From 55444433c5661a2bf90467e9e9772c925024697a Mon Sep 17 00:00:00 2001
From: Seth Michael Larson <seth.larson@elastic.co>
Date: Wed, 5 Oct 2022 12:07:48 -0500
Subject: [PATCH 1/2] Add support for WORKFLOW and user/group IDs to assemble
 job

---
 .ci/Dockerfile     | 26 ++++++++++++++++++++------
 .ci/make.sh        | 20 +++++++++++++++-----
 config/version.txt |  2 +-
 3 files changed, 36 insertions(+), 12 deletions(-)

diff --git a/.ci/Dockerfile b/.ci/Dockerfile
index 1fcb0eeff..fb004f40d 100644
--- a/.ci/Dockerfile
+++ b/.ci/Dockerfile
@@ -22,20 +22,34 @@
 
 FROM openjdk:15
 
+# Default UID/GID to 1000
+# it can be overridden at build time
+ARG BUILDER_UID=1000
+ARG BUILDER_GID=1000
+ENV BUILDER_USER elastic
+ENV BUILDER_GROUP elastic
+
+# Create user
+RUN groupadd --system -g ${BUILDER_GID} ${BUILDER_GROUP} \
+    && useradd --system --shell /bin/bash -u ${BUILDER_UID} -g ${BUILDER_GROUP} -d /var/lib/elastic -m elastic 1>/dev/null 2>/dev/null \
+    && mkdir -p /elasticsearch-java && mkdir /elasticsearch-java/build \
+    && chown -R ${BUILDER_USER}:${BUILDER_GROUP} /elasticsearch-java
+
 WORKDIR /elasticsearch-java/
+USER ${BUILDER_USER}:${BUILDER_GROUP}
 
 # Download and initialize Gradle
-COPY gradlew ./
-COPY gradle ./gradle
+COPY --chown=$BUILDER_USER:$BUILDER_GROUP gradlew ./
+COPY --chown=$BUILDER_USER:$BUILDER_GROUP gradle ./gradle
 RUN ./gradlew
 
 COPY LICENSE.txt NOTICE.txt ./
 
 # Prefetch dependencies
-COPY build.gradle.kts settings.gradle.kts ./
-COPY buildSrc ./buildSrc/
-COPY config ./config/
-COPY java-client/build.gradle.kts ./java-client/
+COPY --chown=$BUILDER_USER:$BUILDER_GROUP build.gradle.kts settings.gradle.kts ./
+COPY --chown=$BUILDER_USER:$BUILDER_GROUP buildSrc ./buildSrc/
+COPY --chown=$BUILDER_USER:$BUILDER_GROUP config ./config/
+COPY --chown=$BUILDER_USER:$BUILDER_GROUP java-client/build.gradle.kts ./java-client/
 RUN ./gradlew resolveDependencies
 
 ENTRYPOINT ["./gradlew"]
diff --git a/.ci/make.sh b/.ci/make.sh
index 26392fb4c..b402243b8 100755
--- a/.ci/make.sh
+++ b/.ci/make.sh
@@ -57,6 +57,7 @@ product="elastic/elasticsearch-java"
 output_folder=".ci/output"
 codegen_folder=".ci/output"
 OUTPUT_DIR="$repo/${output_folder}"
+WORKFLOW="${WORKFLOW-staging}"
 mkdir -p "$OUTPUT_DIR"
 
 echo -e "\033[34;1mINFO:\033[0m PRODUCT ${product}\033[0m"
@@ -137,9 +138,11 @@ output_mount="-v $repo/.ci/output:/elasticsearch-java/build"
 build_image() {
   echo -e "\033[34;1mINFO: building $product container\033[0m"
 
-  docker build --file .ci/Dockerfile --tag $docker_image \
-    --build-arg USER_ID="$(id -u)" \
-    --build-arg GROUP_ID="$(id -g)" .
+  docker build \
+    --file .ci/Dockerfile \
+    --tag $docker_image \
+    --build-arg BUILDER_UID="$(id -u)" \
+    --build-arg BUILDER_GID="$(id -g)" .
 }
 
 # ------------------------------------------------------- #
@@ -148,8 +151,15 @@ build_image() {
 
 if [[ "$CMD" == "assemble" ]]; then
   rm -rf .ci/output/repository
+
+  if [[ "$WORKFLOW" == 'snapshot' ]]; then
+    assemble_version="$VERSION-SNAPSHOT"
+  else
+    assemble_version="$VERSION"
+  fi
+
   build_image
-  docker run --rm --env VERSION=$VERSION \
+  docker run --rm --env VERSION=$assemble_version -u "$(id -u)" \
     $git_mount $src_mount $output_mount \
     $docker_image \
     publishForReleaseManager
@@ -158,7 +168,7 @@ if [[ "$CMD" == "assemble" ]]; then
 	  if [[ -n ${DEPENDENCIES_REPORTS_DIR+x} ]]; then
 	    cp .ci/output/release/dependencies.csv "$DEPENDENCIES_REPORTS_DIR"/"$DEPENDENCIES_REPORT"
     fi
-		echo -e "\033[32;1mTARGET: successfully assembled client version $VERSION\033[0m"
+		echo -e "\033[32;1mTARGET: successfully assembled client version $assemble_version\033[0m"
 	else
 		echo -e "\033[31;1mTARGET: assemble failed, empty workspace!\033[0m"
 		exit 1
diff --git a/config/version.txt b/config/version.txt
index 48c26da3e..1acea15af 100644
--- a/config/version.txt
+++ b/config/version.txt
@@ -1 +1 @@
-8.6
+8.6.0
\ No newline at end of file

