From a96359f5a6870464d0f76350521d9fe407e86dce Mon Sep 17 00:00:00 2001 From: KrishVora01 Date: Tue, 17 Feb 2026 10:47:44 +0530 Subject: [PATCH 01/16] Migrate replicator images to UBI9 micro multi-stage build Rewrite replicator/Dockerfile.ubi9 as a 3-stage multi-stage build following the proven pattern from cp-server and cp-server-connect-base: - Stage 1 (tools): Pull package_dedupe from cp-server-connect-base - Stage 2 (builder): Install confluent-kafka-connect-replicator into /microdir using dnf --installroot for clean isolation - Stage 3 (final): Selectively copy only replicator-specific binaries (replicator, replicator-verifier) to avoid overwriting base image system files that cause RedHat certification failures Also update replicator/pom.xml to pass UBI9_VERSION build arg to both Maven Docker plugins, and update replicator-executable/Dockerfile.ubi9 to use ${APP_UID}:${APP_GID} instead of hardcoded appuser for consistency with the micro pattern. Co-Authored-By: Claude Opus 4.6 --- replicator-executable/Dockerfile.ubi9 | 7 +-- replicator/Dockerfile.ubi9 | 76 +++++++++++++++++++++------ replicator/pom.xml | 24 +++++++++ 3 files changed, 87 insertions(+), 20 deletions(-) diff --git a/replicator-executable/Dockerfile.ubi9 b/replicator-executable/Dockerfile.ubi9 index 324060f5d..55dd5187c 100644 --- a/replicator-executable/Dockerfile.ubi9 +++ b/replicator-executable/Dockerfile.ubi9 @@ -39,12 +39,13 @@ ENV COMPONENT=replicator VOLUME ["/etc/${COMPONENT}/secrets"] -COPY --chown=appuser:appuser include/etc/confluent/docker /etc/confluent/docker +COPY include/etc/confluent/docker /etc/confluent/docker USER root -RUN chown appuser:appuser -R /etc/replicator /etc/kafka-connect-replicator +RUN chown -R ${APP_UID}:${APP_GID} /etc/confluent/docker \ + && chown -R ${APP_UID}:${APP_GID} /etc/replicator /etc/kafka-connect-replicator -USER appuser +USER ${APP_UID} CMD ["/etc/confluent/docker/run"] diff --git a/replicator/Dockerfile.ubi9 b/replicator/Dockerfile.ubi9 index e465b4bb2..96aa38725 100644 --- a/replicator/Dockerfile.ubi9 +++ b/replicator/Dockerfile.ubi9 @@ -15,7 +15,49 @@ ARG DOCKER_UPSTREAM_REGISTRY ARG DOCKER_UPSTREAM_TAG=ubi9-latest +ARG UBI9_VERSION +# Stage 1: Get package_dedupe tool from cp-server-connect-base +FROM ${DOCKER_UPSTREAM_REGISTRY}confluentinc/cp-server-connect-base:${DOCKER_UPSTREAM_TAG} AS tools + +# Stage 2: Install packages using ubi9 with dnf to /microdir +FROM registry.access.redhat.com/ubi9:${UBI9_VERSION} AS builder + +ARG BUILD_NUMBER=-1 +ARG PROJECT_VERSION +ARG ARTIFACT_ID +ARG GIT_COMMIT +ARG CONFLUENT_VERSION +ARG CONFLUENT_PACKAGES_REPO +ARG CONFLUENT_PLATFORM_LABEL + +RUN echo "===> Adding confluent repository...${CONFLUENT_PACKAGES_REPO}" \ + && rpm --import ${CONFLUENT_PACKAGES_REPO}/archive.key \ + && printf "[Confluent] \n\ +name=Confluent repository \n\ +baseurl=${CONFLUENT_PACKAGES_REPO}/ \n\ +gpgcheck=1 \n\ +gpgkey=${CONFLUENT_PACKAGES_REPO}/archive.key \n\ +enabled=1 " > /etc/yum.repos.d/confluent.repo \ + && mkdir -p /microdir + +COPY --from=tools /usr/bin/package_dedupe /usr/local/bin/package_dedupe + +RUN echo "===> Installing packages to /microdir with dnf" \ + && dnf install -y --installroot=/microdir --releasever=9 --setopt=install_weak_deps=False --nodocs \ + confluent-kafka-connect-replicator-${CONFLUENT_VERSION} \ + && echo "===> Deduping jars in /microdir ..." \ + && package_dedupe /microdir/usr/share/java \ + && echo "===> Cleaning up ..." \ + && dnf --installroot=/microdir clean all \ + && rm -rf /microdir/var/cache/* /microdir/var/log/dnf* /microdir/var/log/yum.* \ + && rm -rf /etc/yum.repos.d/confluent.repo \ + && echo "===> Removing user database files to preserve base image's appuser ..." \ + && rm -f /microdir/etc/passwd /microdir/etc/group /microdir/etc/shadow /microdir/etc/gshadow \ + /microdir/etc/subuid /microdir/etc/subgid \ + && rm -rf /microdir/dev/* /microdir/proc/* /microdir/sys/* + +# Stage 3: Final image inheriting from cp-server-connect-base FROM ${DOCKER_UPSTREAM_REGISTRY}confluentinc/cp-server-connect-base:${DOCKER_UPSTREAM_TAG} ARG PROJECT_VERSION @@ -30,7 +72,7 @@ LABEL release=$PROJECT_VERSION LABEL name=$ARTIFACT_ID LABEL summary="Confluent Replicator allows you to easily and reliably replicate topics from one Apache Kafka® cluster to another." LABEL io.confluent.docker=true -LABEL io.confluent.docker.git.id=$COMMIT_ID +LABEL io.confluent.docker.git.id=$GIT_COMMIT ARG BUILD_NUMBER=-1 LABEL io.confluent.docker.build.number=$BUILD_NUMBER LABEL io.confluent.docker.git.repo="confluentinc/kafka-replicator-images" @@ -39,23 +81,23 @@ ARG CONFLUENT_VERSION USER root -RUN echo "===> Installing Replicator ..." \ - && echo "===> Adding confluent repository...