Modernizes the OpenICF Docker images and broadens their multi-architecture build matrix#95
Open
vharseko wants to merge 1 commit into
Open
Modernizes the OpenICF Docker images and broadens their multi-architecture build matrix#95vharseko wants to merge 1 commit into
vharseko wants to merge 1 commit into
Conversation
- Bump Dockerfile base image from eclipse-temurin:25-jre-jammy to 25-jre-noble (Ubuntu 24.04) - Add linux/riscv64 to the multi-arch build for the Ubuntu-based image - Add linux/386 and linux/riscv64 to the Alpine image build - Dockerfile-alpine: declare ARG TARGETARCH and select the JDK per target arch (openjdk11-jre on linux/386, openjdk25-jre on every other architecture) - Add --add-exports java.base/com.sun.jndi.ldap=ALL-UNNAMED to the Alpine OPENICF_OPTS so the LDAP connector keeps working on Java 25 - Apply the platform changes to both build.yml and release.yml workflows - Print container logs at the end of each "Docker test" step in build.yml
maximthomas
approved these changes
Jun 24, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Modernizes the OpenICF Docker images and broadens their multi-architecture build matrix.
Dockerfile): switch the base image fromeclipse-temurin:25-jre-jammytoeclipse-temurin:25-jre-noble(Ubuntu 22.04 → 24.04) and addlinux/riscv64to its build platforms.Dockerfile-alpine): addlinux/386andlinux/riscv64, and select the JDK per target architecture instead of hard-codingopenjdk11-jre.build.ymlandrelease.ymlworkflows.build.yml.Platform coverage
Dockerfile)linux/amd64,linux/arm64/8,linux/ppc64le,linux/s390x,linux/riscv64Dockerfile-alpine)linux/amd64,linux/arm64/8,linux/s390x,linux/ppc64le,linux/386,linux/riscv64Conditional JDK on Alpine
Alpine's package repositories do not offer a single OpenJDK version that covers every target architecture:
x86(linux/386) only hasopenjdk11(no 32-bit build of newer JDKs).riscv64only hasopenjdk21/openjdk25(noopenjdk11).Dockerfile-alpinetherefore declaresARG TARGETARCHand installs:openjdk11-jreonlinux/386openjdk25-jreon every other architecture (aligns the Alpine runtime with the Ubuntu image's JRE 25)Java 25 LDAP connector flag
Because the Alpine image now runs Java 25 on every architecture except
linux/386, itsOPENICF_OPTSgains--add-exports java.base/com.sun.jndi.ldap=ALL-UNNAMED, matching the Ubuntu image. The flag is required for the LDAP connector under Java's strong encapsulation and is harmless on Java 11.Notes
linux/arm/v6(armhf) andlinux/arm/v7(armv7) are intentionally not included: Alpine ships no OpenJDK for those architectures at any version, andeclipse-temurindoes not publish them either, so an OpenICF image cannot be produced for them.Testing
build-docker(Ubuntu/Noble) andbuild-docker-alpinejobs build successfully across all listed platforms, including the existing "Docker test" health-check smoke test (now followed bydocker logs test).openjdk11-jreonlinux/386,openjdk25-jreelsewhere.