smolnar82 opened a new pull request, #1239:
URL: https://github.com/apache/knox/pull/1239
[KNOX-3256](https://issues.apache.org/jira/browse/KNOX-3256) - Refactor
Docker build to use local Maven artifacts and unify CI/Dev workflows
## What changes were proposed in this pull request?
This PR refactors the Docker build process used in CI and local development
to be more efficient and unified. Key changes include:
- **Unified Dockerfile**: Refactored .`github/workflows/build/Dockerfile`
to copy pre-built tarballs directly from the local `target/ `directory. This
eliminates the need for external staging directories.
- **Removed Redundancy**: Deleted `Dockerfile.local` which previously
cloned the repository and built Knox from scratch inside the container. This
was redundant and slow compared to using existing local Maven artifacts.
- **Simplified Docker Compose**: Updated `docker-compose.yml` to use the
project root as the build context, allowing the Dockerfile to access the
`target/` directory directly.
- **Streamlined CI Workflow**: Simplified `.github/workflows/tests.yml`
by removing manual artifact extraction steps and environment variables that
were only needed for the old cloning-based build.
## How was this patch tested?
1. Built Knox locally then ran integration tests:
```
$ docker compose -f ./.github/workflows/compose/docker-compose.yml up
--exit-code-from tests tests
[+] up 0/1
⠹ Image apache/knox-dev:local-local-local Pulling
1.3s
[+] Building 27.2s (25/25) FINISHED
=> [internal] load local bake definitions
0.0s
=> => reading from stdin 557B
0.0s
=> [internal] load build definition from Dockerfile
0.0s
=> => transferring dockerfile: 2.50kB
0.0s
=> WARN: MaintainerDeprecated: Maintainer instruction is deprecated in
favor of using label (line 18)
0.0s
=> [internal] load metadata for docker.io/library/eclipse-temurin:17-jre
1.8s
=> [auth] library/eclipse-temurin:pull token for registry-1.docker.io
0.0s
=> [internal] load .dockerignore
0.0s
=> => transferring context: 2B
0.0s
=> [ 1/17] FROM
docker.io/library/eclipse-temurin:17-jre@sha256:0d79988c68791ce864fe39d149ab1dc84f680539dca77ee7f6f3b041ad7f2f43
16.4s
=> => resolve
docker.io/library/eclipse-temurin:17-jre@sha256:0d79988c68791ce864fe39d149ab1dc84f680539dca77ee7f6f3b041ad7f2f43
0.0s
=> =>
sha256:fc5566c2753f8e65c568fbef704ce927af2ec22b4bd3313943e4db62c4214b9d 2.28kB
/ 2.28kB
0.2s
=> =>
sha256:c3b320b98b35acdcde435ea81cd7a8b024c50b60c2a1ffcce429595e407cbb0c 159B /
159B
0.3s
=> =>
sha256:01a1c52a6a29119698a398dbf21e709d3c619ee04afb766ea7673be285493c69 47.05MB
/ 47.05MB
11.5s
=> =>
sha256:38e7f4c43425a263721b626e065e74713ed577764840ed0c7cf36f4e77606348 19.98MB
/ 19.98MB
10.5s
=> =>
sha256:4a7720058461eb4ae40ed203b9874ab3248bd34ffb9948193e99245229fdbd6f 390B /
390B
0.4s
=> =>
sha256:2113f8d7eb32748b14581824c1b94cea9ed9a08456312a2e94eddd522d01b927 40.73MB
/ 40.73MB
15.0s
=> => extracting
sha256:2113f8d7eb32748b14581824c1b94cea9ed9a08456312a2e94eddd522d01b927
0.5s
=> => extracting
sha256:4a7720058461eb4ae40ed203b9874ab3248bd34ffb9948193e99245229fdbd6f
0.0s
=> => extracting
sha256:38e7f4c43425a263721b626e065e74713ed577764840ed0c7cf36f4e77606348
0.2s
=> => extracting
sha256:01a1c52a6a29119698a398dbf21e709d3c619ee04afb766ea7673be285493c69
0.4s
=> => extracting
sha256:c3b320b98b35acdcde435ea81cd7a8b024c50b60c2a1ffcce429595e407cbb0c
0.0s
=> => extracting
sha256:fc5566c2753f8e65c568fbef704ce927af2ec22b4bd3313943e4db62c4214b9d
0.0s
=> [internal] load build context
3.5s
=> => transferring context: 207.00MB
3.5s
=> [ 2/17] RUN useradd -ms /bin/bash gateway
