Skip to content

Commit

Permalink
Use Distroless for the Java Docker base image. (#6537)
Browse files Browse the repository at this point in the history 
* Use Distroless for the Java Docker base image.

We switched away from Distroless because it was causing issues with
`docker pull` when you had Docker configured to use `gcloud` for
authentication, but weren't actually authenticated.

Adding `docker-credential-gcloud` to dev-env should hopefully fix this,
meaning we can switch back to a base image that is better-maintained.

CHANGELOG_BEGIN
CHANGELOG_END

* Bump rules_docker to v0.14.3.

This fixes an issue when running `bazel sync`:

```
ERROR: java.io.IOException: Error downloading [http://central.maven.org/maven2/javax/servlet/javax.servlet-api/3.0.1/javax.servlet-api-3.0.1.jar] to [...]/external/javax_servlet_api/javax.servlet-api-3.0.1.jar: Unknown host: central.maven.org
```
  • Loading branch information
@SamirTalwar
SamirTalwar authored Jun 30, 2020
1 parent d3a69b3 commit 7f7eaa3
Show file tree
Hide file tree
Showing 6 changed files with 13 additions and 10 deletions.
9 changes: 5 additions & 4 deletions WORKSPACE
View file
Original file line number Diff line number Diff line change
Expand Up @@ -737,10 +737,11 @@ container_deps()
load("@io_bazel_rules_docker//container:container.bzl", "container_pull")

container_pull(
name = "openjdk_base",
registry = "docker.io",
repository = "openjdk",
tag = "8-alpine",
name = "java_base",
digest = "sha256:7cef6d99241bc86e09659d41842e3656a1cab99adf0e440a44d2858c8e52a71a",
registry = "gcr.io",
repository = "distroless/java",
tag = "8",
)

load("@io_bazel_rules_docker//java:image.bzl", java_image_repositories = "repositories")
Expand Down
6 changes: 3 additions & 3 deletions deps.bzl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,9 +151,9 @@ def daml_deps():
if "io_bazel_rules_docker" not in native.existing_rules():
http_archive(
name = "io_bazel_rules_docker",
url = "https://github.com/bazelbuild/rules_docker/releases/download/v0.12.1/rules_docker-v0.12.1.tar.gz",
strip_prefix = "rules_docker-0.12.1",
sha256 = "14ac30773fdb393ddec90e158c9ec7ebb3f8a4fd533ec2abbfd8789ad81a284b",
url = "https://github.com/bazelbuild/rules_docker/releases/download/v0.14.3/rules_docker-v0.14.3.tar.gz",
strip_prefix = "rules_docker-0.14.3",
sha256 = "6287241e033d247e9da5ff705dd6ef526bac39ae82f3d17de1b69f8cb313f9cd",
)

if "com_google_protobuf" not in native.existing_rules():
Expand Down
1 change: 1 addition & 0 deletions dev-env/bin/docker-credential-gcloud
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
../lib/dade-exec-nix-tool
2 changes: 1 addition & 1 deletion ledger/ledger-on-memory/BUILD.bazel
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,7 @@ conformance_test(

java_image(
name = "app-image",
base = "@openjdk_base//image",
base = "@java_base//image",
main_class = "com.daml.ledger.on.memory.Main",
resources = ["src/app/resources/logback.xml"],
visibility = ["//visibility:public"],
Expand Down
2 changes: 1 addition & 1 deletion ledger/sandbox/BUILD.bazel
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,7 @@ genrule(

container_image(
name = "sandbox-image-base",
base = "@openjdk_base//image",
base = "@java_base//image",
cmd = None,
directory = "/usr/bin",
files = [
Expand Down
3 changes: 2 additions & 1 deletion nix/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -222,8 +222,9 @@ in rec {
# Cloud tools
aws = pkgs.awscli;
gcloud = pkgs.google-cloud-sdk;
bq = gcloud;
bq = gcloud;
gsutil = gcloud;
docker-credential-gcloud = gcloud;
# used to set up the webide CI pipeline in azure-cron.yml
docker-credential-gcr = pkgs.docker-credential-gcr;
# Note: we need to pin Terraform to 0.11 until nixpkgs includes a version
Expand Down

0 comments on commit 7f7eaa3

Please sign in to comment.