Pin libjpeg-turbo version, update upgrade script (#674)

* Pin libjpeg-turbo version, update upgrade script

* fix params

* update test scenarios

* fix output format

.env

@@ -5,7 +5,7 @@ COMPOSE_PROJECT_NAME=kartozageoserver
 IMAGE_VERSION=9.0.91-jdk11-temurin-focal
 GS_VERSION=2.25.2
 JAVA_HOME=/opt/java/openjdk
-WAR_URL=http://downloads.sourceforge.net/project/geoserver/GeoServer/2.25.0/geoserver-2.25.0-war.zip
+WAR_URL=http://downloads.sourceforge.net/project/geoserver/GeoServer/2.25.2/geoserver-2.25.2-war.zip
 STABLE_PLUGIN_BASE_URL=https://sourceforge.net/projects/geoserver/files/GeoServer
 GEOSERVER_UID=1000
 GEOSERVER_GID=10001

.github/workflows/build-latest.yaml

@@ -169,6 +169,7 @@ jobs:
  - disk-quota
  - clustering
  - jdbconfig
+ - libjpeg
  steps:
  - uses: actions/checkout@v4
  - name: Download artifact

.github/workflows/deploy-image.yaml

@@ -27,8 +27,6 @@ jobs:
  geoserverMinorVersion:
  - minor: 25
  patch: 2
- #- minor: 23
- #patch: 2
  stablePluginBaseURL:
  # empty because it often changes, so it's better
  # to use the default one described in the Dockerfile

README.md

@@ -45,7 +45,7 @@
 * The image has environment variables that allow users to configure GeoServer based on [running-in-production](https://docs.geoserver.org/latest/en/user/production/index.html)
 * The image uses [kartoza/postgis](https://github.com/kartoza/docker-postgis/) as a
  database backend. You can use any other PostgreSQL image
-out there but make sure you adjust the environment variables accordingly.
+but adjust the environment variables accordingly.
 
 
 ## Getting the image
@@ -60,15 +60,15 @@ There are various ways to get the image onto your system:
 The preferred way (but using the most bandwidth for the initial image) is to
 get our docker-trusted build like this:
 
-```shell
+``` shell
 VERSION=2.25.2
 docker pull kartoza/geoserver:$VERSION
 ```
 **Note** Although the images are tagged and backed by unit tests
 it is recommended to use tagged versions with dates i.e. 
 `kartoza/geoserver:$VERSION--v2024.03.31`.The first date available
 from [dockerhub](https://hub.docker.com/repository/docker/kartoza/geoserver/tags?page=1&ordering=last_updated)
-would be the first version for that series. Successive builds that fix [issues](https://github.com/kartoza/docker-geoserver/issues) 
+It would be the first version for that series. Successive builds that fix [issues](https://github.com/kartoza/docker-geoserver/issues) 
 tend to override the tagged images and also produce dated images.
 
 ### Building the image
@@ -80,13 +80,13 @@ To build yourself with a local checkout using the docker-compose-build.yml:
 
 1. Clone the GitHub repository:
 
- ```shell
+ ``` shell
  git clone https://github.com/kartoza/docker-geoserver
  ```
 2. Edit the [build arguments](https://github.com/kartoza/docker-geoserver/blob/master/.env) in the `.env` file:
 
 3. Build the container and spin up the services
- ```shell
+ ``` shell
  cd docker-geoserver
  docker-compose -f docker-compose-build.yml up -d geoserver-prod --build
  ```
@@ -116,7 +116,7 @@ to see which Tomcat versions are supported.
 The current build uses the base image `tomcat:9.0.91-jdk11-temurin-focal` because of the dependency on
 `libgdal-java`. The tomcat base images > focal will not
 have the java bindings for the [GDAL plugin](https://osgeo-org.atlassian.net/browse/GEOT-7412?focusedCommentId=84733)
-hence the container will not support the gdal plugin working is you build using base image > focal.
+hence the container will not support the gdal plugin working if you build using base image > focal.
 
 ### Building on Windows
 
@@ -227,8 +227,7 @@ following the guidelines from [GeoServer develop guidelines](https://docs.geoser
 
 ### Using sample data
 
-Geoserver ships with sample data which can be used by users to familiarize them with software.
-This is not activated by default. You can activate it using the environment variable `boolean SAMPLE_DATA`.
+The image ships with sample data. This can be used to familiarize yourself with GeoServer. This is not activated by default. You can activate it using the environment variable `boolean SAMPLE_DATA`.
 
