53bcdafe91
What are we solving here? 1. Installing Java in the `Dockerfile` by using Adoptium's package repositories is fragile since they've started blocking some IP addresses used by GitHub Actions runners. We see a message like this: ``` Failed to fetch https://packages.adoptium.net/artifactory/deb/pool/main/t/temurin-17/temurin-17-jdk_17.0.8.1.0+1_amd64.deb 403 Forbidden [IP: 146.75.107.42 443] ``` We're seeing more and more cases of these and PRs are getting blocked. 2. Installing Java via `apt` also installs other packages like X11 libraries, that aren't really relevant to our usage of Java. Yet, these packages are present in our Docker image, and are the source of several CVEs to be reported by scanners on our Docker image. 3. This will give us control over trusted CA certificates, which we can now perform under `$TMP`, which aligns with our move towards supporting readonly root filesystem. Which is essentially not write to anything in the Docker image at runtime, except for under `/tmp` and `/appsmith-stacks`. This will help us move in that direction. |
||
|---|---|---|
| .. | ||
| ansible | ||
| aws | ||
| aws_ami | ||
| digital_ocean | ||
| docker | ||
| helm | ||
| heroku | ||
| packer | ||