diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3d327b0a89..481284fa9d 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -75,10 +75,14 @@ To run select integration tests, use `--tests=`, see [gradle docs]( # Development Tips +## Java version + +Use Java 8 or 11 for development. https://sdkman.io/ is a helpful tool to switch between Java versions. + ## Configuring Eclipse Although jib is a mix of Gradle and Maven projects, we build everything using one -unifed gradle build. There is special code to include some projects directly as +unified gradle build. There is special code to include some projects directly as source, but importing your project should be pretty straight forward. 1. Ensure you have installed the Gradle tooling for Eclipse, called diff --git a/README.md b/README.md index 4ac92903dc..e6633f53e4 100644 --- a/README.md +++ b/README.md @@ -19,10 +19,12 @@ Jib builds optimized Docker and [OCI](https://github.com/opencontainers/image-spec) images for your Java applications without a Docker daemon - and without deep mastery of Docker best-practices. It is available as plugins for [Maven](jib-maven-plugin) and [Gradle](jib-gradle-plugin) and as a Java library. -[Maven](https://maven.apache.org/): See documentation for [jib-maven-plugin](jib-maven-plugin).\ -[Gradle](https://gradle.org/): See documentation for [jib-gradle-plugin](jib-gradle-plugin).\ -[Jib Core](jib-core): A general-purpose container-building library for Java.\ -[Jib CLI](jib-cli): A command-line interface for building images that uses Jib Core. +- [Maven](https://maven.apache.org/): See documentation for [jib-maven-plugin](jib-maven-plugin). +- [Gradle](https://gradle.org/): See documentation for [jib-gradle-plugin](jib-gradle-plugin). +- [Jib Core](jib-core): A general-purpose container-building library for Java. +- [Jib CLI](jib-cli): A command-line interface for building images that uses Jib Core. + +Jib works well with Google Cloud Build. For details, see [how to use Jib on Google Cloud Build](docs/google-cloud-build.md). For more information, check out the [official blog post](https://cloudplatform.googleblog.com/2018/07/introducing-jib-build-java-docker-images-better.html) or watch [this talk](https://www.youtube.com/watch?v=H6gR_Cv4yWI) ([slides](https://speakerdeck.com/coollog/build-containers-faster-with-jib-a-google-image-build-tool-for-java-applications)). diff --git a/build.gradle b/build.gradle index b85d533856..a8ec1fe552 100644 --- a/build.gradle +++ b/build.gradle @@ -19,7 +19,7 @@ project.ext.dependencyStrings = [ GOOGLE_HTTP_CLIENT: 'com.google.http-client:google-http-client:1.42.2', GOOGLE_HTTP_CLIENT_APACHE_V2: 'com.google.http-client:google-http-client-apache-v2:1.42.2', GOOGLE_AUTH_LIBRARY_OAUTH2_HTTP: 'com.google.auth:google-auth-library-oauth2-http:1.10.0', - GUAVA: 'com.google.guava:guava:32.0.1-jre', + GUAVA: 'com.google.guava:guava:32.1.2-jre', JSR305: 'com.google.code.findbugs:jsr305:3.0.2', // transitively pulled in by GUAVA // for Build Plan and Jib Plugins Extension API @@ -29,7 +29,7 @@ project.ext.dependencyStrings = [ MAVEN_EXTENSION: 'com.google.cloud.tools:jib-maven-plugin-extension-api:0.4.0', COMMONS_COMPRESS: 'org.apache.commons:commons-compress:1.21', - ZSTD_JNI: 'com.github.luben:zstd-jni:1.5.5-4', + ZSTD_JNI: 'com.github.luben:zstd-jni:1.5.5-5', COMMONS_TEXT: 'org.apache.commons:commons-text:1.10.0', JACKSON_BOM: 'com.fasterxml.jackson:jackson-bom:2.15.2', JACKSON_DATABIND: 'com.fasterxml.jackson.core:jackson-databind', @@ -53,7 +53,7 @@ project.ext.dependencyStrings = [ MOCKITO_CORE: 'org.mockito:mockito-core:4.11.0', SISU_PLEXUS: 'org.eclipse.sisu:org.eclipse.sisu.plexus:0.3.5', SLF4J_API: 'org.slf4j:slf4j-api:2.0.7', - SLF4J_SIMPLE: 'org.slf4j:slf4j-simple:2.0.7', + SLF4J_SIMPLE: 'org.slf4j:slf4j-simple:2.0.9', SYSTEM_RULES: 'com.github.stefanbirkner:system-rules:1.19.0', JBCRYPT: 'org.mindrot:jbcrypt:0.4', ] @@ -79,6 +79,16 @@ subprojects { apply plugin: 'net.ltgt.errorprone' apply plugin: 'jacoco' + // Guava update breaks unit tests. Workaround mentioned in https://github.com/google/guava/issues/6612#issuecomment-1614992368. + sourceSets.all { + configurations.getByName(runtimeClasspathConfigurationName) { + attributes.attribute(Attribute.of("org.gradle.jvm.environment", String), "standard-jvm") + } + configurations.getByName(compileClasspathConfigurationName) { + attributes.attribute(Attribute.of("org.gradle.jvm.environment", String), "standard-jvm") + } + } + sourceCompatibility = JavaVersion.VERSION_1_8 targetCompatibility = JavaVersion.VERSION_1_8 compileJava.options.encoding = 'UTF-8' diff --git a/docs/configure-gcp-credentials.md b/docs/configure-gcp-credentials.md index 91e7dfa467..22c2b47553 100644 --- a/docs/configure-gcp-credentials.md +++ b/docs/configure-gcp-credentials.md @@ -1,6 +1,6 @@ # Configuring Credentials for [Google Container Registry (GCR)](https://cloud.google.com/container-registry/) -There are a few ways of supplying Jib with the credentials to push and pull images from your private GCR regsitry. +There are a few ways of supplying Jib with the credentials to push and pull images from your private GCR registry. ## Using the Docker credential helper diff --git a/docs/default_base_image.md b/docs/default_base_image.md index e9ad55b97b..4d98a4c57b 100644 --- a/docs/default_base_image.md +++ b/docs/default_base_image.md @@ -30,7 +30,7 @@ Some options: * Prevent Jib from accessing Docker Hub (after Jib cached a base image locally). - Pin to a specific base image using a SHA digest (for example, `jib.from.image='eclipse-temurin:11-jre@sha256:...'`). - Do offline building. - - Read a base from a local Docker deamon. + - Read a base from a local Docker daemon. - Set up a local registry, store a base image, and read it from the local registry. * Retry with increasing backoffs. diff --git a/docs/faq.md b/docs/faq.md index 73aa2f3648..85fcffea4b 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -495,7 +495,7 @@ To inspect the image that is produced from the build using Docker, you can use c ### How do I specify a platform in the manifest list (or OCI index) of a base image? -Newer Jib verisons added an _incubating feature_ that provides support for selecting base images with the desired platforms from a manifest list. For example, +Newer Jib versions added an _incubating feature_ that provides support for selecting base images with the desired platforms from a manifest list. For example, ```xml @@ -582,7 +582,7 @@ Some other alternatives to get around the rate limits: * Prevent Jib from accessing Docker Hub (after Jib cached a base image locally). - **Pin to a specific base image using a SHA digest.** For example, `jib.from.image='eclipse-temurin:11-jre@sha256:...'`. If you are not setting a base image with a SHA digest (which is the case if you don't set `jib.from.image` at all), then every time Jib runs, it reaches out to the registry to check if the base image is up-to-date. On the other hand, if you pin to a specific image with a digest, then the image is immutable. Therefore, if Jib has cached the image once (by running Jib online once to fully cache the image), Jib will not reach out to the Docker Hub. See [this Stack Overflow answer](https://stackoverflow.com/a/61190005/1701388) for more details. - (Maven/Gradle plugins only) **Do offline building.** Pass `--offline` to Maven or Gradle. Before that, you need to run Jib online once to cache the image. However, `--offline` means you cannot push to a remote registry. See [this Stack Overflow answer](https://stackoverflow.com/a/61190005/1701388) for more details. - - **Retrieve a base image from a local Docker deamon.** Store an image to your local Docker daemon, and set, say, `jib.from.image='docker://eclipse-temurin:11-jre'`. It can be slow for an initial build where Jib has to cache the image in Jib's format. For performance reasons, we usually recommend using an image on a registry. + - **Retrieve a base image from a local Docker daemon.** Store an image to your local Docker daemon, and set, say, `jib.from.image='docker://eclipse-temurin:11-jre'`. It can be slow for an initial build where Jib has to cache the image in Jib's format. For performance reasons, we usually recommend using an image on a registry. - **Set up a local registry, store a base image, and read it from the local registry.