GH-4304 improve docker image security #4305
Conversation
|
Before: After: |
|
Hmz, looks like you've accidentally committed fixes for (white space) formatting issues in a series of unrelated files |
…compiling in parallel and upgrading some plugins
hmottestad
force-pushed
the
GH-4304-improve-docker-image-security
branch
from
2973761
to
ea341f7
Compare
| <version>3.8.1</version> | ||
| <version>3.10.1</version> | ||
| <configuration> | ||
| <fork>true</fork> | ||
| <fork>false</fork> |
There was a problem hiding this comment.
This improves the build performance. It was taking 7 minutes to do a clean build, and that was very annoying when I was testing my actual changes, now it takes 2 1/2 minutes.
| @@ -22,6 +22,7 @@ MVN_VERSION=$(xmllint --xpath "//*[local-name()='project']/*[local-name()='versi | |||
| echo "Building with Maven" | |||
| mvn clean | |||
| mvn -T 2C formatter:format impsort:sort && mvn xml-format:xml-format | |||
| mvn -T 2C compile -P-use-sonatype-snapshots package -DskipTests -Dmaven.javadoc.skip=true -Dformatter.skip=true -Dimpsort.skip=true -Dxml-format.skip=true -Djapicmp.skip -Denforcer.skip=true -Dbuildnumber.plugin.phase=none -Ddefault-jar.phase=none -Danimal.sniffer.skip=true | |||
There was a problem hiding this comment.
This improves the build performance. It was taking 7 minutes to do a clean build, and that was very annoying when I was testing my actual changes, now it takes 2 1/2 minutes.
| <version>3.8.1</version> | ||
| <configuration> | ||
| <fork>true</fork> | ||
| <release>11</release> | ||
| <encoding>utf8</encoding> | ||
| </configuration> |
There was a problem hiding this comment.
This was a duplicate of the root pom.
I got a bit ahead of myself by upgrading a bunch of build time dependencies while I was at it, but then I realise I would be spending the entire weekend filing CQs for them...so I reverted those changes. The only "unrelated" thing I'm keeping is some performance improvements to the maven build. |
| docker-compose build | ||
| docker-compose build --pull --no-cache |
There was a problem hiding this comment.
This pulls the base image and also disables caching (which would cache the apt-get upgrade command).
Have you tested the Eclipse dash-license tool ? Filing CQs is now a (mostly) automated process... a much nicer experience than manually adding CQs and attaching jars via the old website ... |
It didn't pick up any of the maven plugins :( |
|
Fwiw I think we don't really have to file CQs for maven plugins anymore. We did so in the past, but it later turned out that we have a lot of discretion there. Especially as we don't actually distribute these, they're just part of our build env. |
hmottestad
changed the title
GitHub issue resolved: #4304
Briefly describe the changes proposed in this PR:
PR Author Checklist (see the contributor guidelines for more details):
mvn process-resourcesto format from the command line)