Merge pull request #627 from OpenLiberty/vNext

Merge vNext commits into main

Author: leochr

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2025-03-12T20:39:33Z",
+  "generated_at": "2025-04-09T12:50:05Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -327,6 +327,76 @@
         "verified_result": null
       }
     ],
+    "releases/25.0.0.4/full/helpers/build/configuration_snippets/keystore.xml": [
+      {
+        "hashed_secret": "3cacc7bfac0a382c669a884c953d0401a689785d",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 2,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "releases/25.0.0.4/full/helpers/build/configuration_snippets/truststore.xml": [
+      {
+        "hashed_secret": "662e721e5b6494888b2792ea3b8a1fa310f6ea45",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 3,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "releases/25.0.0.4/full/helpers/runtime/docker-server.sh": [
+      {
+        "hashed_secret": "ad321232b1e4e90a29208e1f70d06aad788caa16",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 124,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "releases/25.0.0.4/full/server.xml": [
+      {
+        "hashed_secret": "d1bbd0d69a08402e6c1fc2d1bc5a5ea5c3a7ea13",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 15,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "releases/25.0.0.4/kernel-slim/helpers/build/configuration_snippets/keystore.xml": [
+      {
+        "hashed_secret": "3cacc7bfac0a382c669a884c953d0401a689785d",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 2,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "releases/25.0.0.4/kernel-slim/helpers/build/configuration_snippets/truststore.xml": [
+      {
+        "hashed_secret": "662e721e5b6494888b2792ea3b8a1fa310f6ea45",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 3,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "releases/25.0.0.4/kernel-slim/helpers/runtime/docker-server.sh": [
+      {
+        "hashed_secret": "ad321232b1e4e90a29208e1f70d06aad788caa16",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 124,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "releases/latest/beta/helpers/build/configuration_snippets/keystore.xml": [
       {
         "hashed_secret": "3cacc7bfac0a382c669a884c953d0401a689785d",

releases/25.0.0.4/full/Dockerfile.ubi.ibmjava8

@@ -0,0 +1,154 @@
+FROM ibmjava:8-ubi AS getRuntime
+
+USER root
+
+ARG LIBERTY_VERSION=25.0.0.4
+ARG LIBERTY_SHA=719ffc20a113a68f88dea0295fc366606a4c6028
+ARG LIBERTY_DOWNLOAD_URL=https://repo1.maven.org/maven2/io/openliberty/openliberty-runtime/$LIBERTY_VERSION/openliberty-runtime-$LIBERTY_VERSION.zip
+
+ARG VERBOSE=false
+
+# If there is a local copy of the image use that instead
+COPY resources/ /tmp/
+
+# Install Open Liberty
+RUN yum -y install shadow-utils wget unzip openssl \
+    && if [ ! -f /tmp/wlp.zip ]; then wget -q $LIBERTY_DOWNLOAD_URL -U UA-Open-Liberty-Docker -O /tmp/wlp.zip; fi \
+    && echo "$LIBERTY_SHA  /tmp/wlp.zip" > /tmp/wlp.zip.sha1 \
+    && sha1sum -c /tmp/wlp.zip.sha1 \
+    && chmod -R u+x /usr/bin \
+    && unzip -q /tmp/wlp.zip -d /opt/ol \
+    && mkdir -p /licenses \
+    && cp /opt/ol/wlp/LICENSE /licenses/ \
+    && adduser -u 1001 -r -g root -s /usr/sbin/nologin default \
+    && chown -R 1001:0 /opt/ol/wlp \
+    && chmod -R g+rw /opt/ol/wlp
+
+FROM ibmjava:8-ubi
+
+USER root
+
+ARG LIBERTY_VERSION=25.0.0.4
+ARG LIBERTY_BUILD_LABEL=cl250420250407-1902
+
+ARG OPENJ9_SCC=true
+ARG VERBOSE=false
+
+LABEL org.opencontainers.image.authors="Leo Christy Jesuraj, Melissa Lee, Thomas Watson, Michal Broz, Wendy Raschke" \
+      org.opencontainers.image.vendor="Open Liberty" \
+      org.opencontainers.image.url="https://openliberty.io/" \
+      org.opencontainers.image.source="https://github.com/OpenLiberty/ci.docker" \
+      org.opencontainers.image.version="$LIBERTY_VERSION" \
+      org.opencontainers.image.revision="$LIBERTY_BUILD_LABEL" \
+      liberty.version="$LIBERTY_VERSION" \
+      io.openliberty.version="$LIBERTY_VERSION" \
+      vendor="Open Liberty" \
+      name="Open Liberty" \
+      version="$LIBERTY_VERSION" \
+      summary="Image for Open Liberty with IBM's Java and UBI 8" \
+      description="This image contains the Open Liberty runtime with IBM's Java and Red Hat UBI 8 as the base OS.  For more information on this image please see https://github.com/OpenLiberty/ci.docker#building-an-application-image"
+
+COPY NOTICES /opt/ol/NOTICES
+COPY helpers /opt/ol/helpers
+COPY fixes/ /opt/ol/fixes/
+
+# Install dumb-init
+RUN set -eux; \
+    ARCH="$(uname -m)"; \
+    case "${ARCH}" in \
+       aarch64|arm64) \
+         DUMB_INIT_URL='https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_aarch64'; \
+         DUMB_INIT_SHA256=b7d648f97154a99c539b63c55979cd29f005f88430fb383007fe3458340b795e; \
+         ;; \
+       amd64|x86_64) \
+         DUMB_INIT_URL='https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_x86_64'; \
+         DUMB_INIT_SHA256=e874b55f3279ca41415d290c512a7ba9d08f98041b28ae7c2acb19a545f1c4df; \
+         ;; \
+       ppc64el|ppc64le) \
+         DUMB_INIT_URL='https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_ppc64le'; \
+         DUMB_INIT_SHA256=3d15e80e29f0f4fa1fc686b00613a2220bc37e83a35283d4b4cca1fbd0a5609f; \
+         ;; \
+       s390x) \
+         DUMB_INIT_URL='https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_s390x'; \
+         DUMB_INIT_SHA256=47e4601b152fc6dcb1891e66c30ecc62a2939fd7ffd1515a7c30f281cfec53b7; \
+         ;;\
+       *) \
+         echo "Unsupported arch: ${ARCH}"; \
+         exit 1; \
+         ;; \
+    esac; \
+    curl -LfsSo /usr/bin/dumb-init ${DUMB_INIT_URL}; \
+    echo "${DUMB_INIT_SHA256} */usr/bin/dumb-init" | sha256sum -c -; \
+    chmod +x /usr/bin/dumb-init;
+
+# Add default user 1001 and create wlp with right user/permissions before copying
+RUN adduser -u 1001 -r -g root -s /usr/sbin/nologin default \
+    && mkdir -p /opt/ol/wlp \
+    && chown -R 1001:0 /opt/ol/wlp \
+    && chmod -R g+rw /opt/ol/wlp
+
+# Copy the runtime and licenses
+COPY --from=getRuntime --chown=1001:0 /opt/ol/wlp /opt/ol/wlp
+COPY --from=getRuntime /licenses /licenses
+
+RUN yum -y install openssl \
+    && yum clean all
+
+# Set Path Shortcuts
+ENV PATH=$PATH:/opt/ol/wlp/bin:/opt/ol/helpers/build \
+    LOG_DIR=/logs \
+    WLP_OUTPUT_DIR=/opt/ol/wlp/output \
+    WLP_SKIP_MAXPERMSIZE=true \
+    OPENJ9_SCC=$OPENJ9_SCC
+
+# Configure Open Liberty
+RUN /opt/ol/wlp/bin/server create --template=javaee8 \
+    && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea \
+    && rm -rf /opt/ol/wlp/usr/servers/defaultServer/server.env
+
+# Create symlinks && set permissions for non-root user
+RUN mkdir /logs \
+    && mkdir -p /opt/ol/wlp/usr/shared/resources/lib.index.cache \
+    && ln -s /opt/ol/wlp/usr/shared/resources/lib.index.cache /lib.index.cache \
+    && mkdir -p $WLP_OUTPUT_DIR/defaultServer \
+    && ln -s $WLP_OUTPUT_DIR/defaultServer /output \
+    && ln -s /opt/ol/wlp/usr/servers/defaultServer /config \
+    && mkdir -p /config/configDropins/defaults \
+    && mkdir -p /config/configDropins/overrides \
+    && mkdir -p /config/dropins \
+    && mkdir -p /config/apps \
+    && ln -s /opt/ol/wlp /liberty \
+    && ln -s /opt/ol/fixes /fixes \
+    && chown -R 1001:0 /config \
+    && chmod -R g+rw /config \
+    && chown -R 1001:0 /logs \
+    && chmod -R g+rw /logs \
+    && chown -R 1001:0 /opt/ol/wlp/usr \
+    && chmod -R g+rw /opt/ol/wlp/usr \
+    && chown -R 1001:0 /opt/ol/wlp/output \
+    && chmod -R g+rw /opt/ol/wlp/output \
+    && chown -R 1001:0 /opt/ol/helpers \
+    && chmod -R ug+rwx /opt/ol/helpers \
+    && chown -R 1001:0 /opt/ol/fixes \
+    && chmod -R g+rwx /opt/ol/fixes \
+    && mkdir /etc/wlp \
+    && chown -R 1001:0 /etc/wlp \
+    && chmod -R g+rw /etc/wlp \
+    && echo "<server description=\"Default Server\"><httpEndpoint id=\"defaultHttpEndpoint\" host=\"*\" /></server>" > /config/configDropins/defaults/open-default-port.xml
+
+# Create a new SCC layer
+RUN if [ "$OPENJ9_SCC" = "true" ]; then populate_scc.sh; fi \
+    && rm -rf /output/messaging /output/resources/security /logs/* $WLP_OUTPUT_DIR/.classCache \
+    && chown -R 1001:0 /opt/ol/wlp/output \
+    && chmod -R g+rwx /opt/ol/wlp/output
+
+#These settings are needed so that we can run as a different user than 1001 after server warmup
+ENV RANDFILE=/tmp/.rnd \
+    IBM_JAVA_OPTIONS="-Xshareclasses:name=liberty,readonly,nonfatal,cacheDir=/output/.classCache/ -Dosgi.checkConfiguration=false ${IBM_JAVA_OPTIONS}"
+
+USER 1001
+
+EXPOSE 9080 9443
+
+ENTRYPOINT ["/opt/ol/helpers/runtime/docker-server.sh"]
+CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]

releases/25.0.0.4/full/Dockerfile.ubi.openjdk11

@@ -0,0 +1,155 @@
+FROM icr.io/appcafe/ibm-semeru-runtimes:open-11-jdk-ubi AS getRuntime
+
+USER root
+
+ARG LIBERTY_VERSION=25.0.0.4
+ARG LIBERTY_SHA=719ffc20a113a68f88dea0295fc366606a4c6028
+ARG LIBERTY_DOWNLOAD_URL=https://repo1.maven.org/maven2/io/openliberty/openliberty-runtime/$LIBERTY_VERSION/openliberty-runtime-$LIBERTY_VERSION.zip
+
+ARG VERBOSE=false
+
+# If there is a local copy of the image use that instead
+COPY resources/ /tmp/
+
+# Install Open Liberty
