diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 24aba059..826c4222 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -21,3 +21,13 @@ updates: labels: - "type/update" - "area/chore" + + - package-ecosystem: "docker" + directory: "local-rest-scorer/" + schedule: + interval: "daily" + open-pull-requests-limit: 10 + commit-message: + prefix: "chore" + labels: + - "type/update" diff --git a/.github/workflows/component-scan.yml b/.github/workflows/component-scan.yml index 6619e1d0..63491c6d 100644 --- a/.github/workflows/component-scan.yml +++ b/.github/workflows/component-scan.yml @@ -220,7 +220,7 @@ jobs: "type": "section", "text": { "type": "mrkdwn", - "text": "*DAI Runtimes* \n_Vulnerabilities have been detected on the `${{ github.ref_name }}` branch_" + "text": "*Java MOJO Runtime* \n_Vulnerabilities have been detected on the `${{ github.ref_name }}` branch_" } }, { diff --git a/.github/workflows/image-build.yml b/.github/workflows/image-build.yml index 11647358..b5ac53fa 100644 --- a/.github/workflows/image-build.yml +++ b/.github/workflows/image-build.yml @@ -30,13 +30,13 @@ jobs: - name: Setup Gradle uses: gradle/actions/setup-gradle@v4 - - name: Build templates - run: | - ./gradlew --init-script init.gradle distributionZip - - name: Build images with Gradle Wrapper run: | - ./gradlew -Pversion=${{inputs.component_version}} --init-script init.gradle jibBuildTar -Djib.to.image=image:latest -Djib.outputPaths.tar=/tmp/image.tar + ./gradlew :local-rest-scorer:build -Pversion=${{ inputs.component_version }} -x check --init-script init.gradle + docker build -t image:latest -f local-rest-scorer/Dockerfile local-rest-scorer + + - name: Save docker image + run: docker save image:latest > /tmp/image.tar - name: Save image artifact uses: actions/upload-artifact@v4 diff --git a/gradle/java.gradle b/gradle/java.gradle index 185c5f5a..a7edf9c1 100644 --- a/gradle/java.gradle +++ b/gradle/java.gradle @@ -4,3 +4,11 @@ apply from: project(":").file('gradle/java_no_style.gradle') apply from: project(":").file('gradle/mixins/checkstyle.gradle') apply from: project(":").file('gradle/mixins/errorprone.gradle') +apply plugin: 'java' + +java { + toolchain { + languageVersion = JavaLanguageVersion.of(17) + vendor = JvmVendorSpec.ADOPTIUM + } +} diff --git a/local-rest-scorer/Dockerfile b/local-rest-scorer/Dockerfile new file mode 100644 index 00000000..1be7b13d --- /dev/null +++ b/local-rest-scorer/Dockerfile @@ -0,0 +1,23 @@ +FROM cgr.dev/chainguard/wolfi-base:latest@sha256:0f1d81605bda6e2388c3c7f731700d8c12e17259d58ffba11f36ddc81d9c0a76 AS builder +RUN apk add openjdk-17 bash coreutils +ENV JAVA_HOME=/usr/lib/jvm/java-17-openjdk +ENV PATH="$JAVA_HOME/bin:$PATH" +WORKDIR /app +COPY build/libs/local-rest-scorer-boot.jar application.jar +RUN java -Djarmode=layertools -jar application.jar extract + +FROM cgr.dev/chainguard/wolfi-base:latest@sha256:0f1d81605bda6e2388c3c7f731700d8c12e17259d58ffba11f36ddc81d9c0a76 +RUN apk add openjdk-17-jre bash coreutils +ENV JAVA_HOME=/usr/lib/jvm/java-17-openjdk +ENV PATH="$JAVA_HOME/bin:$PATH" +USER nonroot +WORKDIR /app +COPY --from=builder --chown=nonroot:nonroot /app/dependencies/ ./ +COPY --from=builder --chown=nonroot:nonroot /app/spring-boot-loader/ ./ +COPY --from=builder --chown=nonroot:nonroot /app/snapshot-dependencies/ ./ +COPY --from=builder --chown=nonroot:nonroot /app/application/ ./ +VOLUME /mojos +VOLUME /secrets +EXPOSE 8080 +ENV DRIVERLESS_AI_LICENSE_FILE="/secrets/license.sig" +CMD ["java", "-Dmojo.path=/mojos/pipeline.mojo", "--add-opens=java.base/java.lang=ALL-UNNAMED", "--add-opens=java.base/java.util=ALL-UNNAMED", "--add-opens=java.base/java.lang.reflect=ALL-UNNAMED", "org.springframework.boot.loader.launch.JarLauncher"] diff --git a/local-rest-scorer/README.md b/local-rest-scorer/README.md index 12f68e10..c38dbade 100644 --- a/local-rest-scorer/README.md +++ b/local-rest-scorer/README.md @@ -275,12 +275,7 @@ Generation of this Docker image is plugged into the build process of this projec Run the following command in the root project directory to run the `build` process. ```bash -./gradlew :local-rest-scorer:jibDockerBuild -``` - -Verify that the Docker image was created, and take note of the version created. -```bash -docker images --format "{{.Repository}} \t {{.Tag}}" | grep "h2oai/rest-scorer" +docker build -t rest-scorer . ``` ### Run Container diff --git a/local-rest-scorer/build.gradle b/local-rest-scorer/build.gradle index 93ac3697..a8dcbe9a 100644 --- a/local-rest-scorer/build.gradle +++ b/local-rest-scorer/build.gradle @@ -1,5 +1,4 @@ plugins { - id 'com.google.cloud.tools.jib' id 'org.springframework.boot' } apply from: project(":").file('gradle/java.gradle') @@ -44,6 +43,7 @@ bootRun { bootJar { mainClass = 'ai.h2o.mojos.deploy.local.rest.ScorerApplication' archiveClassifier = 'boot' + archiveVersion = '' } jar { @@ -57,38 +57,3 @@ rootProject.distributionZip { from bootJar.archivePath } } - -// Docker image configuration. -jib { - from { - image = javaBaseImage - } - to { - image = dockerRepositoryPrefix + 'rest-scorer' - tags = [version] - auth { - username = System.getenv('TO_DOCKER_USERNAME') ?: '' - password = System.getenv('TO_DOCKER_PASSWORD') ?: '' - } - } - container { - jvmFlags = defaultJibContainerJvmFlags.split(" ").each { it.trim() }.toList() - user = 1001 - ports = ['8080'] - volumes = [ - // For storing the mojo2 file with the model to be used for scoring. - '/mojos', - // For the DAI license file. - '/secrets', - ] - environment = [ - // The expected path to the DAI license file. - DRIVERLESS_AI_LICENSE_FILE: '/secrets/license.sig', - ] - } -} - -// Make docker TAR build part of the build task to ensure the image can be built. -// No pushing anywhere (not even to local docker). To push to local docker run task `jibDockerBuild` instead. -// To push to harbor use task `jib`, credentials will be needed though. -tasks.build.dependsOn tasks.jibBuildTar diff --git a/settings.gradle b/settings.gradle index e050dd28..0f335c08 100644 --- a/settings.gradle +++ b/settings.gradle @@ -6,7 +6,9 @@ pluginManagement { id 'org.openapi.generator' version "${openApiGeneratorGradlePluginVersion}" } } - +plugins { + id 'org.gradle.toolchains.foojay-resolver-convention' version '0.8.0' +} dependencyResolutionManagement { repositories { mavenCentral()