** Setting up a local registry is as simple as running `docker run -d -p5000:5000 registry:2`, but nevertheless, the whole process is a bit involved. * Retry with increasing backoffs. For example, using the [`retry`](https://github.com/kadwanev/retry) tool. @@ -759,7 +759,7 @@ When you're using latest Java versions to write an app (or using an old version Failed to execute goal com.google.cloud.tools:jib-maven-plugin:3.2.0:dockerBuild (default-cli) on project demo: Execution default-cli of goal com.google.cloud.tools:jib-maven-plugin:3.2.0:dockerBuild failed: Unsupported class file major version 61 ``` -Jib uses the [ASM library](https://asm.ow2.io/) to examine compiled Java bytecode to automatically infer a main class (in other words, the class that defines `public static void main()` to start your app). In this way, if you have only one such class, Jib can automatically infer and use that class to set an image entrypoint (basically, a command to start your app). When new Java versions come out, often the ASM library version used in Jib doesn't support the new bytecode format. If this is the case, check if you are using the latest Jib. If you still get the error with the latest Jib, file a [bug](https://github.com/GoogleContainerTools/jib/issues/new/choose) to have the Jib team upgarde the ASM library. +Jib uses the [ASM library](https://asm.ow2.io/) to examine compiled Java bytecode to automatically infer a main class (in other words, the class that defines `public static void main()` to start your app). In this way, if you have only one such class, Jib can automatically infer and use that class to set an image entrypoint (basically, a command to start your app). When new Java versions come out, often the ASM library version used in Jib doesn't support the new bytecode format. If this is the case, check if you are using the latest Jib. If you still get the error with the latest Jib, file a [bug](https://github.com/GoogleContainerTools/jib/issues/new/choose) to have the Jib team upgrade the ASM library. **Workaround**: to prevent Jib from doing auto-inference, you can manually set your desired main class via [``](https://github.com/GoogleContainerTools/jib/tree/master/jib-maven-plugin#container-object) (for example, `com.example.your.Main`). As with other Jib parameters, it can be set through system/Maven properties or on the command-line (for example, `-Dcontainer.mainClass=...`). diff --git a/docs/google-cloud-build.md b/docs/google-cloud-build.md new file mode 100644 index 0000000000..b2679ff5e2 --- /dev/null +++ b/docs/google-cloud-build.md @@ -0,0 +1,33 @@ +# Jib on Google Cloud Build + +You can use Jib on [Google Cloud Build](https://cloud.google.com/build) in a simple step: + +```yaml +steps: + - name: 'gcr.io/cloud-builders/javac:8' + entrypoint: './gradlew' + args: ['--console=plain', '--no-daemon', ':server:jib', '-Djib.to.image=gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA'] +``` + +Any Java container can be used for building, not only the `gcr.io/cloud-builders/javac:*` (from [gcr.io/cloud-builders/javac](https://github.com/GoogleCloudPlatform/cloud-builders/tree/master/javac)), for example with [Temurin](https://adoptium.net/en-GB/temurin/)'s: + +```yaml +steps: + - name: 'docker.io/library/eclipse-temurin:17' + entrypoint: './gradlew' + args: ['--console=plain', '--no-daemon', ':server:jib', '-Djib.to.image=gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA'] +``` + +To use [Google "Distroless" Container Images](https://github.com/GoogleContainerTools/distroless) to build with Jib on Google Cloud Build, and avoid running into `Step #1: standard_init_linux.go:228: exec user process caused: no such file or directory` errors (because Google's _distroless_ containers are based on `busybox`), you have to do something like this: + +```yaml +steps: + - name: 'gcr.io/distroless/java17-debian11:debug' + entrypoint: '/busybox/sh' + args: + - -c + - | + ln -s /busybox/sh /bin/sh + ln -s /busybox/env /usr/bin/env + /workspace/gradlew --console=plain --no-daemon --gradle-user-home=/home/.gradle :server:jib -Djib.to.image=gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA +``` diff --git a/examples/multi-module/README.md b/examples/multi-module/README.md index dc2248f12c..e47a5e9727 100644 --- a/examples/multi-module/README.md +++ b/examples/multi-module/README.md @@ -27,7 +27,7 @@ in gradle to achieve this. This configuration can be seen in the Care must be taken when adding custom attributes to a `MANIFEST.MF`. Attributes whose values change on every build can affect reproducibility even -with the modifications outlined aboved. +with the modifications outlined above. # How to run diff --git a/jib-cli/README.md