFO running in /home/default
+
+ # temporarily disabled, see https://issues.redhat.com/browse/OPENJDK-3536
+ @ignore
+ Scenario: Check non-existent path JAVA_APP_DIR (OPENJDK-2034)
+ Given container is started with env
+ | variable | value |
+ | JAVA_APP_DIR | /nope |
+ Then available container log should contain ERROR No directory /nope found for auto detection
+
+ # Builder images only
+ Scenario: Ensure JAVA_APP_DIR and S2I work together (OPENJDK-2034)
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from undertow-servlet
+ | variable | value |
+ | JAVA_APP_DIR | /home/default |
+ | S2I_TARGET_DEPLOYMENTS_DIR | /home/default |
+ Then container log should contain /home/default/undertow-servlet.jar
diff --git a/modules/maven/21/configure.sh b/modules/maven/21/configure.sh
new file mode 100755
index 00000000..84da8a53
--- /dev/null
+++ b/modules/maven/21/configure.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+set -e
+
+# This file is shipped by a Maven package and sets JAVA_HOME to
+# an OpenJDK-specific path. This causes problems for OpenJ9 containers
+# as the path is not correct for them. We don't need this in any of
+# the containers because we set JAVA_HOME in the container metadata.
+# Blank the file rather than removing it, to avoid a warning message
+# from /usr/bin/mvn.
+if [ -f /etc/java/maven.conf ]; then
+ :> /etc/java/maven.conf
+fi
diff --git a/modules/maven/21/module.yaml b/modules/maven/21/module.yaml
new file mode 100644
index 00000000..e8d8c10c
--- /dev/null
+++ b/modules/maven/21/module.yaml
@@ -0,0 +1,21 @@
+schema_version: 1
+name: jboss.container.maven
+version: '3.8.21'
+description: Provides Maven v3.8 capabilities to an image.
+
+envs:
+- name: JBOSS_CONTAINER_MAVEN_38_MODULE
+ value: /opt/jboss/container/maven/38/
+- name: MAVEN_VERSION
+ value: '3.8'
+
+modules:
+ install:
+ - name: jboss.container.maven.module
+
+packages:
+ install:
+ - maven-openjdk21
+
+execute:
+- script: configure.sh
diff --git a/modules/maven/s2i/artifacts/opt/jboss/container/maven/s2i/maven-s2i b/modules/maven/s2i/artifacts/opt/jboss/container/maven/s2i/maven-s2i
index b8e1a81c..fb433d29 100644
--- a/modules/maven/s2i/artifacts/opt/jboss/container/maven/s2i/maven-s2i
+++ b/modules/maven/s2i/artifacts/opt/jboss/container/maven/s2i/maven-s2i
@@ -76,7 +76,7 @@ function maven_s2i_build() {
s2i_core_cleanup
# Remove java tmp perf data dir owned by 185
- rm -rf /tmp/hsperfdata_jboss
+ rm -rf "/tmp/hsperfdata_${USER}"
}
# perform a maven build, i.e. mvn ...
diff --git a/modules/maven/s2i/tests/features/java_s2i.feature b/modules/maven/s2i/tests/features/java_s2i.feature
new file mode 100644
index 00000000..6e3c69c2
--- /dev/null
+++ b/modules/maven/s2i/tests/features/java_s2i.feature
@@ -0,0 +1,200 @@
+# temporarily marking 'ignore' so these tests are skipped on GHA
+@ignore
+@ubi9/openjdk-11
+@ubi9/openjdk-17
+@ubi9/openjdk-21
+Feature: Openshift OpenJDK S2I tests
+# NOTE: these tests should be usable with the other images once we have refactored the JDK scripts.
+# These builds do not actually run maven. This is important, because the proxy
+# options supplied do not specify a valid HTTP proxy.
+
+ # handles mirror/repository configuration; proxy configuration
+ Scenario: run the s2i and check the maven mirror and proxy have been initialised in the default settings.xml, uses http_proxy
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from spring-boot-sample-simple
+ | variable | value |
+ | MAVEN_ARGS | -v |
+ | MAVEN_MIRROR_URL | http://127.0.0.1:8080/repository/internal/ |
+ | http_proxy | 127.0.0.1:8080 |
+ And XML namespaces
+ | prefix | url |
+ | ns | http://maven.apache.org/SETTINGS/1.0.0 |
+ Then XML file /tmp/artifacts/configuration/settings.xml should have 1 elements on XPath //ns:proxy[ns:id='genproxy'][ns:active='true'][ns:protocol='http'][ns:host='127.0.0.1'][ns:port='8080']
+ Then XML file /tmp/artifacts/configuration/settings.xml should have 1 elements on XPath //ns:mirror[ns:id='mirror.default'][ns:url='http://127.0.0.1:8080/repository/internal/'][ns:mirrorOf='external:*']
+
+ # proxy auth configuration (success case) + nonProxyHosts
+ Scenario: run the s2i and check the maven mirror, proxy (including username and password) and non proxy have been initialised in the default settings.xml, uses http_proxy
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from spring-boot-sample-simple
+ | variable | value |
+ | MAVEN_ARGS | -v |
+ | http_proxy | myuser:mypass@127.0.0.1:8080 |
+ | no_proxy | *.example.com |
+ And XML namespaces
+ | prefix | url |
+ | ns | http://maven.apache.org/SETTINGS/1.0.0 |
+ Then XML file /tmp/artifacts/configuration/settings.xml should have 1 elements on XPath //ns:proxy[ns:id='genproxy'][ns:active='true'][ns:protocol='http'][ns:host='127.0.0.1'][ns:port='8080'][ns:username='myuser'][ns:password='mypass'][ns:nonProxyHosts='*.example.com']
+
+ # proxy auth configuration (fail case: no password supplied)
+ Scenario: run the s2i and check the maven mirror, proxy (including username) and non proxy have been initialised in the default settings.xml, uses http_proxy
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from spring-boot-sample-simple
+ | variable | value |
+ | MAVEN_ARGS | -v |
