From fec1277185a3fafeb93e8245c303e74d76173146 Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jim@acmegating.com>
Date: Thu, 24 Aug 2023 10:38:14 -0700
Subject: [PATCH] Update gerrit image to bookworm

And upgrade to Python 3.11, and JDK to 17.

Change-Id: I7c9415e6706141db6cd9cab056a439da81469def
---
 docker/gerrit/base/Dockerfile                     |  6 +++---
 playbooks/roles/gerrit/templates/gerrit.config.j2 |  6 +++++-
 playbooks/zuul/gerrit/files/run-gerrit.sh         |  2 +-
 playbooks/zuul/gerrit/repos.yaml                  |  2 +-
 zuul.d/docker-images/gerrit.yaml                  | 12 ++++++------
 5 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/docker/gerrit/base/Dockerfile b/docker/gerrit/base/Dockerfile
index 591902d598..b1935a0ccc 100644
--- a/docker/gerrit/base/Dockerfile
+++ b/docker/gerrit/base/Dockerfile
@@ -15,17 +15,17 @@
 
 # Sun Jul 16 22:42:10 UTC 2023 - trigger rebuild
 
-FROM docker.io/opendevorg/python-builder:3.9-bullseye as builder
+FROM docker.io/opendevorg/python-builder:3.11-bookworm as builder
 
 COPY . /tmp/src
 RUN assemble
 
-FROM docker.io/opendevorg/python-base:3.9-bullseye as gerrit-base
+FROM docker.io/opendevorg/python-base:3.11-bookworm as gerrit-base
 
 RUN echo 'APT::Install-Recommends "0";' > /etc/apt/apt.conf.d/95disable-recommends
 
 RUN apt-get update \
-  && apt-get install -y dumb-init git openssh-client openjdk-11-jdk-headless unzip \
+  && apt-get install -y dumb-init git openssh-client openjdk-17-jdk-headless unzip \
   # This next set of installs helps align us with the old openjdk image \
   # but they may not all be necessary \
   && apt-get install -y xz-utils bzip2 wget curl gnupg \
diff --git a/playbooks/roles/gerrit/templates/gerrit.config.j2 b/playbooks/roles/gerrit/templates/gerrit.config.j2
index 96bc022b5a..bd311ad57b 100644
--- a/playbooks/roles/gerrit/templates/gerrit.config.j2
+++ b/playbooks/roles/gerrit/templates/gerrit.config.j2
@@ -35,7 +35,11 @@
 {% if gerrit_heap_limit is defined %}
 	heapLimit = {{ gerrit_heap_limit }}
 {% endif %}
-	javaHome = /usr/lib/jvm/java-11-openjdk-amd64
+	# TODO(clarkb) javaHome and possibly javaOptions may be candidates
+	# for cleanup. The upstream gerrit.sh init script fetches these
+	# values to configure Gerrit startup, but we we a very simple
+	# startup script in our containers now.
+	javaHome = /usr/lib/jvm/java-17-openjdk-amd64
 	javaOptions = "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance"
 	javaOptions = "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance"
 [gc]
diff --git a/playbooks/zuul/gerrit/files/run-gerrit.sh b/playbooks/zuul/gerrit/files/run-gerrit.sh
index 144b7fb006..f13be7d812 100755
--- a/playbooks/zuul/gerrit/files/run-gerrit.sh
+++ b/playbooks/zuul/gerrit/files/run-gerrit.sh
@@ -1,4 +1,4 @@
 #!/bin/sh
 
 # The /dev/./urandom is not a typo. https://stackoverflow.com/questions/58991966/what-java-security-egd-option-is-for
-/usr/lib/jvm/java-11-openjdk-amd64/bin/java -Djava.security.egd=file:/dev/./urandom ${JAVA_OPTIONS} -jar /var/gerrit/bin/gerrit.war daemon -d /var/gerrit
+/usr/lib/jvm/java-17-openjdk-amd64/bin/java -Djava.security.egd=file:/dev/./urandom ${JAVA_OPTIONS} -jar /var/gerrit/bin/gerrit.war daemon -d /var/gerrit
diff --git a/playbooks/zuul/gerrit/repos.yaml b/playbooks/zuul/gerrit/repos.yaml
index 821aea44f7..6afc5301e1 100644
--- a/playbooks/zuul/gerrit/repos.yaml
+++ b/playbooks/zuul/gerrit/repos.yaml
@@ -1,7 +1,7 @@
 - hosts: all
   roles:
     - role: ensure-java
-      java_version: 11
+      java_version: 17
     - role: ensure-nodejs
       node_version: 18
     - ensure-bazelisk
diff --git a/zuul.d/docker-images/gerrit.yaml b/zuul.d/docker-images/gerrit.yaml
index bd328a0d88..f4f12eae71 100644
--- a/zuul.d/docker-images/gerrit.yaml
+++ b/zuul.d/docker-images/gerrit.yaml
@@ -7,8 +7,8 @@
       - opendev/jeepyb
       - opendev/system-config
     requires:
-      - python-builder-3.9-bullseye-container-image
-      - python-base-3.9-bullseye-container-image
+      - python-builder-3.11-bookworm-container-image
+      - python-base-3.11-bookworm-container-image
     provides: gerrit-base-container-image
     pre-run: &gerrit-base_prerun
       - playbooks/zuul/gerrit/base.yaml
@@ -27,8 +27,8 @@
     description: Build and upload a gerrit-base image.
     parent: system-config-upload-image
     requires:
-      - python-builder-3.9-bullseye-container-image
-      - python-base-3.9-bullseye-container-image
+      - python-builder-3.11-bookworm-container-image
+      - python-base-3.11-bookworm-container-image
     provides: gerrit-base-container-image
     pre-run: *gerrit-base_prerun
     required-projects: *gerrit_base_projects
@@ -316,7 +316,7 @@
         - system-config-build-image-gerrit-base:
             dependencies:
               - name: opendev-buildset-registry
-              - name: system-config-build-image-python-builder-3.9-bullseye
+              - name: system-config-build-image-python-builder-3.11-bookworm
                 soft: true
         - system-config-build-image-gerrit-3.7:
             dependencies:
@@ -339,7 +339,7 @@
         - system-config-upload-image-gerrit-base:
             dependencies:
               - name: opendev-buildset-registry
-              - name: system-config-upload-image-python-builder-3.9-bullseye
+              - name: system-config-upload-image-python-builder-3.11-bookworm
                 soft: true
         - system-config-upload-image-gerrit-3.7:
             dependencies: