Description
Tags like openjdk:8u181-jdk aren't fixed and it recently upgraded from 1.8.0_181-8u181-b13-1~deb9u1-b13 to 1.8.0_181-8u181-b13-2~deb9u1-b13. The b13-2 variant includes a change that causes a bug in Surefire to become a problem that breaks the build.
The above-described change in the version of Java used by our CI image has highlighted the fact that our CI images are not strictly repeatable. To ensure that they are, we should use a specific sha256 to reference the exact Docker image that we want to use. The sha256 to use can be found by looking at the appropriate file in https://github.com/docker-library/repo-info/tree/master/repos/openjdk/remote. In the case of JDK 8, we'll have to look at the history of its file as we don't want the latest until the Surefire bug has been fixed.