Update the `AbstractJarWriter` so that it can directly build the layer
index as entries are written. Prior to this commit, a layer tracking
was handled by a decorator class which was broken because it didn't
override enough methods. Since `AbstractJarWriter` has quite a complex
API, it seems sensible to have it handle the layer index directly,
removing the need for a decorator entirely.
Fixes gh-23801
Previously, when building a layered jar with Maven, dependencies
on modules in the same build were treated the same as any other
dependency, being included in the dependencies or snapshot dependencies
layer based on their version.
This commit updates the default layering when using Maven to include
dependencies on modules in the same build in the application layer by
default. The XML schema has also been updated to allow the layer to be
customized using new <includeModuleDependencies/> and
<excludeModuleDependencies/> elements rather than relying on including
and excluding them via a group:artifact:version pattern.
Closes gh-23463
This commit adds support for platform API 0.4 when invoking a CNB
builder in the Maven and Gradle plugins. If the builder advertises
that it supports platform API 0.4 then that version will be
requested when invoking lifecycle phases. Otherwise the plugins
will fall back to requesting platform API 0.3.
Requesting platform API 0.4 when invoking builder lifecycle phases
has the primary benefit of making it easier to pass command-line
arguments to the default process in the generated image.
Fixes gh-23692
This commit polishes the javadoc for Maven plugin classes now that
the plugin reference docs link to the javadoc. Visibility of some
MOJO parameter class getters and setters were also changed for
consistency.
See gh-21555
This commit modifies the documentation generated for the
Maven plugin to include links to javadoc when Spring
Boot types are mentioned. Some javadoc was also polished
to improve the generated docs.
Fixes gh-21555
Previously, when building a layered jar with Gradle, project
dependencies were treated the same as any other dependency, being
included in the dependencies or snapshot dependencies layer based
on their version.
This commit updates the default layering when using Gradle to include
project dependencies in the application layer by default. The DSL has
also been updated to allow their layer to be customized using new
includeProjectDependencies() and excludeProjectDependencies() methods
rather than relying on including and excluding them via a
group:artifact:version pattern.
Closes gh-23431
The CNB specifications allow builders to support multiple platform
API versions. The supported versions are published in the builder
image metadata as an array of version numbers, while a single
supported version number was published in earlier builder metadata.
These changes read the supported versions from the builder metadata
and fall back to the single version if the array is not present.
A CNB_PLATFORM_API environment variable is set on each lifecycle
phase invocation to request a specific version as recommended in
the CNB platform spec.
Fixes gh-23682
This commit updates the default builder image used by the Maven
and Gradle plugins image-building goal and task to use the latest
Paketo builder image. The builder image is pulled from Docker Hub
instead of Google Container Registry by default.
See gh-23628
This commit qualifies examples of configuring the CNB builder to clarify
that the examples apply to use of the default Paketo builder, and adds links
to the official Paketo docs for more details.
Fixes gh-19967
A docker registry running in testcontainers behaves
differently in CI vs running locally. Disabling the tests for
now while working on getting them running reliably in CI.
See gh-21001
This commit adds options to the Maven and Gradle plugins to publish
to a Docker registry the image generated by the image-building goal
and task.
The Docker registry auth configuration added in an earlier commit
was modified to accept separate auth configs for the builder/run
image and the generated image, since it is likely these images will
be stored in separate registries or repositories with distinct
auth required for each.
Fixes gh-21001
We generate metadata for `@Endpoint` annotated types so the annotation
processor need to indicate that it supports the endpoint annotation.
See gh-23580
Previously, the configuration property annotation processor declared
that it supported all annotation types. This hurt performance and
prevented incremental builds with Gradle when compiling source code
containing source-retention annotations.
This commit updates its supported annotation types to be only
`@ConfigurationProperties` and `@Configuration`. The latter is declared
to allow binding third-party classes returned from a `@Bean` method.
Fixes gh-23580
Rather than using the extension directly, introduced a dedicated
annotation will enable customization of the compatibility tests that
are run via attributes on the annotation. For example, it will allow
certain test classes to run their tests with Gradle's configuration
cache enabled while others disable it.
