feat: upgrade for java25

coling01 · coling01 · commit 5c35265fd9f0 · 2026-03-12T10:38:23.000Z
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,9 @@
-# Docker base image - note that this is currently overwritten by azure pipelines
+# See ci-build-publish.yml which sets baseImage=hmcts/apm-services:25-jre and agentDemand:ubuntu-j25
+# azure pipeline replaces $BASE_IMAGE with crmdvrepo01.azurecr.io + $baseImage
+# This image has the hmcts self signing certificate authority added to truststore so we dont need to worry about about the certs
+# If pulling this locally we need to authenticate to acr ... az login; az acr login -n crmdvrepo01
 ARG BASE_IMAGE
-FROM ${BASE_IMAGE:-eclipse-temurin:21-jdk}
+FROM ${BASE_IMAGE:-eclipse-temurin:25-jre}
 
 # run as non-root ... group and user "app"
 RUN groupadd -r app && useradd -r -g app app
@@ -16,10 +19,5 @@ COPY docker/* /app/
 COPY build/libs/*.jar /app/
 COPY lib/applicationinsights.json /app/
 
-# Not sure this does anything useful we can drop once we sort certificates
-RUN test -n "$JAVA_HOME" \
- && test -f "$JAVA_HOME/lib/security/cacerts" \
- && chmod 777 "$JAVA_HOME/lib/security/cacerts"
-
 USER app
 ENTRYPOINT ["/bin/sh","./startup.sh"]
diff --git a/docker/README-certs.md b/docker/README-certs.md
diff --git a/docker/startup.sh b/docker/startup.sh
@@ -1,42 +1,10 @@
 #!/usr/bin/env sh
-# Script to add ssl trust certs into the current truststore / keystore before we start our spring boot app
-# We use self signed certificates in our dev and test environments so we need to add these to our chain of trust
-# The kubernetes startup will load any self signed certificates into /etc/certs
-# We load any certs found in the /etc/certs into the default keystore
-#
+# Add any startup requirements in here
 logmsg() {
     SCRIPTNAME=$(basename $0)
     echo "$SCRIPTNAME : $1"
 }
 
-logmsg "running and loading certificates ..."
-if [ -z "$JAVA_HOME" ]; then
-    export JAVA_HOME="/usr/local/openjdk-21"
-fi
-export KEYSTORE="$JAVA_HOME/lib/security/cacerts"
-if [ -z "$CERTS_DIR" ]; then
-    logmsg "Warning - expects \$CERTS_DIR to be set. i.e. export CERTS_DIR="/etc/certs
-    logmsg "Defaulting to /etc/certs"
-    export CERTS_DIR="/etc/certs"
-fi
-
-if [ ! -f "$KEYSTORE" ]; then
-    logmsg "Error - expects keystore $KEYSTORE to already exist"
-    exit 1
-fi
-
-export count=1
-logmsg "Loading certificates from $CERTS_DIR into keystore $KEYSTORE"
-for FILE in $(ls $CERTS_DIR)
-do
-    alias="mojcert$count"
-    logmsg "Adding $CERTS_DIR/$FILE to keystore with alias $alias"
-    keytool -importcert -file $CERTS_DIR/$FILE -keystore $KEYSTORE -storepass changeit -alias $alias -noprompt
-    count=$((count+1))
-done
-
-keytool -list -keystore $KEYSTORE -storepass changeit | grep "Your keystore contains"
-
 export LOCALJARFILE=$(ls ./build/libs/*.jar 2>/dev/null | grep -v 'plain' | head -n1)
 export DOCKERJARFILE=$(ls /app/*.jar 2>/dev/null | grep -v 'plain' | head -n1)
 if [ -f "$DOCKERJARFILE" ]; then
