From f1d8b5cfbd97a90eca88ea0fbef16e9b8456611d Mon Sep 17 00:00:00 2001 From: Alexey Kuznetsov Date: Mon, 30 Mar 2026 17:07:31 -0400 Subject: [PATCH 1/7] Testing arm64 docker images --- .github/workflows/ci.yml | 67 ++++++++++++++++++ Dockerfile.arm64 | 110 +++++++++++++++++++++++++++++ build-arm64 | 145 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 322 insertions(+) create mode 100644 Dockerfile.arm64 create mode 100644 build-arm64 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d2340cb..4e0ea3a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,10 +9,22 @@ on: schedule: - cron: '0 0 * * 0' workflow_dispatch: + inputs: + run_amd64: + description: "Run the standard amd64 image build" + required: false + default: false + type: boolean + run_arm64: + description: "Run the experimental arm64 image build" + required: false + default: false + type: boolean jobs: build_push_check: name: Build docker image, publish it and run vuln scanner against it + if: ${{ github.event_name == 'workflow_dispatch' && inputs.run_amd64 == true }} permissions: contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/upload-sarif to upload SARIF results @@ -62,3 +74,58 @@ jobs: uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0 with: sarif_file: 'trivy-results.sarif' + + build_push_check_arm64: + name: Build arm64 docker image, publish it and run vuln scanner against it + if: ${{ github.event_name == 'workflow_dispatch' && inputs.run_arm64 == true }} + permissions: + contents: read + security-events: write + packages: write + runs-on: ubuntu-latest + environment: + name: ci-build + steps: + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2 + - name: Set up QEMU + uses: docker/setup-qemu-action@e20b58169f0f89e8fb4a5c8a5ad9b65cb7e7b98a # 3.6.0 + with: + platforms: arm64 + - name: Set up Docker Buildx + id: buildx-arm64 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # 4.0.0 + - name: Login to ghcr.io + uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # 4.0.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 + with: + docker-images: false + - name: Build arm64 image + id: build-arm64 + run: bash ./build-arm64 + - name: Test arm64 image + run: bash ./build-arm64 --test + - name: Describe arm64 image + run: bash ./build-arm64 --describe >> $GITHUB_STEP_SUMMARY + - name: Push arm64 image + run: bash ./build-arm64 --push + - name: Run Trivy vulnerability scanner on arm64 image + uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0 + with: + image-ref: '${{ steps.build-arm64.outputs.LATEST_IMAGE_TAG }}' + format: 'sarif' + output: 'trivy-results-arm64.sarif' + severity: 'CRITICAL,HIGH' + limit-severities-for-sarif: true + env: + TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db + TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db + - name: Upload Trivy arm64 scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0 + with: + sarif_file: 'trivy-results-arm64.sarif' diff --git a/Dockerfile.arm64 b/Dockerfile.arm64 new file mode 100644 index 0000000..c322440 --- /dev/null +++ b/Dockerfile.arm64 @@ -0,0 +1,110 @@ +# syntax=docker/dockerfile:1.6 + +ARG LATEST_VERSION +FROM