Update `PrivateKeyParser` implementations so that algorithm parameters
for PEM encoded 'EC PRIVATE KEY' files are loaded from the incoming
data.
Prior to this commit, the algorithm parameter was hard-coded to
'secp384r1' which could result in a mismatch to the actual file
content.
Fixes gh-34232
When building an image using the Maven `spring-boot:build-image` goal or
the Gradle `bootBuildImage` task, the build and launch caches can be
configured to use a bind mount as an alternative to using a named
volume.
Closes gh-28387
This reverts commit 6506208d29. The
upgrade to the Jammy builder was causing
failsWhenBuildImageIsInvokedOnMultiModuleProjectWithBuildImageGoal to
hang on CI.
See gh-36689
Configuration files managed by the Docker CLI are now used to determine
the host address of the Docker daemon used when building images using
buildpacks when a host address is not configured with environment
variables or build tool plugin configuration.
Closes gh-36445
An `applicationDirectory` option on the Maven
`spring-boot:build-image` goal and the Gradle `bootBuildImage` task
can be configured to set the location that will be used to upload
application contents to the builder image, and will contain the
application contents in the generated image.
Closes gh-34786
A `createdDate` option on the Maven `spring-boot:build-image` goal
and the Gradle `bootBuildImage` task can be used to set the `Created`
metadata field on a generated OCI image to a specified date or to
the current date.
Closes gh-28798
A tar archive of a Docker image contains a `mainfest.json` file that
lists the path to each embedded tar file containing the contents of a
layer in the image. This manifest file should be used to identify the
layer files instead of relying on file naming conventions and
assumptions on the directory structure that are not consistent
between container engine implementations.
Fixes gh-34324
Update `PrivateKeyParser` to support loading PEM formatted
elliptic-curve keys. We need to do a similar trick to the PKCS1 keys
and convert them to a `PKCS8EncodedKeySpec`.
Fixes gh-32646
When using the Gradle `bootBuildImage` task or Maven
`spring-boot:build-image` goal on a Linux distribution with SELinux
enabled, binding the Docker socket in the builder container might
fail. This commit disables the `label` security policy in the builder
container to prevent this type of failure.
Fixes gh-32000
This commit removes the requirement that `docker.publishRegistry`
configuration must be provided when an image is published by the Gradle
or Maven plugin.
Fixes gh-28844
This commit adds validation of any buildpacks that are specified for
image building to match them against buildpacks that are bundled in
the builder. If an image buildpack's ID, version, and one layer
hash match the same information stored in a label on the builder
image, that buildpack won't be added and the buildpack bundled in
the builder will be used instead. This reduces the chance of adding to
the total count of layers in a builder image unnecessarily.
Fixes gh-31233
This commit adds configuration to the Maven and Gradle plugins to
allow specifying the names of build and launch cache volumes provided
to the CNB builder.
See gh-28292
This commit adds configuration to the Maven and Gradle plugins to
allow specifying multiple tag to be created that refer to the built
image.
See gh-27613
Adding a label to the ephemeral builder image cloned from the base
builder image eliminates contention between builds that are run
concurrently. Without this label, concurrent builds could result in
a race condition in the Docker daemon if the ephemeral builder image
shared by builds was deleted by both builds at exactly the same time.
Fixes gh-27888
This commit adds configuration to the Maven and Gradle plugins to
allow specifying the network mode to be provided to the image
building goal and task.
See gh-27486
An upgrade to Apache Commons Compress allows the build plugins to write
the launch script to the fat jar as a proper preamble, making the file
compatible with more jar and zip tooling.
Fixes gh-22336
When a custom buildpack is provided for image building, the contents
of the buildpack directory, tgz file, or image are copied as tar
entries to a new layer in the ephemeral builder image. Prior to this
commit, only file entries from the buildpack source were copied as
builder layer tar entries; intermediate directory entries from the
source were not copied. This results in directories being created in
the builder container using default permissions. This worked on most
Linux-like OSs where the default permissions allow others-read
access. On some OSs like Arch Linux where the default directory
permissions do not allow others-read, this prevented the lifecycle
processes from reading the buildpack files.
This commit explicitly creates all intermediate directory tar entries
in the builder image layer to ensure that the buildpack directories
and files can be read by the lifecycle processes.
Fixes gh-26658
Update `ImageName` and `ImageReference` to use distinct regex patterns
to parse specific parts of the value. Prior to this commit a single
regex pattern was used which could hang given certain input strings.
Fixes gh-23115
This commit copies the file mode along with other attributes when
copying files from the source archive to the build container while
building an image using the Gradle plugin. This preserves file
permissions on any resources included in the source archive.
Fixes gh-25915
This commit corrects the order.toml file that is generated and added
to the builder when building an image using custom buildpacks with the
Maven or Gradle plugin in order to support buildpacks that depend on
detection as a group.
Fixes gh-25378
This commit adds configuration to the Maven and Gradle plugins to
allow a list of volume mount bindings to be provided to the image
building goal and task. This enables service bindings to be mounted
in the builder image that are recognized by buildpacks to support
custom certificates, build tool configuration, APM integration, and
other buildpack features.
Fixes gh-23518
This commit adds configuration to the Maven and Gradle plugins to
allow a list of buildpacks to be provided to the image building
goal and task.
Fixes gh-21722
Update `build.gradle` files to ensure that `junit-platform-launcher` is
a `testRuntimeOnly` dependency. This ensures that tests can be run from
Eclipse.
Closes gh-25074
Previously, when an authenticated Docker builder registry was
configured in the Maven or Gradle plugin and the builder and run
images specified different registries, the authentication credentials
would be sent to both registries. This could cause confusion if both
registries don't recognize the same credentials. This commit enforces
that both images are in the same registry when authentication
is configured.
Fixes gh-24552
Docker daemon authorization plugins reject POST or PUT requests that have a
content type `application/json` header but no content length header. This
commit ensures that a content length header is provided in these cases.
This is a cherry-pick of the changes in d5b2836ec9
which were lost in a forward-merge.
Fixes gh-23957
Docker daemon authorization plugins reject POST or PUT requests that have a
content type `application/json` header but no content length header. This
commit ensures that a content length header is provided in these cases.
Fixes gh-22840
This commit adds support for platform API 0.4 when invoking a CNB
builder in the Maven and Gradle plugins. If the builder advertises
that it supports platform API 0.4 then that version will be
requested when invoking lifecycle phases. Otherwise the plugins
will fall back to requesting platform API 0.3.
Requesting platform API 0.4 when invoking builder lifecycle phases
has the primary benefit of making it easier to pass command-line
arguments to the default process in the generated image.
Fixes gh-23692
The CNB specifications allow builders to support multiple platform
API versions. The supported versions are published in the builder
image metadata as an array of version numbers, while a single
supported version number was published in earlier builder metadata.
These changes read the supported versions from the builder metadata
and fall back to the single version if the array is not present.
A CNB_PLATFORM_API environment variable is set on each lifecycle
phase invocation to request a specific version as recommended in
the CNB platform spec.
Fixes gh-23682
Moritz Halbritter
Andy Wilkinson
Phillip Webb
Scott Frederick
Johnny Lim
Marc Leroux
Chintan Radia
Krzysztof Krason
dreis2211
Marc Wrobel
Moritz Halbritter
Stephane Nicoll
Yanming Zhou
Julian Liebig
Rafael Ceccone
Jeroen Meijer
weixsun
Scott Frederick
Valery Yatsynovich