+ | http_proxy | myuser@127.0.0.1:8080 |
+ And XML namespaces
+ | prefix | url |
+ | ns | http://maven.apache.org/SETTINGS/1.0.0 |
+ Then XML file /tmp/artifacts/configuration/settings.xml should have 1 elements on XPath //ns:proxy[ns:id='genproxy'][ns:active='true'][ns:protocol='http'][ns:host='127.0.0.1'][ns:port='8080']
+
+ # handles mirror/repository configuration; proxy configuration
+ Scenario: run the s2i and check the maven mirror and proxy have been initialised in the default settings.xml, uses http_proxy
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from spring-boot-sample-simple
+ | variable | value |
+ | MAVEN_ARGS | -v |
+ | MAVEN_MIRROR_URL | http://127.0.0.1:8080/repository/internal/ |
+ | http_proxy | 127.0.0.1:8080 |
+ And XML namespaces
+ | prefix | url |
+ | ns | http://maven.apache.org/SETTINGS/1.0.0 |
+ Then XML file /tmp/artifacts/configuration/settings.xml should have 1 elements on XPath //ns:proxy[ns:id='genproxy'][ns:active='true'][ns:protocol='http'][ns:host='127.0.0.1'][ns:port='8080']
+ Then XML file /tmp/artifacts/configuration/settings.xml should have 1 elements on XPath //ns:mirror[ns:id='mirror.default'][ns:url='http://127.0.0.1:8080/repository/internal/'][ns:mirrorOf='external:*']
+
+ # HTTP_PROXY (all caps) ignored
+ Scenario: run the s2i and check the maven mirror and proxy have been initialised in the default settings.xml, uses http_proxy and HTTP_PROXY
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from spring-boot-sample-simple
+ | variable | value |
+ | MAVEN_ARGS | -v |
+ | http_proxy | 127.0.0.2:9090 |
+ | HTTP_PROXY | 127.0.0.1:8080 |
+ And XML namespaces
+ | prefix | url |
+ | ns | http://maven.apache.org/SETTINGS/1.0.0 |
+ Then XML file /tmp/artifacts/configuration/settings.xml should have 1 elements on XPath //ns:proxy[ns:id='genproxy'][ns:active='true'][ns:protocol='http'][ns:host='127.0.0.2'][ns:port='9090']
+ Then XML file /tmp/artifacts/configuration/settings.xml should have 0 elements on XPath //ns:proxy[ns:id='genproxy'][ns:active='true'][ns:protocol='http'][ns:host='127.0.0.1'][ns:port='8080']
+
+ # handles mirror/repository configuration; https proxy configuration
+ Scenario: run the s2i and check the maven mirror and proxy have been initialised in the default settings.xml, uses https_proxy
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from spring-boot-sample-simple
+ | variable | value |
+ | MAVEN_ARGS | -v |
+ | MAVEN_MIRROR_URL | http://127.0.0.1:8080/repository/internal/ |
+ | https_proxy | 127.0.0.1:8080 |
+ And XML namespaces
+ | prefix | url |
+ | ns | http://maven.apache.org/SETTINGS/1.0.0 |
+ Then XML file /tmp/artifacts/configuration/settings.xml should have 1 elements on XPath //ns:proxy[ns:id='genproxy'][ns:active='true'][ns:protocol='https'][ns:host='127.0.0.1'][ns:port='8080']
+ Then XML file /tmp/artifacts/configuration/settings.xml should have 1 elements on XPath //ns:mirror[ns:id='mirror.default'][ns:url='http://127.0.0.1:8080/repository/internal/'][ns:mirrorOf='external:*']
+
+ # https proxy auth configuration (success case) + nonProxyHosts
+ Scenario: run the s2i and check the maven mirror, proxy (including username and password) and non proxy have been initialised in the default settings.xml, uses https_proxy
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from spring-boot-sample-simple
+ | variable | value |
+ | MAVEN_ARGS | -v |
+ | https_proxy | myuser:mypass@127.0.0.1:8080 |
+ | no_proxy | *.example.com |
+ And XML namespaces
+ | prefix | url |
+ | ns | http://maven.apache.org/SETTINGS/1.0.0 |
+ Then XML file /tmp/artifacts/configuration/settings.xml should have 1 elements on XPath //ns:proxy[ns:id='genproxy'][ns:active='true'][ns:protocol='https'][ns:host='127.0.0.1'][ns:port='8080'][ns:username='myuser'][ns:password='mypass'][ns:nonProxyHosts='*.example.com']
+
+ # https proxy auth configuration (fail case: no password supplied)
+ Scenario: run the s2i and check the maven mirror, proxy (including username) and non proxy have been initialised in the default settings.xml, uses https_proxy
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from spring-boot-sample-simple
+ | variable | value |
+ | MAVEN_ARGS | -v |
+ | https_proxy | myuser@127.0.0.1:8080 |
+ And XML namespaces
+ | prefix | url |
+ | ns | http://maven.apache.org/SETTINGS/1.0.0 |
+ Then XML file /tmp/artifacts/configuration/settings.xml should have 1 elements on XPath //ns:proxy[ns:id='genproxy'][ns:active='true'][ns:protocol='https'][ns:host='127.0.0.1'][ns:port='8080']
+
+ Scenario: run s2i assemble and check no_proxy is honoured with multiple entries
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from spring-boot-sample-simple
+ | variable | value |
+ | MAVEN_ARGS | -v |
+ | MAVEN_MIRROR_URL | http://127.0.0.1:8080/repository/internal/ |
+ | http_proxy | http://127.0.0.1:8080 |
+ | no_proxy | foo.example.com,bar.example.com |
+ And XML namespaces
+ | prefix | url |
+ | ns | http://maven.apache.org/SETTINGS/1.0.0 |
+ Then XML file /tmp/artifacts/configuration/settings.xml should have 1 elements on XPath //ns:proxy[ns:id='genproxy'][ns:active='true'][ns:protocol='http'][ns:host='127.0.0.1'][ns:port='8080'][ns:nonProxyHosts='foo.example.com|bar.example.com']
+
+ # deprecated?