eclipse-temurin:${LATEST_VERSION}-jdk-noble AS temurin-latest + +FROM ubuntu:24.04 AS default-jdk +ARG LATEST_VERSION + +COPY --from=eclipse-temurin:8-jdk-noble /opt/java/openjdk /usr/lib/jvm/8 +COPY --from=eclipse-temurin:11-jdk-noble /opt/java/openjdk /usr/lib/jvm/11 +COPY --from=eclipse-temurin:17-jdk-noble /opt/java/openjdk /usr/lib/jvm/17 +COPY --from=eclipse-temurin:21-jdk-noble /opt/java/openjdk /usr/lib/jvm/21 +COPY --from=eclipse-temurin:25-jdk-noble /opt/java/openjdk /usr/lib/jvm/25 +COPY --from=temurin-latest /opt/java/openjdk /usr/lib/jvm/${LATEST_VERSION} + +RUN <<-EOT + set -eux + rm -rf \ + /usr/lib/jvm/*/lib/src.zip \ + /usr/lib/jvm/*/demo \ + /usr/lib/jvm/*/sample +EOT + +FROM ubuntu:24.04 AS base +ARG LATEST_VERSION +ENV LATEST_VERSION=${LATEST_VERSION} + +LABEL org.opencontainers.image.source=https://github.com/DataDog/dd-trace-java-docker-build + +RUN <<-EOT + set -eux + apt-get update + apt-get install -y sudo + groupadd --gid 1001 non-root-group + useradd --uid 1001 --gid non-root-group -m non-root-user + echo "non-root-user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/non-root-user + chmod 0440 /etc/sudoers.d/non-root-user + mkdir -p /home/non-root-user/.config + chown -R non-root-user:non-root-group /home/non-root-user/.config + apt-get clean + rm -rf /var/lib/apt/lists/* +EOT + +USER non-root-user +WORKDIR /home/non-root-user + +RUN <<-EOT + set -eux + sudo apt-get update + sudo apt-get install -y curl tar apt-transport-https ca-certificates gnupg socat less debian-goodies autossh ca-certificates-java python3-pip locales jq git gh yq lsb-release lsof unzip parallel xsltproc + sudo locale-gen en_US.UTF-8 + sudo git config --system --add safe.directory "*" + + sudo mkdir -p /tmp/docker-install + DOCKER_LATEST_VERSION=$(curl -s https://download.docker.com/linux/static/stable/$(uname -m)/ | grep -oP 'docker-\K([0-9]+\.[0-9]+\.[0-9]+)(?=\.tgz)' | sort -V | tail -n 1) + sudo curl -fsSL "https://download.docker.com/linux/static/stable/$(uname -m)/docker-${DOCKER_LATEST_VERSION}.tgz" | sudo tar -xz -C /tmp/docker-install + sudo mv /tmp/docker-install/docker/docker /usr/local/bin/ + sudo rm -rf /tmp/docker-install + sudo mkdir -p /usr/local/lib/docker/cli-plugins + sudo curl -fsSL "https://github.com/docker/compose/releases/latest/download/docker-compose-linux-$(uname -m)" -o /usr/local/lib/docker/cli-plugins/docker-compose + sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-compose + + sudo apt-get clean + sudo rm -rf /var/lib/apt/lists/* +EOT + +ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' + +COPY --from=default-jdk /usr/lib/jvm /usr/lib/jvm + +RUN <<-EOT + set -eux + sudo apt-get update + sudo pip3 install --break-system-packages awscli + sudo pip3 cache purge + + ARCH=$(dpkg --print-architecture) + case "$ARCH" in + arm64) DD_CI_ARCH="arm64"; VAULT_ARCH="arm64" ;; + amd64) DD_CI_ARCH="x64"; VAULT_ARCH="amd64" ;; + *) echo "Unsupported architecture: $ARCH" >&2; exit 1 ;; + esac + + sudo curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-${DD_CI_ARCH}" --output "/usr/local/bin/datadog-ci" + sudo chmod +x /usr/local/bin/datadog-ci + + VAULT_VERSION=1.20.4 + curl -fsSL "https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_${VAULT_ARCH}.zip" -o vault.zip + unzip vault.zip + sudo mv vault /usr/local/bin/vault + chmod +x /usr/local/bin/vault + rm vault.zip + + sudo apt-get clean + sudo rm -rf /var/lib/apt/lists/* +EOT + +ENV JAVA_DEBIAN_VERSION=unused +ENV JAVA_VERSION=unused + +ENV JAVA_8_HOME=/usr/lib/jvm/8 +ENV JAVA_11_HOME=/usr/lib/jvm/11 +ENV JAVA_17_HOME=/usr/lib/jvm/17 +ENV JAVA_21_HOME=/usr/lib/jvm/21 +ENV JAVA_25_HOME=/usr/lib/jvm/25 +ENV JAVA_${LATEST_VERSION}_HOME=/usr/lib/jvm/${LATEST_VERSION} + +ENV JAVA_HOME=${JAVA_8_HOME} +ENV PATH=${JAVA_HOME}/bin:${PATH} + diff --git a/build-arm64 b/build-arm64 new file mode 100644 index 0000000..ded157d --- /dev/null +++ b/build-arm64 @@ -0,0 +1,145 @@ +#!/usr/bin/env bash +set -eu + +readonly IMAGE_NAME="ghcr.io/datadog/dd-trace-java-docker-build" +readonly BASE_VARIANTS=(8 11 17 21 25 tip) + +function compute_metadata() { + GIT_BRANCH="${GITHUB_REF_NAME:-$(git branch --show-current)}" + readonly GIT_BRANCH="${GIT_BRANCH:-local}" + if [[ ${GIT_BRANCH} = master ]]; then + TAG_PREFIX="" + else + TAG_PREFIX="${GIT_BRANCH}-" + TAG_PREFIX="${TAG_PREFIX,,}" + TAG_PREFIX="${TAG_PREFIX//\//_}" + fi + + BUILD_DATE="$(date -u +"%Y-%m-%dT%H:%M:%SZ")" + GIT_HEAD_REF="$(git show-ref --head --hash ^HEAD)" +} + +function compute_latest_version() { + local base_year=2025 + local base_version=23 + + version="$((base_version + ($(date +%Y) - base_year) * 2))" + if [ "$(date +%m)" -ge 4 ]; then + version="$((version + 1))" + fi + if [ "$(date +%m)" -ge 10 ]; then + version="$((version + 1))" + fi + + export LATEST_VERSION="$version" +} + +function docker_build() { + local tag="$1" + docker buildx build \ + --build-arg LATEST_VERSION=$LATEST_VERSION \ + --platform linux/arm64 \ + --label org.opencontainers.image.created="$BUILD_DATE" \ + --label org.opencontainers.image.source=https://github.com/DataDog/dd-trace-java-docker-build \ + --label org.opencontainers.image.revision="$GIT_HEAD_REF" \ + --file Dockerfile.arm64 \ + --target base \ + --tag "$tag" \ + --load \ + . +} + +function image_name() { + local variant="${1}" + echo -n "${IMAGE_NAME}:${TAG_PREFIX}arm64-${variant}" +} + +function do_build() { + compute_metadata + compute_latest_version + docker_build "$(image_name base)" + if [ -n "${GITHUB_OUTPUT+unset}" ]; then + echo "LATEST_IMAGE_TAG=$(image_name base)" >>"$GITHUB_OUTPUT" + fi + for variant in "${BASE_VARIANTS[@]}"; do + variant="${variant,,}" + docker tag "$(image_name base)" "$(image_name "${variant}")" + done +} + +function do_test() { + local image + compute_metadata + image="$(image_name base)" + docker run \ + --platform linux/arm64 \ + --rm \ + "$image" \ + bash -lc ' + set -eux + "$JAVA_HOME/bin/java" -version + "$JAVA_8_HOME/bin/java" -version + "$JAVA_11_HOME/bin/java" -version + "$JAVA_17_HOME/bin/java" -version + "$JAVA_21_HOME/bin/java" -version + "$JAVA_25_HOME/bin/java" -version + ' +} + +function do_describe() { + local image + compute_metadata + compute_latest_version + image="$(image_name base)" + docker run \ + --platform linux/arm64 \ + --rm \ + "$image" \ + bash -lc ' + echo "# arm64 image" + echo + echo "## Operating System" + echo + echo "* $(lsb_release --description --short)" + echo + echo "## Tools" + echo + echo "* $(git --version)" + echo "* $(docker --version)" + echo "* $(docker compose version)" + echo "* datadog-ci $(datadog-ci version)" + echo "* vault $(vault --version)" + echo + echo "## JDKs" + echo + for env_name in JAVA_8_HOME JAVA_11_HOME JAVA_17_HOME JAVA_21_HOME JAVA_25_HOME; do + echo "* ${env_name}" + echo "```" + "${!env_name}/bin/java" -version 2>&1 + echo "```" + echo + done + ' +} + +function do_push() { + local tag + compute_metadata + for tag in base "${BASE_VARIANTS[@]}"; do + tag="${tag,,}" + docker push "$(image_name "${tag}")" + done +} + +if [[ -z ${1:-} ]]; then + do_build +elif [[ ${1} = "--test" ]]; then + do_test +elif [[ ${1} = "--describe" ]]; then + do_describe +elif [[ ${1} = "--push" ]]; then + do_push +else + echo "Unknown argument: ${1}" >&2 + exit 1 +fi From 4011bdeed316f35bc556ab36529de192a09349ab Mon Sep 17 00:00:00 2001 From: Alexey Kuznetsov Date: Mon, 30 Mar 2026 17:17:43 -0400 Subject: [PATCH 2/7] Using arm64 runners. --- .github/workflows/ci.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4e0ea3a..9701d7c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -82,16 +82,12 @@ jobs: contents: read security-events: write packages: write - runs-on: ubuntu-latest + runs-on: ubuntu-24.04-arm environment: name: ci-build steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2 - - name: Set up QEMU - uses: docker/setup-qemu-action@e20b58169f0f89e8fb4a5c8a5ad9b65cb7e7b98a # 3.6.0 - with: - platforms: arm64 - name: Set up Docker Buildx id: buildx-arm64 uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # 4.0.0 From 2528176fa3e253c4e8fc3b2e9c24d7c2f686822e Mon Sep 17 00:00:00 2001 From: Alexey Kuznetsov Date: Mon, 30 Mar 2026 17:33:14 -0400 Subject: [PATCH 3/7] Removed not needed stuff. --- Dockerfile.arm64 | 71 +----------------------------------------------- build-arm64 | 11 +++----- 2 files changed, 5 insertions(+), 77 deletions(-) diff --git a/Dockerfile.arm64 b/Dockerfile.arm64 index c322440..8e6b836 100644 --- a/Dockerfile.arm64 +++ b/Dockerfile.arm64 @@ -27,77 +27,8 @@ ENV LATEST_VERSION=${LATEST_VERSION} LABEL org.opencontainers.image.source=https://github.com/DataDog/dd-trace-java-docker-build -RUN <<-EOT - set -eux - apt-get update - apt-get install -y sudo - groupadd --gid 1001 non-root-group - useradd --uid 1001 --gid non-root-group -m non-root-user - echo "non-root-user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/non-root-user - chmod 0440 /etc/sudoers.d/non-root-user - mkdir -p /home/non-root-user/.config - chown -R non-root-user:non-root-group /home/non-root-user/.config - apt-get clean - rm -rf /var/lib/apt/lists/* -EOT - -USER non-root-user -WORKDIR /home/non-root-user - -RUN <<-EOT - set -eux - sudo apt-get update - sudo apt-get install -y curl tar apt-transport-https ca-certificates gnupg socat less debian-goodies autossh ca-certificates-java python3-pip locales jq git gh yq lsb-release lsof unzip parallel xsltproc - sudo locale-gen en_US.UTF-8 - sudo git config --system --add safe.directory "*" - - sudo mkdir -p /tmp/docker-install - DOCKER_LATEST_VERSION=$(curl -s https://download.docker.com/linux/static/stable/$(uname -m)/ | grep -oP 'docker-\K([0-9]+\.