+RUN yum -y install shadow-utils wget unzip openssl \
+    && if [ ! -f /tmp/wlp.zip ]; then wget -q $LIBERTY_DOWNLOAD_URL -U UA-Open-Liberty-Docker -O /tmp/wlp.zip; fi \
+    && echo "$LIBERTY_SHA  /tmp/wlp.zip" > /tmp/wlp.zip.sha1 \
+    && sha1sum -c /tmp/wlp.zip.sha1 \
+    && chmod -R u+x /usr/bin \
+    && unzip -q /tmp/wlp.zip -d /opt/ol \
+    && mkdir -p /licenses \
+    && cp /opt/ol/wlp/LICENSE /licenses/ \
+    && adduser -u 1001 -r -g root -s /usr/sbin/nologin default \
+    && chown -R 1001:0 /opt/ol/wlp \
+    && chmod -R g+rw /opt/ol/wlp
+
+FROM icr.io/appcafe/ibm-semeru-runtimes:open-11-jdk-ubi
+
+USER root
+
+ARG LIBERTY_VERSION=25.0.0.4
+ARG LIBERTY_BUILD_LABEL=cl250420250407-1902
+
+ARG OPENJ9_SCC=true
+ARG VERBOSE=false
+
+LABEL org.opencontainers.image.authors="Leo Christy Jesuraj, Melissa Lee, Thomas Watson, Michal Broz, Wendy Raschke" \
+      org.opencontainers.image.vendor="Open Liberty" \
+      org.opencontainers.image.url="https://openliberty.io/" \
+      org.opencontainers.image.source="https://github.com/OpenLiberty/ci.docker" \
+      org.opencontainers.image.version="$LIBERTY_VERSION" \
+      org.opencontainers.image.revision="$LIBERTY_BUILD_LABEL" \
+      liberty.version="$LIBERTY_VERSION" \
+      io.openliberty.version="$LIBERTY_VERSION" \
+      vendor="Open Liberty" \
+      name="Open Liberty" \
+      version="$LIBERTY_VERSION" \
+      summary="Image for Open Liberty with IBM Semeru Runtime Open Edition OpenJDK with OpenJ9 and UBI 8" \
+      description="This image contains the Open Liberty runtime with IBM Semeru Runtime Open Edition OpenJDK with OpenJ9 and Red Hat UBI 8 as the base OS.  For more information on this image please see https://github.com/OpenLiberty/ci.docker#building-an-application-image"
+
+COPY NOTICES /opt/ol/NOTICES
+COPY helpers /opt/ol/helpers
+COPY fixes/ /opt/ol/fixes/
+
+# Install dumb-init
+RUN set -eux; \
+    ARCH="$(uname -m)"; \
+    case "${ARCH}" in \
+       aarch64|arm64) \
+         DUMB_INIT_URL='https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_aarch64'; \
+         DUMB_INIT_SHA256=b7d648f97154a99c539b63c55979cd29f005f88430fb383007fe3458340b795e; \
+         ;; \
+       amd64|x86_64) \
+         DUMB_INIT_URL='https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_x86_64'; \
+         DUMB_INIT_SHA256=e874b55f3279ca41415d290c512a7ba9d08f98041b28ae7c2acb19a545f1c4df; \
+         ;; \
+       ppc64el|ppc64le) \
+         DUMB_INIT_URL='https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_ppc64le'; \
+         DUMB_INIT_SHA256=3d15e80e29f0f4fa1fc686b00613a2220bc37e83a35283d4b4cca1fbd0a5609f; \
+         ;; \
+       s390x) \
+         DUMB_INIT_URL='https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_s390x'; \
+         DUMB_INIT_SHA256=47e4601b152fc6dcb1891e66c30ecc62a2939fd7ffd1515a7c30f281cfec53b7; \
+         ;;\
+       *) \
+         echo "Unsupported arch: ${ARCH}"; \
+         exit 1; \
+         ;; \
+    esac; \
+    curl -LfsSo /usr/bin/dumb-init ${DUMB_INIT_URL}; \
+    echo "${DUMB_INIT_SHA256} */usr/bin/dumb-init" | sha256sum -c -; \
