Docker build fix [MOSIP-44274]

[GOKULRAJ136]

Summary by CodeRabbit

• Chores
  • Upgraded Maven in the build environment to a newer patch release.
  • Removed obsolete Java 21-specific build variants and related artifacts to simplify and slim down build outputs.
  • Revised repository and distribution endpoints and snapshot settings to streamline publishing and deployment configuration.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Maven download in artifacts/Dockerfile bumped from 3.8.8 → 3.8.9. artifacts/pom.xml swaps repository and distributionManagement endpoints and snapshot flags, and removes many Java‑21-specific properties and artifactItem entries while retaining non‑Java21 artifacts and minor formatting tweaks.

Changes

Cohort / File(s)	Summary
Dockerfile Maven bump artifacts/Dockerfile	Maven version updated 3.8.8 → 3.8.9: download URL and tarball names changed; extraction and cleanup steps adjusted accordingly.
POM repository & artifact cleanup artifacts/pom.xml	Repository entries and distributionManagement URLs swapped and snapshot flags toggled; numerous Java‑21-specific properties and artifactItem entries removed; retained non‑Java21 artifacts and slight indentation/formatting changes.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 I hopped through Dockerfiles at night,

Swapped a Maven link to make it light.
POM blossoms pruned — Java‑21 set free,
Core artifacts stayed snug as can be.
A tiny hop, a cleaner tree 🌿

🚥 Pre-merge checks | ✅ 3 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Docker build fix' is vague and does not clearly describe the specific changes made. While a Docker file was modified, the title doesn't convey that Maven was updated or repository configurations were changed in pom.xml.	Consider a more specific title such as 'Update Maven to 3.8.9 and consolidate repository configuration' that better reflects the actual scope of changes across both Dockerfile and pom.xml.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into develop

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

artifacts/pom.xml (3)

221-229: Undefined properties will cause build failure.

This artifactItem references ${auth-adapter-java-21.version} and ${auth-adapter-java-21.location}, but these properties are not defined in the <properties> section. According to the summary, Java 21 variant properties were removed, but this artifactItem block was not removed.

This will cause Maven to either fail the build or use literal unresolved property strings as values.

🐛 Proposed fix: Remove the orphaned artifactItem

-				<artifactItem>
-					<groupId>io.mosip.kernel</groupId>
-					<artifactId>kernel-auth-adapter</artifactId>
-					<version>${auth-adapter-java-21.version}</version>
-					<outputDirectory>${auth-adapter-java-21.location}</outputDirectory>
-						<!-- Keep the destination filename consistent with the original -->
-					<destFileName>kernel-auth-adapter.jar</destFileName>
-					<type>jar</type>
-				</artifactItem>

---

261-269: Duplicate artifactItem entry.

This kernel-smsserviceprovider-msg91 artifactItem is identical to the one at lines 242-249. This will copy the same artifact twice unnecessarily.

🧹 Proposed fix: Remove the duplicate block

-<!-- artifactItem section for smsserviceprovider -->
-				<artifactItem>
-					<groupId>io.mosip.kernel</groupId>
-					<artifactId>kernel-smsserviceprovider-msg91</artifactId>
-					<version>${kernel-smsserviceprovider.version}</version>
-					 <outputDirectory>${kernel-smsserviceprovider.location}</outputDirectory> 
-					<destFileName>${kernel-smsserviceprovider.fileName}</destFileName>
-					<type>jar</type>
-				</artifactItem>

---

289-297: Undefined properties will cause build failure.

This artifactItem references ${kernel-virusscanner-clamav-java-21.version} and ${kernel-virusscanner-clamav-java-21.location}, but these properties are not defined. The Java 21 variant properties were removed but this artifactItem was not updated.