+ Scenario: run an S2I build that depends on com.redhat.xpaas.repo.redhatga being defined
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from spring-boot-sample-simple
+
+ # deprecated?
+ Scenario: run an S2I that should fail as MAVEN_ARGS does not define com.redhat.xpaas.repo.redhatga
+ Given failing s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from spring-boot-sample-simple using openjdk-enforce-profile
+ | variable | value |
+ | MAVEN_ARGS | -e package |
+
+ # CLOUD-579
+ Scenario: Test that maven is executed in batch mode
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from spring-boot-sample-simple
+ Then s2i build log should contain --batch-mode
+ And s2i build log should not contain \r
+
+ # CLOUD-3095 - context dir should be recursively copied into the image
+ # "/target" suffix is important here; it triggers a different code-path (no source build)
+ Scenario: Ensure binary-only mode copies binaries into the target image
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from spring-boot-sample-simple/target
+ Then s2i build log should not contain skipping directory .
+ And run find /deployments in container and check its output for spring-boot-sample-simple-1.5.0.BUILD-SNAPSHOT.jar
+
+ # OPENJDK-1954 - MAVEN_REPOS
+ Scenario: run the s2i and check the maven mirror and proxy have been initialised in the default settings.xml, uses http_proxy
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from spring-boot-sample-simple/target
+ | variable | value |
+ | MAVEN_REPOS | TESTREPO,ANOTHER |
+ | TESTREPO_MAVEN_REPO_URL | http://repo.example.com:8080/maven2/ |
+ | TESTREPO_MAVEN_REPO_ID | myrepo |
+ | ANOTHER_MAVEN_REPO_URL | https://repo.example.org:8888/ |
+ | ANOTHER_MAVEN_REPO_ID | another |
+ And XML namespaces
+ | prefix | url |
+ | ns | http://maven.apache.org/SETTINGS/1.0.0 |
+ Then XML file /tmp/artifacts/configuration/settings.xml should have 1 elements on XPath //ns:server[ns:id='myrepo']
+ Then XML file /tmp/artifacts/configuration/settings.xml should have 1 elements on XPath //ns:profile[ns:id='myrepo-profile']/ns:repositories/ns:repository[ns:url='http://repo.example.com:8080/maven2/']
+ Then XML file /tmp/artifacts/configuration/settings.xml should have 1 elements on XPath //ns:server[ns:id='another']
+ Then XML file /tmp/artifacts/configuration/settings.xml should have 1 elements on XPath //ns:profile[ns:id='another-profile']/ns:repositories/ns:repository[ns:url='https://repo.example.org:8888/']
+
+ # OPENJDK-1961: MAVEN_REPO_URL and MAVEN_REPO_ID
+ Scenario: Check MAVEN_REPO_URL generates Maven settings and profile configuration
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from spring-boot-sample-simple/target
+ | variable | value |
+ | MAVEN_REPO_URL | http://repo.example.com:8080/maven2/ |
+ | MAVEN_REPO_ID | myrepo |
+ And XML namespaces
+ | prefix | url |
+ | ns | http://maven.apache.org/SETTINGS/1.0.0 |
+ Then XML file /tmp/artifacts/configuration/settings.xml should have 1 elements on XPath //ns:server[ns:id='myrepo']
+ Then XML file /tmp/artifacts/configuration/settings.xml should have 1 elements on XPath //ns:profile[ns:id='myrepo-profile']/ns:repositories/ns:repository[ns:url='http://repo.example.com:8080/maven2/']
+
+ Scenario: Ensure the environment is cleaned when executing mvn (OPENJDK-1549)
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from OPENJDK-1549 with env
+ | variable | value |
+ | MAVEN_ARGS | validate |
+
+ Scenario: Ensure no custom settings.xml fails for specific application (OPENJDK-3597)
+ Given failing s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from OPENJDK-3597-custom-settings-xml using master
+ Then s2i build log should contain [ERROR] Profile "testCustomProfile" is not activated
+
+ Scenario: Ensure custom settings.xml copied in via MAVEN_SETTINGS_XML (OPENJDK-3597)
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from OPENJDK-3597-custom-settings-xml with env
+ | variable | value |
+ | MAVEN_ARGS | validate |
+ | MAVEN_SETTINGS_XML | /tmp/src/settings.xml |
+ Then s2i build log should contain Rule 0: org.apache.maven.enforcer.rules.RequireActiveProfile passed
+
+ Scenario: Ensure that run-env.sh placed in the JAVA_APP_DIR is sourced in the run script before launching java
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from quarkus-quickstarts/getting-started-3.0.1.Final-nos2i
+ | variable | value |
+ | S2I_SOURCE_DATA_DIR | ./ |
+ | S2I_TARGET_DATA_DIR | /deployments |
+ Then container log should contain INFO exec -a "someUniqueString" java
+
+ Scenario: Ensure mtime is preserved for build artifacts (OPENJDK-2408)
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from OPENJDK-2408-bin-custom-s2i-assemble with env
+ | variable | value |
+ | S2I_DELETE_SOURCE | false |