Closes gh-23532
Previously the artifact's version was used. In an artifact's version,
SNAPSHOT is replaced with the timestamped version number of a specific
snapshot. As a result, it no longer matches the *:*:*SNAPSHOT pattern.
This commit replaces switches to using the artifact's base version.
This preserves the SNAPSHOT in the version number. For non-snapshot
artifacts, the version and base version are identical.
Fixes gh-23533
Previously, BootJar would resolves all of a project's configurations
when building a layered jar. This was unnecessarily broad as it was
likely to include configurations that had contributed nothing to the
jar's classpath.
This commit replaces the configuration resolution with an afterResolve
action that populates the ResolvedDependencies in response to a
configuration being resolved. This allows the resolved dependencies to
be populated from all of the configurations that were resolved as part
of determining the jars classpath and no more.
Closes gh-23528
Prior to this commit, the bootBuildInfo was configured eagerly.
Configuring it lazily prevent this task from being configured when not
explicitly needed. Also, the 'classes' and 'bootJar' tasks are now
lazily configured, as the bootBuildInfo task was causing them to be
configured eagerly.
See gh-23435
This commit adds the ability to configure the Maven and Gradle
plugins to use a remote Docker daemon using build file
configuration, as an alternative to setting environment variables
to specify remote host connection details.
Fixes gh-23400
This commit adds the ability to configure Docker image registry
authentication credentials in the Maven and Gradle plugins. The
authentication credentials are passed to the Docker daemon with
all daemon API calls, and the daemon forwards the credentials to the
image registry when necessary. This makes it possible to use
builder and run images stored in a private Docker registry.
See gh-22972
Rename `@ConfigurationPropertiesImport` to
`@ImportAsConfigurationPropertiesBean` and also refine the registrar
so that it can be used with type directly annotated with
`@ConfigurationProperties`.
Closes gh-23172
Update `JarFileEntries` so that the interface is obtained rather than
the concrete implementation. This allows `JarEntry` values to be used
without causing a ClassCastException.
Closes gh-19041
Update the performance improvements to push certificate loading
and storage into the `JarFileEntries` class. This allows us to
keep certificates without needing to cache all entry data. We
now also keep certificates and code signers in a dedicated class
which is set whenever the full jar stream as been read, even if
the contained values are `null`. The logic that assumes META-INF
entries are not signed has been removed in favor of delegating to
the streamed entry results.
See gh-19041
Update Spring Boot nested JarFile support to improve the performance of
signed jars. Prior to this commit, `certificates` and `codeSigners`
were read by streaming the entire jar whenever the existing values
were `null`. Unfortunately, the contract for `getCertificates` and
get `getCodeSigners` states that `null` is a valid return value. This
meant that full jar streaming would occur whenever either method was
called on an entry that had no result. The problem was further
exacerbated by the fact that entries might not be cached.
See gh-19041
This commit updates the Gradle Plugin to filter dependencies based on
the Spring-Boot-Jar-Type entry in their manifest. Jars with a
Spring-Boot-Jar-Type of dependencies-starter are excluded. Unlike the
Maven plugin, jars with a type of annotation-processor are not
excluded. It is not necessary with Gradle as use of the
annotationProcessor configuration for such dependencies already ensures
that they are not included.
See gh-22036
This commit updates the Maven Plugin to filter dependencies based on
the Spring-Boot-Jar-Type entry in their manifest. Jars with a
Spring-Boot-Jar-Type of dependencies-starter or annotation-processor
are excluded.
See gh-22036
Previously, PropertiesLauncher would close each archive that it
iterated over when creating its ClassLoader. This was not aligned
with JarLauncher's behaviour and left the ClassLoader with closed
archives. The close was introduced in [1] and became more apparent
following the change to fail operations on closed archives [2].
This commit updates Launcher to remove the close() that was added in
[1]. This aligns the behavior of PropertiesLauncher with JarLauncher
and ensures that the ClassLoader does not have entries backed by
closed archives on its classpath.
Fixes gh-23165
[1] ad72f86bdb
[2] ed7a5db174
Add repeatable `@ImportConfigurationPropertiesBean` annotation that can
be used to import types and treat them as `@ConfigurationProperties`
beans. This annotation is specifically designed to support third-party
classes that can't contain any Spring annotations.
Closes gh-23172
In some cases, a call to the Docker image load API will fail but
return a 200 OK response status code and an empty response. This
commit detects that the response from this call is empty and
treats this condition as an error instead of a silent failure.
Fixes gh-23130
This commit changes the path used to invoke lifecycle binaries in
CNB builders from `/lifecycle` to `/cnb/lifecycle` to conform to
the CNB spec. This will ensure the build plugin image-building
goals and tasks are compatible with future versions of builders
that may not support both paths.
See gh-23009
Update `BuildImageMojo` so that commons HTTP wire logging is configured
to ERROR. Without this update, running `mvn -X` will produce a great
deal of logging since by default HTTP Client logs all bytes transfered
at DEBUG and Maven will enable DEBUG for all logs.
Closes gh-22674
Update `Repackager` to ensure that `getLayout` is called before we
backup the source file. This restores earlier behavior that some
custom `ModuleFactory` implementations were relying on.
Closes gh-22995
This commit adds a check to the `layertools extract` command to
ensure that the jar file being processed is readable and has a
valid directory.
Fixes gh-22993
Create a new `JarFileWrapper` class so that we can wrap and existing
`JarFile` and offer a version that can be safely closed.
Prior to this commit, we provided wrapper functionality in the `JarFile`
class itself. Unfortunately, because we override `close` and also create
a lot of wrappers this caused memory issues when running on Java 11.
With Java 11 `java.util.zip.ZipFile` class uses `FinalizableResource`
for any implementation that overrides `close()`. This means that any
wrapper classes will not be garbage collected until the JVM finalizer
thread runs.
Closes gh-22991
This commit adds a pullPolicy option to the configuration of the Maven
plugin spring-boot:build-image goal and the Gradle plugin bootBuildImage
task. The new option gives users control over pulling the builder image
and run image from a remote image registry to the local Docker daemon.
See gh-22736
Previously, the Maven plugin integration tests used a settings.xml file
that defined https://repo.spring.io/snapshot as a repository. This
allowed them to resolve snapshots of the plugin's Spring Framework
dependencies but it had the unfortunate side-effect of also allowing
them to resolve snapshots of other Spring Boot modules from Artifactory
rather than using those currently being built.
This commit replaces the repositories in settings.xml with a Gradle
task that resolves the necessary dependencies and populates a local
repository with the dependencies' jars and pom files. This is achieved
using a ComponentMetadataRule that creates a custom variant of each
dependency that includes its pom file, inspired by the example in
gradle/gradle/#11449. A configuration that extends the
runtimeClasspath configuration and select the custom variant via its
attribute is then used to resolve the jars and pom files of the runtime
classpath such that they can then be used to populate the local
repository.
Closes gh-22828
Prior to this commit, an entry in the environment map provided to the
build plugin image building goal or task that had a null value would
result in a failure with a message that was difficult to diagnose.
This commit treats env map entries with a null value as an empty
entry to prevent the failure and also make it easier to provide an
explicit empty entry in the Maven XML.
Fixes gh-22703
This adds build caching and build scans.
The changes required disabling scans when using the maven invoker
plugin in order to not cause duplicate build scans when invoking other
maven builds. There is also an empty `.mvn` folder in the
spring-boot-starters project to prevent duplicate build scans as well
since there is no way to pass properties to the maven-javadoc-plugin.
The checkstyle plugin was causing a cache miss with the
`propertyExpansion` because it contains an absolute path. The absolute
path is now ignored and instead the files are added as inputs to the
checkstyle plugin. This only enables the local build cache. The remote
cache is not yet enabled.
On my local machine:
./mvnw clean install build times go from about 30 minutes to about 10 minutes.
./mvnw clean install -Pfull build times go from about 60 minutes to about 13 minutes.
See gh-22089
This commit adds a check to the support code for the Gradle plugin
bootBuildImage task to ensure that the jar file that will be passed
to a builder is readable and has a valid directory. This prevents a
situation where the jar file cannot be read because it is prepended
with a launch script, and the builder does not receive any files to
process.
Notes have also been added to the Gradle plugin documentation to warn
against using a bootJar launchScript configuration and bootBuildImage
together, as well as caveats about launchScript that match the Maven
plugin documentation.
Fixes gh-22223
This commit improves the validation performed on the user
input provided to the layertools jarmode to provide more
clear error messages when the input is not correct and
reduce the chance of ambiguity.
Fixes gh-22042
Rename `ImageReferenceParser` to `Regex` and remove state. The regular
expressions are now used directly by the `ImageName` and
`ImageReference` classes with the values accessed directly from the
`Matcher`.
See gh-21495
Prior to this commit, an image name or run image name derived from
the project name or provided by the user would be passed to the CNB
builder without validation by the Maven plugin build-image goal or
Gradle plugin bootBuildImage task. This could lead to error messages
from the plugins that are difficult to understand and diagnose.
This commit makes parsing of the image names more strict, based on
the grammar implemented by the Docker go library. This provides
validation of the image names before passing them to the builder,
with a more descriptive error message when parsing and validation
fails.
Fixes gh-21495
Previously, Spring Boot's modules published Gradle Module Metadata
(GMM) the declared a platform dependency on spring-boot-dependencies.
This provided versions for each module's own dependencies but also had
they unwanted side-effect of pulling in spring-boot-dependencies
constraints which would influence the version of other dependencies
declared in the same configuration. This was undesirable as users
should be able to opt in to this level of dependency management, either
by using the dependency management plugin or by using Gradle's built-in
support via a platform dependency on spring-boot-dependencies.
This commit reworks how Spring Boot's build uses
spring-boot-dependencies and spring-boot-parent to provide its own
dependency management. Configurations that aren't seen by consumers are
configured to extend a dependencyManagement configuration that has an
enforced platform dependency on spring-boot-parent. This enforces
spring-boot-parent's version constraints on Spring Boot's build without
making them visible to consumers. To ensure that the versions that
Spring Boot has been built against are visible to consumers, the
Maven publication that produces pom files and GMM for the published
modules is configured to use the resolved versions from the module's
runtime classpath.
Fixes gh-21911
This commit adds a runImage property to the Maven plugin build-image
goal and the Gradle bootBuildImage task. The property allows the user
to override the run image reference provided in the builder metadata
with an alternate run image. The runImage property can be specified
in the build file or on the command line.
Fixes gh-21534
This commit changes the NamedPipeSocket used for communication with
a local Docker daemon to use a non-blocking AsynchronousByteChannel
instead of a blocking RandomAccessFile, modeled after a similar
change to the docker-java project. This eliminates the potential for
a blocking call to hang indefinitely.
Fixes gh-21672
Update `LaunchedURLClassLoader` so that packages defined from exploded
archive folders have manifest attributes applied to them. Prior to this
calling `package.getImplementationTitle()` would only return the a
manifiest attribute when running non-exploded.
The root cause of this issue is the way that `URLClassLoader` handles
the different URL types. For URLs that reference a jar the manifest is
available. For URLs that reference a folder it isn't. When running
exploded we use a URL that references to the `BOOT-INF/classes` folder
directly. To fix the issue we now attempt to detect when `definePackage`
is being called directly, and replace `null` entries with actual
manifest values.
Fixes gh-21705
This commit improves the error messages returned by the Spring Boot
build plugins when a 5xx status code is returned from the Docker
API while attempting to build an image. If the error response has
contents containing a JSON structure with a "message" key, the value
associated with that key will be included in the exception message
and in the build plugin output error.
Fixes gh-21515
Previously, if the Spring Boot build plugins got a connection error
when attempting to communicate with a Docker daemon (for example,
when the daemon isn't running), the error message made it appear that
the daemon returned an HTTP error code. This commit makes a connection
error distinct from an HTTP error response code to make it easier for
the user to diagnose the root cause of the problem.
Fixes gh-21554
Previously, the productionRuntimeClasspath configuration was created
without any attributes. This caused problems with multi-project
dependency resolution as there was insufficient information for Gradle
to determine which variant of a dependency should be used by the
productionRuntimeClasspath configuration.
This commit updates the configuration to have three attributes, each
configured with the same values as those of Gradle's own
runtimeClasspathConfiguration.
