SNAPSHOT OS distribution ZIPs (e.g. those indexed here) will no longer be generated, which causes problems with the hazelcast-docker PR builder (amongst others).
Instead, the distribution ZIPs will be uploaded to a private AWS S3 bucket, which requires authentication.
This was a non-trivial change:
Updated the default distribution in the Docker images to be the latest released version
This is guaranteed to be available (without any credentials)
Allows the Dockerfile to be executed normally outside of a build (e.g. for the security scan)
"latest released" is looked up via Maven to ensure this doesn't need any explicit maintenance in future
Added unit tests to all modified shell scripts
Moved get_hz_dist_zip into os_build.functions (and same for EE)
Created additional maven.functions script to support resolution of "latest released" for a given artifact
This has to be duplicated for OS & EE because of Docker limitations
Added xmllint to all the runner images that build anything as required for the Maven stuff
Updated the get_dist OS script to generate a pre-signed S3 URL to get it from S3 rather than a Maven repository
Because this requires authentication, had to move this from inside the image to outside to access the repository secrets
Simplified the Dockerfile arguments - the URL resolution is now being done outside of the Dockerfile more of the time, meaning not always required
removed the redundant HZ_VARIANT parameter - removed HZ_VERSION from OS and reduced usage in EE
For testing, I've been doing what I can locally to assert the results between master and my branch are the same:
E.G. the build-pr.yml doesn't pass locally for me on EE, I presume due to some act incompatibility - so a milestone for my PR is to get the same failure in the same place
I've build the images locally (outside of act, just a plain docker buildx build hazelcast-os) and they build ok.
Because of the reliance on repository secrets, it's not possible to run many tests properly
Backport of https://github.com/hazelcast/hazelcast-docker/pull/747
SNAPSHOTOS distribution ZIPs (e.g. those indexed here) will no longer be generated, which causes problems with thehazelcast-dockerPR builder (amongst others).Instead, the distribution ZIPs will be uploaded to a private AWS S3 bucket, which requires authentication.
This was a non-trivial change:
Dockerfileto be executed normally outside of a build (e.g. for the security scan)get_hz_dist_zipintoos_build.functions(and same for EE)maven.functionsscript to support resolution of "latest released" for a given artifactxmllintto all the runner images that build anything as required for the Maven stuffget_distOS script to generate a pre-signed S3 URL to get it from S3 rather than a Maven repositoryDockerfilearguments - the URL resolution is now being done outside of theDockerfilemore of the time, meaning not always requiredHZ_VARIANTparameter - removedHZ_VERSIONfrom OS and reduced usage in EEFor testing, I've been doing what I can locally to assert the results between
masterand my branch are the same:build-pr.ymldoesn't pass locally for me on EE, I presume due to someactincompatibility - so a milestone for my PR is to get the same failure in the same placeact, just a plaindocker buildx build hazelcast-os) and they build ok.Fixes: DI-95