From 165a594f5ad75dce3241b1c0e3a0df0ee961234f Mon Sep 17 00:00:00 2001 From: Akash Kumar Date: Thu, 7 May 2026 17:01:30 +0530 Subject: [PATCH 1/3] feat(keploy-ci-java): bundle jattach v2.2 (linux-x64 + linux-arm64) Pre-stage both arches under /opt/jattach//jattach so keploy/enterprise release pipelines can `cp /opt/jattach//jattach ./jattach-` into a multi-arch buildx context without re-downloading from GitHub on every build (and without needing per-pipeline curl + sha verification). SHA256s are pinned against the upstream-published v2.2 archives so an upstream replacement fails the image build instead of silently shipping a different binary. /usr/local/bin/jattach is symlinked to the host-arch binary for native use of the image as well. Context: keploy/enterprise release pipelines are currently growing their own per-pipeline jattach download (see keploy/enterprise#1995); baking it into the CI base image lets that PR's follow-up drop the curl entirely. Signed-off-by: Akash Kumar --- keploy-ci-java/Dockerfile | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/keploy-ci-java/Dockerfile b/keploy-ci-java/Dockerfile index d4c60e1..0e0818c 100644 --- a/keploy-ci-java/Dockerfile +++ b/keploy-ci-java/Dockerfile @@ -1,7 +1,11 @@ # keploy-ci-java: keploy-ci + Maven + JDK (DinD + eBPF capable) -# Used by: java-linux.yml +# Used by: java-linux.yml + keploy/enterprise release pipelines, which +# stage the bundled jattach binaries from /opt/jattach//jattach +# into a multi-arch buildx context. FROM ghcr.io/keploy/keploy-ci:1.2.9 +ARG TARGETARCH + RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ @@ -11,3 +15,29 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/*; \ java -version; \ mvn -version + +# Pre-stage jattach v2.2 for both linux/amd64 and linux/arm64 so release +# pipelines can `cp /opt/jattach//jattach ./jattach-` without +# re-downloading from upstream every build. SHA256s pinned against the +# upstream-published v2.2 archives so an upstream replacement fails the +# image build instead of silently shipping a different binary. +ARG JATTACH_VERSION=v2.2 +ARG JATTACH_SHA256_AMD64=acd9e17f15749306be843df392063893e97bfecc5260eef73ee98f06e5cfe02f +ARG JATTACH_SHA256_ARM64=288ae5ed87ee7fe0e608c06db5a23a096a6217c9878ede53c4e33710bdcaab51 +RUN set -eux; \ + for spec in "amd64:linux-x64:${JATTACH_SHA256_AMD64}" \ + "arm64:linux-arm64:${JATTACH_SHA256_ARM64}"; do \ + out="${spec%%:*}"; rest="${spec#*:}"; \ + upstream="${rest%%:*}"; sha="${rest#*:}"; \ + mkdir -p "/opt/jattach/${out}"; \ + curl -fsSL --retry 3 --retry-delay 2 \ + -o /tmp/jattach.tgz \ + "https://github.com/jattach/jattach/releases/download/${JATTACH_VERSION}/jattach-${upstream}.tgz"; \ + echo "${sha} /tmp/jattach.tgz" | sha256sum -c -; \ + tar -xzOf /tmp/jattach.tgz jattach > "/opt/jattach/${out}/jattach"; \ + chmod +x "/opt/jattach/${out}/jattach"; \ + rm /tmp/jattach.tgz; \ + done; \ + ln -s "/opt/jattach/${TARGETARCH}/jattach" /usr/local/bin/jattach; \ + /usr/local/bin/jattach 2>&1 | head -1 || true; \ + ls -la /opt/jattach/amd64/ /opt/jattach/arm64/ From 13535f9e780903943e19bb104c16716a4e775c2b Mon Sep 17 00:00:00 2001 From: Akash Kumar Date: Thu, 7 May 2026 17:06:02 +0530 Subject: [PATCH 2/3] fix(keploy-ci-java): TARGETARCH fallback + symlink validation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Address review feedback from Copilot + Codex on #17: - TARGETARCH may be unset on legacy non-BuildKit builds, causing the jattach symlink to resolve to /opt/jattach//jattach. Fall back to `dpkg --print-architecture` (matches the keploy-ci/Dockerfile pattern) and validate ARCH ∈ {amd64, arm64}. - `jattach | head -1 || true` masks a missing/broken symlink. Add explicit `test -x` checks on both staged binaries and the symlink so the build fails loud if anything is wrong. Signed-off-by: Akash Kumar --- keploy-ci-java/Dockerfile | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/keploy-ci-java/Dockerfile b/keploy-ci-java/Dockerfile index 0e0818c..6274696 100644 --- a/keploy-ci-java/Dockerfile +++ b/keploy-ci-java/Dockerfile @@ -4,6 +4,8 @@ # into a multi-arch buildx context. FROM ghcr.io/keploy/keploy-ci:1.2.9 +# Provided automatically by BuildKit/buildx; fallback to dpkg when unset +# (legacy / `docker build` without --build-arg). ARG TARGETARCH RUN set -eux; \ @@ -38,6 +40,11 @@ RUN set -eux; \ chmod +x "/opt/jattach/${out}/jattach"; \ rm /tmp/jattach.tgz; \ done; \ - ln -s "/opt/jattach/${TARGETARCH}/jattach" /usr/local/bin/jattach; \ + ARCH="${TARGETARCH:-$(dpkg --print-architecture)}"; \ + case "$ARCH" in amd64|arm64) ;; *) echo "unsupported ARCH=$ARCH" >&2; exit 1 ;; esac; \ + ln -s "/opt/jattach/${ARCH}/jattach" /usr/local/bin/jattach; \ + test -x /opt/jattach/amd64/jattach; \ + test -x /opt/jattach/arm64/jattach; \ + test -x /usr/local/bin/jattach; \ /usr/local/bin/jattach 2>&1 | head -1 || true; \ - ls -la /opt/jattach/amd64/ /opt/jattach/arm64/ + ls -la /opt/jattach/amd64/ /opt/jattach/arm64/ /usr/local/bin/jattach From bb0931590457f7247789314e2a8dbbace3c8442d Mon Sep 17 00:00:00 2001 From: Akash Kumar Date: Thu, 7 May 2026 17:09:32 +0530 Subject: [PATCH 3/3] fix(keploy-ci-java): clearer error for unsupported ARCH MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Address #17 review nit — include the supported values and a hint about BuildKit/--build-arg so users can self-correct without reading the Dockerfile. Signed-off-by: Akash Kumar --- keploy-ci-java/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/keploy-ci-java/Dockerfile b/keploy-ci-java/Dockerfile index 6274696..2177d7b 100644 --- a/keploy-ci-java/Dockerfile +++ b/keploy-ci-java/Dockerfile @@ -41,7 +41,7 @@ RUN set -eux; \ rm /tmp/jattach.tgz; \ done; \ ARCH="${TARGETARCH:-$(dpkg --print-architecture)}"; \ - case "$ARCH" in amd64|arm64) ;; *) echo "unsupported ARCH=$ARCH" >&2; exit 1 ;; esac; \ + case "$ARCH" in amd64|arm64) ;; *) echo "unsupported ARCH='$ARCH' (supported: amd64, arm64). Build with BuildKit/buildx or pass --build-arg TARGETARCH=amd64|arm64." >&2; exit 1 ;; esac; \ ln -s "/opt/jattach/${ARCH}/jattach" /usr/local/bin/jattach; \ test -x /opt/jattach/amd64/jattach; \ test -x /opt/jattach/arm64/jattach; \