-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create Dockerfile.konflux #22
Conversation
Fixes #https://issues.redhat.com/browse/RHOAIENG-14192 Signed-off-by: Mohammadi Iram <[email protected]>
is this ready for review? |
yes, please review the PR. |
RUN echo "Files to download: $PNC_FILES_JSON" | ||
|
||
# Install packages for the install script and extract archives | ||
RUN microdnf --setopt=install_weak_deps=0 --setopt=tsflags=nodocs install -y unzip jq wget |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
don't we need the rpm.in and lock files to be able to install it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is it to download files from PNC?
what about the konflux cache?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
where the java bits is being built?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
don't we need the rpm.in and lock files to be able to install it?
yes, we have the rpm files added
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you please clarify the other questions?
Dockerfile.konflux
Outdated
RUN sed -i 's:security.provider.12=SunPKCS11:#security.provider.12=SunPKCS11:g' /usr/lib/jvm/java-17-openjdk-*/conf/security/java.security \ | ||
&& sed -i 's:#security.provider.1=SunPKCS11 ${java.home}/lib/security/nss.cfg:security.provider.12=SunPKCS11 ${java.home}/lib/security/nss.cfg:g' /usr/lib/jvm/java-17-openjdk-*/conf/security/java.security | ||
|
||
ENV JAVA_HOME=/usr/lib/jvm/jre-17-openjdk |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the base image already provides this env, IMHO, we don't need to set it here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok
Dockerfile.konflux
Outdated
chown -R app:0 . && \ | ||
chmod -R 771 . && chmod 775 *.sh *.py && \ | ||
echo "${CI_CONTAINER_VERSION}" > /opt/kserve/mmesh/build-version && \ | ||
sed -i 's/security.useSystemPropertiesFile=true/security.useSystemPropertiesFile=false/g' $JAVA_HOME/conf/security/java.security |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this line is to disable FIPS, do we want that?
|
||
|
||
############################################################################### | ||
#latest tag |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
which is the latest tag?
please adopt a pattern. e.g.:
openjdk-17-runtime:1.17-9
Fixes #https://issues.redhat.com/browse/RHOAIENG-14192