0.2s
=> [ 3/17] RUN mkdir -p /tmp/knox-artifacts /tmp/knoxshell-artifacts
/knox-runtime /knoxshell /knox-runtime/knoxshell
0.1s
=> [ 4/17] COPY target/*/knox-*.tar.gz /tmp/knox-artifacts/
0.1s
=> [ 5/17] COPY target/*/knoxshell-*.tar.gz /tmp/knoxshell-artifacts/
0.0s
=> [ 6/17] RUN tar -xvzf /tmp/knox-artifacts/knox-*.tar.gz -C
/tmp/knox-artifacts/ && tar -xvzf
/tmp/knoxshell-artifacts/knoxshell-*.tar.gz -C /tmp/knoxshell-artifacts/ &&
mv /tmp/knox-artifacts/knox-*/* /knox-runtime/ && mv 1.0s
=> [ 7/17] ADD .github/workflows/build/master
/knox-runtime/data/security/master
0.0s
=> [ 8/17] ADD .github/workflows/build/gateway-site.xml
/knox-runtime/conf/gateway-site.xml
0.0s
=> [ 9/17] ADD .github/workflows/build/conf/topologies/knoxtoken.xml
/knox-runtime/conf/topologies/knoxtoken.xml
0.0s
=> [10/17] ADD .github/workflows/build/conf/topologies/health.xml
/knox-runtime/conf/topologies/health.xml
0.0s
=> [11/17] ADD .github/workflows/build/conf/topologies/knoxldap.xml
/knox-runtime/conf/topologies/knoxldap.xml
0.0s
=> [12/17] ADD .github/workflows/build/conf/topologies/remoteauth.xml
/knox-runtime/conf/topologies/remoteauth.xml
0.0s
=> [13/17] RUN chown -R gateway /knox-runtime/
1.1s
=> [14/17] ADD .github/workflows/build/ldap.sh /ldap.sh
0.0s
=> [15/17] ADD .github/workflows/build/gateway.sh /gateway.sh
0.0s
=> [16/17] RUN chmod +x /ldap.sh
0.1s
=> [17/17] RUN chmod +x /gateway.sh
0.1s
=> exporting to image
5.8s
=> => exporting layers
3.8s
=> => exporting manifest
sha256:1db7f1e6795f015e9a76f07bff25dac20fe22d1c08003ed40b262957528623b9
0.0s
=> => exporting config
sha256:64efa91dda3f0d5d142a96a65553ebdd1a71e446b0a528670b56c4ceac91015a
0.0s
=> => exporting attestation manifest
sha256:d411e10eca6061a72127675bf313d1e9ffbed6dc389e1dd6e3a1f26c9ea231a9
0.0s
=> => exporting manifest list
sha256:c7f342934fd523f54783c48b110a67a1d8004aa36a628c43f1ccac2400cff4b1
0.0s
=> => naming to docker.io/apache/knox-dev:local-local-local
0.0s
[+] up 6/6acking to docker.io/apache/knox-dev:local-local-local
1.9s
✔ Image apache/knox-dev:local-local-local Built
28.6s
✔ Network compose_default Created
0.0s
✔ Container compose-knox-dev-1 Created
0.1s
✔ Container compose-ldap-1 Created
0.0s
✔ Container compose-knox-1 Created
0.1s
✔ Container compose-tests-1 Created
0.1s
Attaching to tests-1
tests-1 | Collecting requests==2.32.4
tests-1 | Downloading requests-2.32.4-py3-none-any.whl (64 kB)
tests-1 | ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 64.8/64.8 kB 1.4
MB/s eta 0:00:00
tests-1 | Collecting pytest==8.3.4
tests-1 | Downloading pytest-8.3.4-py3-none-any.whl (343 kB)
tests-1 | ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 343.1/343.1 kB 4.2
MB/s eta 0:00:00
tests-1 | Collecting idna<4,>=2.5
tests-1 | Downloading idna-3.15-py3-none-any.whl (72 kB)
tests-1 | ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 72.3/72.3 kB 8.3
MB/s eta 0:00:00
tests-1 | Collecting certifi>=2017.4.17
tests-1 | Downloading certifi-2026.5.20-py3-none-any.whl (134 kB)
tests-1 | ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 134.1/134.1 kB 5.1
MB/s eta 0:00:00
tests-1 | Collecting charset_normalizer<4,>=2
tests-1 | Downloading
charset_normalizer-3.4.7-cp39-cp39-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl
(200 kB)
tests-1 | ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 200.6/200.6 kB 7.8
MB/s eta 0:00:00
tests-1 | Collecting urllib3<3,>=1.21.1
tests-1 | Downloading urllib3-2.6.3-py3-none-any.whl (131 kB)
tests-1 | ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 131.6/131.6 kB 37.5
MB/s eta 0:00:00
