-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fixes #735 apache tomcat upgrade to patch vulnerabilities #202
Changes from all commits
059674f
8db10f3
5a401d9
da3e369
ad34f68
d1ddff1
6590a26
71363e1
422fb9b
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,30 @@ | ||
FROM mcneilco/tomcat-maven:openjdk8 | ||
ARG CHEMISTRY_PACKAGE=jchem | ||
ARG TOMCAT_IMAGE=mcneilco/tomcat-maven:1.3-openjdk8 | ||
|
||
FROM ${TOMCAT_IMAGE} as dependencies | ||
ARG CHEMISTRY_PACKAGE | ||
ENV CHEMISTRY_PACKAGE=${CHEMISTRY_PACKAGE} | ||
|
||
FROM dependencies as jchem | ||
ADD lib/jchem-16.4.25.0.jar /lib/jchem-16.4.25.0.jar | ||
RUN mvn install:install-file -Dfile=/lib/jchem-16.4.25.0.jar -DartifactId=jchem -DgroupId=com.chemaxon -Dversion=16.4.25.0 -Dpackaging=jar -DgeneratePom=true -DcreateChecksum=true | ||
|
||
FROM dependencies as indigo | ||
|
||
FROM ${CHEMISTRY_PACKAGE} as compile | ||
WORKDIR /src | ||
ENV CATALINA_HOME /usr/local/tomcat | ||
ENV PATH $CATALINA_HOME/bin:$PATH | ||
ADD pom.xml /src/pom.xml | ||
ADD lib/jchem-16.4.25.0.jar /lib/jchem-16.4.25.0.jar | ||
RUN ["mvn", "install:install-file","-Dfile=/lib/jchem-16.4.25.0.jar","-DartifactId=jchem","-DgroupId=com.chemaxon","-Dversion=16.4.25.0","-Dpackaging=jar","-DgeneratePom=true","-DcreateChecksum=true"] | ||
RUN ["mvn", "dependency:resolve", "-P", "default"] | ||
RUN ["mvn", "clean"] | ||
ADD . /src | ||
RUN mvn compile war:war -P default | ||
RUN mv target/acas*.war $CATALINA_HOME/webapps/acas.war | ||
RUN mv target/acas* $CATALINA_HOME/webapps/acas | ||
RUN rm -rf /src | ||
WORKDIR $CATALINA_HOME | ||
EXPOSE 8080 | ||
CMD ["catalina.sh", "run"] | ||
RUN mvn dependency:resolve-plugins | ||
RUN mvn dependency:resolve -P ${CHEMISTRY_PACKAGE} | ||
ADD . /src | ||
RUN mvn clean && \ | ||
mvn compile war:war -P ${CHEMISTRY_PACKAGE} && \ | ||
mv target/acas*.war $CATALINA_HOME/webapps/acas.war && \ | ||
mv target/acas* $CATALINA_HOME/webapps/acas | ||
|
||
FROM ${TOMCAT_IMAGE} as build | ||
COPY --from=compile /src/target/acas*.war $CATALINA_HOME/webapps/acas/ $CATALINA_HOME/webapps/acas.war | ||
COPY --from=compile /src/target/acas* $CATALINA_HOME/webapps/acas/ $CATALINA_HOME/webapps/acas | ||
WORKDIR $CATALINA_HOME | ||
EXPOSE 8080 | ||
CMD ["catalina.sh", "run"] | ||
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -58,56 +58,43 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.]]> | |
<repository> | ||
<id>spring-maven-release</id> | ||
<name>Spring Maven Release Repository</name> | ||
<url>http://maven.springframework.org/release</url> | ||
<url>https://maven.springframework.org/release</url> | ||
</repository> | ||
<repository> | ||
<id>spring-maven-milestone</id> | ||
<name>Spring Maven Milestone Repository</name> | ||
<url>http://maven.springframework.org/milestone</url> | ||
<url>https://maven.springframework.org/milestone</url> | ||
</repository> | ||
<repository> | ||
<id>spring-roo-repository</id> | ||
<name>Spring Roo Repository</name> | ||
<url>http://spring-roo-repository.springsource.org/release</url> | ||
</repository> | ||
<repository> | ||
<id>jcenter-release</id> | ||
<name>jcenter</name> | ||
<url>http://oss.jfrog.org/artifactory/oss-release-local/</url> | ||
</repository> | ||
<repository> | ||
<id>OSGEO GeoTools repo</id> | ||
<url>http://download.osgeo.org/webdav/geotools</url> | ||
</repository> | ||
<repository> | ||
<id>codehaus</id> | ||
<url>https://repository.codehaus.org/org/codehaus</url> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This repose weren't being used anywhere in the code so I removed them. This speeds up the build pretty significantly too. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Oh gosh, wow. Out with the trash! |
||
<url>https://spring-roo-repository.springsource.org/release</url> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Switch to more secure https |
||
</repository> | ||
</repositories> | ||
<pluginRepositories> | ||
<pluginRepository> | ||
<id>spring-maven-release</id> | ||
<name>Spring Maven Release Repository</name> | ||
<url>http://maven.springframework.org/release</url> | ||
<url>https://maven.springframework.org/release</url> | ||
</pluginRepository> | ||
<pluginRepository> | ||
<id>spring-maven-milestone</id> | ||
<name>Spring Maven Milestone Repository</name> | ||
<url>http://maven.springframework.org/milestone</url> | ||
<url>https://maven.springframework.org/milestone</url> | ||
</pluginRepository> | ||
<pluginRepository> | ||
<id>spring-roo-repository</id> | ||
<name>Spring Roo Repository</name> | ||
<url>http://spring-roo-repository.springsource.org/release</url> | ||
<url>https://spring-roo-repository.springsource.org/release</url> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. more https |
||
</pluginRepository> | ||
</pluginRepositories> | ||
<!-- Maven Build profile controls whether to use JChem or Indigo --> | ||
<profiles> | ||
<profile> | ||
<id>default</id> | ||
<id>jchem</id> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is backwards compatable with -P default because it IS the default and so even if you provide a bad profile name like |
||
<activation> | ||
<activeByDefault>true</activeByDefault> | ||
</activation> | ||
</activation> | ||
<dependencies> | ||
<dependency> | ||
<groupId>com.chemaxon</groupId> | ||
|
@@ -312,7 +299,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.]]> | |
<dependency> | ||
<groupId>commons-collections</groupId> | ||
<artifactId>commons-collections</artifactId> | ||
<version>3.2.1</version> | ||
<version>3.2.2</version> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Accepted an automatic bump request from github bot. |
||
</dependency> | ||
<dependency> | ||
<groupId>org.hibernate</groupId> | ||
|
@@ -640,9 +627,9 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.]]> | |
</configuration> | ||
</plugin> | ||
<plugin> | ||
<groupId>org.codehaus.mojo</groupId> | ||
<groupId>com.nickwongdev</groupId> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. org.codehaus.mojo isn't being maintained anymore and com.nickwongdev is now the defacto standard. This is more future proof and com.nickwongdev supports java 9+ if we decide to go there which org.codehaus.mojo does not. |
||
<artifactId>aspectj-maven-plugin</artifactId> | ||
<version>1.9</version> | ||
<version>1.12.1</version> | ||
<!-- NB: do not use 1.3 or 1.3.x due to MASPECTJ-90 and do not use 1.4 | ||
due to declare parents issue --> | ||
<dependencies> | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see, we are only copying the .war and the expanded directory into Tomcat and nothing else.