[0-9]+\.[0-9]+)(?=\.tgz)' | sort -V | tail -n 1) - sudo curl -fsSL "https://download.docker.com/linux/static/stable/$(uname -m)/docker-${DOCKER_LATEST_VERSION}.tgz" | sudo tar -xz -C /tmp/docker-install - sudo mv /tmp/docker-install/docker/docker /usr/local/bin/ - sudo rm -rf /tmp/docker-install - sudo mkdir -p /usr/local/lib/docker/cli-plugins - sudo curl -fsSL "https://github.com/docker/compose/releases/latest/download/docker-compose-linux-$(uname -m)" -o /usr/local/lib/docker/cli-plugins/docker-compose - sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-compose - - sudo apt-get clean - sudo rm -rf /var/lib/apt/lists/* -EOT - -ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' - COPY --from=default-jdk /usr/lib/jvm /usr/lib/jvm -RUN <<-EOT - set -eux - sudo apt-get update - sudo pip3 install --break-system-packages awscli - sudo pip3 cache purge - - ARCH=$(dpkg --print-architecture) - case "$ARCH" in - arm64) DD_CI_ARCH="arm64"; VAULT_ARCH="arm64" ;; - amd64) DD_CI_ARCH="x64"; VAULT_ARCH="amd64" ;; - *) echo "Unsupported architecture: $ARCH" >&2; exit 1 ;; - esac - - sudo curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-${DD_CI_ARCH}" --output "/usr/local/bin/datadog-ci" - sudo chmod +x /usr/local/bin/datadog-ci - - VAULT_VERSION=1.20.4 - curl -fsSL "https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_${VAULT_ARCH}.zip" -o vault.zip - unzip vault.zip - sudo mv vault /usr/local/bin/vault - chmod +x /usr/local/bin/vault - rm vault.zip - - sudo apt-get clean - sudo rm -rf /var/lib/apt/lists/* -EOT - -ENV JAVA_DEBIAN_VERSION=unused -ENV JAVA_VERSION=unused - ENV JAVA_8_HOME=/usr/lib/jvm/8 ENV JAVA_11_HOME=/usr/lib/jvm/11 ENV JAVA_17_HOME=/usr/lib/jvm/17 @@ -107,4 +38,4 @@ ENV JAVA_${LATEST_VERSION}_HOME=/usr/lib/jvm/${LATEST_VERSION} ENV JAVA_HOME=${JAVA_8_HOME} ENV PATH=${JAVA_HOME}/bin:${PATH} - +WORKDIR /work diff --git a/build-arm64 b/build-arm64 index ded157d..314f6fc 100644 --- a/build-arm64 +++ b/build-arm64 @@ -100,15 +100,12 @@ function do_describe() { echo echo "## Operating System" echo - echo "* $(lsb_release --description --short)" + . /etc/os-release + echo "* ${PRETTY_NAME}" echo - echo "## Tools" + echo "## Java Home" echo - echo "* $(git --version)" - echo "* $(docker --version)" - echo "* $(docker compose version)" - echo "* datadog-ci $(datadog-ci version)" - echo "* vault $(vault --version)" + echo "* ${JAVA_HOME}" echo echo "## JDKs" echo From 688529a82a765d4caa9d959e80216096ddb91373 Mon Sep 17 00:00:00 2001 From: Alexey Kuznetsov Date: Tue, 31 Mar 2026 22:02:24 -0400 Subject: [PATCH 4/7] Added git and `non-root-user`. --- Dockerfile.arm64 | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/Dockerfile.arm64 b/Dockerfile.arm64 index 8e6b836..471a0b5 100644 --- a/Dockerfile.arm64 +++ b/Dockerfile.arm64 @@ -27,8 +27,15 @@ ENV LATEST_VERSION=${LATEST_VERSION} LABEL org.opencontainers.image.source=https://github.com/DataDog/dd-trace-java-docker-build +RUN apt-get update \ + && apt-get install -y --no-install-recommends git \ + && rm -rf /var/lib/apt/lists/* + COPY --from=default-jdk /usr/lib/jvm /usr/lib/jvm +RUN groupadd --gid 1001 non-root-group \ + && useradd --uid 1001 --gid non-root-group --create-home --shell /bin/bash non-root-user + ENV JAVA_8_HOME=/usr/lib/jvm/8 ENV JAVA_11_HOME=/usr/lib/jvm/11 ENV JAVA_17_HOME=/usr/lib/jvm/17 @@ -38,4 +45,5 @@ ENV JAVA_${LATEST_VERSION}_HOME=/usr/lib/jvm/${LATEST_VERSION} ENV JAVA_HOME=${JAVA_8_HOME} ENV PATH=${JAVA_HOME}/bin:${PATH} -WORKDIR /work +USER non-root-user +WORKDIR /home/non-root-user From a9181fbde9a4799f6c8260d6d06e33b698345ce1 Mon Sep 17 00:00:00 2001 From: Alexey Kuznetsov Date: Tue, 31 Mar 2026 22:16:09 -0400 Subject: [PATCH 5/7] Simplify build and image --- Dockerfile.arm64 | 9 --------- build-arm64 | 45 ++++++++------------------------------------- 2 files changed, 8 insertions(+), 46 deletions(-) diff --git a/Dockerfile.arm64 b/Dockerfile.arm64 index 471a0b5..9d4d9d4 100644 --- a/Dockerfile.arm64 +++ b/Dockerfile.arm64 @@ -1,17 +1,12 @@ # syntax=docker/dockerfile:1.6 -ARG LATEST_VERSION -FROM eclipse-temurin:${LATEST_VERSION}-jdk-noble AS temurin-latest - FROM ubuntu:24.04 AS default-jdk -ARG LATEST_VERSION COPY --from=eclipse-temurin:8-jdk-noble /opt/java/openjdk /usr/lib/jvm/8 COPY --from=eclipse-temurin:11-jdk-noble /opt/java/openjdk /usr/lib/jvm/11 COPY --from=eclipse-temurin:17-jdk-noble /opt/java/openjdk /usr/lib/jvm/17 COPY --from=eclipse-temurin:21-jdk-noble /opt/java/openjdk /usr/lib/jvm/21 COPY --from=eclipse-temurin:25-jdk-noble /opt/java/openjdk /usr/lib/jvm/25 -COPY --from=temurin-latest /opt/java/openjdk /usr/lib/jvm/${LATEST_VERSION} RUN <<-EOT set -eux @@ -22,9 +17,6 @@ RUN <<-EOT EOT FROM ubuntu:24.04 AS base -ARG LATEST_VERSION -ENV LATEST_VERSION=${LATEST_VERSION} - LABEL org.opencontainers.image.source=https://github.com/DataDog/dd-trace-java-docker-build RUN apt-get update \ @@ -41,7 +33,6 @@ ENV JAVA_11_HOME=/usr/lib/jvm/11 ENV JAVA_17_HOME=/usr/lib/jvm/17 ENV JAVA_21_HOME=/usr/lib/jvm/21 ENV JAVA_25_HOME=/usr/lib/jvm/25 -ENV JAVA_${LATEST_VERSION}_HOME=/usr/lib/jvm/${LATEST_VERSION} ENV JAVA_HOME=${JAVA_8_HOME} ENV PATH=${JAVA_HOME}/bin:${PATH} diff --git a/build-arm64 b/build-arm64 index 314f6fc..49515c5 100644 --- a/build-arm64 +++ b/build-arm64 @@ -2,7 +2,6 @@ set -eu readonly IMAGE_NAME="ghcr.io/datadog/dd-trace-java-docker-build" -readonly BASE_VARIANTS=(8 11 17 21 25 tip) function compute_metadata() { GIT_BRANCH="${GITHUB_REF_NAME:-$(git branch --show-current)}" @@ -19,58 +18,35 @@ function compute_metadata() { GIT_HEAD_REF="$(git show-ref --head --hash ^HEAD)" } -function compute_latest_version() { - local base_year=2025 - local base_version=23 - - version="$((base_version + ($(date +%Y) - base_year) * 2))" - if [ "$(date +%m)" -ge 4 ]; then - version="$((version + 1))" - fi - if [ "$(date +%m)" -ge 10 ]; then - version="$((version + 1))" - fi - - export LATEST_VERSION="$version" +function image_name() { + echo -n "${IMAGE_NAME}:${TAG_PREFIX}arm64-base" } function docker_build() { - local tag="$1" docker buildx build \ - --build-arg LATEST_VERSION=$LATEST_VERSION \ --platform linux/arm64 \ --label org.opencontainers.image.created="$BUILD_DATE" \ --label org.opencontainers.image.source=https://github.com/DataDog/dd-trace-java-docker-build \ --label org.opencontainers.image.revision="$GIT_HEAD_REF" \ --file Dockerfile.arm64 \ --target base \ - --tag "$tag" \ + --tag "$(image_name)" \ --load \ . } -function image_name() { - local variant="${1}" - echo -n "${IMAGE_NAME}:${TAG_PREFIX}arm64-${variant}" -} - function do_build() { compute_metadata - compute_latest_version - docker_build "$(image_name base)" + docker_build if [ -n "${GITHUB_OUTPUT+unset}" ]; then - echo "LATEST_IMAGE_TAG=$(image_name base)" >>"$GITHUB_OUTPUT" + echo "LATEST_IMAGE_TAG=$(image_name)" >>"$GITHUB_OUTPUT" fi - for variant in "${BASE_VARIANTS[@]}"; do - variant="${variant,,}" - docker tag "$(image_name base)" "$(image_name "${variant}")" - done } function do_test() { local image compute_metadata - image="$(image_name base)" + image="$(image_name)" docker run \ --platform linux/arm64 \ --rm \ @@ -89,8 +65,7 @@ function do_test() { function do_describe() { local image compute_metadata - compute_latest_version - image="$(image_name base)" + image="$(image_name)" docker run \ --platform linux/arm64 \ --rm \ @@ -120,12 +95,8 @@ function do_describe() { } function do_push() { - local tag compute_metadata - for tag in base "${BASE_VARIANTS[@]}"; do - tag="${tag,,}" - docker push "$(image_name "${tag}")" - done + docker push "$(image_name)" } if [[ -z ${1:-} ]]; then From 12e2f1ddbc88f9db96fd38840a11ab7a45d54888 Mon Sep 17 00:00:00 2001 From: Alexey Kuznetsov Date: Tue, 31 Mar 2026 22:42:31 -0400 Subject: [PATCH 6/7] Minor fixes --- Dockerfile.arm64 | 1 + build-arm64 | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile.arm64 b/Dockerfile.arm64 index 9d4d9d4..97104ac 100644 --- a/Dockerfile.arm64 +++ b/Dockerfile.arm64 @@ -21,6 +21,7 @@ LABEL org.opencontainers.image.source=https://github.com/DataDog/dd-trace-java-d RUN apt-get update \ && apt-get install -y --no-install-recommends git \ + && git config --system --add safe.directory "*" \ && rm -rf /var/lib/apt/lists/* COPY --from=default-jdk /usr/lib/jvm /usr/lib/jvm diff --git a/build-arm64 b/build-arm64 index 49515c5..2371253 100644 --- a/build-arm64 +++ b/build-arm64 @@ -86,9 +86,9 @@ function do_describe() { echo for env_name in JAVA_8_HOME JAVA_11_HOME JAVA_17_HOME JAVA_21_HOME JAVA_25_HOME; do echo "* ${env_name}" - echo "```" + printf '%s\n' '```' "${!env_name}/bin/java" -version 2>&1 - echo "```" + printf '%s\n' '```' echo done ' From 0a85d83ae507f3e88aa9cbdf4a52f2ba9a5af972 Mon Sep 17 00:00:00 2001 From: Alexey Kuznetsov Date: Wed, 1 Apr 2026 09:07:38 -0400 Subject: [PATCH 7/7] Added lsof to base image. --- Dockerfile.arm64 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.arm64 b/Dockerfile.arm64 index 97104ac..56a76cc 100644 --- a/Dockerfile.arm64 +++ b/Dockerfile.arm64 @@ -20,7 +20,7 @@ FROM ubuntu:24.04 AS base LABEL org.opencontainers.image.source=https://github.com/DataDog/dd-trace-java-docker-build RUN apt-get update \ - && apt-get install -y --no-install-recommends git \ + && apt-get install -y --no-install-recommends git lsof \ && git config --system --add safe.directory "*" \ && rm -rf /var/lib/apt/lists/*