tests-1 | Collecting packaging
tests-1 | Downloading packaging-26.2-py3-none-any.whl (100 kB)
tests-1 | ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100.2/100.2 kB 30.2
MB/s eta 0:00:00
tests-1 | Collecting exceptiongroup>=1.0.0rc8
tests-1 | Downloading exceptiongroup-1.3.1-py3-none-any.whl (16 kB)
tests-1 | Collecting pluggy<2,>=1.5
tests-1 | Downloading pluggy-1.6.0-py3-none-any.whl (20 kB)
tests-1 | Collecting iniconfig
tests-1 | Downloading iniconfig-2.1.0-py3-none-any.whl (6.0 kB)
tests-1 | Collecting tomli>=1
tests-1 | Downloading tomli-2.4.1-py3-none-any.whl (14 kB)
tests-1 | Collecting typing-extensions>=4.6.0
tests-1 | Downloading typing_extensions-4.15.0-py3-none-any.whl (44 kB)
tests-1 | ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 44.6/44.6 kB 10.1
MB/s eta 0:00:00
tests-1 | Installing collected packages: urllib3, typing-extensions, tomli,
pluggy, packaging, iniconfig, idna, charset_normalizer, certifi, requests,
exceptiongroup, pytest
tests-1 | Successfully installed certifi-2026.5.20 charset_normalizer-3.4.7
exceptiongroup-1.3.1 idna-3.15 iniconfig-2.1.0 packaging-26.2 pluggy-1.6.0
pytest-8.3.4 requests-2.32.4 tomli-2.4.1 typing-extensions-4.15.0 urllib3-2.6.3
tests-1 | WARNING: Running pip as the 'root' user can result in broken
permissions and conflicting behaviour with the system package manager. It is
recommended to use a virtual environment instead:
https://pip.pypa.io/warnings/venv
tests-1 |
tests-1 | [notice] A new release of pip is available: 23.0.1 -> 26.0.1
tests-1 | [notice] To update, run: pip install --upgrade pip
tests-1 | Waiting for knox...
tests-1 | ============================= test session starts
==============================
tests-1 | platform linux -- Python 3.9.25, pytest-8.3.4, pluggy-1.6.0
tests-1 | rootdir: /tests
tests-1 | collected 21 items
tests-1 |
tests-1 | test_health.py .....
[ 23%]
tests-1 | test_knox_auth_service_and_LDAP.py ..
[ 33%]
tests-1 | test_knox_configs.py .
[ 38%]
tests-1 | test_knoxauth_preauth_and_paths.py ......
[ 66%]
tests-1 | test_remote_auth.py ...
[ 80%]
tests-1 | test_remoteauth_extauthz_additional_path.py ....
[100%]
tests-1 |
tests-1 | =============================== warnings summary
===============================
tests-1 | test_health.py: 5 warnings
tests-1 | test_knox_auth_service_and_LDAP.py: 2 warnings
tests-1 | test_knox_configs.py: 1 warning
tests-1 | test_knoxauth_preauth_and_paths.py: 6 warnings
tests-1 | test_remote_auth.py: 3 warnings
tests-1 | test_remoteauth_extauthz_additional_path.py: 4 warnings
tests-1 |
/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py:1097:
InsecureRequestWarning: Unverified HTTPS request is being made to host 'knox'.
Adding certificate verification is strongly advised. See:
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
tests-1 | warnings.warn(
tests-1 |
tests-1 | -- Docs:
https://docs.pytest.org/en/stable/how-to/capture-warnings.html
tests-1 | ----------------- generated xml file: /tests/test-results.xml
------------------
tests-1 | ======================= 21 passed, 21 warnings in 0.69s
========================
tests-1 exited with code 0
Aborting on container exit...
Container compose-tests-1 Stopping
Container compose-tests-1 Stopped Config w Enable Watch d Detach
```
## Integration Tests
Updated `.github/workflows/tests.yml` to use the new simplified build
process. The integration tests themselves remain the same but now run against
an image built more reliably from the local build output.
## UI changes
N/A
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
