ci: replace Liberica OpenJDK base images with debian:bullseye-slim + SDKMAN#479
Open
ci: replace Liberica OpenJDK base images with debian:bullseye-slim + SDKMAN#479
Conversation
…SDKMAN Replace vendor-specific bellsoft/liberica-openjdk-* images with debian:bullseye-slim (Debian 11, glibc 2.31) for glibc builds and eclipse-temurin:21-jdk-alpine for musl builds. All images pinned by sha256 digest for reproducibility. JDK 21 (Temurin 21.0.3) and Maven are installed at image-build time via SDKMAN, keeping glibc 2.31 as the build baseline so produced native binaries require only glibc >=2.31 at runtime. Removes libclang-rt-dev (Ubuntu-only package) and maven from apt installs; maven pulled in default-jre-headless (Java 11) which would shadow the SDKMAN-managed JDK 21. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
3ed3c91 to
075b1dc
Compare
Script was at .gitlab/scripts/rebuild-images.sh; one '..' resolves to .gitlab/, not the repo root. Dockerfile paths like .gitlab/base/Dockerfile then expanded to .gitlab/.gitlab/base/Dockerfile. Use '../..' instead. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
CI Test ResultsRun: #24474281138 | Commit:
Status Overview
Legend: ✅ passed | ❌ failed | ⚪ skipped | 🚫 cancelled Summary: Total: 32 | Passed: 32 | Failed: 0 Updated: 2026-04-15 20:08:00 UTC |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Replaces the
bellsoft/liberica-openjdk-debianandbellsoft/liberica-openjdk-alpine-muslbase images used when building CI Docker images.glibc builds:
debian:bullseye-slim(Debian 11, glibc 2.31), pinned by sha256 digest. JDK 21 (Temurin 21.0.3) and Maven are installed at image-build time via SDKMAN.musl builds:
eclipse-temurin:21-jdk-alpine(Alpine, musl), pinned by sha256 digest — unchanged approach, digest-pinned.Also fixes a pre-existing bug in
.gitlab/scripts/rebuild-images.shwherePROJECT_ROOTresolved to.gitlab/instead of the repo root, causing all Dockerfile paths to be doubled (.gitlab/.gitlab/base).Why
bellsoft/liberica-openjdk-*images are a third-party vendor distribution with no multi-arch manifest guarantees.eclipse-temurin:21-jdk-bullseyedoes not exist (Adoptium skipped Debian 11 for JDK 21), so SDKMAN is used to install JDK 21 on top of the plain Debian base.Changes
.gitlab/build-deploy/images.ymlOPENJDK_BASE_IMAGE*→debian:bullseye-slim@sha256:0083….gitlab/config.envOPENJDK_BASE_IMAGE_AMD64/ARM64→ same digest.gitlab/base/DockerfileARG BASE_IMAGE→debian:bullseye-slim; add SDKMAN install for JDK 21 + Maven; removemavenandlibclang-rt-devfrom apt (former pulls in Java 11 viadefault-jre-headless, latter is Ubuntu-only).gitlab/scripts/rebuild-images.shPROJECT_ROOTpath:..→../..Test plan
build-deploypipeline) and confirm successful image pushbuild:x64,build:arm64) against new imagesGLIBC_2.17java -versionreports 21.0.3 (Temurin) inside the built image — confirmed locally🤖 Generated with Claude Code