From 7457f1fe9f1e91c1d4687bd928b32d28206bc87a Mon Sep 17 00:00:00 2001
From: Sylvain Wallez <sylvain@elastic.co>
Date: Mon, 10 Oct 2022 16:43:54 +0200
Subject: [PATCH 2/2] Lazily create uid/gid, implement bump task

---
 .ci/Dockerfile | 34 ++++++++++++++++++----------------
 .ci/make.sh    |  5 +++--
 2 files changed, 21 insertions(+), 18 deletions(-)

diff --git a/.ci/Dockerfile b/.ci/Dockerfile
index fb004f40d..4c1d4e858 100644
--- a/.ci/Dockerfile
+++ b/.ci/Dockerfile
@@ -26,30 +26,32 @@ FROM openjdk:15
 # it can be overridden at build time
 ARG BUILDER_UID=1000
 ARG BUILDER_GID=1000
-ENV BUILDER_USER elastic
-ENV BUILDER_GROUP elastic
 
-# Create user
-RUN groupadd --system -g ${BUILDER_GID} ${BUILDER_GROUP} \
-    && useradd --system --shell /bin/bash -u ${BUILDER_UID} -g ${BUILDER_GROUP} -d /var/lib/elastic -m elastic 1>/dev/null 2>/dev/null \
-    && mkdir -p /elasticsearch-java && mkdir /elasticsearch-java/build \
-    && chown -R ${BUILDER_USER}:${BUILDER_GROUP} /elasticsearch-java
+# Create group and user if needed
+RUN (getent group ${BUILDER_GID} || groupadd -g ${BUILDER_GID} elastic) \
+    && (getent passwd ${BUILDER_UID} || useradd -u ${BUILDER_UID} -g ${BUILDER_GID} elastic) \
+    && mkdir -p /elasticsearch-java/build \
+    && chown -R ${BUILDER_UID}:${BUILDER_GID} /elasticsearch-java
 
 WORKDIR /elasticsearch-java/
-USER ${BUILDER_USER}:${BUILDER_GROUP}
+USER ${BUILDER_UID}:${BUILDER_GID}
 
 # Download and initialize Gradle
-COPY --chown=$BUILDER_USER:$BUILDER_GROUP gradlew ./
-COPY --chown=$BUILDER_USER:$BUILDER_GROUP gradle ./gradle
+COPY --chown=$BUILDER_UID:$BUILDER_GID gradlew ./
+COPY --chown=$BUILDER_UID:$BUILDER_GID gradle ./gradle
 RUN ./gradlew
 
-COPY LICENSE.txt NOTICE.txt ./
+COPY --chown=$BUILDER_UID:$BUILDER_GID LICENSE.txt NOTICE.txt ./
 
-# Prefetch dependencies
-COPY --chown=$BUILDER_USER:$BUILDER_GROUP build.gradle.kts settings.gradle.kts ./
-COPY --chown=$BUILDER_USER:$BUILDER_GROUP buildSrc ./buildSrc/
-COPY --chown=$BUILDER_USER:$BUILDER_GROUP config ./config/
-COPY --chown=$BUILDER_USER:$BUILDER_GROUP java-client/build.gradle.kts ./java-client/
+# Prefetch and cache dependencies
+COPY --chown=$BUILDER_UID:$BUILDER_GID build.gradle.kts settings.gradle.kts ./
+COPY --chown=$BUILDER_UID:$BUILDER_GID buildSrc ./buildSrc/
+COPY --chown=$BUILDER_UID:$BUILDER_GID config ./config/
+COPY --chown=$BUILDER_UID:$BUILDER_GID java-client/build.gradle.kts ./java-client/
 RUN ./gradlew resolveDependencies
 
+# Build artifacts. Expects these mounted directories:
+# /elasticsearch-java/.git - git index (read-only)
+# /elasticsearch-java/java-client/src - source files (read-only)
+# /elasticsearch-java/build - output directory (read-write)
 ENTRYPOINT ["./gradlew"]
diff --git a/.ci/make.sh b/.ci/make.sh
index b402243b8..72bcb7193 100755
--- a/.ci/make.sh
+++ b/.ci/make.sh
@@ -111,7 +111,7 @@ case $CMD in
         TASK_ARGS=("$VERSION" "$codegen_folder")
         ;;
     bump)
-        if [ -v $VERSION ]; then
+        if [ -z "$VERSION" ]; then
             echo -e "\033[31;1mTARGET: bump -> missing version parameter\033[0m"
             exit 1
         fi
@@ -159,6 +159,7 @@ if [[ "$CMD" == "assemble" ]]; then
   fi
 
   build_image
+    echo -e "\033[34;1mINFO:\033[0m Building version ${assemble_version}\033[0m"
   docker run --rm --env VERSION=$assemble_version -u "$(id -u)" \
     $git_mount $src_mount $output_mount \
     $docker_image \
@@ -176,7 +177,7 @@ if [[ "$CMD" == "assemble" ]]; then
 fi
 
 if [[ "$CMD" == "bump" ]]; then
-    echo "TODO"
+  echo $VERSION > config/version.txt
 fi
 
 if [[ "$CMD" == "codegen" ]]; then