Skip to content

some fixs #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sm8949752-ux wants to merge 22 commits into
base: main
Choose a base branch
from
Open

some fixs #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
c35c2de
do great
sm8949752-ux Mar 17, 2026
5a6c754
do
sm8949752-ux Mar 17, 2026
21de34a
feat: Refactor build and detect scripts, update Dockerfiles, and enha…
sm8949752-ux Mar 17, 2026
ae6f03a
feat: Update build scripts and configurations for Gradle and Maven su…
sm8949752-ux Mar 18, 2026
2282cb2
feat: Enhance FIPS Java buildpack with Python support and improved de…
sm8949752-ux Mar 18, 2026
2440a20
devcontainer
sm8949752-ux Mar 18, 2026
494359b
Change base image to Ubuntu 22.04 and update dependencies
sm8949752-ux Mar 18, 2026
24d3733
Update devcontainer configuration with new settings
sm8949752-ux Mar 18, 2026
34a9e17
Fix Dockerfile to ensure rich is installed
sm8949752-ux Mar 18, 2026
ac98ce7
Rename devcontainer to FIPS Buildpack Dev
sm8949752-ux Mar 18, 2026
28fb33d
fix: devcontainer
sm8949752-ux Mar 18, 2026
bf17d83
fix devcontainer
sm8949752-ux Mar 18, 2026
2af9129
fix:update devcontainer
sm8949752-ux Mar 18, 2026
73afbf6
fix devcontainer
sm8949752-ux Mar 18, 2026
c0ffe1f
fix devcontainer
sm8949752-ux Mar 18, 2026
a4a7e76
Merge branch 'main' into main
sm8949752-ux Mar 20, 2026
af1b8d4
refactor: streamline build process and enhance logging
sm8949752-ux Mar 20, 2026
d59a3bf
feat: enhance build process with Java Memory Assistant integration an…
sm8949752-ux Mar 20, 2026
4a222b3
feat: update build configuration and enhance FIPS compliance logging
sm8949752-ux Mar 21, 2026
5b08a9f
feat: enhance build process with new task management and Dockerfile u…
sm8949752-ux Mar 21, 2026
ca3f710
feat: restructure task files and enhance build process with new confi…
sm8949752-ux Mar 24, 2026
7fcac16
feat: update builder configuration and enhance lifecycle image manage…
sm8949752-ux Mar 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions .devcontainer/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
FROM ubuntu:22.04

ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update && apt-get install -y \
python3 \
python3-pip \
curl \
git \
sudo \
&& rm -rf /var/lib/apt/lists/*
RUN curl -1sLf 'https://dl.cloudsmith.io/public/task/task/setup.deb.sh' | sudo -E bash
RUN apt install task -y
RUN useradd -m -s /bin/bash vscode && \
echo "vscode ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

RUN curl -sSL "https://github.com/buildpacks/pack/releases/download/v0.36.4/pack-v0.36.4-linux.tgz" \
| tar -C /usr/local/bin/ --no-same-owner -xzv pack

USER vscode
36 changes: 36 additions & 0 deletions .devcontainer/devcontainer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
{
"name": "CNB java",
"build": {
"dockerfile": "Dockerfile"
},
"containerEnv": {
"DOCKER_API_VERSION": "1.41"
},
"features": {
"ghcr.io/devcontainers/features/docker-outside-of-docker:1": {
"version": "latest",
"enableNonRootChildContainerUsage": true
},
"ghcr.io/devcontainers/features/common-utils:2": {
"configureZshAsDefaultShell": false,
"username": "vscode"
}
},
"customizations": {
"vscode": {
"extensions": [
"ms-kubernetes-tools.vscode-kubernetes-tools",
"redhat.vscode-yaml",
"ms-azuretools.vscode-docker",
"pkief.material-icon-theme",
"ms-python.python",
"tamasfe.even-better-toml"
],
"settings": {
"terminal.integrated.defaultProfile.linux": "bash"
}
}
},
"remoteUser": "vscode",
"postCreateCommand": "sudo chmod 666 /var/run/docker.sock && pip3 install rich && sudo chown vscode:vscode /var/run/docker.sock || true"
}
30 changes: 0 additions & 30 deletions .vscode/tasks.json
View file
Open in desktop

This file was deleted.

