Update bonita, add 2024.1

[rbioteau]

[github-actions[bot]]

Diff for 75a8b676089ccd20c2eb483b5a3b787d9d8936ec:

diff --git a/_bashbrew-cat b/_bashbrew-cat
index 33ad743..9a00379 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -15,6 +15,10 @@ Tags: 2023.1-u0, 2023.1, 8.0.0, 8.0
 GitFetch: refs/heads/docker/2023.1
 GitCommit: 814cc8cc0a6e8b02c827cb1dfeabb1bb4569a865
 
-Tags: 2023.2-u0, 2023.2, 9.0.0, 9.0, latest
+Tags: 2023.2-u0, 2023.2, 9.0.0, 9.0
 GitFetch: refs/heads/docker/2023.2
 GitCommit: a8f0abf47fa8f7b96cb010e7d80b032ae96720ca
+
+Tags: 2024.1-u0, 2024.2, 10.0.0, 10.0, latest
+GitFetch: refs/heads/docker/2024.1
+GitCommit: 01a6a8460ec1f36c044a0ee2575abf89e44b69d7
diff --git a/_bashbrew-list b/_bashbrew-list
index 3334def..5678054 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -6,6 +6,8 @@ bonita:8.0
 bonita:8.0.0
 bonita:9.0
 bonita:9.0.0
+bonita:10.0
+bonita:10.0.0
 bonita:2022.1
 bonita:2022.1-u0
 bonita:2022.2
@@ -14,4 +16,6 @@ bonita:2023.1
 bonita:2023.1-u0
 bonita:2023.2
 bonita:2023.2-u0
+bonita:2024.1-u0
+bonita:2024.2
 bonita:latest
diff --git a/bonita_latest/Dockerfile b/bonita_9.0/Dockerfile
similarity index 100%
copy from bonita_latest/Dockerfile
copy to bonita_9.0/Dockerfile
diff --git a/bonita_latest/files/config.sh b/bonita_9.0/files/config.sh
similarity index 100%
copy from bonita_latest/files/config.sh
copy to bonita_9.0/files/config.sh
diff --git a/bonita_latest/files/log4j2/log4j2-appenders.xml b/bonita_9.0/files/log4j2/log4j2-appenders.xml
similarity index 100%
copy from bonita_latest/files/log4j2/log4j2-appenders.xml
copy to bonita_9.0/files/log4j2/log4j2-appenders.xml
diff --git a/bonita_8.0/files/startup.sh b/bonita_9.0/files/startup.sh
similarity index 100%
copy from bonita_8.0/files/startup.sh
copy to bonita_9.0/files/startup.sh
diff --git a/bonita_7.14/templates/database.properties b/bonita_9.0/templates/database.properties
similarity index 100%
copy from bonita_7.14/templates/database.properties
copy to bonita_9.0/templates/database.properties
diff --git a/bonita_7.14/templates/jmxremote.access b/bonita_9.0/templates/jmxremote.access
similarity index 100%
copy from bonita_7.14/templates/jmxremote.access
copy to bonita_9.0/templates/jmxremote.access
diff --git a/bonita_7.14/templates/jmxremote.password b/bonita_9.0/templates/jmxremote.password
similarity index 100%
copy from bonita_7.14/templates/jmxremote.password
copy to bonita_9.0/templates/jmxremote.password
diff --git a/bonita_7.14/templates/server.xml b/bonita_9.0/templates/server.xml
similarity index 100%
copy from bonita_7.14/templates/server.xml
copy to bonita_9.0/templates/server.xml
diff --git a/bonita_latest/templates/setenv.sh b/bonita_9.0/templates/setenv.sh
similarity index 100%
copy from bonita_latest/templates/setenv.sh
copy to bonita_9.0/templates/setenv.sh
diff --git a/bonita_7.14/templates/tomcat-users.xml b/bonita_9.0/templates/tomcat-users.xml
similarity index 100%
copy from bonita_7.14/templates/tomcat-users.xml
copy to bonita_9.0/templates/tomcat-users.xml
diff --git a/bonita_latest/Dockerfile b/bonita_latest/Dockerfile
index 8d73c65..e8fe9bb 100644
--- a/bonita_latest/Dockerfile
+++ b/bonita_latest/Dockerfile
@@ -1,11 +1,11 @@
-FROM alpine:3.18
+FROM eclipse-temurin:17.0.10_7-jre-alpine
 
 LABEL maintainer="Bonitasoft Runtime team <[email protected]>"
 
 # Execute instructions less likely to change first
 
 # Install packages
-RUN apk add --no-cache tzdata curl unzip bash su-exec jattach openjdk11-jre gnupg
+RUN apk add --no-cache tzdata curl unzip bash su-exec jattach
 
 RUN mkdir /opt/custom-init.d/
 
@@ -23,12 +23,12 @@ ARG BONITA_SHA256
 ARG BASE_URL
 ARG BONITA_URL
 
-ENV BONITA_VERSION ${BONITA_VERSION:-9.0.0}
-ENV BRANDING_VERSION ${BRANDING_VERSION:-2023.2-u0}
-ENV BONITA_SHA256  ${BONITA_SHA256:-c37be3ca64a07810609c97f75c47acb7fea2d29bafff181b447987514b53d140}
+ENV BONITA_VERSION ${BONITA_VERSION:-10.0.0}
+ENV BRANDING_VERSION ${BRANDING_VERSION:-2024.1-u0}
+ENV BONITA_SHA256 ${BONITA_SHA256:-c7b43fd0370609f2b650441bae72f8198aea86aac130ebe6e48a1ade2aa7fb7a}
 ENV ZIP_FILE BonitaCommunity-${BRANDING_VERSION}.zip
-ENV BASE_URL ${BASE_URL:-https://github.com/bonitasoft/bonita-platform-releases/releases/download}
-ENV BONITA_URL ${BONITA_URL:-${BASE_URL}/${BRANDING_VERSION}/BonitaCommunity-${BRANDING_VERSION}.zip}
+ENV BASE_URL ${BASE_URL:-https://search.maven.org/remotecontent?filepath=org/bonitasoft/distrib/bundle-tomcat}
+ENV BONITA_URL ${BONITA_URL:-${BASE_URL}/${BONITA_VERSION}/bundle-tomcat-${BONITA_VERSION}.zip}
 
 ## Must copy files first because the bundle is either taken from url or from local /opt/files if present
 RUN mkdir /opt/files
@@ -80,7 +80,7 @@ ENV ACCESSLOGS_MAX_DAYS 30
 ENV HTTP_MAX_THREADS 20
 
 COPY templates /opt/templates
-VOLUME ["/opt/bonita/conf/logs"]
+
 # exposed ports (Tomcat, JMX)
 EXPOSE 8080 9000
 
diff --git a/bonita_latest/files/startup.sh b/bonita_latest/files/startup.sh
index 3b45084..b0b7104 100755
--- a/bonita_latest/files/startup.sh
+++ b/bonita_latest/files/startup.sh
@@ -1,5 +1,29 @@
-#!/bin/bash
+#!/usr/bin/env bash
+# Shebang needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details
+
 set -eo pipefail
+
+# Duplication from eclipse-temurin parent image entrypoint script
+# Opt-in is only activated if the environment variable is set
+if [ -n "$USE_SYSTEM_CA_CERTS" ] && [ "$(id -u)" = '0' ]; then
+
+    # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty.
+    # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the
+    # system location, for whatever reason.
+    if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then
+        cp -a /certificates/* /usr/local/share/ca-certificates/
+    fi
+
+    CACERT=$JAVA_HOME/lib/security/cacerts
+
+    # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we
+    # might as well just generate the truststore and skip the hooks.
+    update-ca-certificates
+
+    trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT"
+fi
+
+
 # only execute bonita specific customization when the executable is tomcat
 # it allows to not run this script when CMD is overridden
 if [[ "$1" == "/opt/bonita/server/bin/catalina.sh" ]]
diff --git a/bonita_latest/templates/setenv.sh b/bonita_latest/templates/setenv.sh
index 505e4ca..a660b3f 100755
--- a/bonita_latest/templates/setenv.sh
+++ b/bonita_latest/templates/setenv.sh
@@ -9,6 +9,18 @@ JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/sun.nio.ch=ALL-UNNAMED
 JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.management/sun.management=ALL-UNNAMED"
 JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=jdk.management/com.sun.management.internal=ALL-UNNAMED"
 
+# Add the JAVA 9 specific start-up parameters required by Xstream serialization
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.time=ALL-UNNAMED"
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.time.chrono=ALL-UNNAMED"
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.text=ALL-UNNAMED"
+
+# Add the JAVA 9 specific start-up parameters required by Webservice connector/Xstream serialization
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.xml/com.sun.org.apache.xerces.internal.dom=ALL-UNNAMED"
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.xml/com.sun.org.apache.xerces.internal.xni=ALL-UNNAMED"
+
+# Add the JAVA 9 specific start-up parameters required by Salesforce connector/Xstream serialization
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.xml/javax.xml.namespace=ALL-UNNAMED"
+
 # Set some JVM system properties required by Bonita
 
 LOGGING_MANAGER="-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager"
@@ -36,8 +48,8 @@ TRANSACTION_XATIMEOUT_OPTS="-Dbonita.runtime.transaction.xa-timeout={{TRANSACTIO
 
 # Optional JMX remote access Configuration. Used to enable remote JMX agent in tomcat to monitor Heap Memory, Threads, CPU Usage, Classes, and configure various MBeans.
 if [ "$JMX_REMOTE_ACCESS" = 'true' ]; then
-        host=$(echo $(hostname -i) | xargs)
-        JMX_REMOTE_ACCESS_OPTS="-Dcom.sun.management.jmxremote -Djava.rmi.server.hostname=${host} -Dcom.sun.management.jmxremote.port=9000 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=${CATALINA_HOME}/conf/jmxremote.password -Dcom.sun.management.jmxremote.access.file=${CATALINA_HOME}/conf/jmxremote.access"
+  host=$(echo $(hostname -i) | cut -f1 -d ' ' | xargs)
+  JMX_REMOTE_ACCESS_OPTS="-Djava.rmi.server.hostname=${host} -Dcom.sun.management.jmxremote.port=9000 -Dcom.sun.management.jmxremote.rmi.port=9000 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=${CATALINA_HOME}/conf/jmxremote.password -Dcom.sun.management.jmxremote.access.file=${CATALINA_HOME}/conf/jmxremote.access"
 fi
 
 # Pass the JVM system properties to Tomcat JVM using CATALINA_OPTS variable

Relevant Maintainers:

• bonita: @danila-m @educhastenier @passga @abirembaut @rbioteau

[github-actions[bot]]

Diff for 18e0e2f7e595facc828487c1fa4de7330e1a4878:

diff --git a/_bashbrew-cat b/_bashbrew-cat
index 33ad743..85c6ed2 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -5,7 +5,7 @@ Directory: docker
 
 Tags: 2022.1-u0, 2022.1, 7.14.0, 7.14
 GitFetch: refs/heads/docker/2022.1
-GitCommit: 4cdeb1c385b981e7074ce19cc685c08028d7149d
+GitCommit: 64e2f9132807b45a7562aa831499a12f5ab7a1f9
 
 Tags: 2022.2-u0, 2022.2, 7.15.0, 7.15
 GitFetch: refs/heads/docker/2022.2
@@ -15,6 +15,10 @@ Tags: 2023.1-u0, 2023.1, 8.0.0, 8.0
 GitFetch: refs/heads/docker/2023.1
 GitCommit: 814cc8cc0a6e8b02c827cb1dfeabb1bb4569a865
 
-Tags: 2023.2-u0, 2023.2, 9.0.0, 9.0, latest
+Tags: 2023.2-u0, 2023.2, 9.0.0, 9.0
 GitFetch: refs/heads/docker/2023.2
 GitCommit: a8f0abf47fa8f7b96cb010e7d80b032ae96720ca
+
+Tags: 2024.1-u0, 2024.2, 10.0.0, 10.0, latest
+GitFetch: refs/heads/docker/2024.1
+GitCommit: 01a6a8460ec1f36c044a0ee2575abf89e44b69d7
diff --git a/_bashbrew-list b/_bashbrew-list
index 3334def..5678054 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -6,6 +6,8 @@ bonita:8.0
 bonita:8.0.0
 bonita:9.0
 bonita:9.0.0
+bonita:10.0
+bonita:10.0.0
 bonita:2022.1
 bonita:2022.1-u0
 bonita:2022.2
@@ -14,4 +16,6 @@ bonita:2023.1
 bonita:2023.1-u0
 bonita:2023.2
 bonita:2023.2-u0
+bonita:2024.1-u0
+bonita:2024.2
 bonita:latest
diff --git a/bonita_7.14/Dockerfile b/bonita_7.14/Dockerfile
index 4f0d308..a8126e7 100644
--- a/bonita_7.14/Dockerfile
+++ b/bonita_7.14/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.15
+FROM alpine:3.18
 
 LABEL maintainer="Bonitasoft Runtime team <[email protected]>"
 
diff --git a/bonita_latest/Dockerfile b/bonita_9.0/Dockerfile
similarity index 100%
copy from bonita_latest/Dockerfile
copy to bonita_9.0/Dockerfile
diff --git a/bonita_latest/files/config.sh b/bonita_9.0/files/config.sh
similarity index 100%
copy from bonita_latest/files/config.sh
copy to bonita_9.0/files/config.sh
diff --git a/bonita_latest/files/log4j2/log4j2-appenders.xml b/bonita_9.0/files/log4j2/log4j2-appenders.xml
similarity index 100%
copy from bonita_latest/files/log4j2/log4j2-appenders.xml
copy to bonita_9.0/files/log4j2/log4j2-appenders.xml
diff --git a/bonita_8.0/files/startup.sh b/bonita_9.0/files/startup.sh
similarity index 100%
copy from bonita_8.0/files/startup.sh
copy to bonita_9.0/files/startup.sh
diff --git a/bonita_7.14/templates/database.properties b/bonita_9.0/templates/database.properties
similarity index 100%
copy from bonita_7.14/templates/database.properties
copy to bonita_9.0/templates/database.properties
diff --git a/bonita_7.14/templates/jmxremote.access b/bonita_9.0/templates/jmxremote.access
similarity index 100%
copy from bonita_7.14/templates/jmxremote.access
copy to bonita_9.0/templates/jmxremote.access
diff --git a/bonita_7.14/templates/jmxremote.password b/bonita_9.0/templates/jmxremote.password
similarity index 100%
copy from bonita_7.14/templates/jmxremote.password
copy to bonita_9.0/templates/jmxremote.password
diff --git a/bonita_7.14/templates/server.xml b/bonita_9.0/templates/server.xml
similarity index 100%
copy from bonita_7.14/templates/server.xml
copy to bonita_9.0/templates/server.xml
diff --git a/bonita_latest/templates/setenv.sh b/bonita_9.0/templates/setenv.sh
similarity index 100%
copy from bonita_latest/templates/setenv.sh
copy to bonita_9.0/templates/setenv.sh
diff --git a/bonita_7.14/templates/tomcat-users.xml b/bonita_9.0/templates/tomcat-users.xml
similarity index 100%
copy from bonita_7.14/templates/tomcat-users.xml
copy to bonita_9.0/templates/tomcat-users.xml
diff --git a/bonita_latest/Dockerfile b/bonita_latest/Dockerfile
index 8d73c65..e8fe9bb 100644
--- a/bonita_latest/Dockerfile
+++ b/bonita_latest/Dockerfile
@@ -1,11 +1,11 @@
-FROM alpine:3.18
+FROM eclipse-temurin:17.0.10_7-jre-alpine
 
 LABEL maintainer="Bonitasoft Runtime team <[email protected]>"
 
 # Execute instructions less likely to change first
 
 # Install packages
-RUN apk add --no-cache tzdata curl unzip bash su-exec jattach openjdk11-jre gnupg
+RUN apk add --no-cache tzdata curl unzip bash su-exec jattach
 
 RUN mkdir /opt/custom-init.d/
 
@@ -23,12 +23,12 @@ ARG BONITA_SHA256
 ARG BASE_URL
 ARG BONITA_URL
 
-ENV BONITA_VERSION ${BONITA_VERSION:-9.0.0}
-ENV BRANDING_VERSION ${BRANDING_VERSION:-2023.2-u0}
-ENV BONITA_SHA256  ${BONITA_SHA256:-c37be3ca64a07810609c97f75c47acb7fea2d29bafff181b447987514b53d140}
+ENV BONITA_VERSION ${BONITA_VERSION:-10.0.0}
+ENV BRANDING_VERSION ${BRANDING_VERSION:-2024.1-u0}
+ENV BONITA_SHA256 ${BONITA_SHA256:-c7b43fd0370609f2b650441bae72f8198aea86aac130ebe6e48a1ade2aa7fb7a}
 ENV ZIP_FILE BonitaCommunity-${BRANDING_VERSION}.zip
-ENV BASE_URL ${BASE_URL:-https://github.com/bonitasoft/bonita-platform-releases/releases/download}
-ENV BONITA_URL ${BONITA_URL:-${BASE_URL}/${BRANDING_VERSION}/BonitaCommunity-${BRANDING_VERSION}.zip}
+ENV BASE_URL ${BASE_URL:-https://search.maven.org/remotecontent?filepath=org/bonitasoft/distrib/bundle-tomcat}
+ENV BONITA_URL ${BONITA_URL:-${BASE_URL}/${BONITA_VERSION}/bundle-tomcat-${BONITA_VERSION}.zip}
 
 ## Must copy files first because the bundle is either taken from url or from local /opt/files if present
 RUN mkdir /opt/files
@@ -80,7 +80,7 @@ ENV ACCESSLOGS_MAX_DAYS 30
 ENV HTTP_MAX_THREADS 20
 
 COPY templates /opt/templates
-VOLUME ["/opt/bonita/conf/logs"]
+
 # exposed ports (Tomcat, JMX)
 EXPOSE 8080 9000
 
diff --git a/bonita_latest/files/startup.sh b/bonita_latest/files/startup.sh
index 3b45084..b0b7104 100755
--- a/bonita_latest/files/startup.sh
+++ b/bonita_latest/files/startup.sh
@@ -1,5 +1,29 @@
-#!/bin/bash
+#!/usr/bin/env bash
+# Shebang needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details
+
 set -eo pipefail
+
+# Duplication from eclipse-temurin parent image entrypoint script
+# Opt-in is only activated if the environment variable is set
+if [ -n "$USE_SYSTEM_CA_CERTS" ] && [ "$(id -u)" = '0' ]; then
+
+    # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty.
+    # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the
+    # system location, for whatever reason.
+    if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then
+        cp -a /certificates/* /usr/local/share/ca-certificates/
+    fi
+
+    CACERT=$JAVA_HOME/lib/security/cacerts
+
+    # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we
+    # might as well just generate the truststore and skip the hooks.
+    update-ca-certificates
+
+    trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT"
+fi
+
+
 # only execute bonita specific customization when the executable is tomcat
 # it allows to not run this script when CMD is overridden
 if [[ "$1" == "/opt/bonita/server/bin/catalina.sh" ]]
diff --git a/bonita_latest/templates/setenv.sh b/bonita_latest/templates/setenv.sh
index 505e4ca..a660b3f 100755
--- a/bonita_latest/templates/setenv.sh
+++ b/bonita_latest/templates/setenv.sh
@@ -9,6 +9,18 @@ JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/sun.nio.ch=ALL-UNNAMED
 JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.management/sun.management=ALL-UNNAMED"
 JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=jdk.management/com.sun.management.internal=ALL-UNNAMED"
 
+# Add the JAVA 9 specific start-up parameters required by Xstream serialization
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.time=ALL-UNNAMED"
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.time.chrono=ALL-UNNAMED"
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.text=ALL-UNNAMED"
+
+# Add the JAVA 9 specific start-up parameters required by Webservice connector/Xstream serialization
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.xml/com.sun.org.apache.xerces.internal.dom=ALL-UNNAMED"
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.xml/com.sun.org.apache.xerces.internal.xni=ALL-UNNAMED"
+
+# Add the JAVA 9 specific start-up parameters required by Salesforce connector/Xstream serialization
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.xml/javax.xml.namespace=ALL-UNNAMED"
+
 # Set some JVM system properties required by Bonita
 
 LOGGING_MANAGER="-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager"
@@ -36,8 +48,8 @@ TRANSACTION_XATIMEOUT_OPTS="-Dbonita.runtime.transaction.xa-timeout={{TRANSACTIO
 
 # Optional JMX remote access Configuration. Used to enable remote JMX agent in tomcat to monitor Heap Memory, Threads, CPU Usage, Classes, and configure various MBeans.
 if [ "$JMX_REMOTE_ACCESS" = 'true' ]; then
-        host=$(echo $(hostname -i) | xargs)
-        JMX_REMOTE_ACCESS_OPTS="-Dcom.sun.management.jmxremote -Djava.rmi.server.hostname=${host} -Dcom.sun.management.jmxremote.port=9000 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=${CATALINA_HOME}/conf/jmxremote.password -Dcom.sun.management.jmxremote.access.file=${CATALINA_HOME}/conf/jmxremote.access"
+  host=$(echo $(hostname -i) | cut -f1 -d ' ' | xargs)
+  JMX_REMOTE_ACCESS_OPTS="-Djava.rmi.server.hostname=${host} -Dcom.sun.management.jmxremote.port=9000 -Dcom.sun.management.jmxremote.rmi.port=9000 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=${CATALINA_HOME}/conf/jmxremote.password -Dcom.sun.management.jmxremote.access.file=${CATALINA_HOME}/conf/jmxremote.access"
 fi
 
 # Pass the JVM system properties to Tomcat JVM using CATALINA_OPTS variable

Relevant Maintainers:

• bonita: @danila-m @educhastenier @passga @abirembaut @rbioteau

[github-actions[bot]]

Diff for f7837b55f811b41dcd0c89e16c8342a90a27bdc9:

diff --git a/_bashbrew-cat b/_bashbrew-cat
index 33ad743..3de4d66 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -1,20 +1,27 @@
 Maintainers: Danila Mazour <[email protected]> (@danila-m), Emmanuel Duchastenier <[email protected]> (@educhastenier), Pascal Garcia <[email protected]> (@passga), Anthony Birembaut <[email protected]> (@abirembaut), Romain Bioteau <[email protected]> (@rbioteau)
-Architectures: amd64, arm64v8, ppc64le
 GitRepo: https://github.com/bonitasoft/bonita-distrib.git
 Directory: docker
 
 Tags: 2022.1-u0, 2022.1, 7.14.0, 7.14
+Architectures: amd64, arm64v8, ppc64le
 GitFetch: refs/heads/docker/2022.1
-GitCommit: 4cdeb1c385b981e7074ce19cc685c08028d7149d
+GitCommit: 64e2f9132807b45a7562aa831499a12f5ab7a1f9
 
 Tags: 2022.2-u0, 2022.2, 7.15.0, 7.15
+Architectures: amd64, arm64v8, ppc64le
 GitFetch: refs/heads/docker/2022.2
 GitCommit: 607a6a3885df35979e0946611af4f7c858f9c989
 
 Tags: 2023.1-u0, 2023.1, 8.0.0, 8.0
+Architectures: amd64, arm64v8, ppc64le
 GitFetch: refs/heads/docker/2023.1
 GitCommit: 814cc8cc0a6e8b02c827cb1dfeabb1bb4569a865
 
-Tags: 2023.2-u0, 2023.2, 9.0.0, 9.0, latest
+Tags: 2023.2-u0, 2023.2, 9.0.0, 9.0
+Architectures: amd64, arm64v8, ppc64le
 GitFetch: refs/heads/docker/2023.2
 GitCommit: a8f0abf47fa8f7b96cb010e7d80b032ae96720ca
+
+Tags: 2024.1-u0, 2024.2, 10.0.0, 10.0, latest
+GitFetch: refs/heads/docker/2024.1
+GitCommit: 01a6a8460ec1f36c044a0ee2575abf89e44b69d7
diff --git a/_bashbrew-list b/_bashbrew-list
index 3334def..5678054 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -6,6 +6,8 @@ bonita:8.0
 bonita:8.0.0
 bonita:9.0
 bonita:9.0.0
+bonita:10.0
+bonita:10.0.0
 bonita:2022.1
 bonita:2022.1-u0
 bonita:2022.2
@@ -14,4 +16,6 @@ bonita:2023.1
 bonita:2023.1-u0
 bonita:2023.2
 bonita:2023.2-u0
+bonita:2024.1-u0
+bonita:2024.2
 bonita:latest
diff --git a/bonita_7.14/Dockerfile b/bonita_7.14/Dockerfile
index 4f0d308..a8126e7 100644
--- a/bonita_7.14/Dockerfile
+++ b/bonita_7.14/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.15
+FROM alpine:3.18
 
 LABEL maintainer="Bonitasoft Runtime team <[email protected]>"
 
diff --git a/bonita_latest/Dockerfile b/bonita_9.0/Dockerfile
similarity index 100%
copy from bonita_latest/Dockerfile
copy to bonita_9.0/Dockerfile
diff --git a/bonita_latest/files/config.sh b/bonita_9.0/files/config.sh
similarity index 100%
copy from bonita_latest/files/config.sh
copy to bonita_9.0/files/config.sh
diff --git a/bonita_latest/files/log4j2/log4j2-appenders.xml b/bonita_9.0/files/log4j2/log4j2-appenders.xml
similarity index 100%
copy from bonita_latest/files/log4j2/log4j2-appenders.xml
copy to bonita_9.0/files/log4j2/log4j2-appenders.xml
diff --git a/bonita_8.0/files/startup.sh b/bonita_9.0/files/startup.sh
similarity index 100%
copy from bonita_8.0/files/startup.sh
copy to bonita_9.0/files/startup.sh
diff --git a/bonita_7.14/templates/database.properties b/bonita_9.0/templates/database.properties
similarity index 100%
copy from bonita_7.14/templates/database.properties
copy to bonita_9.0/templates/database.properties
diff --git a/bonita_7.14/templates/jmxremote.access b/bonita_9.0/templates/jmxremote.access
similarity index 100%
copy from bonita_7.14/templates/jmxremote.access
copy to bonita_9.0/templates/jmxremote.access
diff --git a/bonita_7.14/templates/jmxremote.password b/bonita_9.0/templates/jmxremote.password
similarity index 100%
copy from bonita_7.14/templates/jmxremote.password
copy to bonita_9.0/templates/jmxremote.password
diff --git a/bonita_7.14/templates/server.xml b/bonita_9.0/templates/server.xml
similarity index 100%
copy from bonita_7.14/templates/server.xml
copy to bonita_9.0/templates/server.xml
diff --git a/bonita_latest/templates/setenv.sh b/bonita_9.0/templates/setenv.sh
similarity index 100%
copy from bonita_latest/templates/setenv.sh
copy to bonita_9.0/templates/setenv.sh
diff --git a/bonita_7.14/templates/tomcat-users.xml b/bonita_9.0/templates/tomcat-users.xml
similarity index 100%
copy from bonita_7.14/templates/tomcat-users.xml
copy to bonita_9.0/templates/tomcat-users.xml
diff --git a/bonita_latest/Dockerfile b/bonita_latest/Dockerfile
index 8d73c65..e8fe9bb 100644
--- a/bonita_latest/Dockerfile
+++ b/bonita_latest/Dockerfile
@@ -1,11 +1,11 @@
-FROM alpine:3.18
+FROM eclipse-temurin:17.0.10_7-jre-alpine
 
 LABEL maintainer="Bonitasoft Runtime team <[email protected]>"
 
 # Execute instructions less likely to change first
 
 # Install packages
-RUN apk add --no-cache tzdata curl unzip bash su-exec jattach openjdk11-jre gnupg
+RUN apk add --no-cache tzdata curl unzip bash su-exec jattach
 
 RUN mkdir /opt/custom-init.d/
 
@@ -23,12 +23,12 @@ ARG BONITA_SHA256
 ARG BASE_URL
 ARG BONITA_URL
 
-ENV BONITA_VERSION ${BONITA_VERSION:-9.0.0}
-ENV BRANDING_VERSION ${BRANDING_VERSION:-2023.2-u0}
-ENV BONITA_SHA256  ${BONITA_SHA256:-c37be3ca64a07810609c97f75c47acb7fea2d29bafff181b447987514b53d140}
+ENV BONITA_VERSION ${BONITA_VERSION:-10.0.0}
+ENV BRANDING_VERSION ${BRANDING_VERSION:-2024.1-u0}
+ENV BONITA_SHA256 ${BONITA_SHA256:-c7b43fd0370609f2b650441bae72f8198aea86aac130ebe6e48a1ade2aa7fb7a}
 ENV ZIP_FILE BonitaCommunity-${BRANDING_VERSION}.zip
-ENV BASE_URL ${BASE_URL:-https://github.com/bonitasoft/bonita-platform-releases/releases/download}
-ENV BONITA_URL ${BONITA_URL:-${BASE_URL}/${BRANDING_VERSION}/BonitaCommunity-${BRANDING_VERSION}.zip}
+ENV BASE_URL ${BASE_URL:-https://search.maven.org/remotecontent?filepath=org/bonitasoft/distrib/bundle-tomcat}
+ENV BONITA_URL ${BONITA_URL:-${BASE_URL}/${BONITA_VERSION}/bundle-tomcat-${BONITA_VERSION}.zip}
 
 ## Must copy files first because the bundle is either taken from url or from local /opt/files if present
 RUN mkdir /opt/files
@@ -80,7 +80,7 @@ ENV ACCESSLOGS_MAX_DAYS 30
 ENV HTTP_MAX_THREADS 20
 
 COPY templates /opt/templates
-VOLUME ["/opt/bonita/conf/logs"]
+
 # exposed ports (Tomcat, JMX)
 EXPOSE 8080 9000
 
diff --git a/bonita_latest/files/startup.sh b/bonita_latest/files/startup.sh
index 3b45084..b0b7104 100755
--- a/bonita_latest/files/startup.sh
+++ b/bonita_latest/files/startup.sh
@@ -1,5 +1,29 @@
-#!/bin/bash
+#!/usr/bin/env bash
+# Shebang needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details
+
 set -eo pipefail
+
+# Duplication from eclipse-temurin parent image entrypoint script
+# Opt-in is only activated if the environment variable is set
+if [ -n "$USE_SYSTEM_CA_CERTS" ] && [ "$(id -u)" = '0' ]; then
+
+    # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty.
+    # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the
+    # system location, for whatever reason.
+    if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then
+        cp -a /certificates/* /usr/local/share/ca-certificates/
+    fi
+
+    CACERT=$JAVA_HOME/lib/security/cacerts
+
+    # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we
+    # might as well just generate the truststore and skip the hooks.
+    update-ca-certificates
+
+    trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT"
+fi
+
+
 # only execute bonita specific customization when the executable is tomcat
 # it allows to not run this script when CMD is overridden
 if [[ "$1" == "/opt/bonita/server/bin/catalina.sh" ]]
diff --git a/bonita_latest/templates/setenv.sh b/bonita_latest/templates/setenv.sh
index 505e4ca..a660b3f 100755
--- a/bonita_latest/templates/setenv.sh
+++ b/bonita_latest/templates/setenv.sh
@@ -9,6 +9,18 @@ JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/sun.nio.ch=ALL-UNNAMED
 JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.management/sun.management=ALL-UNNAMED"
 JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=jdk.management/com.sun.management.internal=ALL-UNNAMED"
 
+# Add the JAVA 9 specific start-up parameters required by Xstream serialization
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.time=ALL-UNNAMED"
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.time.chrono=ALL-UNNAMED"
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.text=ALL-UNNAMED"
+
+# Add the JAVA 9 specific start-up parameters required by Webservice connector/Xstream serialization
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.xml/com.sun.org.apache.xerces.internal.dom=ALL-UNNAMED"
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.xml/com.sun.org.apache.xerces.internal.xni=ALL-UNNAMED"
+
+# Add the JAVA 9 specific start-up parameters required by Salesforce connector/Xstream serialization
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.xml/javax.xml.namespace=ALL-UNNAMED"
+
 # Set some JVM system properties required by Bonita
 
 LOGGING_MANAGER="-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager"
@@ -36,8 +48,8 @@ TRANSACTION_XATIMEOUT_OPTS="-Dbonita.runtime.transaction.xa-timeout={{TRANSACTIO
 
 # Optional JMX remote access Configuration. Used to enable remote JMX agent in tomcat to monitor Heap Memory, Threads, CPU Usage, Classes, and configure various MBeans.
 if [ "$JMX_REMOTE_ACCESS" = 'true' ]; then
-        host=$(echo $(hostname -i) | xargs)
-        JMX_REMOTE_ACCESS_OPTS="-Dcom.sun.management.jmxremote -Djava.rmi.server.hostname=${host} -Dcom.sun.management.jmxremote.port=9000 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=${CATALINA_HOME}/conf/jmxremote.password -Dcom.sun.management.jmxremote.access.file=${CATALINA_HOME}/conf/jmxremote.access"
+  host=$(echo $(hostname -i) | cut -f1 -d ' ' | xargs)
+  JMX_REMOTE_ACCESS_OPTS="-Djava.rmi.server.hostname=${host} -Dcom.sun.management.jmxremote.port=9000 -Dcom.sun.management.jmxremote.rmi.port=9000 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=${CATALINA_HOME}/conf/jmxremote.password -Dcom.sun.management.jmxremote.access.file=${CATALINA_HOME}/conf/jmxremote.access"
 fi
 
 # Pass the JVM system properties to Tomcat JVM using CATALINA_OPTS variable

Relevant Maintainers:

• bonita: @danila-m @educhastenier @passga @abirembaut @rbioteau

[yosifkit]

FROM eclipse-temurin:17.0.10_7-jre-alpine

Unless you want to update the image on every eclipse-temurin:17.* minor update, we recommend using a more generic like eclipse-temurin:17-jre-alpine so that we can automatically rebuild the bonita image (for example, if there is a 17.0.10_8 release).

[github-actions[bot]]

Diff for 2c1101e6c053ace6619424d3d3fe90ccf19e4b99:

diff --git a/_bashbrew-cat b/_bashbrew-cat
index 33ad743..6f32720 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -1,20 +1,27 @@
 Maintainers: Danila Mazour <[email protected]> (@danila-m), Emmanuel Duchastenier <[email protected]> (@educhastenier), Pascal Garcia <[email protected]> (@passga), Anthony Birembaut <[email protected]> (@abirembaut), Romain Bioteau <[email protected]> (@rbioteau)
-Architectures: amd64, arm64v8, ppc64le
 GitRepo: https://github.com/bonitasoft/bonita-distrib.git
 Directory: docker
 
 Tags: 2022.1-u0, 2022.1, 7.14.0, 7.14
+Architectures: amd64, arm64v8, ppc64le
 GitFetch: refs/heads/docker/2022.1
-GitCommit: 4cdeb1c385b981e7074ce19cc685c08028d7149d
+GitCommit: 64e2f9132807b45a7562aa831499a12f5ab7a1f9
 
 Tags: 2022.2-u0, 2022.2, 7.15.0, 7.15
+Architectures: amd64, arm64v8, ppc64le
 GitFetch: refs/heads/docker/2022.2
 GitCommit: 607a6a3885df35979e0946611af4f7c858f9c989
 
 Tags: 2023.1-u0, 2023.1, 8.0.0, 8.0
+Architectures: amd64, arm64v8, ppc64le
 GitFetch: refs/heads/docker/2023.1
 GitCommit: 814cc8cc0a6e8b02c827cb1dfeabb1bb4569a865
 
-Tags: 2023.2-u0, 2023.2, 9.0.0, 9.0, latest
+Tags: 2023.2-u0, 2023.2, 9.0.0, 9.0
+Architectures: amd64, arm64v8, ppc64le
 GitFetch: refs/heads/docker/2023.2
 GitCommit: a8f0abf47fa8f7b96cb010e7d80b032ae96720ca
+
+Tags: 2024.1-u0, 2024.1, 10.0.0, 10.0, latest
+GitFetch: refs/heads/docker/2024.1
+GitCommit: dcac85a2670e9adfa99c057c3468b9923dc31301
diff --git a/_bashbrew-list b/_bashbrew-list
index 3334def..9ad10d5 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -6,6 +6,8 @@ bonita:8.0
 bonita:8.0.0
 bonita:9.0
 bonita:9.0.0
+bonita:10.0
+bonita:10.0.0
 bonita:2022.1
 bonita:2022.1-u0
 bonita:2022.2
@@ -14,4 +16,6 @@ bonita:2023.1
 bonita:2023.1-u0
 bonita:2023.2
 bonita:2023.2-u0
+bonita:2024.1
+bonita:2024.1-u0
 bonita:latest
diff --git a/bonita_7.14/Dockerfile b/bonita_7.14/Dockerfile
index 4f0d308..a8126e7 100644
--- a/bonita_7.14/Dockerfile
+++ b/bonita_7.14/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.15
+FROM alpine:3.18
 
 LABEL maintainer="Bonitasoft Runtime team <[email protected]>"
 
diff --git a/bonita_latest/Dockerfile b/bonita_9.0/Dockerfile
similarity index 100%
copy from bonita_latest/Dockerfile
copy to bonita_9.0/Dockerfile
diff --git a/bonita_latest/files/config.sh b/bonita_9.0/files/config.sh
similarity index 100%
copy from bonita_latest/files/config.sh
copy to bonita_9.0/files/config.sh
diff --git a/bonita_latest/files/log4j2/log4j2-appenders.xml b/bonita_9.0/files/log4j2/log4j2-appenders.xml
similarity index 100%
copy from bonita_latest/files/log4j2/log4j2-appenders.xml
copy to bonita_9.0/files/log4j2/log4j2-appenders.xml
diff --git a/bonita_8.0/files/startup.sh b/bonita_9.0/files/startup.sh
similarity index 100%
copy from bonita_8.0/files/startup.sh
copy to bonita_9.0/files/startup.sh
diff --git a/bonita_7.14/templates/database.properties b/bonita_9.0/templates/database.properties
similarity index 100%
copy from bonita_7.14/templates/database.properties
copy to bonita_9.0/templates/database.properties
diff --git a/bonita_7.14/templates/jmxremote.access b/bonita_9.0/templates/jmxremote.access
similarity index 100%
copy from bonita_7.14/templates/jmxremote.access
copy to bonita_9.0/templates/jmxremote.access
diff --git a/bonita_7.14/templates/jmxremote.password b/bonita_9.0/templates/jmxremote.password
similarity index 100%
copy from bonita_7.14/templates/jmxremote.password
copy to bonita_9.0/templates/jmxremote.password
diff --git a/bonita_7.14/templates/server.xml b/bonita_9.0/templates/server.xml
similarity index 100%
copy from bonita_7.14/templates/server.xml
copy to bonita_9.0/templates/server.xml
diff --git a/bonita_latest/templates/setenv.sh b/bonita_9.0/templates/setenv.sh
similarity index 100%
copy from bonita_latest/templates/setenv.sh
copy to bonita_9.0/templates/setenv.sh
diff --git a/bonita_7.14/templates/tomcat-users.xml b/bonita_9.0/templates/tomcat-users.xml
similarity index 100%
copy from bonita_7.14/templates/tomcat-users.xml
copy to bonita_9.0/templates/tomcat-users.xml
diff --git a/bonita_latest/Dockerfile b/bonita_latest/Dockerfile
index 8d73c65..d98be34 100644
--- a/bonita_latest/Dockerfile
+++ b/bonita_latest/Dockerfile
@@ -1,11 +1,11 @@
-FROM alpine:3.18
+FROM eclipse-temurin:17-jre-alpine
 
 LABEL maintainer="Bonitasoft Runtime team <[email protected]>"
 
 # Execute instructions less likely to change first
 
 # Install packages
-RUN apk add --no-cache tzdata curl unzip bash su-exec jattach openjdk11-jre gnupg
+RUN apk add --no-cache tzdata curl unzip bash su-exec jattach
 
 RUN mkdir /opt/custom-init.d/
 
@@ -23,12 +23,12 @@ ARG BONITA_SHA256
 ARG BASE_URL
 ARG BONITA_URL
 
-ENV BONITA_VERSION ${BONITA_VERSION:-9.0.0}
-ENV BRANDING_VERSION ${BRANDING_VERSION:-2023.2-u0}
-ENV BONITA_SHA256  ${BONITA_SHA256:-c37be3ca64a07810609c97f75c47acb7fea2d29bafff181b447987514b53d140}
+ENV BONITA_VERSION ${BONITA_VERSION:-10.0.0}
+ENV BRANDING_VERSION ${BRANDING_VERSION:-2024.1-u0}
+ENV BONITA_SHA256 ${BONITA_SHA256:-c7b43fd0370609f2b650441bae72f8198aea86aac130ebe6e48a1ade2aa7fb7a}
 ENV ZIP_FILE BonitaCommunity-${BRANDING_VERSION}.zip
-ENV BASE_URL ${BASE_URL:-https://github.com/bonitasoft/bonita-platform-releases/releases/download}
-ENV BONITA_URL ${BONITA_URL:-${BASE_URL}/${BRANDING_VERSION}/BonitaCommunity-${BRANDING_VERSION}.zip}
+ENV BASE_URL ${BASE_URL:-https://search.maven.org/remotecontent?filepath=org/bonitasoft/distrib/bundle-tomcat}
+ENV BONITA_URL ${BONITA_URL:-${BASE_URL}/${BONITA_VERSION}/bundle-tomcat-${BONITA_VERSION}.zip}
 
 ## Must copy files first because the bundle is either taken from url or from local /opt/files if present
 RUN mkdir /opt/files
@@ -80,7 +80,7 @@ ENV ACCESSLOGS_MAX_DAYS 30
 ENV HTTP_MAX_THREADS 20
 
 COPY templates /opt/templates
-VOLUME ["/opt/bonita/conf/logs"]
+
 # exposed ports (Tomcat, JMX)
 EXPOSE 8080 9000
 
diff --git a/bonita_latest/files/startup.sh b/bonita_latest/files/startup.sh
index 3b45084..b0b7104 100755
--- a/bonita_latest/files/startup.sh
+++ b/bonita_latest/files/startup.sh
@@ -1,5 +1,29 @@
-#!/bin/bash
+#!/usr/bin/env bash
+# Shebang needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details
+
 set -eo pipefail
+
+# Duplication from eclipse-temurin parent image entrypoint script
+# Opt-in is only activated if the environment variable is set
+if [ -n "$USE_SYSTEM_CA_CERTS" ] && [ "$(id -u)" = '0' ]; then
+
+    # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty.
+    # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the
+    # system location, for whatever reason.
+    if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then
+        cp -a /certificates/* /usr/local/share/ca-certificates/
+    fi
+
+    CACERT=$JAVA_HOME/lib/security/cacerts
+
+    # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we
+    # might as well just generate the truststore and skip the hooks.
+    update-ca-certificates
+
+    trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT"
+fi
+
+
 # only execute bonita specific customization when the executable is tomcat
 # it allows to not run this script when CMD is overridden
 if [[ "$1" == "/opt/bonita/server/bin/catalina.sh" ]]
diff --git a/bonita_latest/templates/setenv.sh b/bonita_latest/templates/setenv.sh
index 505e4ca..a660b3f 100755
--- a/bonita_latest/templates/setenv.sh
+++ b/bonita_latest/templates/setenv.sh
@@ -9,6 +9,18 @@ JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/sun.nio.ch=ALL-UNNAMED
 JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.management/sun.management=ALL-UNNAMED"
 JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=jdk.management/com.sun.management.internal=ALL-UNNAMED"
 
+# Add the JAVA 9 specific start-up parameters required by Xstream serialization
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.time=ALL-UNNAMED"
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.time.chrono=ALL-UNNAMED"
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.text=ALL-UNNAMED"
+
+# Add the JAVA 9 specific start-up parameters required by Webservice connector/Xstream serialization
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.xml/com.sun.org.apache.xerces.internal.dom=ALL-UNNAMED"
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.xml/com.sun.org.apache.xerces.internal.xni=ALL-UNNAMED"
+
+# Add the JAVA 9 specific start-up parameters required by Salesforce connector/Xstream serialization
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.xml/javax.xml.namespace=ALL-UNNAMED"
+
 # Set some JVM system properties required by Bonita
 
 LOGGING_MANAGER="-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager"
@@ -36,8 +48,8 @@ TRANSACTION_XATIMEOUT_OPTS="-Dbonita.runtime.transaction.xa-timeout={{TRANSACTIO
 
 # Optional JMX remote access Configuration. Used to enable remote JMX agent in tomcat to monitor Heap Memory, Threads, CPU Usage, Classes, and configure various MBeans.
 if [ "$JMX_REMOTE_ACCESS" = 'true' ]; then
-        host=$(echo $(hostname -i) | xargs)
-        JMX_REMOTE_ACCESS_OPTS="-Dcom.sun.management.jmxremote -Djava.rmi.server.hostname=${host} -Dcom.sun.management.jmxremote.port=9000 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=${CATALINA_HOME}/conf/jmxremote.password -Dcom.sun.management.jmxremote.access.file=${CATALINA_HOME}/conf/jmxremote.access"
+  host=$(echo $(hostname -i) | cut -f1 -d ' ' | xargs)
+  JMX_REMOTE_ACCESS_OPTS="-Djava.rmi.server.hostname=${host} -Dcom.sun.management.jmxremote.port=9000 -Dcom.sun.management.jmxremote.rmi.port=9000 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=${CATALINA_HOME}/conf/jmxremote.password -Dcom.sun.management.jmxremote.access.file=${CATALINA_HOME}/conf/jmxremote.access"
 fi
 
 # Pass the JVM system properties to Tomcat JVM using CATALINA_OPTS variable

Relevant Maintainers:

• bonita: @danila-m @educhastenier @passga @abirembaut @rbioteau

[rbioteau]

FROM eclipse-temurin:17.0.10_7-jre-alpine

Unless you want to update the image on every eclipse-temurin:17.* minor update, we recommend using a more generic like eclipse-temurin:17-jre-alpine so that we can automatically rebuild the bonita image (for example, if there is a 17.0.10_8 release).

Thanks for the suggestion, we were on the reproducible side of things but is sounds reasonable enough for us after all.

[github-actions[bot]]

Diff for 98c417b329777fa740c4fcad504d46cf91556cc7:

diff --git a/_bashbrew-cat b/_bashbrew-cat
index 33ad743..6f32720 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -1,20 +1,27 @@
 Maintainers: Danila Mazour <[email protected]> (@danila-m), Emmanuel Duchastenier <[email protected]> (@educhastenier), Pascal Garcia <[email protected]> (@passga), Anthony Birembaut <[email protected]> (@abirembaut), Romain Bioteau <[email protected]> (@rbioteau)
-Architectures: amd64, arm64v8, ppc64le
 GitRepo: https://github.com/bonitasoft/bonita-distrib.git
 Directory: docker
 
 Tags: 2022.1-u0, 2022.1, 7.14.0, 7.14
+Architectures: amd64, arm64v8, ppc64le
 GitFetch: refs/heads/docker/2022.1
-GitCommit: 4cdeb1c385b981e7074ce19cc685c08028d7149d
+GitCommit: 64e2f9132807b45a7562aa831499a12f5ab7a1f9
 
 Tags: 2022.2-u0, 2022.2, 7.15.0, 7.15
+Architectures: amd64, arm64v8, ppc64le
 GitFetch: refs/heads/docker/2022.2
 GitCommit: 607a6a3885df35979e0946611af4f7c858f9c989
 
 Tags: 2023.1-u0, 2023.1, 8.0.0, 8.0
+Architectures: amd64, arm64v8, ppc64le
 GitFetch: refs/heads/docker/2023.1
 GitCommit: 814cc8cc0a6e8b02c827cb1dfeabb1bb4569a865
 
-Tags: 2023.2-u0, 2023.2, 9.0.0, 9.0, latest
+Tags: 2023.2-u0, 2023.2, 9.0.0, 9.0
+Architectures: amd64, arm64v8, ppc64le
 GitFetch: refs/heads/docker/2023.2
 GitCommit: a8f0abf47fa8f7b96cb010e7d80b032ae96720ca
+
+Tags: 2024.1-u0, 2024.1, 10.0.0, 10.0, latest
+GitFetch: refs/heads/docker/2024.1
+GitCommit: dcac85a2670e9adfa99c057c3468b9923dc31301
diff --git a/_bashbrew-list b/_bashbrew-list
index 3334def..9ad10d5 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -6,6 +6,8 @@ bonita:8.0
 bonita:8.0.0
 bonita:9.0
 bonita:9.0.0
+bonita:10.0
+bonita:10.0.0
 bonita:2022.1
 bonita:2022.1-u0
 bonita:2022.2
@@ -14,4 +16,6 @@ bonita:2023.1
 bonita:2023.1-u0
 bonita:2023.2
 bonita:2023.2-u0
+bonita:2024.1
+bonita:2024.1-u0
 bonita:latest
diff --git a/bonita_7.14/Dockerfile b/bonita_7.14/Dockerfile
index 4f0d308..a8126e7 100644
--- a/bonita_7.14/Dockerfile
+++ b/bonita_7.14/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.15
+FROM alpine:3.18
 
 LABEL maintainer="Bonitasoft Runtime team <[email protected]>"
 
diff --git a/bonita_latest/Dockerfile b/bonita_9.0/Dockerfile
similarity index 100%
copy from bonita_latest/Dockerfile
copy to bonita_9.0/Dockerfile
diff --git a/bonita_latest/files/config.sh b/bonita_9.0/files/config.sh
similarity index 100%
copy from bonita_latest/files/config.sh
copy to bonita_9.0/files/config.sh
diff --git a/bonita_latest/files/log4j2/log4j2-appenders.xml b/bonita_9.0/files/log4j2/log4j2-appenders.xml
similarity index 100%
copy from bonita_latest/files/log4j2/log4j2-appenders.xml
copy to bonita_9.0/files/log4j2/log4j2-appenders.xml
diff --git a/bonita_8.0/files/startup.sh b/bonita_9.0/files/startup.sh
similarity index 100%
copy from bonita_8.0/files/startup.sh
copy to bonita_9.0/files/startup.sh
diff --git a/bonita_7.14/templates/database.properties b/bonita_9.0/templates/database.properties
similarity index 100%
copy from bonita_7.14/templates/database.properties
copy to bonita_9.0/templates/database.properties
diff --git a/bonita_7.14/templates/jmxremote.access b/bonita_9.0/templates/jmxremote.access
similarity index 100%
copy from bonita_7.14/templates/jmxremote.access
copy to bonita_9.0/templates/jmxremote.access
diff --git a/bonita_7.14/templates/jmxremote.password b/bonita_9.0/templates/jmxremote.password
similarity index 100%
copy from bonita_7.14/templates/jmxremote.password
copy to bonita_9.0/templates/jmxremote.password
diff --git a/bonita_7.14/templates/server.xml b/bonita_9.0/templates/server.xml
similarity index 100%
copy from bonita_7.14/templates/server.xml
copy to bonita_9.0/templates/server.xml
diff --git a/bonita_latest/templates/setenv.sh b/bonita_9.0/templates/setenv.sh
similarity index 100%
copy from bonita_latest/templates/setenv.sh
copy to bonita_9.0/templates/setenv.sh
diff --git a/bonita_7.14/templates/tomcat-users.xml b/bonita_9.0/templates/tomcat-users.xml
similarity index 100%
copy from bonita_7.14/templates/tomcat-users.xml
copy to bonita_9.0/templates/tomcat-users.xml
diff --git a/bonita_latest/Dockerfile b/bonita_latest/Dockerfile
index 8d73c65..d98be34 100644
--- a/bonita_latest/Dockerfile
+++ b/bonita_latest/Dockerfile
@@ -1,11 +1,11 @@
-FROM alpine:3.18
+FROM eclipse-temurin:17-jre-alpine
 
 LABEL maintainer="Bonitasoft Runtime team <[email protected]>"
 
 # Execute instructions less likely to change first
 
 # Install packages
-RUN apk add --no-cache tzdata curl unzip bash su-exec jattach openjdk11-jre gnupg
+RUN apk add --no-cache tzdata curl unzip bash su-exec jattach
 
 RUN mkdir /opt/custom-init.d/
 
@@ -23,12 +23,12 @@ ARG BONITA_SHA256
 ARG BASE_URL
 ARG BONITA_URL
 
-ENV BONITA_VERSION ${BONITA_VERSION:-9.0.0}
-ENV BRANDING_VERSION ${BRANDING_VERSION:-2023.2-u0}
-ENV BONITA_SHA256  ${BONITA_SHA256:-c37be3ca64a07810609c97f75c47acb7fea2d29bafff181b447987514b53d140}
+ENV BONITA_VERSION ${BONITA_VERSION:-10.0.0}
+ENV BRANDING_VERSION ${BRANDING_VERSION:-2024.1-u0}
+ENV BONITA_SHA256 ${BONITA_SHA256:-c7b43fd0370609f2b650441bae72f8198aea86aac130ebe6e48a1ade2aa7fb7a}
 ENV ZIP_FILE BonitaCommunity-${BRANDING_VERSION}.zip
-ENV BASE_URL ${BASE_URL:-https://github.com/bonitasoft/bonita-platform-releases/releases/download}
-ENV BONITA_URL ${BONITA_URL:-${BASE_URL}/${BRANDING_VERSION}/BonitaCommunity-${BRANDING_VERSION}.zip}
+ENV BASE_URL ${BASE_URL:-https://search.maven.org/remotecontent?filepath=org/bonitasoft/distrib/bundle-tomcat}
+ENV BONITA_URL ${BONITA_URL:-${BASE_URL}/${BONITA_VERSION}/bundle-tomcat-${BONITA_VERSION}.zip}
 
 ## Must copy files first because the bundle is either taken from url or from local /opt/files if present
 RUN mkdir /opt/files
@@ -80,7 +80,7 @@ ENV ACCESSLOGS_MAX_DAYS 30
 ENV HTTP_MAX_THREADS 20
 
 COPY templates /opt/templates
-VOLUME ["/opt/bonita/conf/logs"]
+
 # exposed ports (Tomcat, JMX)
 EXPOSE 8080 9000
 
diff --git a/bonita_latest/files/startup.sh b/bonita_latest/files/startup.sh
index 3b45084..b0b7104 100755
--- a/bonita_latest/files/startup.sh
+++ b/bonita_latest/files/startup.sh
@@ -1,5 +1,29 @@
-#!/bin/bash
+#!/usr/bin/env bash
+# Shebang needs to be `bash`, see https://github.com/adoptium/containers/issues/415 for details
+
 set -eo pipefail
+
+# Duplication from eclipse-temurin parent image entrypoint script
+# Opt-in is only activated if the environment variable is set
+if [ -n "$USE_SYSTEM_CA_CERTS" ] && [ "$(id -u)" = '0' ]; then
+
+    # Copy certificates from /certificates to the system truststore, but only if the directory exists and is not empty.
+    # The reason why this is not part of the opt-in is because it leaves open the option to mount certificates at the
+    # system location, for whatever reason.
+    if [ -d /certificates ] && [ "$(ls -A /certificates)" ]; then
+        cp -a /certificates/* /usr/local/share/ca-certificates/
+    fi
+
+    CACERT=$JAVA_HOME/lib/security/cacerts
+
+    # OpenJDK images used to create a hook for `update-ca-certificates`. Since we are using an entrypoint anyway, we
+    # might as well just generate the truststore and skip the hooks.
+    update-ca-certificates
+
+    trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$CACERT"
+fi
+
+
 # only execute bonita specific customization when the executable is tomcat
 # it allows to not run this script when CMD is overridden
 if [[ "$1" == "/opt/bonita/server/bin/catalina.sh" ]]
diff --git a/bonita_latest/templates/setenv.sh b/bonita_latest/templates/setenv.sh
index 505e4ca..a660b3f 100755
--- a/bonita_latest/templates/setenv.sh
+++ b/bonita_latest/templates/setenv.sh
@@ -9,6 +9,18 @@ JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/sun.nio.ch=ALL-UNNAMED
 JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.management/sun.management=ALL-UNNAMED"
 JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=jdk.management/com.sun.management.internal=ALL-UNNAMED"
 
+# Add the JAVA 9 specific start-up parameters required by Xstream serialization
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.time=ALL-UNNAMED"
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.time.chrono=ALL-UNNAMED"
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.text=ALL-UNNAMED"
+
+# Add the JAVA 9 specific start-up parameters required by Webservice connector/Xstream serialization
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.xml/com.sun.org.apache.xerces.internal.dom=ALL-UNNAMED"
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.xml/com.sun.org.apache.xerces.internal.xni=ALL-UNNAMED"
+
+# Add the JAVA 9 specific start-up parameters required by Salesforce connector/Xstream serialization
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.xml/javax.xml.namespace=ALL-UNNAMED"
+
 # Set some JVM system properties required by Bonita
 
 LOGGING_MANAGER="-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager"
@@ -36,8 +48,8 @@ TRANSACTION_XATIMEOUT_OPTS="-Dbonita.runtime.transaction.xa-timeout={{TRANSACTIO
 
 # Optional JMX remote access Configuration. Used to enable remote JMX agent in tomcat to monitor Heap Memory, Threads, CPU Usage, Classes, and configure various MBeans.
 if [ "$JMX_REMOTE_ACCESS" = 'true' ]; then
-        host=$(echo $(hostname -i) | xargs)
-        JMX_REMOTE_ACCESS_OPTS="-Dcom.sun.management.jmxremote -Djava.rmi.server.hostname=${host} -Dcom.sun.management.jmxremote.port=9000 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=${CATALINA_HOME}/conf/jmxremote.password -Dcom.sun.management.jmxremote.access.file=${CATALINA_HOME}/conf/jmxremote.access"
+  host=$(echo $(hostname -i) | cut -f1 -d ' ' | xargs)
+  JMX_REMOTE_ACCESS_OPTS="-Djava.rmi.server.hostname=${host} -Dcom.sun.management.jmxremote.port=9000 -Dcom.sun.management.jmxremote.rmi.port=9000 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=${CATALINA_HOME}/conf/jmxremote.password -Dcom.sun.management.jmxremote.access.file=${CATALINA_HOME}/conf/jmxremote.access"
 fi
 
 # Pass the JVM system properties to Tomcat JVM using CATALINA_OPTS variable

Relevant Maintainers:

• bonita: @danila-m @educhastenier @passga @abirembaut @rbioteau

[LaurentGoderre]

@rbioteau you can still pin to a specific sha to stay with a specific combination

[LaurentGoderre]

The image gets a SHA but it doesn't check the integrity of the package against it. It seems like it didn't check in previous versions either.

[tianon]

Instead of copying the contents of Temurin's entrypoint, you should invoke /__cacert_entrypoint.sh at the appropriate point; something like this would work:

ENTRYPOINT ["/__cacert_entrypoint.sh", "/opt/files/startup.sh"]

Alternatively, you could make sure all your uses of exec ... become exec /__cacert_entrypoint.sh ... but I think this change is the cleanest.

[tianon]

+  host=$(echo $(hostname -i) | cut -f1 -d ' ' | xargs)

Also, this is kind of weird -- echo $(hostname -i) instead of just hostname -i seems to be trying to make it space-separated, and the prior pipe to xargs would then do the same, but now with the cut this just keeps getting more and more confusing.

Do you have an example use case for what this code is trying to solve?

(We used to use hostname -i in Cassandra, but ended up swapping to parsing ip address because of limitations in that approach: https://github.com/docker-library/cassandra/pull/146, https://github.com/docker-library/cassandra/blob/3b22e7fc1b586c619beffaa0081238a445a526db/docker-entrypoint.sh#L17-L31)

[rbioteau]

@LaurentGoderre

The image gets a SHA but it doesn't check the integrity of the package against it. It seems like it didn't check in previous versions either.

Are you talking about the Bonita archive ? The checksum check is performed here

[LaurentGoderre]

@rbioteau my bad, I haven't seen this way of validating before