🐛 Proposed fix: Use the existing non-Java-21 properties

 <!-- artifactItem section for virusscanner -->
 				<artifactItem>
 					<groupId>io.mosip.kernel</groupId>
 					<artifactId>kernel-virusscanner-clamav</artifactId>
-					<version>${kernel-virusscanner-clamav-java-21.version}</version>
-					 <outputDirectory>${kernel-virusscanner-clamav-java-21.location}</outputDirectory> 
+					<version>${kernel-virusscanner-clamav.version}</version>
+					 <outputDirectory>${kernel-virusscanner-clamav.location}</outputDirectory> 
 					<destFileName>${kernel-virusscanner-clamav.fileName}</destFileName>
 					<type>jar</type>
 				</artifactItem>				

🤖 Fix all issues with AI agents

In `@artifacts/pom.xml`:
- Around line 37-56: Update the ossrh repository configuration: in the
repository with id "ossrh" replace the incorrect <url> value
"https://central.sonatype.com/repositories/snapshots" with the correct Sonatype
snapshots URL "https://central.sonatype.com/repository/maven-snapshots/" by
editing the <url> element inside the ossrh <repository> block in the pom.xml.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

Sonatype Central snapshot repository URL 2024 2025

💡 Result:

Common Sonatype snapshot repository URLs (2024–2025):

• New Central Portal snapshots (consume/publish): https://central.sonatype.com/repository/maven-snapshots/ [1].
• OSSRH Nexus snapshots (traditional): https://s01.oss.sonatype.org/content/repositories/snapshots/ and legacy https://oss.sonatype.org/content/repositories/snapshots/ (s01 is the newer host for many users). [1][2]

References:
[1] Sonatype Central — Publish Portal Snapshots.
[2] OSSRH / s01 examples (docs and community guides).

---

🌐 Web query:

OSSRH migration to Sonatype Central repository configuration

💡 Result:

Summary and steps to migrate from OSSRH to Sonatype Central Publisher

1. Understand the change

• OSSRH (oss.sonatype.org / s01.oss.sonatype.org) was sunset; publishing now uses the Central Publisher Portal and Portal APIs. Plan to move authentication from OSSRH credentials to Portal user tokens. [1][2]

2. Decide publishing route

• Options: (a) use the Portal directly (Maven plugin, bundle upload, or Portal API); (b) use the OSSRH Staging API compatibility service (to keep existing Nexus2-style plugins working); (c) use third-party/updated plugins that support the Portal. [1][2]

3. Obtain access & tokens

• Log in to the Central Publisher Portal with your existing OSSRH account to view/migrate namespaces and generate user tokens. Use Portal user tokens (username/token) instead of OSSRH username/password. Contact Central Support if namespaces are missing. [1]

4. Update build configuration — Maven (examples)

• Replace old OSSRH publish settings with the Central plugin or point to the OSSRH Staging API compatibility endpoint if you need minimal changes.

Minimal approach (use OSSRH Staging API compatibility service; replace OSSRH token with Portal token and service URL as directed in Portal docs):

• Configure server credentials in ~/.m2/settings.xml (use Portal token values).
• Use your existing maven-deploy / nexus-staging plugin but point at the compatibility service URL and token per Portal guidance. [2]

Recommended approach (Central publishing plugin):

• Switch to central-publishing-maven-plugin (or follow Portal’s Maven plugin docs) and authenticate with Portal user token. Verify deployments via the Portal UI. [2][3]

5. Update build configuration — Gradle (examples)

• If using the gradle-nexus/publish-plugin, supply Portal token credentials to the nexusPublishing sonatype repository block (username = token-username, password = token-value) or set ORG_GRADLE_PROJECT_sonatypeUsername/Password environment variables or ~/.gradle/gradle.properties. The plugin documentation notes OSSRH configs are deprecated and points to the new Central URLs. [3]

6. Snapshot and repo URLs

• Snapshot repository URLs changed to Central Portal snapshot repository (e.g. https://central.sonatype.com/repository/maven-snapshots/). Remove/replace any oss.sonatype.org snapshot repository entries. Historical snapshots may not be migrated—confirm what snapshots are available after migration. [1][5]

7. Test and verify

• Run a full publish to staging, promote (or follow Portal flow), and verify on Maven Central / Portal deployments page. Check that groupId namespaces transferred and permissions are correct. [1][2]

