Merge pull request #2380 from nordic-institute/dockerfile-minification

chore: minify images generated from dockerfiles

Docker/centralserver/Dockerfile

@@ -7,7 +7,6 @@ FROM ubuntu:24.04 AS base
 ENV DEBIAN_FRONTEND=noninteractive
 
 RUN apt-get -qq update \
-  && apt-get -qq upgrade \
   && apt-get -qq install --no-install-recommends sudo ca-certificates gnupg supervisor net-tools locales openjdk-21-jre-headless rlwrap ca-certificates-java crudini adduser expect curl rsyslog dpkg-dev \
   && echo "LC_ALL=en_US.UTF-8" >>/etc/environment \
   && locale-gen en_US.UTF-8 \

Docker/securityserver/Dockerfile

@@ -7,7 +7,6 @@ FROM ubuntu:24.04 AS base
 ENV DEBIAN_FRONTEND=noninteractive
 
 RUN apt-get -qq update \
-    && apt-get -qq -y upgrade \
     && apt-get -qq -y install --no-install-recommends \
         ca-certificates gnupg supervisor net-tools iproute2 locales \
         openjdk-21-jre-headless rlwrap ca-certificates-java \

Docker/securityserver/init_context.sh

@@ -1,9 +1,13 @@
 #!/bin/bash
 
-rm -rf ./build
+rm -rf ./build/packages
 mkdir -p ./build/packages
 mkdir -p ./build/libs
 
 # Should match opentelemetry annotations version.
-wget -O ./build/libs/opentelemetry-javaagent.jar \
-https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v2.6.0/opentelemetry-javaagent.jar
+if [ ! -f ./build/libs/opentelemetry-javaagent.jar ]; then
+  wget -O ./build/libs/opentelemetry-javaagent.jar \
+  https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v2.9.0/opentelemetry-javaagent.jar
+else
+  echo "opentelemetry-javaagent.jar already exists. Skipping download."
+fi

Docker/testca/Dockerfile

@@ -1,9 +1,19 @@
-FROM ubuntu:22.04
+FROM ubuntu:24.04
 
-RUN apt-get update \
-  && apt-get -qq install --no-install-recommends python3 nginx supervisor bash openssl curl python3-pip uwsgi uwsgi-plugin-python3 \
-  # Setup TEST-CA with TSA and OCSP
-  && adduser --disabled-password ca && adduser --disabled-password --no-create-home --ingroup ca ocsp
+# ACME
+ARG A2C_VER=0.35
+ADD https://github.com/grindsa/acme2certifier/releases/download/$A2C_VER/acme2certifier_$A2C_VER-1_all.deb /tmp/
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get -qq update \
+  && apt-get -qq install --no-install-recommends  \
+    python3 nginx supervisor bash openssl curl python3-pip uwsgi uwsgi-plugin-python3 \
+  && apt -y install --no-install-recommends /tmp/acme2certifier_$A2C_VER-1_all.deb \
+  && apt-get -qq clean \
+  #Setup TEST-CA with TSA and OCSP
+  && useradd -m ca -U \
+  && useradd -G ca ocsp
 
 COPY build/home /home
 COPY build/etc /etc
@@ -26,11 +36,6 @@ RUN chown -R ca:ca /home/ca/CA \
 COPY files/ca-entrypoint.sh /root/entrypoint.sh
 COPY --chown=root:root files/testca.conf /etc/supervisor/conf.d/testca.conf
 
-# ACME
-ARG A2C_VER=0.34
-ADD https://github.com/grindsa/acme2certifier/releases/download/$A2C_VER/acme2certifier_$A2C_VER-1_all.deb /tmp/
-RUN apt update
-RUN apt -y install /tmp/acme2certifier_$A2C_VER-1_all.deb
 RUN sed -i "s/run\/uwsgi\/acme.sock/var\/www\/acme2certifier\/acme.sock/g" /var/www/acme2certifier/examples/nginx/nginx_acme_srv.conf \
     && sed -i "s/80/8887/g" /var/www/acme2certifier/examples/nginx/nginx_acme_srv.conf \
     && cp /var/www/acme2certifier/examples/nginx/nginx_acme_srv.conf /etc/nginx/sites-available/acme_srv.conf \

Docker/xrd-dev-stack/local-dev-prepare.sh

@@ -47,7 +47,7 @@ fi
 
 if [[ "$GRADLE_BUILD" -eq 1 ]]; then
   echo "Building & packaging X-Road.."
-  cd "$XROAD_HOME"/src/ && ./build_packages.sh "$@"
+  cd "$XROAD_HOME"/src/ && ./build_packages.sh -r noble "$@"
 fi
 
 if [ ! -d "$PACKAGES_LOCAL_PATH" ] || [ ! "$(ls -A "$PACKAGES_LOCAL_PATH")" ]; then

src/central-server/admin-service/int-test/src/intTest/resources/application-override.yml

@@ -25,7 +25,7 @@ test-automation:
     testable-container:
       reuse-between-runs: ${reuse-between-runs}
       spring-boot:
-        base-image: eclipse-temurin:21-jammy
+        base-image: eclipse-temurin:21-noble
         jar-debug-enabled: false
         debug-port: 9000
         jacoco:

src/central-server/management-service/int-test/src/intTest/resources/application-override.yml

@@ -21,7 +21,7 @@ test-automation:
     testable-container:
       reuse-between-runs: false
       spring-boot:
-        base-image: eclipse-temurin:21-jammy
+        base-image: eclipse-temurin:21-noble
         jar-debug-enabled: true
         debug-port: 9000
         jacoco:

src/common/common-int-test/src/main/resources/META-INF/ca-container/Dockerfile

@@ -1,10 +1,16 @@
 FROM ubuntu:24.04
 
+# ACME
+ARG A2C_VER=0.35
+ADD https://github.com/grindsa/acme2certifier/releases/download/$A2C_VER/acme2certifier_$A2C_VER-1_all.deb /tmp/
+
 ENV DEBIAN_FRONTEND=noninteractive
 
 RUN apt-get -qq update \
-  && apt-get -qq upgrade \
-  && apt-get -qq install sudo ca-certificates supervisor adduser nginx-light python3 python3-pip uwsgi uwsgi-plugin-python3 curl nano \
+  && apt-get -qq install --no-install-recommends  \
+    ca-certificates supervisor nginx-light python3 python3-pip  \
+    uwsgi uwsgi-plugin-python3 curl nano \
+  && apt -y install --no-install-recommends /tmp/acme2certifier_$A2C_VER-1_all.deb  \
   && apt-get -qq clean
 
 #Setup TEST-CA with TSA and OCSP
@@ -25,11 +31,7 @@ RUN chown -R ca:ca /home/ca/CA \
   && chmod 0754 /home/ca/CA/ca.py \
   && chmod 0754 /home/ca/CA/sign_req.sh
 
-# ACME
-ARG A2C_VER=0.33.3
-ADD https://github.com/grindsa/acme2certifier/releases/download/$A2C_VER/acme2certifier_$A2C_VER-1_all.deb /tmp/
-RUN apt update
-RUN apt -y install /tmp/acme2certifier_$A2C_VER-1_all.deb
+#Setup ACME2Certifier
 RUN sed -i "s/run\/uwsgi\/acme.sock/var\/www\/acme2certifier\/acme.sock/g" /var/www/acme2certifier/examples/nginx/nginx_acme_srv.conf \
     && sed -i "s/80/8887/g" /var/www/acme2certifier/examples/nginx/nginx_acme_srv.conf \
     && cp /var/www/acme2certifier/examples/nginx/nginx_acme_srv.conf /etc/nginx/sites-available/acme_srv.conf \
@@ -41,6 +43,7 @@ RUN sed -i "s/run\/uwsgi\/acme.sock/var\/www\/acme2certifier\/acme.sock/g" /var/
     && sed -i s/level=log_mode\)/level=log_mode,filename=\'logs\\/a2c_logs\'\)/g /var/www/acme2certifier/acme_srv/helper.py \
     && sed -i "61i \            if serial.startswith(\'00\'\): serial = serial[2:]" /var/www/acme2certifier/acme_srv/renewalinfo.py \
     && usermod -a -G ca www-data
+
 COPY --chown=www-data:www-data files/acme_srv.cfg /var/www/acme2certifier/acme_srv/acme_srv.cfg
 COPY --chown=www-data:www-data files/key_file.csv /var/www/acme2certifier/examples/eab_handler/key_file.csv
 

src/common/common-int-test/src/main/resources/signer-container-files/Dockerfile

@@ -1,21 +1,11 @@
-FROM ubuntu:24.04
-
-RUN apt-get clean && apt-get -y update && apt-get install -qq -y locales && locale-gen en_US.UTF-8
-ENV LANG en_US.UTF-8
-ENV LANGUAGE en_US:en
-ENV LC_ALL en_US.UTF-8
+FROM eclipse-temurin:21-jre-noble
 
 ENV DEBIAN_FRONTEND=noninteractive
 
 RUN apt-get -qq update \
-  && apt-get -qq upgrade \
-  && apt-get -qq install curl software-properties-common gawk \
-  openjdk-21-jdk-headless build-essential git unzip debhelper \
-  && apt-get -qq install softhsm2 opensc\
-  && apt-get -qq autoremove \
+  && apt-get -qq install --no-install-recommends curl softhsm2 \
   && apt-get -qq clean
 
-
 # Create token
 RUN mkdir -p /var/lib/softhsm/tokens/ && \
     softhsm2-util --init-token --slot 0 --label 'x-road-softhsm2' --so-pin 1234 --pin 1234

src/security-server/admin-service/int-test/src/intTest/resources/application-override.yml

@@ -25,7 +25,7 @@ test-automation:
     testable-container:
       reuse-between-runs: ${reuse-between-runs}
       spring-boot:
-        base-image: eclipse-temurin:21-jammy
+        base-image: eclipse-temurin:21-noble
         jar-debug-enabled: false
         debug-port: 9000
         jacoco: