-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GH-4304 improve docker image security #4305
Conversation
Hmz, looks like you've accidentally committed fixes for (white space) formatting issues in a series of unrelated files |
…compiling in parallel and upgrading some plugins
2973761
to
ea341f7
Compare
<version>3.8.1</version> | ||
<version>3.10.1</version> | ||
<configuration> | ||
<fork>true</fork> | ||
<fork>false</fork> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This improves the build performance. It was taking 7 minutes to do a clean build, and that was very annoying when I was testing my actual changes, now it takes 2 1/2 minutes.
@@ -22,6 +22,7 @@ MVN_VERSION=$(xmllint --xpath "//*[local-name()='project']/*[local-name()='versi | |||
echo "Building with Maven" | |||
mvn clean | |||
mvn -T 2C formatter:format impsort:sort && mvn xml-format:xml-format | |||
mvn -T 2C compile -P-use-sonatype-snapshots package -DskipTests -Dmaven.javadoc.skip=true -Dformatter.skip=true -Dimpsort.skip=true -Dxml-format.skip=true -Djapicmp.skip -Denforcer.skip=true -Dbuildnumber.plugin.phase=none -Ddefault-jar.phase=none -Danimal.sniffer.skip=true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This improves the build performance. It was taking 7 minutes to do a clean build, and that was very annoying when I was testing my actual changes, now it takes 2 1/2 minutes.
<version>3.8.1</version> | ||
<configuration> | ||
<fork>true</fork> | ||
<release>11</release> | ||
<encoding>utf8</encoding> | ||
</configuration> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was a duplicate of the root pom.
I got a bit ahead of myself by upgrading a bunch of build time dependencies while I was at it, but then I realise I would be spending the entire weekend filing CQs for them...so I reverted those changes. The only "unrelated" thing I'm keeping is some performance improvements to the maven build. |
docker-compose build | ||
docker-compose build --pull --no-cache |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This pulls the base image and also disables caching (which would cache the apt-get upgrade command).
Have you tested the Eclipse dash-license tool ? Filing CQs is now a (mostly) automated process... a much nicer experience than manually adding CQs and attaching jars via the old website ... |
It didn't pick up any of the maven plugins :( |
Fwiw I think we don't really have to file CQs for maven plugins anymore. We did so in the past, but it later turned out that we have a lot of discretion there. Especially as we don't actually distribute these, they're just part of our build env. |
GitHub issue resolved: #4304
Briefly describe the changes proposed in this PR:
PR Author Checklist (see the contributor guidelines for more details):
mvn process-resources
to format from the command line)