8. If you need minimal friction

• Use the OSSRH Staging API compatibility service to keep your existing plugin workflow while you convert to Portal-native publishing later. Generate a Portal token and update plugin endpoints and credentials per the Portal docs. [2]

Useful Sonatype references

• Central Portal OSSRH sunset & migration overview. [1]
• Portal OSSRH Staging API (compatibility) and publishing options. [2]
• gradle-nexus/publish-plugin notes about deprecation and credential configuration. [3]
• OSSRH sunset announcement / FAQ. [4]
• Snapshot repo URL example and migration notes. [5]

If you want, I can:

• produce copy-paste Maven and Gradle snippets (pom.xml / settings.xml / build.gradle and ~/.m2/settings.xml or ~/.gradle/gradle.properties) tailored to your current setup, or
• check your current build files and produce the exact changes required.

Sources
[1] Sonatype — OSSRH Sunset (Central docs).
[2] Sonatype — Publishing via the Portal OSSRH Staging API (Central docs).
[3] gradle-nexus/publish-plugin (GitHub).
[4] Sonatype — OSSRH sunset announcement / FAQ.
[5] Community migration note showing Central Portal snapshot repo URL.

---

🌐 Web query:

central.sonatype.com repositories snapshots correct URL

💡 Result:

Use the Central Portal snapshots repo URL:
https://central.sonatype.com/repository/maven-snapshots/ [1][2]

Note: older OSSRH snapshot URLs (e.g. https://oss.sonatype.org/content/repositories/snapshots/) were used historically; new publishing/consuming via the Central Portal uses the central.sonatype.com endpoint. [3]

Sources:
[1] Sonatype repository page for maven-snapshots.
[2] Central publishing docs — Publish Portal Snapshots (consuming example).
[3] Legacy OSSRH snapshot URL reference.

---

Fix snapshot repository URL in ossrh repository configuration.

The snapshot repository URL is incorrect. According to Sonatype Central documentation, the snapshot repository should be https://central.sonatype.com/repository/maven-snapshots/, not https://central.sonatype.com/repositories/snapshots. Update the <url> element in the ossrh repository configuration (line 39) to use the correct path.

🤖 Prompt for AI Agents

In `@artifacts/pom.xml` around lines 37 - 56, Update the ossrh repository
configuration: in the repository with id "ossrh" replace the incorrect <url>
value "https://central.sonatype.com/repositories/snapshots" with the correct
Sonatype snapshots URL
"https://central.sonatype.com/repository/maven-snapshots/" by editing the <url>
element inside the ossrh <repository> block in the pom.xml.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

artifacts/Dockerfile (1)

217-217: ⚠️ Potential issue | 🔴 Critical

Build is failing — SNAPSHOT artifact not found.

The pipeline reports that io.mosip.kernel:kernel-auth-adapter:jar:1.2.1-SNAPSHOT cannot be resolved from https://central.sonatype.com/repositories/snapshots. This is the actual build-breaking error. The Maven version bump alone does not fix this.

The root cause is likely in pom.xml (repository URL or artifact version configuration). Please ensure the correct snapshot repository URL is configured and the referenced artifact version is published there.

🧹 Nitpick comments (2)

artifacts/Dockerfile (2)

39-41: Pipeline warns about legacy ENV format.

The linter flags these lines for using the legacy ENV key value syntax instead of ENV key=value. While these aren't part of this change, since this is a Docker build fix PR, it would be a good time to clean them up.

Suggested fix

-ENV MAVEN_HOME /usr/local/maven
-ENV PATH $MAVEN_HOME/bin:$PATH
-ENV JAVA_HOME /usr/lib/jvm/java-11-openjdk-amd64
+ENV MAVEN_HOME=/usr/local/maven
+ENV PATH=$MAVEN_HOME/bin:$PATH
+ENV JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64

---

31-32: Upgrade Maven from 3.8.9 (EOL) to 3.9.12 (current stable).