173 changes: 121 additions & 52 deletions 2-builder/builder.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,141 +1,210 @@
description = "My Custom Wolfi FIPS Builder"

description = "Custom Wolfi FIPS Builder"
[stack]
id = "io.buildpacks.stacks.jammy"
build-image = "taha/wolfi-build-image:latest"
run-image = "taha/wolfi-run-image:latest"
id = "taha/wolfi-build-image"
build-image = "taha/wolfi-build-image:latest"
run-image = "taha/wolfi-run-image:latest"

[[targets]]
os = "linux"
arch = "amd64"

os = "linux"
arch = "amd64"
[[targets]]
os = "linux"
arch = "arm64"

os = "linux"
arch = "arm64"

[[buildpacks]]
uri = "../fips-java-shim"
uri = "docker://taha/fips-java:1.0.0"

[[buildpacks]]
uri = "docker://paketobuildpacks/ca-certificates:latest"
uri = "docker://paketobuildpacks/ca-certificates:latest"

[[buildpacks]]
uri = "docker://paketobuildpacks/syft:latest"
uri = "docker://paketobuildpacks/syft:latest"

[[buildpacks]]
uri = "docker://paketobuildpacks/environment-variables:latest"
uri = "docker://paketobuildpacks/environment-variables:latest"

[[buildpacks]]
uri = "docker://paketobuildpacks/image-labels:latest"
uri = "docker://paketobuildpacks/image-labels:latest"

[[buildpacks]]
uri = "docker://paketobuildpacks/procfile:latest"
uri = "docker://paketobuildpacks/procfile:latest"

[[buildpacks]]
uri = "docker://paketobuildpacks/jattach:latest"
uri = "docker://paketobuildpacks/jattach:latest"

[[buildpacks]]
uri = "docker://paketobuildpacks/java-memory-assistant:latest"
uri = "docker://paketobuildpacks/java-memory-assistant:latest"

[[buildpacks]]
uri = "docker://paketobuildpacks/datadog:latest"
uri = "docker://paketobuildpacks/datadog:latest"

[[buildpacks]]
uri = "docker://paketobuildpacks/azure-application-insights:latest"
uri = "docker://paketobuildpacks/azure-application-insights:latest"

[[buildpacks]]
uri = "docker://paketobuildpacks/google-stackdriver:latest"
uri = "docker://paketobuildpacks/google-stackdriver:latest"

[[buildpacks]]
uri = "docker://paketobuildpacks/maven:latest"
uri = "docker://paketobuildpacks/maven:latest"

[[buildpacks]]
uri = "docker://paketobuildpacks/gradle:latest"
uri = "docker://paketobuildpacks/gradle:latest"

[[buildpacks]]
uri = "docker://paketobuildpacks/sbt:latest"
uri = "docker://paketobuildpacks/sbt:latest"

[[buildpacks]]
uri = "docker://paketobuildpacks/executable-jar:latest"
uri = "docker://paketobuildpacks/executable-jar:latest"

[[buildpacks]]
uri = "docker://paketobuildpacks/spring-boot:latest"
uri = "docker://paketobuildpacks/spring-boot:latest"

[[buildpacks]]
uri = "docker://paketobuildpacks/apache-tomcat:latest"
uri = "docker://paketobuildpacks/apache-tomcat:latest"

[[buildpacks]]
uri = "docker://paketobuildpacks/dist-zip:latest"
uri = "docker://paketobuildpacks/dist-zip:latest"

[[order]]

[[order.group]]
id = "paketo-buildpacks/ca-certificates"
optional = true

[[order.group]]
id = "taha/fips-java"

[[order.group]]
id = "paketo-buildpacks/syft"
optional = true

[[order.group]]
id = "paketo-buildpacks/gradle"
optional = true

[[order.group]]
id = "paketo-buildpacks/maven"
optional = true

[[order.group]]
id = "paketo-buildpacks/sbt"
id = "paketo-buildpacks/executable-jar"
optional = true

[[order.group]]
id = "paketo-buildpacks/executable-jar"
id = "paketo-buildpacks/spring-boot"
optional = true

[[order.group]]
id = "paketo-buildpacks/apache-tomcat"
optional = true

[[order.group]]
id = "paketo-buildpacks/dist-zip"
optional = true
[[order.group]]
id = "paketo-buildpacks/procfile"
optional = true
[[order.group]]
id = "paketo-buildpacks/jattach"
optional = true
[[order.group]]
id = "paketo-buildpacks/azure-application-insights"
optional = true
[[order.group]]
id = "paketo-buildpacks/google-stackdriver"
optional = true
[[order.group]]
id = "paketo-buildpacks/datadog"
optional = true
[[order.group]]
id = "paketo-buildpacks/java-memory-assistant"
optional = true
[[order.group]]
id = "paketo-buildpacks/environment-variables"
optional = true
[[order.group]]
id = "paketo-buildpacks/image-labels"
optional = true

[[order]]
[[order.group]]
id = "paketo-buildpacks/ca-certificates"
optional = true
[[order.group]]
id = "taha/fips-java"
[[order.group]]
id = "paketo-buildpacks/syft"
optional = true
[[order.group]]
id = "paketo-buildpacks/gradle"
[[order.group]]
id = "paketo-buildpacks/executable-jar"
optional = true
[[order.group]]
id = "paketo-buildpacks/spring-boot"
optional = true

[[order.group]]
id = "paketo-buildpacks/apache-tomcat"
optional = true
[[order.group]]
id = "paketo-buildpacks/dist-zip"
optional = true
[[order.group]]
id = "paketo-buildpacks/procfile"
optional = true

[[order.group]]
id = "paketo-buildpacks/jattach"
optional = true

[[order.group]]
id = "paketo-buildpacks/azure-application-insights"
optional = true

[[order.group]]
id = "paketo-buildpacks/google-stackdriver"
optional = true

[[order.group]]
id = "paketo-buildpacks/datadog"
optional = true

[[order.group]]
id = "paketo-buildpacks/java-memory-assistant"
optional = true

[[order.group]]
id = "paketo-buildpacks/environment-variables"
optional = true

[[order.group]]
id = "paketo-buildpacks/image-labels"
optional = true

[[order]]
[[order.group]]
id = "paketo-buildpacks/ca-certificates"
optional = true
[[order.group]]
id = "taha/fips-java"
[[order.group]]
id = "paketo-buildpacks/syft"
optional = true
[[order.group]]
id = "paketo-buildpacks/sbt"
[[order.group]]
id = "paketo-buildpacks/executable-jar"
optional = true
[[order.group]]
id = "paketo-buildpacks/spring-boot"
optional = true
Comment on lines +164 to +180

@coderabbitai coderabbitai Bot Mar 22, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

The sbt/executable-jar orders dropped shared utility buildpacks.

Unlike the Maven/Gradle groups, these new groups omit paketo-buildpacks/environment-variables, paketo-buildpacks/image-labels, and paketo-buildpacks/procfile; the sbt group also drops the observability helpers entirely. Apps that detect through these groups lose those capabilities even though the builder still bundles the images.

Also applies to: 183-211

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@2-builder/builder.toml` around lines 165 - 181, The sbt and executable-jar
order groups are missing shared utility buildpacks — add
paketo-buildpacks/environment-variables, paketo-buildpacks/image-labels, and
paketo-buildpacks/procfile to the [[order.group]] entries for id =
"paketo-buildpacks/sbt" and id = "paketo-buildpacks/executable-jar";
additionally restore the observability helpers (the paketo observability
buildpacks present in the Maven/Gradle groups) into the sbt group so apps retain
observability detection. Repeat the same fixes for the later duplicate section
(the ranges noted as also applies to 183-211). Ensure you insert the same
buildpack ids in the same group ordering style as the other language groups.


