From 3f3443c21b8de23ac4b3e41fb8d833f37337825e Mon Sep 17 00:00:00 2001 From: "Mark S. Lewis" Date: Fri, 10 May 2024 12:30:09 +0100 Subject: [PATCH] Update Docker base image version (#343) Use latest eclipse-termurin:11-jdk image to minimise exposure to security vulnerabilities in the base image. Also: - Change permissions for Gradle publishing workflow to allow publish to GitHub Packages. - Update Bouncy Castle dependency to latest patch release (1.78 to 1.78.1). Signed-off-by: Mark S. Lewis --- .github/workflows/release.yml | 3 +++ build.gradle | 2 +- .../fabric-contract-example-as-service/build.gradle | 2 +- .../build.gradle.kts | 2 +- .../fabric-contract-example-gradle/build.gradle | 2 +- examples/fabric-contract-example-maven/pom.xml | 2 +- examples/ledger-api/build.gradle | 2 +- fabric-chaincode-docker/Dockerfile | 13 ++++++------- fabric-chaincode-docker/build.gradle | 2 +- .../src/contracts/fabric-ledger-api/build.gradle | 2 +- fabric-chaincode-shim/build.gradle | 4 ++-- 11 files changed, 19 insertions(+), 17 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7eed4b6d..605c7706 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,6 +25,9 @@ jobs: - publishAllPublicationsToReleaseRepository runs-on: ubuntu-latest needs: test + permissions: + contents: read + packages: write steps: - uses: actions/checkout@v4 - uses: actions/setup-java@v4 diff --git a/build.gradle b/build.gradle index 4381733c..6aa40d9f 100644 --- a/build.gradle +++ b/build.gradle @@ -6,7 +6,7 @@ apply plugin: 'idea' apply plugin: 'eclipse-wtp' -version = '2.5.1' +version = '2.5.2' // If the nightly property is set, then this is the scheduled main diff --git a/examples/fabric-contract-example-as-service/build.gradle b/examples/fabric-contract-example-as-service/build.gradle index 3f93ce2c..386124a0 100644 --- a/examples/fabric-contract-example-as-service/build.gradle +++ b/examples/fabric-contract-example-as-service/build.gradle @@ -22,7 +22,7 @@ repositories { } dependencies { - compile 'org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim:2.5.1' + compile 'org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim:2.5.2' compile 'org.json:json:20231013' testImplementation 'org.junit.jupiter:junit-jupiter:5.4.2' testImplementation 'org.assertj:assertj-core:3.11.1' diff --git a/examples/fabric-contract-example-gradle-kotlin/build.gradle.kts b/examples/fabric-contract-example-gradle-kotlin/build.gradle.kts index 2d3baf0f..91173cb6 100644 --- a/examples/fabric-contract-example-gradle-kotlin/build.gradle.kts +++ b/examples/fabric-contract-example-gradle-kotlin/build.gradle.kts @@ -19,7 +19,7 @@ java { dependencies { - implementation("org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim:2.5.1") + implementation("org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim:2.5.2") implementation("org.json:json:20231013") implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8") diff --git a/examples/fabric-contract-example-gradle/build.gradle b/examples/fabric-contract-example-gradle/build.gradle index b4747742..07d3dca3 100644 --- a/examples/fabric-contract-example-gradle/build.gradle +++ b/examples/fabric-contract-example-gradle/build.gradle @@ -22,7 +22,7 @@ repositories { } dependencies { - compile 'org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim:2.5.1' + compile 'org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim:2.5.2' compile 'org.json:json:20231013' testImplementation 'org.junit.jupiter:junit-jupiter:5.4.2' testImplementation 'org.assertj:assertj-core:3.11.1' diff --git a/examples/fabric-contract-example-maven/pom.xml b/examples/fabric-contract-example-maven/pom.xml index 34e4dbde..96473bce 100644 --- a/examples/fabric-contract-example-maven/pom.xml +++ b/examples/fabric-contract-example-maven/pom.xml @@ -12,7 +12,7 @@ UTF-8 - 2.5.1 + 2.5.2 1.3.14 diff --git a/examples/ledger-api/build.gradle b/examples/ledger-api/build.gradle index b4747742..07d3dca3 100644 --- a/examples/ledger-api/build.gradle +++ b/examples/ledger-api/build.gradle @@ -22,7 +22,7 @@ repositories { } dependencies { - compile 'org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim:2.5.1' + compile 'org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim:2.5.2' compile 'org.json:json:20231013' testImplementation 'org.junit.jupiter:junit-jupiter:5.4.2' testImplementation 'org.assertj:assertj-core:3.11.1' diff --git a/fabric-chaincode-docker/Dockerfile b/fabric-chaincode-docker/Dockerfile index 515a37ca..878dbba6 100644 --- a/fabric-chaincode-docker/Dockerfile +++ b/fabric-chaincode-docker/Dockerfile @@ -1,4 +1,4 @@ -FROM eclipse-temurin:11.0.22_7-jdk as builder +FROM eclipse-temurin:11-jdk as builder ENV DEBIAN_FRONTEND=noninteractive # Build tools @@ -13,7 +13,7 @@ SHELL ["/bin/bash", "-c"] RUN source /root/.sdkman/bin/sdkman-init.sh; sdk install gradle 8.6 RUN source /root/.sdkman/bin/sdkman-init.sh; sdk install maven 3.9.6 -FROM eclipse-temurin:11.0.22_7-jdk as dependencies +FROM eclipse-temurin:11-jdk as dependencies COPY --from=builder /root/.sdkman/candidates/gradle/current /usr/bin/gradle COPY --from=builder /root/.sdkman/candidates/maven/current /usr/bin/maven @@ -53,12 +53,14 @@ RUN mvn -N io.takari:maven:wrapper # Creating final javaenv image which will include all required # dependencies to build and compile java chaincode -FROM eclipse-temurin:11.0.22_7-jdk +FROM eclipse-temurin:11-jdk RUN apt-get update \ && apt-get -y install zip unzip \ && apt-get clean \ - && rm -rf /var/lib/apt/lists/* + && rm -rf /var/lib/apt/lists/* \ + && mkdir -p /chaincode/input \ + && mkdir -p /chaincode/output SHELL ["/bin/bash", "-c"] @@ -66,7 +68,4 @@ SHELL ["/bin/bash", "-c"] COPY --from=dependencies /root/chaincode-java /root/chaincode-java COPY --from=dependencies /root/.m2 /root/.m2 -RUN mkdir -p /chaincode/input -RUN mkdir -p /chaincode/output - WORKDIR /root/chaincode-java diff --git a/fabric-chaincode-docker/build.gradle b/fabric-chaincode-docker/build.gradle index a2caaf35..ce4f1aab 100644 --- a/fabric-chaincode-docker/build.gradle +++ b/fabric-chaincode-docker/build.gradle @@ -66,6 +66,6 @@ task copyAllDeps(type: Copy) { task buildImage(type: DockerBuildImage) { dependsOn copyAllDeps inputDir = project.file('Dockerfile').parentFile - tags = ['hyperledger/fabric-javaenv', 'hyperledger/fabric-javaenv:2.5', 'hyperledger/fabric-javaenv:amd64-2.5.1', 'hyperledger/fabric-javaenv:amd64-latest'] + tags = ['hyperledger/fabric-javaenv', 'hyperledger/fabric-javaenv:2.5', 'hyperledger/fabric-javaenv:amd64-2.5.2', 'hyperledger/fabric-javaenv:amd64-latest'] } diff --git a/fabric-chaincode-integration-test/src/contracts/fabric-ledger-api/build.gradle b/fabric-chaincode-integration-test/src/contracts/fabric-ledger-api/build.gradle index d1c4d753..63ff0906 100644 --- a/fabric-chaincode-integration-test/src/contracts/fabric-ledger-api/build.gradle +++ b/fabric-chaincode-integration-test/src/contracts/fabric-ledger-api/build.gradle @@ -20,7 +20,7 @@ repositories { } dependencies { - implementation 'org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim:2.5.1' + implementation 'org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim:2.5.2' implementation 'org.hyperledger.fabric:fabric-protos:0.3.3' } diff --git a/fabric-chaincode-shim/build.gradle b/fabric-chaincode-shim/build.gradle index d63384d0..77bbadbc 100644 --- a/fabric-chaincode-shim/build.gradle +++ b/fabric-chaincode-shim/build.gradle @@ -51,8 +51,8 @@ tasks.withType(org.gradle.api.tasks.testing.Test) { dependencies { implementation 'org.hyperledger.fabric:fabric-protos:0.3.3' - implementation 'org.bouncycastle:bcpkix-jdk18on:1.78' - implementation 'org.bouncycastle:bcprov-jdk18on:1.78' + implementation 'org.bouncycastle:bcpkix-jdk18on:1.78.1' + implementation 'org.bouncycastle:bcprov-jdk18on:1.78.1' implementation 'io.github.classgraph:classgraph:4.8.165' implementation 'com.github.everit-org.json-schema:org.everit.json.schema:1.14.4' implementation 'org.json:json:20240303'