KrishVora2912 opened a new pull request, #16664: URL: https://github.com/apache/kafka/pull/16664
This PR aims to add address the comments added via the docker hub folks regarding the JVM based Docker Official Image for Apache Kafka introduced in the following KIP - https://cwiki.apache.org/confluence/display/KAFKA/KIP-1028%3A+Docker+Official+Image+for+Apache+Kafka . The comments by the dockerhub folks can be found [here](https://github.com/docker-library/official-images/pull/16970#pullrequestreview-2151987928) . This PR: Addresses comments 1,3,4,5,6,7,8,9 mentioned in the above link. NOTE: The changes have been made to both the JVM docker images introduced via [KIP-975](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=263428303) as well as the GraalVM docer images introduced via [KIP-974](https://cwiki.apache.org/confluence/display/KAFKA/KIP-974%3A+Docker+Image+for+GraalVM+based+Native+Kafka+Broker). This ensures that the docker hub suggested best practices will now be used for both the OSS sponsored images as well as the Docker Official Images. Gist: 1. USER root is unnecessary - removed this 3. apk update is unnecessary with --no-cache - removed this 4. apk upgrade is not allowed - removed this 5. Specific, individual GPG keys should be referenced by ID. - new approach uses hardcoded GPG keys 6. All invocations of gpg should include --batch - this has been adhered to 7. The kafka tarball should be verified prior to being unpacked - change has been made 8. The DOI build system sets appropriate annotations, so we recommend not setting labels, which have been deprecated. - deprecated labels have been removed, and now annotations are used 9 Is apk cache clean necessary since you have previously specified --no-cache? - removed this Post this PR: 1. Propogate these modifications to the 3.7.0 docker official images Dockerfile. 2. Modify [existing PR](https://github.com/docker-library/official-images/pull/16970) with PR template generation script for 3.7.0 under docker official images repo. 3. Update release process to update version_keys file for each new release. **Committer Checklist (excluded from commit message)** - [ ] Verify design and implementation - [ ] Verify test coverage and CI build status - [ ] Verify documentation (including upgrade notes) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