 ```
 ie VERSION=2.25.2
@@ -238,8 +237,7 @@ docker run -d -p 8600:8080 --name geoserver -e SAMPLE_DATA=true kartoza/geoserve
 ### Enable disk quota storage in PostgreSQL backend
 
 GeoServer defaults to using HSQL datastore for configuring disk quota. You can alternatively use 
-a PostgreSQL backend as a disk quota store. You will need to run a PostgreSQL DB and link it to a GeoServer instance.
-
+a PostgreSQL backend as a disk quota store. When using a PostgreSQL backend, you need to have a running instance of the database which can be connected to. 
 
 If you want to test it locally with docker-compose postgres db you need to specify these env variables:
 ```bash
@@ -276,8 +274,7 @@ SSL_CA_FILE=/etc/certs/root.crt
 ```
 
 ### Activating JNDI PostgreSQL connector
-When defining vector stores you can use the JNDI pooling. To set
-this up you will need to activate the following environment 
+When defining vector stores you can use the JNDI pooling. To activate this, adjust the following environment 
 variable `POSTGRES_JNDI=TRUE`. By default, the environment the 
 variable is set to `FALSE`. Additionally, you will need to 
 define parameters to connect to an existing PostgreSQL database
@@ -295,8 +292,7 @@ When defining the parameters for the store in GeoServer you will need to set
 
 ### Running under SSL
 You can use the environment variables to specify whether you want to run the GeoServer under SSL.
-Credits to [letsencrpt](https://github.com/AtomGraph/letsencrypt-tomcat) for providing the solution to
-run under SSL.
+Credits to [letsencrpt](https://github.com/AtomGraph/letsencrypt-tomcat) for the solution to run under SSL.
 
 
 If you set the environment variable `SSL=true` but do not provide the pem files (`fullchain.pem` and `privkey.pem`)
@@ -349,7 +345,7 @@ HTTP_SCHEME=https
 This will prevent the login form from sending insecure http post requests as experienced
 in [login issue](https://github.com/kartoza/docker-geoserver/issues/293)
 
-For SSL-based connections the env variables are:
+For SSL-based connections, the env variables are:
 
 ```
 HTTPS_PROXY_NAME
@@ -421,8 +417,8 @@ Always consult the `.env` file to check possible values.
 * GEOSERVER_ADMIN_USER=`username`
 * GEOSERVER_FILEBROWSER_HIDEFS=`false or true`
 * XFRAME_OPTIONS=`"true"` - Based on [Xframe-options](https://docs.geoserver.org/latest/en/user/production/config.html#x-frame-options-policy)
-* INITIAL_MEMORY=`size` : Initial Memory that Java can allocate, default `2G`
-* MAXIMUM_MEMORY=`size` : Maximum Memory that Java can allocate, default `4G`
+* INITIAL_MEMORY=`size`: Initial Memory that Java can allocate, default `2G`
+* MAXIMUM_MEMORY=`size`: Maximum Memory that Java can allocate, default `4G`
 
 
 ### Control flow properties
@@ -540,7 +536,7 @@ Example
 **Note:** The files `users.xml` and `roles.xml` should be mounted together to prevent errors
 during container start. Mounting these two files will overwrite `GEOSERVER_ADMIN_PASSWORD` and `GEOSERVER_ADMIN_USER`
 
-### Running SQL scripts on container startup.
+### Running scripts on container startup.
 
 You can run some bash script to correct some missing dependencies i.e. in 
 community extension like [cluster issue](https://github.com/kartoza/docker-geoserver/issues/514)
@@ -558,7 +554,7 @@ can mount `web.xml` to `/settings/` directory.
 
 ### JMS Clustering
 
-GeoServer supports clustering using JMS cluster plugin .
+GeoServer supports clustering using the JMS cluster plugin.
 
 You can read more about how to set up clustering in [kartoza clustering](https://github.com/kartoza/docker-geoserver/blob/master/clustering/README.md)
 
@@ -578,7 +574,7 @@ If you are interested in the backups, add a section in the `docker-compose.yml`
 following instructions from [docker-pg-backup](https://github.com/kartoza/docker-pg-backup/blob/master/docker-compose.yml#L23).
 
 Start the services using:
-```shell
+``` shell
 docker-compose up -d
 ```
 
@@ -597,7 +593,7 @@ You can also put Nginx in front of GeoServer to receive the http request and tra
 
 A sample `docker-compose-nginx.yml` is provided for running GeoServer and Nginx
 
-```shell
+``` shell
 docker-compose -f docker-compose-nginx.yml up -d
 ```
 Once the services are running GeoServer will be available from
@@ -611,7 +607,7 @@ You can run the image in Kubernetes following the [recipe](https://github.com/ka
 
 
 ## Contributing to the image
-We welcome users who want to contribute enriching this service. We follow
+We welcome users who want to contribute to enriching this service. We follow
 the git principles and all pull requests should be against the develop branch so that
 we can test them and when we are happy we push them to the master branch.
 

scenario_tests/clustering/tests/test_clustering_master.py

@@ -22,13 +22,8 @@ def test_publish_store(self):
  geo = Geoserver(self.gs_url, username='%s' % self.geo_username, password='%s' % self.geo_password)
  auth = HTTPBasicAuth('%s' % self.geo_username, '%s' % self.geo_password)
  # create workspace
- try:
- rest_url = '%s/rest/workspaces/%s.json' % (self.gs_url, self.geo_workspace_name)
- response = get(rest_url, auth=auth)
- response.raise_for_status()
- except exceptions.HTTPError:
- geo.create_workspace(workspace='%s' % self.geo_workspace_name)
- geo.set_default_workspace('%s' % self.geo_workspace_name)
+ geo.create_workspace(workspace='%s' % self.geo_workspace_name)
+ geo.set_default_workspace('%s' % self.geo_workspace_name)
 
  # Create the XML payload for the JNDI store configuration
  xml = """
@@ -76,19 +71,13 @@ def test_publish_store(self):
  self.assertEqual(response.status_code, 200)
 
  # Publish layer into GeoServer
- try:
- rest_url = '%s/rest/workspaces/%s/datastores/%s/featuretypes/states.json' % (
- self.gs_url, self.geo_workspace_name, self.store_name)
- publish_response = get(rest_url, auth=auth)
- publish_response.raise_for_status()
- except exceptions.HTTPError:
- geo.publish_featurestore(workspace='%s'
- % self.geo_workspace_name, store_name='%s' % self.store_name,
- pg_table='states')
- copy("/usr/local/tomcat/data/styles/default_point.sld", "/usr/local/tomcat/data/styles/states.sld")
- layer_sld_file = "/usr/local/tomcat/data/styles/states.sld"
- geo.upload_style(path=str(layer_sld_file), workspace=self.geo_workspace_name)
- geo.publish_style(layer_name='states', style_name='states', workspace=self.geo_workspace_name)
+ geo.publish_featurestore(workspace='%s'
+ % self.geo_workspace_name, store_name='%s' % self.store_name,
+ pg_table='states')
+ copy("/usr/local/tomcat/data/styles/default_point.sld", "/usr/local/tomcat/data/styles/states.sld")
+ layer_sld_file = "/usr/local/tomcat/data/styles/states.sld"
+ geo.upload_style(path=str(layer_sld_file), workspace=self.geo_workspace_name)
+ geo.publish_style(layer_name='states', style_name='states', workspace=self.geo_workspace_name)
  self.assertEqual(response.status_code, 200)
 
  # Check that the layer exists

scenario_tests/gwc/docker-compose-gwc.yml

@@ -16,10 +16,6 @@ services:
  GEOSERVER_ADMIN_USER: admin
  INITIAL_MEMORY: 2G
  MAXIMUM_MEMORY: 4G
- HOST: db
- POSTGRES_DB: gis
- POSTGRES_USER: docker
- POSTGRES_PASS: docker
  RECREATE_DATADIR: TRUE
  SAMPLE_DATA: true
  TEST_CLASS: test_gwc.TestGeoServerGWC

scenario_tests/gwc/tests/test_gwc.py

@@ -1,7 +1,7 @@
 import time
 import unittest
-from os import environ
-
+from os import environ, remove
+from PIL import Image
 from requests import get, post
 from requests.auth import HTTPBasicAuth
 
@@ -39,8 +39,21 @@ def test_seed_vector_layer(self):
  &MAP_RESOLUTION=96&FORMAT_OPTIONS=dpi:96&TRANSPARENT=TRUE' % layer_name
  response = get(wms_request)
 
+ # Save the response as a JPEG file
+ with open('output.png', 'wb') as f:
+ f.write(response.content)
+
+ try:
+ img = Image.open('output.png')
+ img.verify()
+ valid_image = True
+ except (IOError, Image.DecompressionBombError):
+ valid_image = False
+ remove('output.png')
+
  # Verify that the seeding was successful
  self.assertEqual(response.status_code, 200)
+ self.assertTrue(valid_image)
 
 
 if __name__ == '__main__':

scenario_tests/jdbconfig/tests/test_jdbconfig.py

@@ -1,7 +1,9 @@
 import unittest
-from os import environ
+from os import environ, remove
 from psycopg2 import connect, OperationalError
 from requests import get
+from PIL import Image
+
 
 class TestGeoServerJDBCONFIG(unittest.TestCase):
 
@@ -31,9 +33,20 @@ def test_seed_vector_layer(self):
  &LAYERS=topp:states&STYLES=&FORMAT=image/png&DPI=96 &TILED=true \
  &MAP_RESOLUTION=96&FORMAT_OPTIONS=dpi:96&TRANSPARENT=TRUE'
  response = get(wms_request)
+ with open('output.png', 'wb') as f:
+ f.write(response.content)
+
+ try:
+ img = Image.open('output.png')
+ img.verify()
+ valid_image = True
+ except (IOError, Image.DecompressionBombError):
+ valid_image = False
+ remove('output.png')
 
  # Verify that the seeding was successful
  self.assertEqual(response.status_code, 200)
+ self.assertTrue(valid_image)
 
  def tearDown(self):
  self.db_conn.close()

scenario_tests/libjpeg/docker-compose.yml

@@ -0,0 +1,29 @@
+version: '3.9'
+
+volumes:
+ geoserver-data-dir:
+
+services:
+
+ geoserver:
+ image: 'kartoza/geoserver:${TAG:-manual-build}'
+ restart: 'always'
+ volumes:
+ - geoserver-data-dir:/opt/geoserver/data_dir
+ - ./tests:/tests
+ environment:
+ GEOSERVER_ADMIN_PASSWORD: myawesomegeoserver
+ GEOSERVER_ADMIN_USER: admin
+ INITIAL_MEMORY: 2G
+ MAXIMUM_MEMORY: 4G
+ SAMPLE_DATA: true
+ TEST_CLASS: test_libjpeg.TestGeoServerTURBO
+ ports:
+ - "8080:8080"
+ healthcheck:
+ test: ["CMD-SHELL", "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null -u $${GEOSERVER_ADMIN_USER}:$${GEOSERVER_ADMIN_PASSWORD} http://localhost:8080/geoserver/rest/about/version.xml"]
+ interval: 1m30s
+ timeout: 10s
+ retries: 3
+
+

scenario_tests/libjpeg/test.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+
+# exit immediately if test fails
+set -e
+
+source ../test-env.sh
+
+# Run service
+if [[ $(dpkg -l | grep "docker-compose") > /dev/null ]];then
+ VERSION='docker-compose'
+ else
+ VERSION='docker compose'
+fi
+
+${VERSION} -f docker-compose.yml up -d
+
+if [[ -n "${PRINT_TEST_LOGS}" ]]; then
+ ${VERSION} -f docker-compose.yml logs -f &
+fi
+
+
+
+
+services=("geoserver")
+
+for service in "${services[@]}"; do
+
+ # Execute tests
+ test_url_availability http://localhost:8080/geoserver/rest/about/version.xml
+ ${VERSION} -f docker-compose.yml ps
+ echo "Execute test for $service"
+ ${VERSION} -f docker-compose.yml exec $service /bin/bash /tests/test.sh
+
+done
+
+${VERSION} -f docker-compose.yml down -v

scenario_tests/libjpeg/tests/test.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+set -e
+
+source /scripts/env-data.sh
+
+# execute tests
+pushd /tests
+
+cat << EOF
+Settings used:
+
+GEOSERVER_ADMIN_PASSWORD: ${GEOSERVER_ADMIN_PASSWORD}
+GEOSERVER_ADMIN_USER: ${GEOSERVER_ADMIN_USER}
+EOF
+
+python3 -m unittest -v ${TEST_CLASS}