Fixes gh-21549
Prior to this commit, a default tag of 'latest' was used when no tag
was included in the builder image name used when building an image in
the Maven and Gradle plugins, but the tag for the run image was left
empty if it was not provided. This resulted in errors when pulling
the run image from an image repository. This commit applies the
same tag defaulting logic to the run image name.
Fixes gh-21532
This commit updates the MavenPublishingConventions to use HTTPS to
link to the Apache license. The configuration of NoHTTP has also
been reworked so that it will correctly find usch uses of http://
URLs.
Closes gh-21459
Prior to this commit, the published Maven POMs would not pass the Maven
Central mandatory checks.
This commit adds the missing project name and description metadata for
most artifacts. The Spring Boot Gradle plugin artifact was also missing
this information and this is now added in the plugin metadata itself.
This is also updating the project page URL which is now hosted directly
on spring.io.
Fixes gh-21457
Prior to this commit, if a DOCKER_HOST environment variable was present
when attempting to communicate with a Docker daemon, it was assumed
that the value of that variable was an address that could be used to
create an HTTP connection to a remote daemon. In some cases, the value
of the variable is the path to a local socket file, which would cause
the HTTP connection to fail.
This commit adds additional validation of the value of the DOCKER_HOST
environment variable to determine whether it is a remote address or
a local socket file and create the appropriate connection type.
Fixes gh-21173
Prior to this commit, the build tool plugins set the environment
variable BP_JAVA_VERSION when invoking the CNB builder to set the
version of the JDK/JRE that the builder should use in the created
image.
With CNB API 0.3, the convention changed the name of this environment
variable to BP_JVM_VERSION. This commit updates the build tool
plugins to match the newer convention.
See gh-21273
This commit modifies the buildpack platform invocation logic used by
the build plugins to invoke the single creator lifecycle introduced in
the CNB API 0.3, instead of invoking discrete lifecycle phases
separately. It also removes support for CNB API 0.2.
Fixes gh-21273
The warnings will be addressed by gh-20759. CreateBootStartScripts
must be excluded from the classes that are validated by the
ValidatePlugins task. It is invalid, but only for Gradle 6.4. gh-20759
will cause it to only be used with Gradle 6.3 and earlier.
See gh-21329
Add converter support for `javax.time.Period` including:
String -> Period
Number -> Period
Period -> String
Period to Number conversion is not supported since `Period` has no
ability to deduce the number of calendar days in the period.
See gh-21136
This commit changes the default builder image from
`cloudfoundry/cnb:bionic-platform-api-0.2` to
`gcr.io/paketo-buildpacks/builder:base-platform-api-0.3`. It also
uses a `paketo-buildpacks/builder` image instead of a
`cloudfoundry/cnb` image to test compatibility with lifecycle v2
and uses paketo naming instead of cloudfoundry when mocking builder
interactions.
Some adjustments to lifecycle phases were also made to align more
closely with the pack CLI.
Fixes gh-21066
Previously, only root auto-configuration classes could be excluded
eagerly via an AutoConfigurationImportFilter. Any configuration class
loaded as a result of processing a particular auto-configuration were
parsed and checked as usual.
This commit makes use of the `getExclusionFilter` callback to expand
this filter to all candidates that are considered. The annotation
processor has also be expanded to generate metadata for non-root
configuration classes.
Closes gh-12157
Update `JarFile` so that `super.close()` is called early so that the
file is not left open. Since we re-implement `JarFile` methods to work
directly on the underlying `RandomAccessDataFile`, it should be safe
to close immediately.
Closes gh-21177
Previously, the developmentOnly configuration, typically used for
Devtools, had to be declared manually. The BootJar and BootWar tasks
then had a property, excludeDevtools, that could be used to control
whether or not Devtools would be excluded from the executable archive.
This commit updates the reaction to the Java plugin being applied to
automatically create the developmentOnly configuration. The classpaths
of bootJar and bootWar are then configured not to include the contents
of the developmentOnly configuration. As a result of this, the
excludeDevtools property is no longer needed and has been deprecated.
Its default has also been changed from true to false to make it easy
to opt in to Devtools, when configured as a development-only
dependency, being included in executable jars and wars by adding
developmentOnly to the classpath of the archive task.
Closes gh-16599