Maven 3.8.9 and before has reached end-of-life and is no longer supported. New plugin releases require Maven 3.9.0 or later. Maven 3.9.12 is the latest stable release and is fully compatible with Java 11 (used in this Dockerfile).

Additionally, dlcdn.apache.org may eventually remove EOL versions from the CDN distribution.

Suggested upgrade to Maven 3.9.12

-wget https://dlcdn.apache.org/maven/maven-3/3.8.9/binaries/apache-maven-3.8.9-bin.tar.gz &&\
-tar -xzf apache-maven-3.8.9-bin.tar.gz && mv apache-maven-3.8.9 /usr/local/maven && rm apache-maven-3.8.9-bin.tar.gz &&\
+wget https://dlcdn.apache.org/maven/maven-3/3.9.12/binaries/apache-maven-3.9.12-bin.tar.gz &&\
+tar -xzf apache-maven-3.9.12-bin.tar.gz && mv apache-maven-3.9.12 /usr/local/maven && rm apache-maven-3.9.12-bin.tar.gz &&\

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

artifacts/pom.xml (2)

221-229: ⚠️ Potential issue | 🔴 Critical

Build breakage: undefined properties ${auth-adapter-java-21.version} and ${auth-adapter-java-21.location}.

The Java-21 properties were removed from <properties>, but this artifactItem still references them. Maven will not resolve these, causing the build to fail. This block should be removed along with the other Java-21 artifact items.

Proposed fix — remove the orphaned artifactItem

-				<artifactItem>
-					<groupId>io.mosip.kernel</groupId>
-					<artifactId>kernel-auth-adapter</artifactId>
-					<version>${auth-adapter-java-21.version}</version>
-					<outputDirectory>${auth-adapter-java-21.location}</outputDirectory>
-						<!-- Keep the destination filename consistent with the original -->
-					<destFileName>kernel-auth-adapter.jar</destFileName>
-					<type>jar</type>
-				</artifactItem>

---

289-297: ⚠️ Potential issue | 🔴 Critical

Build breakage: undefined properties ${kernel-virusscanner-clamav-java-21.version} and ${kernel-virusscanner-clamav-java-21.location}.

Same issue as the auth-adapter block above. The Java-21 properties were removed, but this artifactItem still references them. Update to use the base properties or remove this block.

Proposed fix — use the existing non-java-21 properties

 				<artifactItem>
 					<groupId>io.mosip.kernel</groupId>
 					<artifactId>kernel-virusscanner-clamav</artifactId>
-					<version>${kernel-virusscanner-clamav-java-21.version}</version>
-					 <outputDirectory>${kernel-virusscanner-clamav-java-21.location}</outputDirectory> 
+					<version>${kernel-virusscanner-clamav.version}</version>
+					 <outputDirectory>${kernel-virusscanner-clamav.location}</outputDirectory> 
 					<destFileName>${kernel-virusscanner-clamav.fileName}</destFileName>
 					<type>jar</type>
 				</artifactItem>				

Alternatively, if this was a Java-21 variant that's no longer needed, remove the entire block.

🧹 Nitpick comments (1)

artifacts/pom.xml (1)

261-269: Duplicate artifactItem for kernel-smsserviceprovider-msg91.

This block (lines 261–269) is identical to lines 242–249. Remove one to avoid downloading the same artifact twice.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

artifacts/pom.xml (3)

221-229: ⚠️ Potential issue | 🔴 Critical

Build will fail — auth-adapter-java-21 properties are undefined.

This artifactItem block references ${auth-adapter-java-21.version} and ${auth-adapter-java-21.location}, but the corresponding properties were removed in this PR. Maven will leave these as literal unexpanded strings, causing the dependency resolution and file copy to fail.

Either remove this entire block (consistent with the stated goal of dropping Java 21 variants) or re-add the properties.

Suggested fix: remove the orphaned artifactItem

-				<artifactItem>
-					<groupId>io.mosip.kernel</groupId>
-					<artifactId>kernel-auth-adapter</artifactId>
-					<version>${auth-adapter-java-21.version}</version>
-					<outputDirectory>${auth-adapter-java-21.location}</outputDirectory>
-						<!-- Keep the destination filename consistent with the original -->
-					<destFileName>kernel-auth-adapter.jar</destFileName>
-					<type>jar</type>
-				</artifactItem>

---

289-297: ⚠️ Potential issue | 🔴 Critical

Build will fail — kernel-virusscanner-clamav-java-21 properties are undefined.

Same issue as the auth-adapter block above: ${kernel-virusscanner-clamav-java-21.version} and ${kernel-virusscanner-clamav-java-21.location} are referenced here but their property definitions were removed. This block should either be removed or updated to use the non-java-21 properties.

Suggested fix: use the standard (non-java-21) properties

 				<artifactItem>
 					<groupId>io.mosip.kernel</groupId>
 					<artifactId>kernel-virusscanner-clamav</artifactId>
-					<version>${kernel-virusscanner-clamav-java-21.version}</version>
-					 <outputDirectory>${kernel-virusscanner-clamav-java-21.location}</outputDirectory> 
+					<version>${kernel-virusscanner-clamav.version}</version>
+					 <outputDirectory>${kernel-virusscanner-clamav.location}</outputDirectory> 
 					<destFileName>${kernel-virusscanner-clamav.fileName}</destFileName>
 					<type>jar</type>
 				</artifactItem>				

---

261-269: ⚠️ Potential issue | 🟡 Minor

Duplicate artifactItem for kernel-smsserviceprovider-msg91.

This block (lines 262–269) is an exact duplicate of lines 242–249. It will cause Maven to download and copy the same artifact twice. Remove one of them.

Suggested fix

-<!-- artifactItem section for smsserviceprovider -->
-				<artifactItem>
-					<groupId>io.mosip.kernel</groupId>
-					<artifactId>kernel-smsserviceprovider-msg91</artifactId>
-					<version>${kernel-smsserviceprovider.version}</version>
-					 <outputDirectory>${kernel-smsserviceprovider.location}</outputDirectory> 
-					<destFileName>${kernel-smsserviceprovider.fileName}</destFileName>
-					<type>jar</type>
-				</artifactItem>

🧹 Nitpick comments (2)

artifacts/pom.xml (2)

157-167: certify-plugin.location is defined three times (lines 158, 162, 167).

In Maven properties, the last definition wins, so the first two are dead. This is confusing and error-prone. Keep a single definition.

Suggested fix

  		<!-- certify sunbird plugin -->
-		<certify-plugin.location>/usr/share/nginx/html/artifactory/libs-release-local/certify/certify-plugin</certify-plugin.location>
 <!--		<certify-sunbird-plugin.version>0.3.0-SNAPSHOT</certify-sunbird-plugin.version>-->
 <!--		<certify-sunbird-plugin.fileName>certify-sunbird-plugin.jar</certify-sunbird-plugin.fileName>-->
 		<!-- certify mosip identity plugin -->
-		<certify-plugin.location>/usr/share/nginx/html/artifactory/libs-release-local/certify/certify-plugin</certify-plugin.location>
+		<certify-plugin.location>/usr/share/nginx/html/artifactory/libs-release-local/certify/certify-plugin</certify-plugin.location>
 		<certify-mosip-identity-plugin.version>0.3.0-SNAPSHOT</certify-mosip-identity-plugin.version>
 		<certify-mosip-identity-plugin.fileName>certify-mosip-identity-plugin.jar</certify-mosip-identity-plugin.fileName>
 
         <!-- certify mock plugin -->
-		<certify-plugin.location>/usr/share/nginx/html/artifactory/libs-release-local/certify/certify-plugin</certify-plugin.location>
 		<certify-mock-plugin.version>0.3.1-SNAPSHOT</certify-mock-plugin.version>

---

70-71: Typo in comment: "apadter" → "adapter".

-		<!-- kernel-auth-apadter -->
+		<!-- kernel-auth-adapter -->