<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:27:53 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-3407] Don&apos;t use curl for java container health check</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-3407</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;Remove curl from &lt;del&gt;folioci/alpine-jre-openjdk-11&lt;/del&gt; folioci/alpine-jre-openjdk-17 java image.&lt;/p&gt;

&lt;p&gt;Many java based modules use curl for their health check; they set this healthChkCmd in their Jenkinsfile:&lt;/p&gt;
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
curl -sS --fail -o /dev/&lt;span class=&quot;code-keyword&quot;&gt;null&lt;/span&gt;  http:&lt;span class=&quot;code-comment&quot;&gt;//localhost:8081/apidocs/ || exit 1&lt;/span&gt;&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;
&lt;p&gt;Jenkins runs this command inside of the java container (&lt;a href=&quot;https://github.com/folio-org/jenkins-pipeline-libs/blob/fef2a9b64f7b1576f463f2db460b60f02fc2a3fa/vars/containerHealthCheck.groovy&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;containerHealthCheck.groovy&lt;/a&gt;, &lt;a href=&quot;https://docs.docker.com/engine/reference/run/#healthcheck&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;run healthcheck&lt;/a&gt;, &lt;a href=&quot;https://docs.docker.com/engine/reference/builder/#healthcheck&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;builder healthcheck&lt;/a&gt;).&lt;/p&gt;

&lt;p&gt;This requires that curl is installed inside of the java container. Currently we add curl to the java container: &lt;a href=&quot;https://github.com/folio-org/folio-tools/blob/0ce7f42a533ef0e896f41869dfa4857498ac8633/folio-java-docker/openjdk11/Dockerfile#L14&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;folio-java-docker/openjdk11/Dockerfile#L14&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;curl should be removed from this container and replaced by busybox wget or maven integration tests.&lt;/p&gt;

&lt;p&gt;This has several advantages:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;It reduces the container size.&lt;/li&gt;
	&lt;li&gt;It reduces the attack surface. curl&apos;s security history is worse then wget&apos;s: &lt;a href=&quot;https://www.cvedetails.com/product/25084/Haxx-Curl.html?vendor_id=12682&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;curl CVEs&lt;/a&gt; , &lt;a href=&quot;https://www.cvedetails.com/product/332/GNU-Wget.html?vendor_id=72&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;wget CVEs&lt;/a&gt;. FOLIO&apos;s java container is based on Alpine, Alpine ships with &lt;a href=&quot;https://www.busybox.net/about.html&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;BusyBox&lt;/a&gt;, a multi-call binary that contains wget with reduced number of options further reducing the attack surface.&lt;/li&gt;
	&lt;li&gt;It reduces complexity and maintenance effort. To run a .jar file no curl is needed, containers should be as small as possible.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Module developers have several options:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;Remove the build health check from Jenkins file and move it into the maven integration test phase. This is the best option because it allows to add more smoke tests. Build and start the Docker container in maven integration test phase and test the health end point. Optionally add smoke tests to check that all libraries have been correctly assembled in the shaded uber fat jar. Examples: &lt;a href=&quot;https://github.com/folio-org/mod-eusage-reports/blob/v1.0.4/src/test/java/org/folio/eusage/reports/api/ApiIT.java&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;mod-eusage-reports ApiIT&lt;/a&gt;, &lt;a href=&quot;https://github.com/folio-org/mod-oai-pmh/blob/v3.6.1/src/test/java/org/folio/rest/impl/ModTenantAPIIT.java&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;mod-oai-pmh ModTenantAPIIT&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;Switch from curl to wget in the healthChkCmd in the Jenkinsfile:
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
wget --no-verbose --tries=1 --spider http:&lt;span class=&quot;code-comment&quot;&gt;//localhost:8081/admin/health || exit 1&lt;/span&gt;
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;If a module really needs the features that curl provides it may amend it&apos;s own Dockerfile:
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
RUN apk add --no-cache curl
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;
&lt;p&gt;Best practice is to combine this with apk upgrade:&lt;/p&gt;
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
RUN apk upgrade \
 &amp;amp;&amp;amp; apk add \
      curl \
 &amp;amp;&amp;amp; rm -rf /&lt;span class=&quot;code-keyword&quot;&gt;var&lt;/span&gt;/cache/apk/*
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;&lt;/li&gt;
&lt;/ul&gt;
</description>
                <environment></environment>
        <key id="82209">FOLIO-3407</key>
            <summary>Don&apos;t use curl for java container health check</summary>
                <type id="10006" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10307?size=medium">Umbrella</type>
                                            <priority id="10002" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p3.svg">P3</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="5ee89462f7aa140abd82d11d">Julian Ladisch</assignee>
                                                                <reporter accountid="5ee89462f7aa140abd82d11d">Julian Ladisch</reporter>
                                    <labels>
                            <label>security</label>
                            <label>security-reviewed</label>
                    </labels>
                <created>Fri, 11 Feb 2022 10:35:21 +0000</created>
                <updated>Sun, 6 Nov 2022 09:54:52 +0000</updated>
                            <resolved>Thu, 3 Nov 2022 15:32:16 +0000</resolved>
                                                                    <component>Continuous Integration</component>
                        <due></due>
                            <votes>0</votes>
                                    <watches>3</watches>
                                                                <comments>
                                                            <comment id="197250" author="5cf6c546b87c300f36eb7b9a" created="Thu, 3 Nov 2022 15:32:16 +0000"  >&lt;p&gt;Curl is no longer being installed into the openjdk17 base image.&#160; See &lt;a href=&quot;https://github.com/folio-org/folio-tools/blob/master/folio-java-docker/openjdk17/Dockerfile&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/folio-tools/blob/master/folio-java-docker/openjdk17/Dockerfile&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;Closing this as done&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10008">
                    <name>Defines</name>
                                                                <inwardlinks description="is defined by ">
                                        <issuelink>
            <issuekey id="82210">FOLIO-3409</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="82408">FOLIO-3507</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="37128">MODCR-82</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="70789">MODNOTES-223</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="75318">RSRVR-52</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                                                <inwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="64840">MODOAIPMH-393</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10168"><![CDATA[None]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10106" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>RCA Group</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10367"><![CDATA[TBD]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i045ne:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Thu, 3 Nov 2022 15:32:16 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>