+ Then run find /deployments/spring-boot-sample-simple-1.5.0.BUILD-SNAPSHOT.jar ! -newer /tmp/src/spring-boot-sample-simple-1.5.0.BUILD-SNAPSHOT.jar in container and check its output for spring-boot-sample-simple-1.5.0.BUILD-SNAPSHOT.jar
diff --git a/modules/maven/s2i/tests/features/java_s2i_inc.feature b/modules/maven/s2i/tests/features/java_s2i_inc.feature
new file mode 100644
index 00000000..c1415cab
--- /dev/null
+++ b/modules/maven/s2i/tests/features/java_s2i_inc.feature
@@ -0,0 +1,17 @@
+@ubi9/openjdk-11
+@ubi9/openjdk-17
+@ubi9/openjdk-21
+Feature: Openshift OpenJDK S2I tests
+
+ # test incremental builds
+ Scenario: Check incremental builds cache .m2
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from undertow-servlet
+ | variable | value |
+ | JAVA_ARGS | Hello from CTF test |
+ Then container log should contain /deployments/undertow-servlet.jar Hello from CTF test
+ And s2i build log should contain Downloading from central:
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from undertow-servlet with env and incremental
+ | variable | value |
+ | JAVA_ARGS | Hello from CTF test |
+ Then container log should contain /deployments/undertow-servlet.jar Hello from CTF test
+ And s2i build log should not contain Downloading from central:
diff --git a/modules/run/artifacts/opt/jboss/container/java/run/run-java.sh b/modules/run/artifacts/opt/jboss/container/java/run/run-java.sh
index 8f939bbc..b110ec68 100644
--- a/modules/run/artifacts/opt/jboss/container/java/run/run-java.sh
+++ b/modules/run/artifacts/opt/jboss/container/java/run/run-java.sh
@@ -9,6 +9,10 @@ set -eo pipefail
export JBOSS_CONTAINER_UTIL_LOGGING_MODULE="${JBOSS_CONTAINER_UTIL_LOGGING_MODULE-/opt/jboss/container/util/logging}"
export JBOSS_CONTAINER_JAVA_RUN_MODULE="${JBOSS_CONTAINER_JAVA_RUN_MODULE-/opt/jboss/container/java/run}"
export JBOSS_CONTAINER_UTIL_PATHFINDER_MODULE="${JBOSS_CONTAINER_UTIL_PATHFINDER_MODULE-/opt/jboss/container/util/pathfinder}"
+# Default the application dir to the S2I deployment dir
+if [ -z "$JAVA_APP_DIR" ]
+ then JAVA_APP_DIR=/deployments
+fi
source "$JBOSS_CONTAINER_UTIL_LOGGING_MODULE/logging.sh"
source "$JBOSS_CONTAINER_UTIL_PATHFINDER_MODULE/pathfinder.sh"
@@ -109,6 +113,27 @@ get_classpath() {
echo "${cp_path}"
}
+# Mask secrets before printing
+mask_passwords() {
+ local content="$1"
+ local result=""
+
+ IFS=' ' read -r -a key_value_pairs <<< "$content"
+
+ for pair in "${key_value_pairs[@]}"; do
+ key=$(echo "$pair" | cut -d '=' -f 1)
+ value=$(echo "$pair" | cut -d '=' -f 2-)
+
+ if [[ $key =~ [Pp][Aa][Ss][Ss][Ww][Oo][Rr][Dd] ]]; then
+ result+="$key=***** "
+ else
+ result+="$pair "
+ fi
+ done
+
+ echo "${result% }"
+}
+
# Start JVM
startup() {
# Initialize environment
@@ -123,9 +148,11 @@ startup() {
args="-jar ${JAVA_APP_JAR}"
fi
- procname="${JAVA_APP_NAME-java}"
+ local procname="${JAVA_APP_NAME-java}"
+
+ local masked_opts=$(mask_passwords "$(get_java_options)")
- log_info "exec -a \"${procname}\" java $(get_java_options) -cp \"$(get_classpath)\" ${args} $*"
+ log_info "exec -a \"${procname}\" java ${masked_opts} -cp \"$(get_classpath)\" ${args} $*"
log_info "running in $PWD"
exec -a "${procname}" java $(get_java_options) -cp "$(get_classpath)" ${args} $*
}
diff --git a/modules/run/tests/features/java.runtime.feature b/modules/run/tests/features/java.runtime.feature
new file mode 100644
index 00000000..f1225c4a
--- /dev/null
+++ b/modules/run/tests/features/java.runtime.feature
@@ -0,0 +1,17 @@
+@ubi9/openjdk-11
+@ubi9/openjdk-17
+@ubi9/openjdk-21
+Feature: Openshift OpenJDK Runtime tests (OPENJDK-474, OPENJDK-2805)
+
+ Scenario: Ensure JAVA_ARGS is passed through, diagnostic options work correctly, JVM_ARGS not present in run script, OPENJDK-474 JAVA_ARGS not repeated
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from undertow-servlet
+ | variable | value |
+ | JAVA_ARGS | unique |
+ | JAVA_DIAGNOSTICS | true |
+ Then container log should contain /deployments/undertow-servlet.jar unique
+ And container log should contain -XX:NativeMemoryTracking=summary
+ And file /usr/local/s2i/run should exist
+ And file /usr/local/s2i/run should not contain JVM_ARGS
+ And file /usr/libexec/s2i/run should exist
+ And file /usr/libexec/s2i/run should not contain JVM_ARGS
+ And container log should not contain unique unique
diff --git a/modules/run/tests/features/java.security.feature b/modules/run/tests/features/java.security.feature
new file mode 100644
index 00000000..9d48c16c
--- /dev/null
+++ b/modules/run/tests/features/java.security.feature
@@ -0,0 +1,7 @@
+@ubi9/openjdk-11
+@ubi9/openjdk-17
+@ubi9/openjdk-21
+Feature: Openshift S2I tests
+ Scenario: Check networkaddress.cache.negative.ttl has been set correctly
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from binary-cli-security-property
+ Then s2i build log should contain networkaddress.cache.negative.ttl=0