[[order]]
[[order.group]]
id = "paketo-buildpacks/ca-certificates"
optional = true
[[order.group]]
id = "taha/fips-java"
[[order.group]]
id = "paketo-buildpacks/syft"
optional = true
[[order.group]]
id = "paketo-buildpacks/executable-jar"
[[order.group]]
id = "paketo-buildpacks/spring-boot"
optional = true
[[order.group]]
id = "paketo-buildpacks/jattach"
optional = true
[[order.group]]
id = "paketo-buildpacks/java-memory-assistant"
optional = true
[[order.group]]
id = "paketo-buildpacks/datadog"
optional = true
[[order.group]]
id = "paketo-buildpacks/azure-application-insights"
optional = true
[[order.group]]
id = "paketo-buildpacks/google-stackdriver"
optional = true
2 changes: 1 addition & 1 deletion 4-gradle-app/src/main/java/com/taha/wolfidemo/DemoApplication.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ public String testFipsConstraint() {
// FipsUnapprovedOperationError or specific FIPS messages indicate success
if (errorType.contains("FipsUnapprovedOperationError") ||
(message != null && message.toLowerCase().contains("approved only mode"))) {
return "SUCCESS: FIPS is strictly enforced. System blocked insecure RSA-1024 key generation. Error Type: " + errorType;
return " just change SUCCESS: FIPS is strictly enforced. System blocked insecure RSA-1024 key generation. Error Type: " + errorType;

@coderabbitai coderabbitai Bot Mar 22, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Remove accidental prefix in success response

Line 47 includes an unintended " just change " prefix in the success payload. This alters the expected response contract and may break assertions/consumers relying on the "SUCCESS:" start.

Suggested fix 
-                return " just change SUCCESS: FIPS is strictly enforced. System blocked insecure RSA-1024 key generation. Error Type: " + errorType;
+                return "SUCCESS: FIPS is strictly enforced. System blocked insecure RSA-1024 key generation. Error Type: " + errorType;
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
return " just change SUCCESS: FIPS is strictly enforced. System blocked insecure RSA-1024 key generation. Error Type: " + errorType;
return "SUCCESS: FIPS is strictly enforced. System blocked insecure RSA-1024 key generation. Error Type: " + errorType;
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@4-gradle-app/src/main/java/com/taha/wolfidemo/DemoApplication.java` at line
47, The return string in DemoApplication (the method returning the payload that
currently returns " just change SUCCESS: FIPS is strictly enforced...") contains
an accidental prefix " just change" that breaks the response contract; update
the return expression in that method so the returned payload begins with
"SUCCESS: FIPS is strictly enforced. System blocked insecure RSA-1024 key
generation. Error Type: " (remove the " just change " prefix) so
consumers/assertions that expect the "SUCCESS:" prefix are preserved.

}

return "TERMINATED: An unexpected error occurred: " + errorType + " - " + message;
Expand Down
30 changes: 30 additions & 0 deletions Taskfile.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
version: '3'
env:
DOCKER_API_VERSION: "1.50"
PACK_VOLUME_KEY: "taha-fips-cache-key"
includes:
img: taskfile/image.yml
builder: taskfile/builder.yml
app: taskfile/app.yml
util: taskfile/util.yml
bp: taskfile/buildpack.yml


vars:
BUILD_IMAGE: taha/wolfi-build-image:latest
RUN_IMAGE: taha/wolfi-run-image:latest
BUILDER_NAME: taha/wolfi-fips-builder:latest
BUILDER_CONFIG: 2-builder/builder.toml

tasks:
default:
cmds:
- task: all

all:
desc: Build everything from scratch
cmds:
- task: img:build-img
- task: img:run-img
- task: bp:package
- task: builder:create
Loading