When using the Gradle `bootBuildImage` task or Maven
`spring-boot:build-image` goal on a Linux distribution with SELinux
enabled, binding the Docker socket in the builder container might
fail. This commit disables the `label` security policy in the builder
container to prevent this type of failure.
Fixes gh-32000
This commit removes the requirement that `docker.publishRegistry`
configuration must be provided when an image is published by the Gradle
or Maven plugin.
Fixes gh-28844
This commit adds validation of any buildpacks that are specified for
image building to match them against buildpacks that are bundled in
the builder. If an image buildpack's ID, version, and one layer
hash match the same information stored in a label on the builder
image, that buildpack won't be added and the buildpack bundled in
the builder will be used instead. This reduces the chance of adding to
the total count of layers in a builder image unnecessarily.
Fixes gh-31233
This commit adds configuration to the Maven and Gradle plugins to
allow specifying the names of build and launch cache volumes provided
to the CNB builder.
See gh-28292
This commit adds configuration to the Maven and Gradle plugins to
allow specifying multiple tag to be created that refer to the built
image.
See gh-27613
Adding a label to the ephemeral builder image cloned from the base
builder image eliminates contention between builds that are run
concurrently. Without this label, concurrent builds could result in
a race condition in the Docker daemon if the ephemeral builder image
shared by builds was deleted by both builds at exactly the same time.
Fixes gh-27888
This commit adds configuration to the Maven and Gradle plugins to
allow specifying the network mode to be provided to the image
building goal and task.
See gh-27486
An upgrade to Apache Commons Compress allows the build plugins to write
the launch script to the fat jar as a proper preamble, making the file
compatible with more jar and zip tooling.
Fixes gh-22336
When a custom buildpack is provided for image building, the contents
of the buildpack directory, tgz file, or image are copied as tar
entries to a new layer in the ephemeral builder image. Prior to this
commit, only file entries from the buildpack source were copied as
builder layer tar entries; intermediate directory entries from the
source were not copied. This results in directories being created in
the builder container using default permissions. This worked on most
Linux-like OSs where the default permissions allow others-read
access. On some OSs like Arch Linux where the default directory
permissions do not allow others-read, this prevented the lifecycle
processes from reading the buildpack files.
This commit explicitly creates all intermediate directory tar entries
in the builder image layer to ensure that the buildpack directories
and files can be read by the lifecycle processes.
Fixes gh-26658
Update `ImageName` and `ImageReference` to use distinct regex patterns
to parse specific parts of the value. Prior to this commit a single
regex pattern was used which could hang given certain input strings.
Fixes gh-23115
This commit copies the file mode along with other attributes when
copying files from the source archive to the build container while
building an image using the Gradle plugin. This preserves file
permissions on any resources included in the source archive.
Fixes gh-25915
This commit corrects the order.toml file that is generated and added
to the builder when building an image using custom buildpacks with the
Maven or Gradle plugin in order to support buildpacks that depend on
detection as a group.
Fixes gh-25378
This commit adds configuration to the Maven and Gradle plugins to
allow a list of volume mount bindings to be provided to the image
building goal and task. This enables service bindings to be mounted
in the builder image that are recognized by buildpacks to support
custom certificates, build tool configuration, APM integration, and
other buildpack features.
Fixes gh-23518
This commit adds configuration to the Maven and Gradle plugins to
allow a list of buildpacks to be provided to the image building
goal and task.
Fixes gh-21722
Update `build.gradle` files to ensure that `junit-platform-launcher` is
a `testRuntimeOnly` dependency. This ensures that tests can be run from
Eclipse.
Closes gh-25074
Previously, when an authenticated Docker builder registry was
configured in the Maven or Gradle plugin and the builder and run
images specified different registries, the authentication credentials
would be sent to both registries. This could cause confusion if both
registries don't recognize the same credentials. This commit enforces
that both images are in the same registry when authentication
is configured.
Fixes gh-24552
Docker daemon authorization plugins reject POST or PUT requests that have a
content type `application/json` header but no content length header. This
commit ensures that a content length header is provided in these cases.
This is a cherry-pick of the changes in d5b2836ec9
which were lost in a forward-merge.
Fixes gh-23957
Docker daemon authorization plugins reject POST or PUT requests that have a
content type `application/json` header but no content length header. This
commit ensures that a content length header is provided in these cases.
Fixes gh-22840
This commit adds support for platform API 0.4 when invoking a CNB
builder in the Maven and Gradle plugins. If the builder advertises
that it supports platform API 0.4 then that version will be
requested when invoking lifecycle phases. Otherwise the plugins
will fall back to requesting platform API 0.3.
Requesting platform API 0.4 when invoking builder lifecycle phases
has the primary benefit of making it easier to pass command-line
arguments to the default process in the generated image.
Fixes gh-23692
The CNB specifications allow builders to support multiple platform
API versions. The supported versions are published in the builder
image metadata as an array of version numbers, while a single
supported version number was published in earlier builder metadata.
These changes read the supported versions from the builder metadata
and fall back to the single version if the array is not present.
A CNB_PLATFORM_API environment variable is set on each lifecycle
phase invocation to request a specific version as recommended in
the CNB platform spec.
Fixes gh-23682
This commit updates the default builder image used by the Maven
and Gradle plugins image-building goal and task to use the latest
Paketo builder image. The builder image is pulled from Docker Hub
instead of Google Container Registry by default.
See gh-23628
This commit adds options to the Maven and Gradle plugins to publish
to a Docker registry the image generated by the image-building goal
and task.
The Docker registry auth configuration added in an earlier commit
was modified to accept separate auth configs for the builder/run
image and the generated image, since it is likely these images will
be stored in separate registries or repositories with distinct
auth required for each.
Fixes gh-21001
This commit adds the ability to configure the Maven and Gradle
plugins to use a remote Docker daemon using build file
configuration, as an alternative to setting environment variables
to specify remote host connection details.
Fixes gh-23400
This commit adds the ability to configure Docker image registry
authentication credentials in the Maven and Gradle plugins. The
authentication credentials are passed to the Docker daemon with
all daemon API calls, and the daemon forwards the credentials to the
image registry when necessary. This makes it possible to use
builder and run images stored in a private Docker registry.
See gh-22972
In some cases, a call to the Docker image load API will fail but
return a 200 OK response status code and an empty response. This
commit detects that the response from this call is empty and
treats this condition as an error instead of a silent failure.
Fixes gh-23130
This commit changes the path used to invoke lifecycle binaries in
CNB builders from `/lifecycle` to `/cnb/lifecycle` to conform to
the CNB spec. This will ensure the build plugin image-building
goals and tasks are compatible with future versions of builders
that may not support both paths.
See gh-23009
This commit adds a pullPolicy option to the configuration of the Maven
plugin spring-boot:build-image goal and the Gradle plugin bootBuildImage
task. The new option gives users control over pulling the builder image
and run image from a remote image registry to the local Docker daemon.
See gh-22736
Prior to this commit, an entry in the environment map provided to the
build plugin image building goal or task that had a null value would
result in a failure with a message that was difficult to diagnose.
This commit treats env map entries with a null value as an empty
entry to prevent the failure and also make it easier to provide an
explicit empty entry in the Maven XML.
Fixes gh-22703
This commit adds a check to the support code for the Gradle plugin
bootBuildImage task to ensure that the jar file that will be passed
to a builder is readable and has a valid directory. This prevents a
situation where the jar file cannot be read because it is prepended
with a launch script, and the builder does not receive any files to
process.
Notes have also been added to the Gradle plugin documentation to warn
against using a bootJar launchScript configuration and bootBuildImage
together, as well as caveats about launchScript that match the Maven
plugin documentation.
Fixes gh-22223
Rename `ImageReferenceParser` to `Regex` and remove state. The regular
expressions are now used directly by the `ImageName` and
`ImageReference` classes with the values accessed directly from the
`Matcher`.
See gh-21495
Scott Frederick
Phillip Webb
Marc Wrobel
dreis2211
Andy Wilkinson
Moritz Halbritter
Stephane Nicoll
Yanming Zhou
Julian Liebig
Rafael Ceccone
izeye
Jeroen Meijer
weixsun
Scott Frederick
Valery Yatsynovich
Emily Casey
姜为
anshlykov
Andy Wilkinson