From c4d14021d19c0cdf90adfa8498d987bd6280eb29 Mon Sep 17 00:00:00 2001 From: Janet Gainer-Dewar Date: Tue, 16 Jul 2024 15:19:22 -0400 Subject: [PATCH 1/2] Upgrade Cromwell to Java 17 --- .github/set_up_cromwell_action/action.yml | 2 +- .github/workflows/chart_update_on_merge.yml | 2 +- .github/workflows/docker_build_test.yml | 2 +- .github/workflows/trivy.yml | 2 +- .sdkmanrc | 2 +- CHANGELOG.md | 5 +++++ docs/Releases.md | 4 ++-- docs/tutorials/FiveMinuteIntro.md | 6 +++--- project/Publishing.scala | 6 +++--- publish/docker-setup.sh | 2 +- src/ci/docker-compose/cromwell-test/docker-setup.sh | 2 +- wom/src/test/scala/wom/util/YamlUtilsSpec.scala | 2 +- 12 files changed, 21 insertions(+), 16 deletions(-) diff --git a/.github/set_up_cromwell_action/action.yml b/.github/set_up_cromwell_action/action.yml index 364533fc057..a12ef1a65be 100644 --- a/.github/set_up_cromwell_action/action.yml +++ b/.github/set_up_cromwell_action/action.yml @@ -44,4 +44,4 @@ runs: uses: actions/setup-java@v4 with: distribution: temurin - java-version: 11 + java-version: 17 diff --git a/.github/workflows/chart_update_on_merge.yml b/.github/workflows/chart_update_on_merge.yml index aa8463aab4f..f463bcf651d 100644 --- a/.github/workflows/chart_update_on_merge.yml +++ b/.github/workflows/chart_update_on_merge.yml @@ -23,7 +23,7 @@ jobs: - uses: actions/setup-java@v4 with: distribution: 'temurin' - java-version: '11' + java-version: '17' - name: Clone Cromwhelm uses: actions/checkout@v2 with: diff --git a/.github/workflows/docker_build_test.yml b/.github/workflows/docker_build_test.yml index acb927fc23c..d3e5369fca5 100644 --- a/.github/workflows/docker_build_test.yml +++ b/.github/workflows/docker_build_test.yml @@ -28,7 +28,7 @@ jobs: - uses: actions/setup-java@v4 with: distribution: 'temurin' - java-version: '11' + java-version: '17' # The following invocation should be as similar as possible to the one in chart_update_on_merge.yml # To state the obvious: This test should not publish anything. It should simply verify that the build completes. - name: Build Cromwell Docker diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index a09937ddd0b..1704b3b826c 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -22,7 +22,7 @@ jobs: - uses: actions/setup-java@v4 with: distribution: 'temurin' - java-version: '11' + java-version: '17' # set up SBT cache - uses: actions/cache@v2 diff --git a/.sdkmanrc b/.sdkmanrc index c6a70baf864..f3b37566860 100644 --- a/.sdkmanrc +++ b/.sdkmanrc @@ -1,3 +1,3 @@ # Enable auto-env through the sdkman_auto_env config # Add key=value pairs of SDKs to use below -java=11.0.23-tem +java=17.0.9-tem diff --git a/CHANGELOG.md b/CHANGELOG.md index 5b1fd090263..3624957de38 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,11 @@ ## 88 Release Notes +### Java 17 + +As of this version, a distribution of Java 17 is required to run Cromwell. Cromwell is developed, tested, and +containerized using [Eclipse Temurin](https://adoptium.net/temurin/releases/?version=17). + ### Improved status reporting behavior When Cromwell restarts during a workflow that is failing, it no longer reports pending tasks as a reason for that failure. diff --git a/docs/Releases.md b/docs/Releases.md index 9699d7d44bc..2a6da6b2f42 100644 --- a/docs/Releases.md +++ b/docs/Releases.md @@ -19,8 +19,8 @@ Mac users with Homebrew can also get Cromwell with the command `brew install cro This documentation frequently refers to a "Cromwell jar" with a name like `cromwell-.jar`. This is the main artifact in Cromwell releases that contains all executable Cromwell code and default configuration. -A distribution of Java 11 is required to run Cromwell. Cromwell is developed, tested, and containerized using -[AdoptOpenJDK 11 HotSpot](https://adoptopenjdk.net/). +A distribution of Java 17 is required to run Cromwell. Cromwell is developed, tested, and containerized using +[Eclipse Temurin](https://adoptium.net/temurin/releases/?version=17). For users running a Cromwell server [a docker image](https://hub.docker.com/r/broadinstitute/cromwell) has been made available. diff --git a/docs/tutorials/FiveMinuteIntro.md b/docs/tutorials/FiveMinuteIntro.md index 1c16a56c606..a5ad38138c2 100644 --- a/docs/tutorials/FiveMinuteIntro.md +++ b/docs/tutorials/FiveMinuteIntro.md @@ -3,11 +3,11 @@ ### Prerequisites: * A Unix-based operating system (yes, that includes Mac!) -* A Java 11 runtime environment +* A Java 17 runtime environment * You can see what you have by running `$ java -version` on a terminal. * If not, consider installing via conda or brew [as explained here](../Releases.md). - * We recommend [SDKMAN](https://sdkman.io/install) to install the latest 11 build of [Temurin](https://adoptium.net/temurin/releases/?version=11) - * `sdk install java 11.0.16-tem` as of the time of this writing + * We recommend [SDKMAN](https://sdkman.io/install) to install the latest 17 build of [Temurin](https://adoptium.net/temurin/releases/?version=17) + * `sdk install 17.0.9-tem` as of the time of this writing * You might need to update the `export JAVA_HOME` in your bash profile to point to your JAVA install location. * A sense of adventure! diff --git a/project/Publishing.scala b/project/Publishing.scala index fa2778f328f..1ecf843492c 100644 --- a/project/Publishing.scala +++ b/project/Publishing.scala @@ -1,4 +1,4 @@ -import Version.{Debug, Release, Snapshot, Standard, cromwellVersion} +import Version.{cromwellVersion, Debug, Release, Snapshot, Standard} import org.apache.ivy.Ivy import org.apache.ivy.core.IvyPatternHelper import org.apache.ivy.core.module.descriptor.{DefaultModuleDescriptor, MDArtifact} @@ -69,7 +69,7 @@ object Publishing { val additionalDockerInstr: Seq[Instruction] = (dockerCustomSettings ?? Nil).value new Dockerfile { - from("us.gcr.io/broad-dsp-gcr-public/base/jre:11-debian") + from("us.gcr.io/broad-dsp-gcr-public/base/jre:17-debian") expose(8000) add(artifact, artifactTargetPath) runRaw(s"ln -s $artifactTargetPath /app/$projectName.jar") @@ -210,7 +210,7 @@ object Publishing { val additionalResolvers = List( broadArtifactoryResolver, - broadArtifactoryResolverSnap, + broadArtifactoryResolverSnap ) ++ Resolver.sonatypeOssRepos("releases") private val artifactoryCredentialsFile = diff --git a/publish/docker-setup.sh b/publish/docker-setup.sh index 613d251df96..bc39f31d10a 100755 --- a/publish/docker-setup.sh +++ b/publish/docker-setup.sh @@ -20,7 +20,7 @@ mkdir -p /etc/apt/keyrings wget -O - https://packages.adoptium.net/artifactory/api/gpg/key/public | tee /etc/apt/keyrings/adoptium.asc echo "deb [signed-by=/etc/apt/keyrings/adoptium.asc] https://packages.adoptium.net/artifactory/deb $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" | tee /etc/apt/sources.list.d/adoptium.list apt update -apt install -y temurin-11-jdk +apt install -y temurin-17-jdk # Install jq 1.6 to ensure --rawfile is supported curl -L https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -o /usr/bin/jq diff --git a/src/ci/docker-compose/cromwell-test/docker-setup.sh b/src/ci/docker-compose/cromwell-test/docker-setup.sh index 7b6ff1cec73..9853f63e161 100755 --- a/src/ci/docker-compose/cromwell-test/docker-setup.sh +++ b/src/ci/docker-compose/cromwell-test/docker-setup.sh @@ -50,7 +50,7 @@ add-apt-repository \ # install packages that required setup apt-get update apt-get install -y \ - temurin-11-jdk \ + temurin-17-jdk \ containerd.io \ docker-ce \ docker-ce-cli \ diff --git a/wom/src/test/scala/wom/util/YamlUtilsSpec.scala b/wom/src/test/scala/wom/util/YamlUtilsSpec.scala index b06f4cd483a..8f5ddd22c95 100644 --- a/wom/src/test/scala/wom/util/YamlUtilsSpec.scala +++ b/wom/src/test/scala/wom/util/YamlUtilsSpec.scala @@ -80,7 +80,7 @@ class YamlUtilsSpec "a null yaml", null, refineMV[NonNegative](0), - null + "Cannot invoke \"String.length()\" because \"s\" is null" ), ( "an empty yaml mapping when limited to zero nodes", From 48b35b46a8a1b2a67e9f88d6469babcb6bf19e30 Mon Sep 17 00:00:00 2001 From: Janet Gainer-Dewar Date: Wed, 17 Jul 2024 17:40:47 -0400 Subject: [PATCH 2/2] Avoid CromIAM errors on boot --- project/Publishing.scala | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/project/Publishing.scala b/project/Publishing.scala index 1ecf843492c..c506532ffbb 100644 --- a/project/Publishing.scala +++ b/project/Publishing.scala @@ -79,6 +79,17 @@ object Publishing { addInstruction(installDebugFacilities(version.value)) } + // Add a custom java opt for CromIAM, this avoids the following error on boot (from Akka): + // class com.typesafe.sslconfig.ssl.DefaultHostnameVerifier (in unnamed module @0x5594a1b5) + // cannot access class sun.security.util.HostnameChecker (in module java.base) + // because module java.base does not export sun.security.util to unnamed module @0x5594a1b5 + // See https://docs.oracle.com/en/java/javase/17/migrate/migrating-jdk-8-later-jdk-releases.html#GUID-2F61F3A9-0979-46A4-8B49-325BA0EE8B66 + // TODO remove this once we upgrade Akka past 2.5 + val addOpensJavaOpt = + if (projectName == "cromiam") + "--add-opens=java.base/sun.security.util=ALL-UNNAMED" + else "" + /* If you use the 'exec' form for an entry point, shell processing is not performed and environment variable substitution does not occur. Thus we have to /bin/bash here @@ -114,7 +125,7 @@ object Publishing { entryPoint( "/bin/bash", "-c", - s"java $${JAVA_OPTS} -jar /app/$projectName.jar $${${projectName.toUpperCase.replaceAll("-", "_")}_ARGS} $${*}", + s"java $${JAVA_OPTS} ${addOpensJavaOpt} -jar /app/$projectName.jar $${${projectName.toUpperCase.replaceAll("-", "_")}_ARGS} $${*}", "--" ) // for each custom setting (instruction) run addInstruction()