Currently the docker images are build, but not pushed.
Also push the images..

Only push on master

on:
  push:
    branches:
    - master

We're using gradle to build docker images.

It would be nice if we can use docker in the JDK images.

For reporting we sometimes want to use Figlet.

Images are very big.
This is caused by AWS-cli.

AWS-cli is used for:

1. Build time: to push images to ECR
2. Runtime for HIPAA ineligible services

Create seperate tags with and without AWS-cli

Vulnerability checks are failing.. Needs investigation.

Currently we're tagging the images on a higher level. f.e. openjdk:11-jre and openjdk:11-jre-slim

This is nice, because now you can use openjdk:11-jre and we will take care of the updates.

But when you put stuff to production, you might pin the version down to a specific patch version of java, f.e. 11.0.1-jre-slim

Add this version as well, so environment can freeze their version of the image, making your production code immutable, thus reproducible.

Currently the openjdk8 jdk image is based alpine.

In order to support bash scripts, please include bash

Currently all jdk images run as USER root and all jre run as USER java.

No action is required.

Related issue: #53

As part of #53 we need to perform the first step:

Create new docker-image based on the original with -gha appended to the tag and add deprecation warning to the original.

• Create new image based on original with -gha appended to it.
• Make sure the build order is correct to ensure the correct base image.
• Add deprecation warning to original image.

https://bugs.openjdk.java.net/browse/JDK-8221395

We need to have a java 8 jdk image to for building our software.

JAVA_VERSION : 8u191

Java 10 is not used anymore within the community.

Remove source, but keep the existing docker images.

https://github.com/zulu-openjdk/zulu-openjdk

f.e. azul/zulu-openjdk-alpine:11.0.3-jre

Java has moved to version 11. Add this one

Add CODEOWNERS file like liking to @JeroenKnoops : https://github.com/philips-software/scala/blob/master/CODEOWNERS

Add 11.0.3

It's better to prefix the repository names with docker-.

Example: docker-openjdk

Image name should omit the prefix.

see also: philips-software/docker-blackduck#5

Now every repo has a copy of the builder. Extract the builder into a submodule and link them in all repos.

Github Actions is enabled for Philips-software. Start using actions instead of travis-ci.

https://github.com/features/actions

Use: LABEL maintainer="" instead of MAINTAINER.

See: https://docs.docker.com/engine/reference/builder/

Problem

Github Actions requires the user of the image to be ROOT otherwise it cannot checkout the repository.

Quick solution

Removing the java USER is possible, but it's also considered bad practice to create docker images with root.

Fix

In order to fix this issue, we will create a new docker-image with -gha (github actions) appended to the image tag.
The only difference with the original images are that they run with USER root

Images with USER root

In order to do this we need to do the following to images already running with user ROOT:

• Create new docker-image based on the original with -gha appended to the tag and add deprecation warning to the original. (see #54)
• After a week, add USER java to original image

Images with USER java

In order to do this we need to do the following to images already running with user JAVA:

• Create new docker-image based on original image with USER: root and append tag with -gha.

This only applies to jdk images.

Often projects use maven. Please add version with maven.