diff --git a/modules/run/tests/features/run.feature b/modules/run/tests/features/run.feature
new file mode 100644
index 00000000..ad8bf8cf
--- /dev/null
+++ b/modules/run/tests/features/run.feature
@@ -0,0 +1,8 @@
+@ubi9
+Feature: OpenJDK run script tests
+ Scenario: Ensure command-line options containing 'password' are masked in logs
+ Given container is started with env
+ | variable | value |
+ | JAVA_OPTS_APPEND | -Djavax.net.ssl.trustStorePassword=sensitiveString |
+ Then container log should not contain sensitiveString
+
diff --git a/modules/s2i/bash/artifacts/opt/jboss/container/java/s2i/maven-s2i-overrides b/modules/s2i/bash/artifacts/opt/jboss/container/java/s2i/maven-s2i-overrides
index 486d8b35..69917a8a 100644
--- a/modules/s2i/bash/artifacts/opt/jboss/container/java/s2i/maven-s2i-overrides
+++ b/modules/s2i/bash/artifacts/opt/jboss/container/java/s2i/maven-s2i-overrides
@@ -29,7 +29,12 @@ function maven_s2i_custom_binary_build() {
binary_dir="${S2I_SOURCE_DIR}"
fi
log_info "Copying binaries from ${binary_dir} to ${S2I_TARGET_DEPLOYMENTS_DIR} ..."
- rsync --archive --out-format='%n' "${binary_dir}"/ "${S2I_TARGET_DEPLOYMENTS_DIR}"
+
+ ( # OPENJDK-2850: use glob (dotglob to match hidden files) to stop rsync altering
+ # timestamps of S2I_TARGET_DEPLOYMENTS_DIR. Don't alter parent shell's dotglob.
+ shopt -s dotglob
+ rsync --archive --out-format='%n' "${binary_dir}"/* "${S2I_TARGET_DEPLOYMENTS_DIR}"
+ )
}
function maven_s2i_deploy_artifacts_override() {
diff --git a/modules/s2i/core/configure.sh b/modules/s2i/core/configure.sh
index b924639e..032068e6 100755
--- a/modules/s2i/core/configure.sh
+++ b/modules/s2i/core/configure.sh
@@ -17,6 +17,9 @@ mkdir -p /usr/local/s2i \
&& chmod 775 /usr/local/s2i \
&& chown -R $USER:root /usr/local/s2i
+# OPENJDK-2805
+ln -s /usr/local/s2i /usr/libexec/s2i
+
mkdir -p /deployments \
&& chmod -R "ug+rwX" /deployments \
&& chown -R $USER:root /deployments
diff --git a/modules/s2i/core/tests/features/java_s2i_quarkus.feature b/modules/s2i/core/tests/features/java_s2i_quarkus.feature
new file mode 100644
index 00000000..7ab04b5e
--- /dev/null
+++ b/modules/s2i/core/tests/features/java_s2i_quarkus.feature
@@ -0,0 +1,27 @@
+# builder only
+@ubi9/openjdk-11
+@ubi9/openjdk-17
+@ubi9/openjdk-21
+Feature: Openshift OpenJDK S2I tests (Quarkus-based)
+
+ Scenario: Ensure Quarkus CDS doesn't fail due to timestamp mismatch (OPENDJK-1673)
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from getting-started
+ Then container log should not contain A jar file is not the one used while building the shared archive file
+
+ Scenario: quarkus fast-jar layout works out-of-the-box (OPENJDK-631)
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from quarkus-quickstarts/getting-started-3.0.1.Final-nos2i
+ Then container log should contain INFO quarkus fast-jar package type detected
+ And container log should contain -jar /deployments/quarkus-app/quarkus-run.jar
+ And container log should contain (main) getting-started 1.0.0-SNAPSHOT on JVM (powered by Quarkus
+ # these might occur if the wrong JAR is chosen as the main one
+ And container log should not contain -jar /deployments/getting-started-1.0.0-SNAPSHOT.jar
+ And container log should not contain no main manifest attribute
+
+ Scenario: quarkus uber-jar layout works out-of-the-box (OPENJDK-631)
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from quarkus-quickstarts/getting-started-3.0.1.Final-nos2i with env
+ | variable | value |
+ | QUARKUS_PACKAGE_TYPE | uber-jar |
+ Then container log should not contain INFO quarkus fast-jar package type detected
+ And container log should not contain -jar /deployments/quarkus-app/quarkus-run.jar
+ And container log should contain -jar /deployments/getting-started-1.0.0-SNAPSHOT-runner.jar
+ And container log should contain (main) getting-started 1.0.0-SNAPSHOT on JVM (powered by Quarkus
diff --git a/modules/s2i/core/tests/features/s2i-core.feature b/modules/s2i/core/tests/features/s2i-core.feature
new file mode 100644
index 00000000..a5332046
--- /dev/null
+++ b/modules/s2i/core/tests/features/s2i-core.feature
@@ -0,0 +1,20 @@
+@ubi9/openjdk-11
+@ubi9/openjdk-17
+@ubi9/openjdk-21
+Feature: Openshift S2I tests
+ # OPENJDK-84 - /tmp/src should not be present after build
+ Scenario: run an s2i build and check that /tmp/src has been removed afterwards
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from spring-boot-sample-simple
+ Then run stat /tmp/src in container and immediately check its output does not contain File:
+
+ # OPENJDK-2850 - ensure binary-only s2i doesn't try to change timestamps of
+ # S2I_TARGET_DEPLOYMENTS_DIR. Use /var/tmp as a directory where attempting to
+ # will fail. This simulates the s2i process running as a random UID, which can't
+ # change timestamps on the default directory, /deployments.
+ Scenario: Ensure binary-only build doesn't fail trying to set timestamp of S2I_TARGET_DEPLOYMENTS_DIR (OPENJDK-2850)
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from OPENJDK-2408-bin-custom-s2i-assemble with env
+ | variable | value |
+ | S2I_TARGET_DEPLOYMENTS_DIR | /var/tmp |
+ Then s2i build log should not contain rsync: [generator] failed to set permissions on "/var/tmp/.": Operation not permitted
+ And s2i build log should contain appsrc-provided s2i assemble script executed
+ And run stat /var/tmp/spring-boot-sample-simple-1.5.0.BUILD-SNAPSHOT.jar in container and check its output for Access:
diff --git a/modules/user/tests/features/general.feature b/modules/user/tests/features/general.feature
new file mode 100644
index 00000000..d8f85341
--- /dev/null
+++ b/modules/user/tests/features/general.feature
@@ -0,0 +1,8 @@
+Feature: Miscellaneous general settings unit tests
+
+ @ubi9
+ Scenario: Check the attributes of /home/default using stat
+ When container is started with args
+ | arg | value |
+ | command | stat /home/default |
+ Then available container log should contain Access: (0770/drwxrwx---)
diff --git a/modules/util/tzdata/execute.sh b/modules/util/tzdata/execute.sh
new file mode 100755
index 00000000..baba76b9
--- /dev/null
+++ b/modules/util/tzdata/execute.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+set -euo pipefail
+
+for candidate in yum dnf microdnf; do
+ if command -v "$candidate"; then
+ mgr="$(command -v "$candidate")"
+ "$mgr" reinstall tzdata -y && \
+ "$mgr" -y clean all
+ exit
+ fi
+done
+
+echo "cannot find a package manager" >&2
+exit 1
diff --git a/modules/util/tzdata/module.yaml b/modules/util/tzdata/module.yaml
new file mode 100644
index 00000000..dd0d1a11
--- /dev/null
+++ b/modules/util/tzdata/module.yaml
@@ -0,0 +1,14 @@
+schema_version: 1
+name: jboss.container.util.tzdata
+version: '1.0'
+description: Reinstall the tzdata package, to ensure zoneinfo is present.
+
+# if the base image tzdata version is not available on the RPM mirrors (such as
+# when it has been updated), the reinstall action will fail. To prevent this,
+# run pkg-update first.
+modules:
+ install:
+ - name: jboss.container.util.pkg-update
+
+execute:
+- script: execute.sh
diff --git a/redhat/ubi9-openjdk-11-runtime.yaml b/redhat/ubi9-openjdk-11-runtime.yaml
index ca303541..8262a1c5 100644
--- a/redhat/ubi9-openjdk-11-runtime.yaml
+++ b/redhat/ubi9-openjdk-11-runtime.yaml
@@ -1,3 +1,7 @@
+# This OSBS Base Image is designed and engineered to be the base layer for
+# Red Hat products. This base image is only supported for approved Red Hat
+# products. This image is maintained by Red Hat and updated regularly.
+from: registry.redhat.io/rhel9-osbs/osbs-ubi9-minimal
osbs:
configuration:
container:
diff --git a/redhat/ubi9-openjdk-11.yaml b/redhat/ubi9-openjdk-11.yaml
index d5a47212..69138b38 100644
--- a/redhat/ubi9-openjdk-11.yaml
+++ b/redhat/ubi9-openjdk-11.yaml
@@ -1,3 +1,7 @@
+# This OSBS Base Image is designed and engineered to be the base layer for
+# Red Hat products. This base image is only supported for approved Red Hat
+# products. This image is maintained by Red Hat and updated regularly.
+from: registry.redhat.io/rhel9-osbs/osbs-ubi9-minimal
osbs:
configuration:
container:
diff --git a/redhat/ubi9-openjdk-17-runtime.yaml b/redhat/ubi9-openjdk-17-runtime.yaml
index e28bb5e0..c674a204 100644
--- a/redhat/ubi9-openjdk-17-runtime.yaml
+++ b/redhat/ubi9-openjdk-17-runtime.yaml
@@ -1,3 +1,7 @@
+# This OSBS Base Image is designed and engineered to be the base layer for
+# Red Hat products. This base image is only supported for approved Red Hat
+# products. This image is maintained by Red Hat and updated regularly.
+from: registry.redhat.io/rhel9-osbs/osbs-ubi9-minimal
osbs:
configuration:
container:
diff --git a/redhat/ubi9-openjdk-17.yaml b/redhat/ubi9-openjdk-17.yaml
index ab819f92..958e1aa2 100644
--- a/redhat/ubi9-openjdk-17.yaml
+++ b/redhat/ubi9-openjdk-17.yaml
@@ -1,3 +1,7 @@
+# This OSBS Base Image is designed and engineered to be the base layer for
+# Red Hat products. This base image is only supported for approved Red Hat
+# products. This image is maintained by Red Hat and updated regularly.
+from: registry.redhat.io/rhel9-osbs/osbs-ubi9-minimal
osbs:
configuration:
container:
diff --git a/redhat/ubi9-openjdk-21-runtime.yaml b/redhat/ubi9-openjdk-21-runtime.yaml
index 4fbf936e..8f67a7d4 100644
--- a/redhat/ubi9-openjdk-21-runtime.yaml
+++ b/redhat/ubi9-openjdk-21-runtime.yaml
@@ -1,3 +1,7 @@
+# This OSBS Base Image is designed and engineered to be the base layer for
+# Red Hat products. This base image is only supported for approved Red Hat
+# products. This image is maintained by Red Hat and updated regularly.
+from: registry.redhat.io/rhel9-osbs/osbs-ubi9-minimal
osbs:
configuration:
container:
diff --git a/redhat/ubi9-openjdk-21.yaml b/redhat/ubi9-openjdk-21.yaml
index 377d5fbc..3df38266 100644
--- a/redhat/ubi9-openjdk-21.yaml
+++ b/redhat/ubi9-openjdk-21.yaml
@@ -1,3 +1,7 @@
+# This OSBS Base Image is designed and engineered to be the base layer for
+# Red Hat products. This base image is only supported for approved Red Hat
+# products. This image is maintained by Red Hat and updated regularly.
+from: registry.redhat.io/rhel9-osbs/osbs-ubi9-minimal
osbs:
configuration:
container:
diff --git a/tests/features/imagebasic.feature b/tests/features/imagebasic.feature
new file mode 100644
index 00000000..9f4e0c85
--- /dev/null
+++ b/tests/features/imagebasic.feature
@@ -0,0 +1,17 @@
+Feature: Tests for all openshift images
+
+ @ubi9
+ Scenario: Check that common labels are correctly set
+ Given image is built
+ # UBI base image versions are the RHEL version, e.g. "9.2", whereas all of
+ # our image versions (so far) have been 1.x
+ Then the image should contain label version containing value 1.
+ And the image should contain label name containing value openjdk
+
+ # builder-only test
+ @ubi9/openjdk-11
+ @ubi9/openjdk-17
+ @openjdk-tech-preview/openjdk-21-jlink-rhel9
+ Scenario: Check that builder labels are correctly set
+ Given image is built
+ Then the image should contain label io.openshift.s2i.scripts-url with value image:///usr/local/s2i
diff --git a/tests/features/java/ports.feature b/tests/features/java/ports.feature
index dcf0a2a5..db39aa01 100644
--- a/tests/features/java/ports.feature
+++ b/tests/features/java/ports.feature
@@ -4,7 +4,7 @@
Feature: Openshift OpenJDK port tests
Scenario: Check ports are available
- Given s2i build https://github.com/jboss-container-images/openjdk-test-applications from undertow-servlet
+ Given s2i build https://github.com/rh-openjdk/openjdk-container-test-applications.git from undertow-servlet
Then check that port 8080 is open
Then check that port 8443 is open
Then inspect container
diff --git a/ubi9-openjdk-11-runtime.yaml b/ubi9-openjdk-11-runtime.yaml
index d2badbbf..9da045d2 100644
--- a/ubi9-openjdk-11-runtime.yaml
+++ b/ubi9-openjdk-11-runtime.yaml
@@ -4,7 +4,7 @@ schema_version: 1
from: "registry.access.redhat.com/ubi9/ubi-minimal"
name: &name "ubi9/openjdk-11-runtime"
-version: &version "1.18"
+version: &version "1.21"
description: "Image for Red Hat OpenShift providing OpenJDK 11 runtime"
labels:
@@ -19,11 +19,9 @@ labels:
- name: "com.redhat.component"
value: "openjdk-11-runtime-ubi9-container"
- name: "usage"
- value: &docs "https://jboss-container-images.github.io/openjdk/"
+ value: &docs "https://rh-openjdk.github.io/redhat-openjdk-containers/"
- name: "com.redhat.license_terms"
value: "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI"
-- name: "org.opencontainers.image.source"
- value: "https://github.com/jboss-container-images/openjdk"
- name: "org.opencontainers.image.documentation"
value: *docs
- name: "name"
@@ -51,7 +49,8 @@ modules:
- name: jboss.container.tar
- name: jboss.container.openjdk.jre
version: "11"
- - name: jboss.container.java.jre.run
+ - name: jboss.container.util.tzdata
+ - name: jboss.container.java.jre.run
help:
add: true
diff --git a/ubi9-openjdk-11.yaml b/ubi9-openjdk-11.yaml
index f92ec759..2d7db8e7 100644
--- a/ubi9-openjdk-11.yaml
+++ b/ubi9-openjdk-11.yaml
@@ -4,7 +4,7 @@ schema_version: 1
from: "registry.access.redhat.com/ubi9/ubi-minimal"
name: &name "ubi9/openjdk-11"
-version: &version "1.18"
+version: &version "1.21"
description: "Source To Image (S2I) image for Red Hat OpenShift providing OpenJDK 11"
labels:
@@ -19,11 +19,9 @@ labels:
- name: "com.redhat.component"
value: "openjdk-11-ubi9-container"
- name: "usage"
- value: &docs "https://jboss-container-images.github.io/openjdk/"
+ value: &docs "https://rh-openjdk.github.io/redhat-openjdk-containers/"
- name: "com.redhat.license_terms"
value: "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI"
-- name: "org.opencontainers.image.source"
- value: "https://github.com/jboss-container-images/openjdk"
- name: "org.opencontainers.image.documentation"
value: *docs
- name: "name"
@@ -54,6 +52,7 @@ modules:
version: "11"
- name: jboss.container.maven
version: "3.8.11"
+ - name: jboss.container.util.tzdata
- name: jboss.container.java.s2i.bash
help:
diff --git a/ubi9-openjdk-17-runtime.yaml b/ubi9-openjdk-17-runtime.yaml
index 595ba870..3d72a716 100644
--- a/ubi9-openjdk-17-runtime.yaml
+++ b/ubi9-openjdk-17-runtime.yaml
@@ -4,7 +4,7 @@ schema_version: 1
from: "registry.access.redhat.com/ubi9/ubi-minimal"
name: &name "ubi9/openjdk-17-runtime"
-version: &version "1.18"
+version: &version "1.21"
description: "Image for Red Hat OpenShift providing OpenJDK 17 runtime"
labels:
@@ -19,11 +19,9 @@ labels:
- name: "com.redhat.component"
value: "openjdk-17-runtime-ubi9-container"
- name: "usage"
- value: &docs "https://jboss-container-images.github.io/openjdk/"
+ value: &docs "https://rh-openjdk.github.io/redhat-openjdk-containers/"
- name: "com.redhat.license_terms"
value: "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI"
-- name: "org.opencontainers.image.source"
- value: "https://github.com/jboss-container-images/openjdk"
- name: "org.opencontainers.image.documentation"
value: *docs
- name: "name"
@@ -51,7 +49,8 @@ modules:
- name: jboss.container.tar
- name: jboss.container.openjdk.jre
version: "17"
- - name: jboss.container.java.jre.run
+ - name: jboss.container.util.tzdata
+ - name: jboss.container.java.jre.run
help:
add: true
diff --git a/ubi9-openjdk-17.yaml b/ubi9-openjdk-17.yaml
index cffe7500..825027ff 100644
--- a/ubi9-openjdk-17.yaml
+++ b/ubi9-openjdk-17.yaml
@@ -4,7 +4,7 @@ schema_version: 1
from: "registry.access.redhat.com/ubi9/ubi-minimal"
name: &name "ubi9/openjdk-17"
-version: &version "1.18"
+version: &version "1.21"
description: "Source To Image (S2I) image for Red Hat OpenShift providing OpenJDK 17"
labels:
@@ -19,11 +19,9 @@ labels:
- name: "com.redhat.component"
value: "openjdk-17-ubi9-container"
- name: "usage"
- value: &docs "https://jboss-container-images.github.io/openjdk/"
+ value: &docs "https://rh-openjdk.github.io/redhat-openjdk-containers/"
- name: "com.redhat.license_terms"
value: "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI"
-- name: "org.opencontainers.image.source"
- value: "https://github.com/jboss-container-images/openjdk"
- name: "org.opencontainers.image.documentation"
value: *docs
- name: "name"
@@ -54,6 +52,7 @@ modules:
version: "17"
- name: jboss.container.maven
version: "3.8.17"
+ - name: jboss.container.util.tzdata
- name: jboss.container.java.s2i.bash
help:
diff --git a/ubi9-openjdk-21-runtime.yaml b/ubi9-openjdk-21-runtime.yaml
index 528c3634..74400dd2 100644
--- a/ubi9-openjdk-21-runtime.yaml
+++ b/ubi9-openjdk-21-runtime.yaml
@@ -4,7 +4,7 @@ schema_version: 1
from: "registry.access.redhat.com/ubi9/ubi-minimal"
name: &name "ubi9/openjdk-21-runtime"
-version: &version "1.18"
+version: &version "1.21"
description: "Image for Red Hat OpenShift providing OpenJDK 21 runtime"
labels:
@@ -19,9 +19,11 @@ labels:
- name: "com.redhat.component"
value: "openjdk-21-runtime-ubi9-container"
- name: "usage"
- value: "https://access.redhat.com/documentation/en-us/red_hat_jboss_middleware_for_openshift/3/html/red_hat_java_s2i_for_openshift/"
+ value: &docs "https://rh-openjdk.github.io/redhat-openjdk-containers/"
- name: "com.redhat.license_terms"
value: "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI"
+- name: "org.opencontainers.image.documentation"
+ value: *docs
- name: "name"
value: *name
- name: "version"
@@ -47,6 +49,7 @@ modules:
- name: jboss.container.tar
- name: jboss.container.openjdk.jre
version: "21"
+ - name: jboss.container.util.tzdata
- name: jboss.container.java.jre.run
help:
diff --git a/ubi9-openjdk-21.yaml b/ubi9-openjdk-21.yaml
index 10f27f13..f984a4ff 100644
--- a/ubi9-openjdk-21.yaml
+++ b/ubi9-openjdk-21.yaml
@@ -4,7 +4,7 @@ schema_version: 1
from: "registry.access.redhat.com/ubi9/ubi-minimal"
name: &name "openjdk-tech-preview/openjdk-21-jlink-rhel9"
-version: &version "1.18"
+version: &version "1.21"
description: "Source To Image (S2I) image for Red Hat OpenShift providing OpenJDK 21"
labels:
@@ -19,9 +19,11 @@ labels:
- name: "com.redhat.component"
value: "openjdk-21-jlink-tech-preview-ubi9-container"
- name: "usage"
- value: "https://access.redhat.com/documentation/en-us/red_hat_jboss_middleware_for_openshift/3/html/red_hat_java_s2i_for_openshift/"
+ value: &docs "https://rh-openjdk.github.io/redhat-openjdk-containers/"
- name: "com.redhat.license_terms"
value: "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI"
+- name: "org.opencontainers.image.documentation"
+ value: *docs
- name: "name"
value: *name
- name: "version"
@@ -49,9 +51,10 @@ modules:
- name: jboss.container.openjdk.jdk
version: "21"
- name: jboss.container.maven
- version: "3.8.17"
+ version: "3.8.21"
+ - name: jboss.container.util.tzdata
- name: jboss.container.java.s2i.bash
- - name: jboss.container.java.singleton-jdk
+ - name: jboss.container.util.tzdata
help:
add: true