${CONFLUENT_PACKAGES_REPO}" \ - && rpm --import ${CONFLUENT_PACKAGES_REPO}/archive.key \ - && printf "[Confluent] \n\ -name=Confluent repository \n\ -baseurl=${CONFLUENT_PACKAGES_REPO}/ \n\ -gpgcheck=1 \n\ -gpgkey=${CONFLUENT_PACKAGES_REPO}/archive.key \n\ -enabled=1 " > /etc/yum.repos.d/confluent.repo \ - && microdnf install -y \ - confluent-kafka-connect-replicator-${CONFLUENT_VERSION} \ - && echo "===> Cleaning up ..." \ - && microdnf clean all \ - && rm -rf /tmp/* /etc/yum.repos.d/confluent.repo +# Copy only replicator-specific binaries from /usr/bin to avoid overwriting base image files +# Blindly copying /usr/bin leads to RedHat certification failures +COPY --from=builder /microdir/usr/bin/replicator /usr/bin/ +COPY --from=builder /microdir/usr/bin/replicator-verifier /usr/bin/ + +# Copy JARs +COPY --from=builder /microdir/usr/share/java/ /usr/share/java/ + +# Copy docs +COPY --from=builder /microdir/usr/share/doc/ /usr/share/doc/ + +# Copy configs +COPY --from=builder /microdir/etc/kafka-connect-replicator /etc/kafka-connect-replicator -COPY --chown=appuser:appuser include/etc/confluent/docker /etc/confluent/docker +COPY include/etc/confluent/docker/ /etc/confluent/docker/ +RUN chown -R ${APP_UID}:${APP_GID} /etc/confluent/docker -USER appuser +USER ${APP_UID} CMD ["/etc/confluent/docker/run"] diff --git a/replicator/pom.xml b/replicator/pom.xml index 9f6b0b188..e149d436a 100644 --- a/replicator/pom.xml +++ b/replicator/pom.xml @@ -55,6 +55,30 @@ + + com.spotify + dockerfile-maven-plugin + + + ${ubi9.image.version} + + + + + io.fabric8 + docker-maven-plugin + + + + + + ${ubi9.image.version} + + + + + + From cb95215d76c7ec1ecc7991b60d5cafac775605a6 Mon Sep 17 00:00:00 2001 From: KrishVora01 Date: Tue, 17 Feb 2026 11:00:49 +0530 Subject: [PATCH 02/16] Add trailing slashes to COPY paths in replicator-executable Dockerfile Co-Authored-By: Claude Opus 4.6 --- replicator-executable/Dockerfile.ubi9 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/replicator-executable/Dockerfile.ubi9 b/replicator-executable/Dockerfile.ubi9 index 55dd5187c..7bd4d6761 100644 --- a/replicator-executable/Dockerfile.ubi9 +++ b/replicator-executable/Dockerfile.ubi9 @@ -39,7 +39,7 @@ ENV COMPONENT=replicator VOLUME ["/etc/${COMPONENT}/secrets"] -COPY include/etc/confluent/docker /etc/confluent/docker +COPY include/etc/confluent/docker/ /etc/confluent/docker/ USER root From a11f7df2e8753815bb9bfef66785535933f01ee4 Mon Sep 17 00:00:00 2001 From: KrishVora01 Date: Tue, 17 Feb 2026 11:02:06 +0530 Subject: [PATCH 03/16] temp: use micro base image tag for CI validation Co-Authored-By: Claude Opus 4.6 --- replicator/Dockerfile.ubi9 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/replicator/Dockerfile.ubi9 b/replicator/Dockerfile.ubi9 index 96aa38725..6a3a65d2e 100644 --- a/replicator/Dockerfile.ubi9 +++ b/replicator/Dockerfile.ubi9 @@ -14,7 +14,7 @@ # limitations under the License. ARG DOCKER_UPSTREAM_REGISTRY -ARG DOCKER_UPSTREAM_TAG=ubi9-latest +ARG DOCKER_UPSTREAM_TAG=dev-master-f2472ac2-ubi9.amd64 ARG UBI9_VERSION # Stage 1: Get package_dedupe tool from cp-server-connect-base From 859999dfb2187abbf25297ab5ea333b1032e0168 Mon Sep 17 00:00:00 2001 From: KrishVora01 Date: Tue, 17 Feb 2026 11:03:27 +0530 Subject: [PATCH 04/16] revert: restore default DOCKER_UPSTREAM_TAG to ubi9-latest Co-Authored-By: Claude Opus 4.6 --- replicator/Dockerfile.ubi9 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/replicator/Dockerfile.ubi9 b/replicator/Dockerfile.ubi9 index 6a3a65d2e..96aa38725 100644 --- a/replicator/Dockerfile.ubi9 +++ b/replicator/Dockerfile.ubi9 @@ -14,7 +14,7 @@ # limitations under the License. ARG DOCKER_UPSTREAM_REGISTRY -ARG DOCKER_UPSTREAM_TAG=dev-master-f2472ac2-ubi9.amd64 +ARG DOCKER_UPSTREAM_TAG=ubi9-latest ARG UBI9_VERSION # Stage 1: Get package_dedupe tool from cp-server-connect-base From 6d318821ad6f2c83671d4163229f361e4b407947 Mon Sep 17 00:00:00 2001 From: KrishVora01 Date: Tue, 17 Feb 2026 11:35:41 +0530 Subject: [PATCH 05/16] temp: override CI to use dev registry micro base images Point DOCKER_UPSTREAM_REGISTRY to dev registry and use dev-master-f2472ac2 tag to pull micro cp-server-connect-base from kafka-images PR #454. This is temporary until the micro base images are promoted to prod. Co-Authored-By: Claude Opus 4.6 --- .semaphore/semaphore.yml | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index 767f6915a..5e2219353 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -68,9 +68,10 @@ global_job_config: fi - export DOCKER_DEV_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/dev/" - export DOCKER_PROD_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/" - - export DOCKER_UPSTREAM_REGISTRY=$DOCKER_PROD_REGISTRY + # TEMP: Use dev registry micro base images from kafka-images PR #454 + - export DOCKER_UPSTREAM_REGISTRY=$DOCKER_DEV_REGISTRY - export LATEST_TAG=$BRANCH_TAG-latest - - export DOCKER_UPSTREAM_TAG="$LATEST_TAG" + - export DOCKER_UPSTREAM_TAG="dev-master-f2472ac2" - export DOCKER_REPOS="confluentinc/cp-enterprise-replicator confluentinc/cp-enterprise-replicator-executable" - export COMMUNITY_DOCKER_REPOS="" - | @@ -121,9 +122,10 @@ blocks: - ci-tools ci-update-version - export OS_PACKAGES_URL=$(echo "$PACKAGES_URL" | sed "s/PACKAGE_TYPE/rpm/g") - export PACKAGING_BUILD_ARGS="$PACKAGING_BUILD_ARGS -DCONFLUENT_PACKAGES_REPO=$OS_PACKAGES_URL" - - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY - -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$AMD_ARCH - -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG -Darch.type=$AMD_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS + # TEMP: Using $AMD_ARCH in upstream-tag to match dev registry arch-specific tags + - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY + -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$AMD_ARCH + -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG$AMD_ARCH -Darch.type=$AMD_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS - . cache-maven store - >- for dev_image in $AMD_DOCKER_DEV_FULL_IMAGES; @@ -154,9 +156,10 @@ blocks: - export OS_PACKAGES_URL=$(echo "$PACKAGES_URL" | sed "s/PACKAGE_TYPE/rpm/g") - export PACKAGING_BUILD_ARGS="$PACKAGING_BUILD_ARGS -DCONFLUENT_PACKAGES_REPO=$OS_PACKAGES_URL" - ci-tools ci-update-version - - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY - -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$ARM_ARCH - -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG -Darch.type=$ARM_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS + # TEMP: Using $ARM_ARCH in upstream-tag to match dev registry arch-specific tags + - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY + -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$ARM_ARCH + -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG$ARM_ARCH -Darch.type=$ARM_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS - . cache-maven store - for image in $ARM_DOCKER_DEV_FULL_IMAGES; do echo "Pushing $image" && docker push $image; done epilogue: From 0f95ba3e2e02cce31370d68322598885d2d5aa72 Mon Sep 17 00:00:00 2001 From: KrishVora01 Date: Tue, 17 Feb 2026 11:38:00 +0530 Subject: [PATCH 06/16] Revert "temp: override CI to use dev registry micro base images" This reverts commit 6d318821ad6f2c83671d4163229f361e4b407947. --- .semaphore/semaphore.yml | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index 5e2219353..767f6915a 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -68,10 +68,9 @@ global_job_config: fi - export DOCKER_DEV_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/dev/" - export DOCKER_PROD_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/" - # TEMP: Use dev registry micro base images from kafka-images PR #454 - - export DOCKER_UPSTREAM_REGISTRY=$DOCKER_DEV_REGISTRY + - export DOCKER_UPSTREAM_REGISTRY=$DOCKER_PROD_REGISTRY - export LATEST_TAG=$BRANCH_TAG-latest - - export DOCKER_UPSTREAM_TAG="dev-master-f2472ac2" + - export DOCKER_UPSTREAM_TAG="$LATEST_TAG" - export DOCKER_REPOS="confluentinc/cp-enterprise-replicator confluentinc/cp-enterprise-replicator-executable" - export COMMUNITY_DOCKER_REPOS="" - | @@ -122,10 +121,9 @@ blocks: - ci-tools ci-update-version - export OS_PACKAGES_URL=$(echo "$PACKAGES_URL" | sed "s/PACKAGE_TYPE/rpm/g") - export PACKAGING_BUILD_ARGS="$PACKAGING_BUILD_ARGS -DCONFLUENT_PACKAGES_REPO=$OS_PACKAGES_URL" - # TEMP: Using $AMD_ARCH in upstream-tag to match dev registry arch-specific tags - - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY - -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$AMD_ARCH - -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG$AMD_ARCH -Darch.type=$AMD_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS + - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY + -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$AMD_ARCH + -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG -Darch.type=$AMD_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS - . cache-maven store - >- for dev_image in $AMD_DOCKER_DEV_FULL_IMAGES; @@ -156,10 +154,9 @@ blocks: - export OS_PACKAGES_URL=$(echo "$PACKAGES_URL" | sed "s/PACKAGE_TYPE/rpm/g") - export PACKAGING_BUILD_ARGS="$PACKAGING_BUILD_ARGS -DCONFLUENT_PACKAGES_REPO=$OS_PACKAGES_URL" - ci-tools ci-update-version - # TEMP: Using $ARM_ARCH in upstream-tag to match dev registry arch-specific tags - - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY - -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$ARM_ARCH - -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG$ARM_ARCH -Darch.type=$ARM_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS + - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY + -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$ARM_ARCH + -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG -Darch.type=$ARM_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS - . cache-maven store - for image in $ARM_DOCKER_DEV_FULL_IMAGES; do echo "Pushing $image" && docker push $image; done epilogue: From 9a5b7bec0b17bf900f59735f57fd2825a9fc3484 Mon Sep 17 00:00:00 2001 From: KrishVora01 Date: Sun, 22 Feb 2026 14:43:52 +0530 Subject: [PATCH 07/16] Consolidate COPY --from=builder into single RUN --mount layer for cp-enterprise-replicator RedHat certification check "LayerCountAcceptable" requires < 40 layers. Use RUN --mount=type=bind,from=builder to replace 5 COPY --from=builder and 1 RUN with a single layer, reducing final image from 44 to 38 layers. Co-Authored-By: Claude Opus 4.6 --- replicator/Dockerfile.ubi9 | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/replicator/Dockerfile.ubi9 b/replicator/Dockerfile.ubi9 index 96aa38725..7a6f71e96 100644 --- a/replicator/Dockerfile.ubi9 +++ b/replicator/Dockerfile.ubi9 @@ -81,22 +81,16 @@ ARG CONFLUENT_VERSION USER root -# Copy only replicator-specific binaries from /usr/bin to avoid overwriting base image files -# Blindly copying /usr/bin leads to RedHat certification failures -COPY --from=builder /microdir/usr/bin/replicator /usr/bin/ -COPY --from=builder /microdir/usr/bin/replicator-verifier /usr/bin/ - -# Copy JARs -COPY --from=builder /microdir/usr/share/java/ /usr/share/java/ - -# Copy docs -COPY --from=builder /microdir/usr/share/doc/ /usr/share/doc/ - -# Copy configs -COPY --from=builder /microdir/etc/kafka-connect-replicator /etc/kafka-connect-replicator - -COPY include/etc/confluent/docker/ /etc/confluent/docker/ -RUN chown -R ${APP_UID}:${APP_GID} /etc/confluent/docker +# Consolidate COPY --from=builder into a single layer to reduce image layer count. +# RedHat certification check "LayerCountAcceptable" requires < 40 layers. +RUN --mount=type=bind,from=builder,source=/microdir,target=/mnt/builder \ + cp -a /mnt/builder/usr/bin/replicator /usr/bin/ && \ + cp -a /mnt/builder/usr/bin/replicator-verifier /usr/bin/ && \ + cp -a /mnt/builder/usr/share/java /usr/share/ && \ + cp -a /mnt/builder/usr/share/doc /usr/share/ && \ + cp -a /mnt/builder/etc/kafka-connect-replicator /etc/ + +COPY --chown=${APP_UID}:${APP_GID} include/etc/confluent/docker/ /etc/confluent/docker/ USER ${APP_UID} From ab42cee9246c72bf5cfd8a37dc4a137d7c763986 Mon Sep 17 00:00:00 2001 From: KrishVora01 Date: Sun, 22 Feb 2026 16:29:41 +0530 Subject: [PATCH 08/16] Replace RUN --mount with multi-source COPY for dockerfile-maven-plugin compatibility MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Spotify dockerfile-maven-plugin used in CI does not support BuildKit syntax (RUN --mount). Replace with standard multi-source COPY instructions that consolidate /usr/bin/ files into a single layer to keep image layer counts under the Red Hat certification limit of 40 (LayerCountAcceptable). - replicator/Dockerfile.ubi9: 2 /usr/bin/ COPYs → 1 multi-source COPY (save 1 layer) Co-Authored-By: Claude Opus 4.6 --- replicator/Dockerfile.ubi9 | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/replicator/Dockerfile.ubi9 b/replicator/Dockerfile.ubi9 index 7a6f71e96..e4752167f 100644 --- a/replicator/Dockerfile.ubi9 +++ b/replicator/Dockerfile.ubi9 @@ -81,14 +81,12 @@ ARG CONFLUENT_VERSION USER root -# Consolidate COPY --from=builder into a single layer to reduce image layer count. +# Consolidate /usr/bin/ COPYs into a single layer to reduce image layer count. # RedHat certification check "LayerCountAcceptable" requires < 40 layers. -RUN --mount=type=bind,from=builder,source=/microdir,target=/mnt/builder \ - cp -a /mnt/builder/usr/bin/replicator /usr/bin/ && \ - cp -a /mnt/builder/usr/bin/replicator-verifier /usr/bin/ && \ - cp -a /mnt/builder/usr/share/java /usr/share/ && \ - cp -a /mnt/builder/usr/share/doc /usr/share/ && \ - cp -a /mnt/builder/etc/kafka-connect-replicator /etc/ +COPY --from=builder /microdir/usr/bin/replicator /microdir/usr/bin/replicator-verifier /usr/bin/ +COPY --from=builder /microdir/usr/share/java /usr/share/java +COPY --from=builder /microdir/usr/share/doc /usr/share/doc +COPY --from=builder /microdir/etc/kafka-connect-replicator /etc/kafka-connect-replicator COPY --chown=${APP_UID}:${APP_GID} include/etc/confluent/docker/ /etc/confluent/docker/ From fa557c0a6246975deb98b2f7f85565307f234fbf Mon Sep 17 00:00:00 2001 From: KrishVora01 Date: Sun, 22 Feb 2026 16:47:54 +0530 Subject: [PATCH 09/16] Revert COPY --chown to COPY + RUN chown for Spotify plugin compatibility The Spotify dockerfile-maven-plugin v1.4.13 does not support variable expansion in COPY --chown (e.g. ${APP_UID}:${APP_GID}), causing build failure: "can't find uid for user : no such user:". Co-Authored-By: Claude Opus 4.6 --- replicator/Dockerfile.ubi9 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/replicator/Dockerfile.ubi9 b/replicator/Dockerfile.ubi9 index e4752167f..3ac2738d3 100644 --- a/replicator/Dockerfile.ubi9 +++ b/replicator/Dockerfile.ubi9 @@ -88,7 +88,8 @@ COPY --from=builder /microdir/usr/share/java /usr/share/java COPY --from=builder /microdir/usr/share/doc /usr/share/doc COPY --from=builder /microdir/etc/kafka-connect-replicator /etc/kafka-connect-replicator -COPY --chown=${APP_UID}:${APP_GID} include/etc/confluent/docker/ /etc/confluent/docker/ +COPY include/etc/confluent/docker/ /etc/confluent/docker/ +RUN chown -R ${APP_UID}:${APP_GID} /etc/confluent/docker USER ${APP_UID} From c3d792372548d61500fd731a81c283ce118c6e86 Mon Sep 17 00:00:00 2001 From: KrishVora01 Date: Mon, 23 Feb 2026 11:50:47 +0530 Subject: [PATCH 10/16] temp: override CI to use dev registry micro base images Point DOCKER_UPSTREAM_REGISTRY to dev registry and use dev-master-7a34d9f1 tag to pull micro cp-server-connect-base for testing. This is temporary and will be reverted. Co-Authored-By: Claude Opus 4.6 --- .semaphore/semaphore.yml | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index 767f6915a..8a5d7449a 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -68,9 +68,10 @@ global_job_config: fi - export DOCKER_DEV_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/dev/" - export DOCKER_PROD_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/" - - export DOCKER_UPSTREAM_REGISTRY=$DOCKER_PROD_REGISTRY + # TEMP: Use dev registry micro base images for testing cp-server-connect ubi9-micro + - export DOCKER_UPSTREAM_REGISTRY=$DOCKER_DEV_REGISTRY - export LATEST_TAG=$BRANCH_TAG-latest - - export DOCKER_UPSTREAM_TAG="$LATEST_TAG" + - export DOCKER_UPSTREAM_TAG="dev-master-7a34d9f1" - export DOCKER_REPOS="confluentinc/cp-enterprise-replicator confluentinc/cp-enterprise-replicator-executable" - export COMMUNITY_DOCKER_REPOS="" - | @@ -121,9 +122,10 @@ blocks: - ci-tools ci-update-version - export OS_PACKAGES_URL=$(echo "$PACKAGES_URL" | sed "s/PACKAGE_TYPE/rpm/g") - export PACKAGING_BUILD_ARGS="$PACKAGING_BUILD_ARGS -DCONFLUENT_PACKAGES_REPO=$OS_PACKAGES_URL" - - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY - -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$AMD_ARCH - -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG -Darch.type=$AMD_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS + # TEMP: Using $AMD_ARCH in upstream-tag to match dev registry arch-specific tags + - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY + -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$AMD_ARCH + -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG$AMD_ARCH -Darch.type=$AMD_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS - . cache-maven store - >- for dev_image in $AMD_DOCKER_DEV_FULL_IMAGES; @@ -154,9 +156,10 @@ blocks: - export OS_PACKAGES_URL=$(echo "$PACKAGES_URL" | sed "s/PACKAGE_TYPE/rpm/g") - export PACKAGING_BUILD_ARGS="$PACKAGING_BUILD_ARGS -DCONFLUENT_PACKAGES_REPO=$OS_PACKAGES_URL" - ci-tools ci-update-version - - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY - -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$ARM_ARCH - -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG -Darch.type=$ARM_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS + # TEMP: Using $ARM_ARCH in upstream-tag to match dev registry arch-specific tags + - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY + -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$ARM_ARCH + -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG$ARM_ARCH -Darch.type=$ARM_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS - . cache-maven store - for image in $ARM_DOCKER_DEV_FULL_IMAGES; do echo "Pushing $image" && docker push $image; done epilogue: From 000e3dbbc405fae161d03a00d21d7c323780b90f Mon Sep 17 00:00:00 2001 From: KrishVora01 Date: Mon, 23 Feb 2026 11:53:33 +0530 Subject: [PATCH 11/16] Revert "temp: override CI to use dev registry micro base images" This reverts commit c3d792372548d61500fd731a81c283ce118c6e86. --- .semaphore/semaphore.yml | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index 8a5d7449a..767f6915a 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -68,10 +68,9 @@ global_job_config: fi - export DOCKER_DEV_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/dev/" - export DOCKER_PROD_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/" - # TEMP: Use dev registry micro base images for testing cp-server-connect ubi9-micro - - export DOCKER_UPSTREAM_REGISTRY=$DOCKER_DEV_REGISTRY + - export DOCKER_UPSTREAM_REGISTRY=$DOCKER_PROD_REGISTRY - export LATEST_TAG=$BRANCH_TAG-latest - - export DOCKER_UPSTREAM_TAG="dev-master-7a34d9f1" + - export DOCKER_UPSTREAM_TAG="$LATEST_TAG" - export DOCKER_REPOS="confluentinc/cp-enterprise-replicator confluentinc/cp-enterprise-replicator-executable" - export COMMUNITY_DOCKER_REPOS="" - | @@ -122,10 +121,9 @@ blocks: - ci-tools ci-update-version - export OS_PACKAGES_URL=$(echo "$PACKAGES_URL" | sed "s/PACKAGE_TYPE/rpm/g") - export PACKAGING_BUILD_ARGS="$PACKAGING_BUILD_ARGS -DCONFLUENT_PACKAGES_REPO=$OS_PACKAGES_URL" - # TEMP: Using $AMD_ARCH in upstream-tag to match dev registry arch-specific tags - - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY - -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$AMD_ARCH - -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG$AMD_ARCH -Darch.type=$AMD_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS + - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY + -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$AMD_ARCH + -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG -Darch.type=$AMD_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS - . cache-maven store - >- for dev_image in $AMD_DOCKER_DEV_FULL_IMAGES; @@ -156,10 +154,9 @@ blocks: - export OS_PACKAGES_URL=$(echo "$PACKAGES_URL" | sed "s/PACKAGE_TYPE/rpm/g") - export PACKAGING_BUILD_ARGS="$PACKAGING_BUILD_ARGS -DCONFLUENT_PACKAGES_REPO=$OS_PACKAGES_URL" - ci-tools ci-update-version - # TEMP: Using $ARM_ARCH in upstream-tag to match dev registry arch-specific tags - - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY - -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$ARM_ARCH - -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG$ARM_ARCH -Darch.type=$ARM_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS + - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY + -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$ARM_ARCH + -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG -Darch.type=$ARM_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS - . cache-maven store - for image in $ARM_DOCKER_DEV_FULL_IMAGES; do echo "Pushing $image" && docker push $image; done epilogue: From 5a3b8510bbd3ef83bf88d916b526ab598d68920a Mon Sep 17 00:00:00 2001 From: KrishVora01 Date: Thu, 26 Feb 2026 10:39:43 +0530 Subject: [PATCH 12/16] temp: override CI to use dev registry micro base images Point DOCKER_UPSTREAM_REGISTRY to dev registry and use dev-master-9dc282ab tag to pull micro cp-server-connect for testing. This is temporary and will be reverted. Co-Authored-By: Claude Opus 4.6 --- .semaphore/semaphore.yml | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index 767f6915a..98eebaea0 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -68,9 +68,10 @@ global_job_config: fi - export DOCKER_DEV_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/dev/" - export DOCKER_PROD_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/" - - export DOCKER_UPSTREAM_REGISTRY=$DOCKER_PROD_REGISTRY + # TEMP: Use dev registry micro base images for testing cp-server-connect ubi9-micro + - export DOCKER_UPSTREAM_REGISTRY=$DOCKER_DEV_REGISTRY - export LATEST_TAG=$BRANCH_TAG-latest - - export DOCKER_UPSTREAM_TAG="$LATEST_TAG" + - export DOCKER_UPSTREAM_TAG="dev-master-9dc282ab" - export DOCKER_REPOS="confluentinc/cp-enterprise-replicator confluentinc/cp-enterprise-replicator-executable" - export COMMUNITY_DOCKER_REPOS="" - | @@ -121,9 +122,10 @@ blocks: - ci-tools ci-update-version - export OS_PACKAGES_URL=$(echo "$PACKAGES_URL" | sed "s/PACKAGE_TYPE/rpm/g") - export PACKAGING_BUILD_ARGS="$PACKAGING_BUILD_ARGS -DCONFLUENT_PACKAGES_REPO=$OS_PACKAGES_URL" - - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY - -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$AMD_ARCH - -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG -Darch.type=$AMD_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS + # TEMP: Using $AMD_ARCH in upstream-tag to match dev registry arch-specific tags + - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY + -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$AMD_ARCH + -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG$AMD_ARCH -Darch.type=$AMD_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS - . cache-maven store - >- for dev_image in $AMD_DOCKER_DEV_FULL_IMAGES; @@ -154,9 +156,10 @@ blocks: - export OS_PACKAGES_URL=$(echo "$PACKAGES_URL" | sed "s/PACKAGE_TYPE/rpm/g") - export PACKAGING_BUILD_ARGS="$PACKAGING_BUILD_ARGS -DCONFLUENT_PACKAGES_REPO=$OS_PACKAGES_URL" - ci-tools ci-update-version - - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY - -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$ARM_ARCH - -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG -Darch.type=$ARM_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS + # TEMP: Using $ARM_ARCH in upstream-tag to match dev registry arch-specific tags + - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY + -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$ARM_ARCH + -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG$ARM_ARCH -Darch.type=$ARM_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS - . cache-maven store - for image in $ARM_DOCKER_DEV_FULL_IMAGES; do echo "Pushing $image" && docker push $image; done epilogue: From ce1b20c6fdc89a6db22266bb59594fe3f1d21ef2 Mon Sep 17 00:00:00 2001 From: KrishVora01 Date: Thu, 26 Feb 2026 10:39:49 +0530 Subject: [PATCH 13/16] Revert "temp: override CI to use dev registry micro base images" This reverts commit 5a3b8510bbd3ef83bf88d916b526ab598d68920a. --- .semaphore/semaphore.yml | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index 98eebaea0..767f6915a 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -68,10 +68,9 @@ global_job_config: fi - export DOCKER_DEV_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/dev/" - export DOCKER_PROD_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/" - # TEMP: Use dev registry micro base images for testing cp-server-connect ubi9-micro - - export DOCKER_UPSTREAM_REGISTRY=$DOCKER_DEV_REGISTRY + - export DOCKER_UPSTREAM_REGISTRY=$DOCKER_PROD_REGISTRY - export LATEST_TAG=$BRANCH_TAG-latest - - export DOCKER_UPSTREAM_TAG="dev-master-9dc282ab" + - export DOCKER_UPSTREAM_TAG="$LATEST_TAG" - export DOCKER_REPOS="confluentinc/cp-enterprise-replicator confluentinc/cp-enterprise-replicator-executable" - export COMMUNITY_DOCKER_REPOS="" - | @@ -122,10 +121,9 @@ blocks: - ci-tools ci-update-version - export OS_PACKAGES_URL=$(echo "$PACKAGES_URL" | sed "s/PACKAGE_TYPE/rpm/g") - export PACKAGING_BUILD_ARGS="$PACKAGING_BUILD_ARGS -DCONFLUENT_PACKAGES_REPO=$OS_PACKAGES_URL" - # TEMP: Using $AMD_ARCH in upstream-tag to match dev registry arch-specific tags - - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY - -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$AMD_ARCH - -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG$AMD_ARCH -Darch.type=$AMD_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS + - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY + -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$AMD_ARCH + -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG -Darch.type=$AMD_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS - . cache-maven store - >- for dev_image in $AMD_DOCKER_DEV_FULL_IMAGES; @@ -156,10 +154,9 @@ blocks: - export OS_PACKAGES_URL=$(echo "$PACKAGES_URL" | sed "s/PACKAGE_TYPE/rpm/g") - export PACKAGING_BUILD_ARGS="$PACKAGING_BUILD_ARGS -DCONFLUENT_PACKAGES_REPO=$OS_PACKAGES_URL" - ci-tools ci-update-version - # TEMP: Using $ARM_ARCH in upstream-tag to match dev registry arch-specific tags - - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY - -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$ARM_ARCH - -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG$ARM_ARCH -Darch.type=$ARM_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS + - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY + -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$ARM_ARCH + -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG -Darch.type=$ARM_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS - . cache-maven store - for image in $ARM_DOCKER_DEV_FULL_IMAGES; do echo "Pushing $image" && docker push $image; done epilogue: From 7513f7446d0df99fef8b1a59973c9974213433e1 Mon Sep 17 00:00:00 2001 From: KrishVora01 Date: Thu, 26 Feb 2026 10:49:22 +0530 Subject: [PATCH 14/16] temp: override CI to use dev registry micro base images Point DOCKER_UPSTREAM_REGISTRY to dev registry and use dev-master-9dc282ab tag to pull micro cp-server-connect for testing. This is temporary and will be reverted. Co-Authored-By: Claude Opus 4.6 --- .semaphore/semaphore.yml | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index 767f6915a..98eebaea0 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -68,9 +68,10 @@ global_job_config: fi - export DOCKER_DEV_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/dev/" - export DOCKER_PROD_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/" - - export DOCKER_UPSTREAM_REGISTRY=$DOCKER_PROD_REGISTRY + # TEMP: Use dev registry micro base images for testing cp-server-connect ubi9-micro + - export DOCKER_UPSTREAM_REGISTRY=$DOCKER_DEV_REGISTRY - export LATEST_TAG=$BRANCH_TAG-latest - - export DOCKER_UPSTREAM_TAG="$LATEST_TAG" + - export DOCKER_UPSTREAM_TAG="dev-master-9dc282ab" - export DOCKER_REPOS="confluentinc/cp-enterprise-replicator confluentinc/cp-enterprise-replicator-executable" - export COMMUNITY_DOCKER_REPOS="" - | @@ -121,9 +122,10 @@ blocks: - ci-tools ci-update-version - export OS_PACKAGES_URL=$(echo "$PACKAGES_URL" | sed "s/PACKAGE_TYPE/rpm/g") - export PACKAGING_BUILD_ARGS="$PACKAGING_BUILD_ARGS -DCONFLUENT_PACKAGES_REPO=$OS_PACKAGES_URL" - - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY - -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$AMD_ARCH - -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG -Darch.type=$AMD_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS + # TEMP: Using $AMD_ARCH in upstream-tag to match dev registry arch-specific tags + - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY + -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$AMD_ARCH + -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG$AMD_ARCH -Darch.type=$AMD_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS - . cache-maven store - >- for dev_image in $AMD_DOCKER_DEV_FULL_IMAGES; @@ -154,9 +156,10 @@ blocks: - export OS_PACKAGES_URL=$(echo "$PACKAGES_URL" | sed "s/PACKAGE_TYPE/rpm/g") - export PACKAGING_BUILD_ARGS="$PACKAGING_BUILD_ARGS -DCONFLUENT_PACKAGES_REPO=$OS_PACKAGES_URL" - ci-tools ci-update-version - - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY - -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$ARM_ARCH - -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG -Darch.type=$ARM_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS + # TEMP: Using $ARM_ARCH in upstream-tag to match dev registry arch-specific tags + - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY + -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$ARM_ARCH + -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG$ARM_ARCH -Darch.type=$ARM_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS - . cache-maven store - for image in $ARM_DOCKER_DEV_FULL_IMAGES; do echo "Pushing $image" && docker push $image; done epilogue: From 71973c7138cfbaf38cbb0bd9e91cba30719f937b Mon Sep 17 00:00:00 2001 From: KrishVora01 Date: Thu, 26 Feb 2026 10:55:48 +0530 Subject: [PATCH 15/16] Force push empty commit to retrigger CI build again From b23830c1edcacc687917051b71418e2c9ea4861c Mon Sep 17 00:00:00 2001 From: KrishVora01 Date: Thu, 26 Feb 2026 11:05:30 +0530 Subject: [PATCH 16/16] revert: restore default upstream registry and tag Co-Authored-By: Claude Opus 4.6 --- .semaphore/semaphore.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index a24307a8b..f92548e37 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -68,10 +68,9 @@ global_job_config: fi - export DOCKER_DEV_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/dev/" - export DOCKER_PROD_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/" - # TEMP: Use dev registry micro base images for testing cp-server-connect ubi9-micro - - export DOCKER_UPSTREAM_REGISTRY=$DOCKER_DEV_REGISTRY + - export DOCKER_UPSTREAM_REGISTRY=$DOCKER_PROD_REGISTRY - export LATEST_TAG=$BRANCH_TAG-latest - - export DOCKER_UPSTREAM_TAG="dev-master-9dc282ab" + - export DOCKER_UPSTREAM_TAG="$LATEST_TAG" - export DOCKER_REPOS="confluentinc/cp-enterprise-replicator confluentinc/cp-enterprise-replicator-executable" - export COMMUNITY_DOCKER_REPOS="" - | @@ -122,10 +121,9 @@ blocks: - ci-tools ci-update-version --direct-pom-edit - export OS_PACKAGES_URL=$(echo "$PACKAGES_URL" | sed "s/PACKAGE_TYPE/rpm/g") - export PACKAGING_BUILD_ARGS="$PACKAGING_BUILD_ARGS -DCONFLUENT_PACKAGES_REPO=$OS_PACKAGES_URL" - # TEMP: Using $AMD_ARCH in upstream-tag to match dev registry arch-specific tags - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$AMD_ARCH - -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG$AMD_ARCH -Darch.type=$AMD_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS + -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG -Darch.type=$AMD_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS - . cache-maven store - >- for dev_image in $AMD_DOCKER_DEV_FULL_IMAGES; @@ -156,10 +154,9 @@ blocks: - export OS_PACKAGES_URL=$(echo "$PACKAGES_URL" | sed "s/PACKAGE_TYPE/rpm/g") - export PACKAGING_BUILD_ARGS="$PACKAGING_BUILD_ARGS -DCONFLUENT_PACKAGES_REPO=$OS_PACKAGES_URL" - ci-tools ci-update-version --direct-pom-edit - # TEMP: Using $ARM_ARCH in upstream-tag to match dev registry arch-specific tags - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean package dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$ARM_ARCH - -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG$ARM_ARCH -Darch.type=$ARM_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS + -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG -Darch.type=$ARM_ARCH -Ddocker.os_type=ubi9 $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true $MAVEN_EXTRA_ARGS - . cache-maven store - for image in $ARM_DOCKER_DEV_FULL_IMAGES; do echo "Pushing $image" && docker push $image; done epilogue: