archive snowblossom slack dev
prev 2020-10-20 next
2020-10-20 07:27:43
Rotonen
i'm trying to figure out how to do a runtime container for rosesnow as a staged build and to not have `~/.cache` be transferred over as that's fairly big what are the artefacts it actually needs?
2020-10-20 07:29:10
Rotonen
also having that maven thing fire on the container startup seems like an antipattern for all things "cloud native"
2020-10-20 07:34:40
Rotonen
also one could not fire that up in an airgapped context as the maven startup of jetty hits the network immediately
2020-10-20 07:35:51
Rotonen
oh there's a war
2020-10-20 07:40:25
Rotonen
only copying the .war to the jetty container does not work can one somehow make a non-selfcontained .war?
Näyttökuva 2020-10-20 kello 9.39.42.png
2020-10-20 07:42:38
Rotonen
```FROM ubuntu:20.04 as build ARG DEBIAN_FRONTEND=noninteractive ARG APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=true RUN apt-get update \ && apt-get install -qq --no-install-suggests --no-install-recommends \ apt-utils \ gpg \ gpg-agent \ ca-certificates \ curl RUN echo "deb [arch=amd64] http://storage.googleapis.com/bazel-apt stable jdk1.8" \ > /etc/apt/sources.list.d/snowblossom-bazel.list RUN curl -Ls https://bazel.build/bazel-release.pub.gpg | apt-key add - RUN apt-get update \ && apt-get install -qq --no-install-suggests --no-install-recommends \ git \ default-jdk-headless \ maven \ bazel \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* RUN useradd -ms /bin/bash rosesnow USER rosesnow WORKDIR /home/rosesnow RUN git clone --depth=1 --branch=v0.1 \ https://github.com/snowblossomcoin/rosesnow.git WORKDIR /home/rosesnow/rosesnow RUN bazel build :RoseSnow_deploy.jar WORKDIR /home/rosesnow/rosesnow/maven RUN mvn package FROM jetty:9-jre11-slim as runtime COPY --from=build /home/rosesnow/rosesnow/maven/target/snowrosetta-rosesnow.war \ /var/lib/jetty/webapps/ROOT.war # From repository root: # docker build -t rosesnow docker/ # docker run -it --rm -p 8080:8080 rosesnow``` i'll make a PR if you make that .war fully self contained
2020-10-20 07:43:15
Rotonen
seems like something you'd have to do in the maven declarations for `mvn package` to do the right thing
2020-10-20 07:44:35
Rotonen
cloud native 101: always use upstream container as base (in this case jetty container) opsec 101: never leave your build tooling in production servers or containers
2020-10-20 07:50:21
Rotonen
breakdowns of improvements `ARG` <- only set this environment variable during build time (can also be overridden from command line) `--no-install-suggests --no-install-recommends` <- smaller transient containers, less waiting at build time `apt-get clean` <- smaller transient containers `rm -rf /var/lib/apt/lists/*` <- smaller transient containers `git clone --depth=1` <- smaller transient containers, less waiting at build time `RUN useradd` <- don't run builds as root, you pull dynamic stuff in and root has a higher attack surface to the container host `FROM jetty:9-jre11-slim as runtime` <- use the appropriate upstream container as your runtime container `COPY --from=build` <- staged build for the most minimal possible runtime
2020-10-20 07:51:20
Rotonen
```org.glassfish.jersey.message.internal.MessageBodyProviderNotFoundException: MessageBodyWriter not found for media type=application/json, type=class io.swagger.oas.inflector.models.ApiError, genericType=class io.swagger.oas.inflector.models.ApiError.``` i guess swagger does not get included in the .war
2020-10-20 07:51:55
Rotonen
you fix, i rebase, i test, and i PR or nag more
2020-10-20 07:52:18
Rotonen
also can has contributor to org? doing the fork repo dance on github, while not tragic, is churn
2020-10-20 08:29:56
Rotonen
actually i'll refactor the dockerfile to copy the current working tree in so it can be used in pipelines, we could look at github actions for that
2020-10-20 08:30:14
Rotonen
also thus gotta jam in appropriate .gitignore and .dockerignore
2020-10-20 11:04:16
Rotonen
i guess that .war being broken is not a super big issue as your container serves a 404 as the root :slightly_smiling_face:
2020-10-20 11:04:31
Rotonen
oh well, i'll put a draft PR together while you figure out how to make a standard .war
2020-10-20 11:16:21
GitHub
• Add appropriate Docker and git ignore files • Copy current working tree in instead of git cloning in-container • This will enable CI/CD down the line off this base • Reduce transient layer count • This helps with how demanding the local caching is on the storage of developer machines • Improve use of apt-get • Quiet output • Clean all transient metadata up • Use an unprivileged user for the build • General cleanups • Move to a staged build where the runtime is the standard upstream Jetty 9 container Known issue: the maven output `.war` does not work. I'll rebase and undraft this PR once a fix for that lands on the `main` branch.
2020-10-20 14:27:14
Rotonen
i guess these kinds of things are the extra "frameworky bits" you would not like to get in your way
2020-10-20 14:27:48
Rotonen
oh well, getting the crypto stuff right is what matters
2020-10-20 14:28:03
Rotonen
and i'll pitch in container stuff in as getting that stuff right helps with adoption
2020-10-20 14:29:04
Rotonen
i guess i should also do one for the node, the explorer, the pool and for what else?
2020-10-20 15:34:09
Fireduck
Rosetta API (aka coinbase) as some particular requirements for the docker setup: https://www.rosetta-api.org/docs/node_deployment.html ## Multiple Modes
2020-10-20 15:35:08
Rotonen
well, i can also do an ubuntu based runtime in that for the .war
2020-10-20 15:35:46
Fireduck
the one that seems weird to me is they don't want to copy in files from the repo, they want it to pull them from git
2020-10-20 15:36:13
Rotonen
with any luck the jetty image is based on ubuntu, let's check
2020-10-20 15:36:40
Rotonen
well, that's also fair, as they can rebuild that at any point to pull in os updates
2020-10-20 15:37:02
Rotonen
but even a git tag is a floating pointer so someone could do a nasty switcheroo for them
2020-10-20 15:37:49
Rotonen
nope, jetty is debian based
2020-10-20 15:38:10
Rotonen
and they don't offer an ubuntu based image, so i'll roll my own
2020-10-20 15:38:17
Rotonen
but you still need to fix the .war
2020-10-20 15:38:56
Rotonen
installing jetty in ubuntu and putting the .war to the correct place as ROOT.war and starting jetty in the container entrypoint is easy
2020-10-20 15:39:23
Fireduck
I agree I should fix the war, but I'd have to understand what is wrong with it. Ideally I'd remove maven completely from the picture.
2020-10-20 15:39:34
Rotonen
you can use my dockerfile for debugging
2020-10-20 15:40:06
Rotonen
https://github.com/Rotonen/rosesnow/blob/2020-10-20-improve-dockerfile/Dockerfile ``` FROM ubuntu:20.04 as build ARG DEBIAN_FRONTEND=noninteractive ARG APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=true RUN apt-get update -qq \ && apt-get install -qq --no-install-recommends --no-install-suggests \ apt-utils \ gpg \ gpg-agent \ ca-certificates \ curl RUN echo "deb [arch=amd64] http://storage.googleapis.com/bazel-apt stable jdk1.8" \ > /etc/apt/sources.list.d/snowblossom-bazel.list RUN curl -Ls https://bazel.build/bazel-release.pub.gpg | apt-key add - RUN apt-get update -qq \ && apt-get install -qq --no-install-recommends --no-install-suggests \ git \ default-jdk-headless \ bazel \ maven \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* RUN useradd -ms /bin/bash snowblossom COPY . /home/snowblossom/rosesnow RUN chown -R snowblossom:snowblossom /home/snowblossom USER snowblossom WORKDIR /home/snowblossom/rosesnow RUN bazel build :RoseSnow_deploy.jar WORKDIR /home/snowblossom/rosesnow/maven RUN mvn package FROM jetty:9-jre11-slim as runtime COPY --from=build /home/snowblossom/rosesnow/maven/target/snowrosetta-rosesnow.war \ /var/lib/jetty/webapps/ROOT.war # From repository root: # docker build -t rosesnow . # docker run -it --rm -p 8080:8080/tcp rosesnow ```
2020-10-20 15:40:30
Rotonen
and also grab the .gitignore and .dockerignore so you don't put the wrong things into the container per accident
2020-10-20 15:40:44
Rotonen
or just build the war and jam that into a standard jetty container with a volume
2020-10-20 15:40:49
Rotonen
also works
2020-10-20 15:48:14
Rotonen
so, i'll do a second Dockerfile just for rosetta
2020-10-20 15:49:31
Rotonen
one for local dev at repo root, one for shipping to rosetta
2020-10-20 15:57:58
Rotonen
and i'll add the branch it should clone as an argument - git clone --branch limits it to just published objects (branch names, tags), but that should work
2020-10-20 15:59:37
Rotonen
and the second requirement they have is the build staging i already went for anyway
2020-10-20 16:00:23
Rotonen
testing locally and amending PR still pending a working .war
2020-10-20 16:18:58
Rotonen
so, this works ```FROM ubuntu:20.04 as build ARG DEBIAN_FRONTEND=noninteractive ARG APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=true RUN apt-get update -qq \ && apt-get install -qq --no-install-recommends --no-install-suggests \ apt-utils \ gpg \ gpg-agent \ ca-certificates \ curl RUN echo "deb [arch=amd64] http://storage.googleapis.com/bazel-apt stable jdk1.8" \ > /etc/apt/sources.list.d/snowblossom-bazel.list RUN curl -Ls https://bazel.build/bazel-release.pub.gpg | apt-key add - RUN apt-get update -qq \ && apt-get install -qq --no-install-recommends --no-install-suggests \ git \ default-jdk-headless \ bazel \ maven \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* RUN useradd -ms /bin/bash snowblossom RUN chown -R snowblossom:snowblossom /home/snowblossom USER snowblossom WORKDIR /home/snowblossom ARG BRANCH=v0.1 RUN git clone --depth=1 --branch=${BRANCH} \ https://github.com/snowblossomcoin/rosesnow.git \ && rm -rf rosesnow/.git/ WORKDIR /home/snowblossom/rosesnow RUN bazel build :RoseSnow_deploy.jar WORKDIR /home/snowblossom/rosesnow/maven RUN mvn package FROM ubuntu:20.04 as runtime ARG DEBIAN_FRONTEND=noninteractive RUN apt-get update -qq \ && apt-get install -qq --no-install-recommends --no-install-suggests \ jetty9 RUN rm -rf /var/lib/jetty9/webapps/root/ COPY --from=build /home/snowblossom/rosesnow/maven/target/snowrosetta-rosesnow.war \ /var/lib/jetty9/webapps/ROOT.war RUN chown -R jetty:adm /var/lib/jetty9/ USER jetty ENV JETTY_HOME=/usr/share/jetty9/ ENV JETTY_STATE=/var/lib/jetty9/jetty.state ENV JAVA_OPTS=-Djava.awt.headless=true CMD /usr/share/jetty9/bin/jetty.sh run # For local dev vs. main (or any other branch or tag): # docker build --build-arg BRANCH=main -t rosesnow-rosetta . # docker run -it --rm -p 8080:8080/tcp rosesnow-rosetta```
2020-10-20 16:19:37
Rotonen
in the early boot log there's some nonsense about how the jetty in debian is deeply systemd integrated and how it cannot find the state file from the process manager, but that's safe to ignore
2020-10-20 16:20:28
Rotonen
so, if you have a branch where you try to fix the .war, you can use that to check your working
2020-10-20 16:21:05
Rotonen
and i think the branch heads are also published objects on the public github so you could be able to just pass in a hash as a build arg
2020-10-20 16:22:09
Rotonen
github optimises some lesser used facets of their git remotes for obvious reasons of scale and performance, and they're not fully open about the things they've not taken a stance on yet - so this stuff sometimes flutters back and forth without any announcements from them (which is fair, they never promised it'd work and no normal tooling does that)
2020-10-20 16:22:57
Rotonen
as far as i can tell that now fulfills all of the rosetta specs 1) build from git 2) separate build time and run time 3) all based on ubuntu
2020-10-20 16:23:24
Rotonen
if i missed any, give me a poke
2020-10-20 16:40:19
Rotonen
oh, missed a couple of the environment variables from the systemd file
2020-10-20 16:44:41
Rotonen
@Fireduck edited the dockerfile above, there you go, for your local experimentation
2020-10-20 16:46:17
Fireduck
Thanks I'll take a look. But honestly, it might be a few days before I am up to fighting jetty and war files more
2020-10-20 16:47:25
Fireduck
I find it really frustrating. The introspection of the framework I am using is weird.
2020-10-20 16:47:51
Fireduck
And I have plenty of work to do implementing the actual api calls
2020-10-20 16:48:02
Rotonen
that's fair, but what i can offer is helping you out with any container stuff - i'm not in a particular hurry
2020-10-20 16:48:17
Rotonen
you need to find a second java dude
2020-10-20 16:48:31
Rotonen
i can do plenty of systems and packaging and CI/CD stuff for snowblossom
2020-10-20 16:48:33
Fireduck
Ideally I'll figure out how to make the war file correctly and just do it from bazel
2020-10-20 16:48:52
Rotonen
that works as well, changing those dockerfiles to match that flow is a non-issue
2020-10-20 16:49:03
Rotonen
whenever you think you got it, ping me and i'll reshape and rebase
2020-10-20 16:49:13
Fireduck
Awesome, thanks
2020-10-20 16:49:37
Rotonen
should i also try to do one for the node?
2020-10-20 16:49:59
Rotonen
lowering the barrier of entry for nodes could be healthy
2020-10-20 16:50:31
Fireduck
We have one for the node that could use some fixing
2020-10-20 16:51:00
Rotonen
and the more i look at that rosetta build spec, the more i think they just don't trust people on average to have a sane .dockerignore in their repositories to filter out any potential build outputs, so they want a hard guarantee of reproducible builds which is fair, given what they do
2020-10-20 16:51:13
Rotonen
leading up to the question: do i do the same for the node?
2020-10-20 16:51:14
Fireduck
Plus should I make a dockerhub account and publish things there?
2020-10-20 16:51:37
Rotonen
yes, but then you should give me some org access to snowblossom on github, so i can automate that with github actions
2020-10-20 16:51:52
Fireduck
Yeah, will do
2020-10-20 16:52:00
Rotonen
github orgs also have a secrets management scheme these days so you can put the dockerhub upload key there for the pipeline to use
2020-10-20 16:52:57
Rotonen
and i'd also add branch protection rules on the main / master branches of all the repositories so no one can ever force push to master
2020-10-20 16:53:33
Rotonen
and one can add more branch protection rules if you get more developers, like mandating all changes to master come through PRs (and that the tests pass on said PRs)
2020-10-20 16:53:43
Rotonen
for now i'd just go for "tests run on all commits"
2020-10-20 16:54:07
Rotonen
then after that "creating a tag builds a container and pushes to dockerhub"
2020-10-20 16:54:48
Rotonen
never did anything with github actions so far, so i'm very curious about all that
2020-10-20 16:55:03
Rotonen
especially their design paradigm on container promotion pipelines is something i'd like to give a spin
2020-10-20 16:55:42
Fireduck
At my work they were in some way unhappy with it and switched to gitlab for the automation
2020-10-20 16:56:16
Fireduck
Code and pr work still in github, just automatic mirrored to gitlab for ci
2020-10-20 16:57:35
Rotonen
i try to be able to use ~anything, so i'm currently on a mix of jenkins x, jenkins, spinnaker, teamcity, bamboo, screwdriver, circle, travis (and probably forgot two thirds of what i've used in the past decade - i started with tinderbox)
2020-10-20 16:57:57
Rotonen
task durability engines are not magic, they all do about the same thing
2020-10-20 16:58:17
Rotonen
serialization, marshalling, execution, passing things around, distributed map reduce, storage of artefacts
2020-10-20 16:58:32
Fireduck
Yep
2020-10-20 16:59:11
Rotonen
and very good fun everything always boils down to "returns zero, or not"
2020-10-20 17:26:45
Rotonen
this looks good for jamming into a github action https://github.com/bazelbuild/bazelisk A user-friendly launcher for Bazel.
2020-10-20 17:29:28
Rotonen
not sure if that or docker is the neater way to go here, oh well, i'll worry about that later and i'll do the docker image for the node first
2020-10-20 17:36:29
Fireduck
that might be handy, especially if bazel continues to make breaking changes
2020-10-20 17:36:44
Fireduck
for example, right now if you wanted to go back and build old versions of snowblossom, it wouldn't work
2020-10-20 17:36:57
Fireduck
because bazel has changed things. But if we could specify which version, then sure.
2020-10-20 17:39:25
Rotonen
i think i'll give that a spin already for the node dockerfile
2020-10-20 17:44:32
Rotonen
@Clueless does the `COPY --chown=docker:docker` already work reliably on all platforms?
2020-10-20 17:45:01
Rotonen
i guess that's not really an issue across containers like that
2020-10-20 17:45:46
Rotonen
oh that wasn't from you, but from some community member
2020-10-20 17:46:44
Rotonen
or was that the other dev who was on board early on?
2020-10-20 17:46:56
Rotonen
that file is pretty well done
2020-10-20 17:47:36
Rotonen
i'm not exactly sure of the multi use paradigm in there do we know if we have any downstream users? if i break that up into multiple files, that'd break their flow
2020-10-20 17:50:15
Clueless
@Rotonen I made some distance with a new dockerfile but got hung up on something. I have it somewhere if you want reference.
2020-10-20 17:50:58
Rotonen
push it onto a branch and i'll cherry-pick
2020-10-20 17:52:22
Rotonen
in general i always like having more perspectives and approaches around
2020-10-20 17:55:22
Fireduck
@Clueless did you make a snowblossom dockerhub repo? If so, can I have access to it?
2020-10-20 17:56:46
Rotonen
and put the upload token into the secrets storage on the repo https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets
2020-10-20 17:57:13
Rotonen
@Fireduck how do you run the tests?
2020-10-20 17:58:15
Fireduck
bazel test ...
2020-10-20 18:00:17
Rotonen
does it make a difference if one uses the deploy target? `bazel test :SnowBlossomNode_deploy.jar` would that actually compile the node as well in an usable way?
2020-10-20 18:00:47
Fireduck
I have no idea what that command would do
2020-10-20 18:01:03
Fireduck
I actually run this: bazel build :all :IceLeaf_deploy.jar :IceLeafTestnet_deploy.jar && bazel test ...
2020-10-20 18:01:18
Fireduck
And I have some other automation that picks up those deploy files and moves them to my desktop for testing
2020-10-20 18:02:21
Rotonen
that command seems to have built the node deployment and nothing else
2020-10-20 18:03:01
Rotonen
and a naked `bazel test` does nothing - i'm missing something very obvious here as i have no idea of the tooling or codebase
2020-10-20 18:03:18
Fireduck
so normal build will make the bazel scripts, like bazel-bin/SnowBlossomClient and such
2020-10-20 18:03:35
Fireduck
if you want the stand alone deploy.jar files you have to ask for them explicitly
2020-10-20 18:03:47
Fireduck
bazel test :all used to use
2020-10-20 18:03:50
Rotonen
and that seems to override whatever test does, which is weird, but ok
2020-10-20 18:04:03
Fireduck
but then something changed so "bazel test ..." works
2020-10-20 18:04:11
Fireduck
with literally three dots
2020-10-20 18:04:15
Rotonen
i'm thinking of splitting the tests up per output
2020-10-20 18:04:29
Rotonen
literally three dots was not what i expected that to mean :smile:
2020-10-20 18:04:49
Fireduck
ha, yeah
2020-10-20 18:05:00
Rotonen
`bazel test ...` runs something even without building anything
2020-10-20 18:05:10
Rotonen
is 108 tests expected?
2020-10-20 18:05:20
Clueless
@Fireduck @Rotonen I have a framework for building individual pieces and entry points for each one. I'm even able to integrate with x window system in linux and provide a GUI. Am creating that branch right now.
2020-10-20 18:06:24
Fireduck
I don't think 108 tests exist, but I'm not sure. There should be 5 or 6 sub tasks, which are tests in separate components
2020-10-20 18:06:30
Fireduck
which probably around a dozen in each one
2020-10-20 18:06:33
Fireduck
so it isn't way off base
2020-10-20 18:06:41
Rotonen
i guess it builds 108 files to run the 6
2020-10-20 18:07:31
Clueless
yup, that's current with what I had in my build directory on my docker server.
2020-10-20 18:07:58
Rotonen
bah, i wanted to tree shake the stability of the tests and run them n+1 times in a row and see if they can be flaky bazel is clever and has cached the results for me and skips the build and the tests, "..."
2020-10-20 18:08:41
Rotonen
that one is about as properly done as one can do a dockerfile
2020-10-20 18:09:22
Rotonen
a bit of inline cleanups here and there would help, but practically does not matter for something like this
2020-10-20 18:09:24
Clueless
@Fireduck I sent an ownership invite to your email address for dockerhub's snowblossom org
2020-10-20 18:10:10
Rotonen
and `DEBIAN_FRONTEND=noninteractive` to get rid of the `-y`
2020-10-20 18:10:16
Clueless
last I was doing was screwing with dockerhub automatic building from github repos.
2020-10-20 18:10:45
Rotonen
there's now a github action for that
2020-10-20 18:10:52
Fireduck
@Clueless thanks
2020-10-20 18:12:06
Rotonen
both work, though
2020-10-20 18:15:08
Rotonen
i guess one could start tagging the dockerfile repository and building the images off tags via actions and uploading those to dockerhub seems all the groundwork is actually done there
2020-10-20 18:15:25
Rotonen
just use the tag name as the environment variable for the version and you're good to go
2020-10-20 18:16:06
Rotonen
actually one could even go a step further and trigger an action on the snowblossom repository when that gets a tag to tag the current master of the docker repo to fully automate that
2020-10-20 18:16:29
Rotonen
starting with manual double tagging and seeing how it goes is probably prudent
2020-10-20 18:17:12
Fireduck
@Rotonen want to be in charge of the dockerhub org and the dockerfiles?
2020-10-20 18:17:19
Rotonen
and i guess the container could run the tests at build time so it halts the deployment if someone tagged bad code
2020-10-20 18:17:31
Fireduck
also, is there a good way to run two things in a docker image? Like if we want a node and the explorer as one docker unit.
2020-10-20 18:17:44
Rotonen
not in particular, but i'm not against that either, and @Clueless seems to be on top of things too
2020-10-20 18:18:12
Rotonen
@Fireduck you can jam any process manager in, but why? just use a proper orchestration model
2020-10-20 18:21:07
Fireduck
orchestration model meaning something like terraform?
2020-10-20 18:21:54
Rotonen
more like rancher 1.6 or amazon fargate
2020-10-20 18:22:15
Rotonen
or any kubernetes cluster for that matter :slightly_smiling_face:
2020-10-20 18:22:26
Rotonen
so rancher 2, GKE, AKE, EKS, etc.
2020-10-20 18:22:46
Rotonen
but locally on your computer, docker-compose should do the trick
2020-10-20 18:23:16
Rotonen
and you can make just one image and change the entry points in the compose file but rather do lean images, one per purpose
2020-10-20 18:24:17
Clueless
@Rotonen My implementation allows you to build specific parts, or all in one and use an entrypoint, I think.
2020-10-20 18:24:33
Clueless
haven't touched it in 8 months though. I should.
2020-10-20 18:24:44
Rotonen
yep, it looked to cover all cases
2020-10-20 18:25:23
Rotonen
that should serve as-is for dockerhub uploads via github actions
2020-10-20 18:25:54
Rotonen
i think the only broken thing is the now-too-old version pinning of bazel
2020-10-20 18:26:05
Rotonen
but as that's configurable through the environment, that's fine too
2020-10-20 18:26:17
Clueless
win!
2020-10-20 18:29:49
Rotonen
so i'll clean up my rosetta dockerfile sometime this week and we can also look at the github actions -> dockerhub stuff
2020-10-20 18:30:08
Rotonen
i'll collapse the rosetta back into one and just only provide that one in-repo as it originally was
2020-10-20 18:31:26
Fireduck
awesome
2020-10-20 21:18:24
Rotonen
i still had time to finish this tonight after all https://github.com/snowblossomcoin/rosesnow/pull/1 test locally and feedback is welcome on the PR • Reduce transient layer count • This helps with how demanding the local caching is on the storage of developer machines • Improve use of apt-get • Quiet output • Clean all transient metadata up • Use an unprivileged user for the build • General cleanups • Move to a staged build and use Jetty 9 from the Ubuntu repositories Known issue: the maven output `.war` does not work. I'll rebase and undraft this PR once a fix for that lands on the `main` branch.