+    chmod +x /usr/bin/dumb-init;
+
+# Add default user 1001 and create wlp with right user/permissions before copying
+RUN adduser -u 1001 -r -g root -s /usr/sbin/nologin default \
+    && mkdir -p /opt/ol/wlp \
+    && chown -R 1001:0 /opt/ol/wlp \
+    && chmod -R g+rw /opt/ol/wlp
+
+# Copy the runtime and licenses
+COPY --from=getRuntime --chown=1001:0 /opt/ol/wlp /opt/ol/wlp
+COPY --from=getRuntime /licenses /licenses
+
+RUN yum -y install openssl \
+    && yum clean all
+
+# Set Path Shortcuts
+ENV PATH=$PATH:/opt/ol/wlp/bin:/opt/ol/helpers/build \
+    LOG_DIR=/logs \
+    WLP_OUTPUT_DIR=/opt/ol/wlp/output \
+    WLP_SKIP_MAXPERMSIZE=true \
+    OPENJ9_SCC=$OPENJ9_SCC
+
+# Configure Open Liberty
+RUN /opt/ol/wlp/bin/server create --template=javaee8 \
+    && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea \
+    && rm -rf /opt/ol/wlp/usr/servers/defaultServer/server.env
+
+# Create symlinks && set permissions for non-root user
+RUN mkdir /logs \
+    && mkdir -p /opt/ol/wlp/usr/shared/resources/lib.index.cache \
+    && ln -s /opt/ol/wlp/usr/shared/resources/lib.index.cache /lib.index.cache \
+    && mkdir -p $WLP_OUTPUT_DIR/defaultServer \
+    && ln -s $WLP_OUTPUT_DIR/defaultServer /output \
+    && ln -s /opt/ol/wlp/usr/servers/defaultServer /config \
+    && mkdir -p /config/configDropins/defaults \
+    && mkdir -p /config/configDropins/overrides \
+    && mkdir -p /config/dropins \
+    && mkdir -p /config/apps \
+    && ln -s /opt/ol/wlp /liberty \
+    && ln -s /opt/ol/fixes /fixes \
+    && chown -R 1001:0 /config \
+    && chmod -R g+rw /config \
+    && chown -R 1001:0 /logs \
+    && chmod -R g+rw /logs \
+    && chown -R 1001:0 /opt/ol/wlp/usr \
+    && chmod -R g+rw /opt/ol/wlp/usr \
+    && chown -R 1001:0 /opt/ol/wlp/output \
+    && chmod -R g+rw /opt/ol/wlp/output \
+    && chown -R 1001:0 /opt/ol/helpers \
+    && chmod -R ug+rwx /opt/ol/helpers \
+    && chown -R 1001:0 /opt/ol/fixes \
+    && chmod -R g+rwx /opt/ol/fixes \
+    && mkdir /etc/wlp \
+    && chown -R 1001:0 /etc/wlp \
+    && chmod -R g+rw /etc/wlp \
+    && if [ -e /etc/instanton.ld.so.cache ]; then chmod g+w /etc/ld.so.cache; fi \
+    && echo "<server description=\"Default Server\"><httpEndpoint id=\"defaultHttpEndpoint\" host=\"*\" /></server>" > /config/configDropins/defaults/open-default-port.xml
+
+# Create a new SCC layer
+RUN if [ "$OPENJ9_SCC" = "true" ]; then populate_scc.sh; fi \
+    && rm -rf /output/messaging /output/resources/security /logs/* $WLP_OUTPUT_DIR/.classCache \
+    && chown -R 1001:0 /opt/ol/wlp/output \
+    && chmod -R g+rwx /opt/ol/wlp/output
+
+#These settings are needed so that we can run as a different user than 1001 after server warmup
+ENV RANDFILE=/tmp/.rnd \
+    OPENJ9_JAVA_OPTIONS="-XX:+IgnoreUnrecognizedVMOptions -XX:+IdleTuningGcOnIdle -Xshareclasses:name=openj9_system_scc,cacheDir=/opt/java/.scc,readonly,nonFatal -Dosgi.checkConfiguration=false"
+
+USER 1001
+
+EXPOSE 9080 9443
+
+ENTRYPOINT ["/opt/ol/helpers/runtime/docker-server.sh"]
+CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]