Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
689d29065a
PromucFlow_constructor/deploy/docker/fs/opt/appsmith/run-java.sh
Shrikant Sharat Kandula 53bcdafe91
fix: Get Java from GitHub release artifacts directly (#27862) 
What are we solving here?

1. Installing Java in the `Dockerfile` by using Adoptium's package
repositories is fragile since they've started blocking some IP addresses
used by GitHub Actions runners. We see a message like this:
   ```
Failed to fetch
https://packages.adoptium.net/artifactory/deb/pool/main/t/temurin-17/temurin-17-jdk_17.0.8.1.0+1_amd64.deb
403 Forbidden [IP: 146.75.107.42 443]
   ```
We're seeing more and more cases of these and PRs are getting blocked.

2. Installing Java via `apt` also installs other packages like X11
libraries, that aren't really relevant to our usage of Java. Yet, these
packages are present in our Docker image, and are the source of several
CVEs to be reported by scanners on our Docker image.

3. This will give us control over trusted CA certificates, which we can
now perform under `$TMP`, which aligns with our move towards supporting
readonly root filesystem. Which is essentially not write to anything in
the Docker image at runtime, except for under `/tmp` and
`/appsmith-stacks`. This will help us move in that direction.
2023-10-06 19:38:19 +05:30

78 lines
2.1 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
set -o errexit
set -o pipefail
set -o nounset
set -o noglob
declare -a extra_args
proxy_configured=0
match-proxy-url() {
# Examples:
# http://proxy.example.com:8080/
# http://user:pass@proxyhost:123
# http://proxyhost:123
[[ $1 =~ ^http://(([^@:]*):([^@]*)?@)?([^@:]*):([0-9]+)/?$ ]]
proxy_user="${BASH_REMATCH[2]-}"
proxy_pass="${BASH_REMATCH[3]-}"
proxy_host="${BASH_REMATCH[4]-}"
proxy_port="${BASH_REMATCH[5]-}"
[[ -n $proxy_host ]]
}
if match-proxy-url "${HTTP_PROXY-}"; then
extra_args+=(-Dhttp.proxyHost="$proxy_host" -Dhttp.proxyPort="$proxy_port")
if [[ -n $proxy_user ]]; then
extra_args+=(-Dhttp.proxyUser="$proxy_user")
fi
if [[ -n $proxy_pass ]]; then
extra_args+=(-Dhttp.proxyPassword="$proxy_pass")
fi
proxy_configured=1
fi
if match-proxy-url "${HTTPS_PROXY-}"; then
extra_args+=(-Dhttps.proxyHost="$proxy_host" -Dhttps.proxyPort="$proxy_port")
if [[ -n $proxy_user ]]; then
extra_args+=(-Dhttps.proxyUser="$proxy_user")
fi
if [[ -n $proxy_pass ]]; then
extra_args+=(-Dhttps.proxyPassword="$proxy_pass")
fi
proxy_configured=1
fi
if [[ -z "${NO_PROXY-}" ]]; then
# A default for this value is set in entrypoint.sh script.
# If this variable is not set, just set it to empty string.
NO_PROXY=""
fi
if [[ $proxy_configured == 1 ]]; then
extra_args+=(-Djava.net.useSystemProxies=true -Dhttp.nonProxyHosts="${NO_PROXY//,/|}")
fi
if [[ -f "$TMP/java-cacerts-opts" ]]; then
extra_args+=("@$TMP/java-cacerts-opts")
fi
# Wait until RTS started and listens on port 8091
while ! curl --fail --silent localhost:"${APPSMITH_RTS_PORT:-8091}"/rts-api/v1/health-check; do
echo 'Waiting for RTS to start ...'
sleep 1
done
echo 'RTS started.'
sh /opt/appsmith/run-starting-page-init.sh &
# Ref -Dlog4j2.formatMsgNoLookups=true https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot
exec java ${APPSMITH_JAVA_ARGS:-} ${APPSMITH_JAVA_HEAP_ARG:-} \
--add-opens java.base/java.time=ALL-UNNAMED \
-Dserver.port=8080 \
-XX:+ShowCodeDetailsInExceptionMessages \
-Djava.security.egd=file:/dev/./urandom \
-Dlog4j2.formatMsgNoLookups=true \
"${extra_args[@]}" \
-jar server.jar
Reference in New Issue View Git Blame Copy Permalink