b/jib-cli/README.md index 0af6b03ffe..acac5505a4 100644 --- a/jib-cli/README.md +++ b/jib-cli/README.md @@ -70,7 +70,7 @@ slsa-verifier -artifact-path jib-jre-.zip -provenance jib-jre- ### Windows: Install with `choco` -On Windows, you can use the [`choco`](https://community.chocolatey.org/packages/jib) command. To install, upgradle, or uninstall Jib CLI, run the following commands from the command-line or PowerShell: +On Windows, you can use the [`choco`](https://community.chocolatey.org/packages/jib) command. To install, upgrade, or uninstall Jib CLI, run the following commands from the command-line or PowerShell: ``` choco install jib choco upgrade jib @@ -242,7 +242,7 @@ Credentials can be specified using credential helpers or username + password. Th ``` --credential-helper credential helper for communicating with both target and base image registries, either a path to the helper, or a suffix for an executable named `docker-credential-` - --to-crendential-helper credential helper for communicating with target registry, either a path to the helper, or a suffix for an executable named `docker-credential- + --to-credential-helper credential helper for communicating with target registry, either a path to the helper, or a suffix for an executable named `docker-credential- --from-credential-helper credential helper for communicating with base image registry, either a path to the helper, or a suffix for an executable named `docker-credential-` --username username for communicating with both target and base image registries @@ -298,7 +298,7 @@ Some options can be set in the global Jib configuration file. The file is at the ### Properties * `disableUpdateCheck`: when set to true, disables the periodic up-to-date version check. -* `registryMirrors`: a list of mirror settings for each base image registry. In the following example, if the base image configured in Jib is for a Docker Hub image, then `mirror.gcr.io`, `localhost:5000`, and the Docker Hub (`registry-1.docker.io`) are tried in order until Jib can successfuly pull a base image. +* `registryMirrors`: a list of mirror settings for each base image registry. In the following example, if the base image configured in Jib is for a Docker Hub image, then `mirror.gcr.io`, `localhost:5000`, and the Docker Hub (`registry-1.docker.io`) are tried in order until Jib can successfully pull a base image. ```json { @@ -428,7 +428,7 @@ layers: - src: file.txt dest: /file.txt ``` -- Parent directories that are not exiplicitly defined in a layer will the default properties in jib-core (permissions: 755, modification-time: epoch+1). In the following example, `/somewhere` on the container will have the directory permissions `755`, not `777` as some might expect. +- Parent directories that are not explicitly defined in a layer will the default properties in jib-core (permissions: 755, modification-time: epoch+1). In the following example, `/somewhere` on the container will have the directory permissions `755`, not `777` as some might expect. ``` - name: layer properties: @@ -445,7 +445,7 @@ layers: #### Base Image Parameter Inheritance -Some values defined in the base image may be preserved and propogated into the new container. +Some values defined in the base image may be preserved and propagated into the new container. Parameters will append to base image value: - `volumes` diff --git a/jib-cli/src/test/java/com/google/cloud/tools/jib/cli/JarTest.java b/jib-cli/src/test/java/com/google/cloud/tools/jib/cli/JarTest.java index 3ba2512490..528bdd6f9a 100644 --- a/jib-cli/src/test/java/com/google/cloud/tools/jib/cli/JarTest.java +++ b/jib-cli/src/test/java/com/google/cloud/tools/jib/cli/JarTest.java @@ -434,7 +434,7 @@ public void testParse_incompatibleCredentialOptions(String[] authArgs) { new Jar(), ArrayUtils.addAll(authArgs, "--target=ignored", "my-app.jar"))); assertThat(meae) .hasMessageThat() - .containsMatch("^Error: (--(from-|to-)?credential-helper|\\[--username)"); + .containsMatch("^Error: (\\[)*(--(from-|to-)?credential-helper|\\[--(username|password))"); } @Test diff --git a/jib-core/src/test/java/com/google/cloud/tools/jib/api/ContainerizerTest.java b/jib-core/src/test/java/com/google/cloud/tools/jib/api/ContainerizerTest.java index f6a4432c62..6d1b34db69 100644 --- a/jib-core/src/test/java/com/google/cloud/tools/jib/api/ContainerizerTest.java +++ b/jib-core/src/test/java/com/google/cloud/tools/jib/api/ContainerizerTest.java @@ -37,7 +37,7 @@ public class ContainerizerTest { public void testTo() throws CacheDirectoryCreationException, InvalidImageReferenceException { RegistryImage registryImage = RegistryImage.named("registry/image"); DockerDaemonImage dockerDaemonImage = DockerDaemonImage.named("daemon/image"); - TarImage tarImage = TarImage.at(Paths.get("ignored")).named("tar/iamge"); + TarImage tarImage = TarImage.at(Paths.get("ignored")).named("tar/image"); DockerClient dockerClient = new AnotherDockerClient(); verifyTo(Containerizer.to(registryImage)); @@ -107,10 +107,10 @@ public void testGetImageConfiguration_registryImage() throws InvalidImageReferen @Test public void testGetImageConfiguration_dockerDaemonImage() throws InvalidImageReferenceException { - Containerizer containerizer = Containerizer.to(DockerDaemonImage.named("docker/deamon/image")); + Containerizer containerizer = Containerizer.to(DockerDaemonImage.named("docker/daemon/image")); ImageConfiguration imageConfiguration = containerizer.getImageConfiguration(); - Assert.assertEquals("docker/deamon/image", imageConfiguration.getImage().toString()); + Assert.assertEquals("docker/daemon/image", imageConfiguration.getImage().toString()); Assert.assertEquals(0, imageConfiguration.getCredentialRetrievers().size()); } diff --git a/jib-gradle-plugin/README.md b/jib-gradle-plugin/README.md index e7288389c1..b66f560d66 100644 --- a/jib-gradle-plugin/README.md +++ b/jib-gradle-plugin/README.md @@ -339,7 +339,7 @@ Some options can be set in the global Jib configuration file. The file is at the #### Properties * `disableUpdateCheck`: when set to true, disables the periodic up-to-date version check. -* `registryMirrors`: a list of mirror settings for each base image registry. In the following example, if the base image configured in Jib is for a Docker Hub image, then `mirror.gcr.io`, `localhost:5000`, and the Docker Hub (`registry-1.docker.io`) are tried in order until Jib can successfuly pull a base image. +* `registryMirrors`: a list of mirror settings for each base image registry. In the following example, if the base image configured in Jib is for a Docker Hub image, then `mirror.gcr.io`, `localhost:5000`, and the Docker Hub (`registry-1.docker.io`) are tried in order until Jib can successfully pull a base image. ```json { diff --git a/jib-maven-plugin/README.md b/jib-maven-plugin/README.md index 9fb4ee1804..55504ff110 100644 --- a/jib-maven-plugin/README.md +++ b/jib-maven-plugin/README.md @@ -389,7 +389,7 @@ Some options can be set in the global Jib configuration file. The file is at the #### Properties * `disableUpdateCheck`: when set to true, disables the periodic up-to-date version check. -* `registryMirrors`: a list of mirror settings for each base image registry. In the following example, if the base image configured in Jib is for a Docker Hub image, then `mirror.gcr.io`, `localhost:5000`, and the Docker Hub (`registry-1.docker.io`) are tried in order until Jib can successfuly pull a base image. +* `registryMirrors`: a list of mirror settings for each base image registry. In the following example, if the base image configured in Jib is for a Docker Hub image, then `mirror.gcr.io`, `localhost:5000`, and the Docker Hub (`registry-1.docker.io`) are tried in order until Jib can successfully pull a base image. ```json { diff --git a/proposals/jib-cli-surface.md b/proposals/jib-cli-surface.md index 3a2a36c946..b291db365e 100644 --- a/proposals/jib-cli-surface.md +++ b/proposals/jib-cli-surface.md @@ -21,7 +21,7 @@ build build a container registry://gcr.io/project/image docker://some-image-ref tar://relative/path.tar - tar:///aboslute/path.tar + tar:///absolute/path.tar ``` ### Optional @@ -49,7 +49,7 @@ build build a container Credentials can be specified using credential helpers or username + password. The following options are available ``` --credential-helper credential helper to use for registries, a path or name suffix (docker-credential-) - --to-crendential-helper credential helper to use only for the target registry + --to-credential-helper credential helper to use only for the target registry --from-credential-helper credential helper to use only for the base image registry --username configure a username for authenticating against registries