update the base image in finance dockerfile and pom.xml

[priyanshu-egov]

Summary by CodeRabbit

• Chores
  • Switched Docker build/runtime to official multi-architecture images and aligned build configuration for improved compatibility and more reliable artifact handling.
• Security
  • Migrated Maven repository endpoints from HTTP to HTTPS to secure dependency downloads and build processes.

[coderabbitai]

Walkthrough

Dockerfile switches to official Maven and WildFly multi-arch images, adds a WORK_DIR ARG and updates EAR copy path; pom.xml updates Maven repository and plugin repository URLs from HTTP to HTTPS.

Changes

Cohort / File(s)	Summary
Docker Infrastructure Updates financial-module-system/finance/Dockerfile	Replaces custom build image with maven:3.8-jdk-8, swaps runtime to an official multi-arch WildFly image (nitish-edcr tag), introduces ARG WORK_DIR (redeclared for cross-stage use), and updates EAR copy to /app/${WORK_DIR}/egov-ear/target/\*.ear.
Repository Security Upgrade financial-module-system/finance/egov/pom.xml	Converts Maven repository, distributionManagement, and pluginRepository URLs from http:// to https:// across the POM.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐇 I hopped through Docker, tidy and spry,

Swapped images and paths with a gleeful sigh,
HTTPS stitched the trail I rode,
EARs tucked safe in their new node,
A rabbit’s cheer for changes applied.

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main changes: updating the base image in the Dockerfile (Maven and WildFly) and updating URLs in pom.xml to HTTPS.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into master

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch finance_service_patch

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

financial-module-system/finance/Dockerfile (1)

1-25: 🧹 Nitpick | 🔵 Trivial

Add a HEALTHCHECK instruction for production readiness.

Both Trivy and Checkov flag the missing HEALTHCHECK. For a WildFly deployment, a simple HTTP check against the management interface or app endpoint would improve container orchestration reliability.

🏥 Proposed addition before CMD

+HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
+  CMD curl -f http://localhost:9990/ || exit 1
+
 CMD ["/opt/jboss/wildfly/bin/standalone.sh", "-b", "0.0.0.0", "-bmanagement", "0.0.0.0", "-Ddb.migration.enabled=true", "-Ddev.mode=true", "-Ddb.flyway.validateon.migrate=true"]

🤖 Fix all issues with AI agents

In `@financial-module-system/finance/Dockerfile`:
- Line 5: The ARG WORK_DIR in the Dockerfile lacks a default which allows it to
be empty and breaks COPY and path resolution; set a default value (work-dir:
egov) by changing the ARG declaration to include =egov in both the build stage
and the runtime/final stage (ensure both occurrences of ARG WORK_DIR become ARG
WORK_DIR=egov) so COPY ${WORK_DIR} ./${WORK_DIR} and any runtime paths like
/app/${WORK_DIR}/target/ resolve correctly; verify the Dockerfile uses
${WORK_DIR} consistently in COPY and path references (e.g., in the build stage
COPY and the runtime stage paths) after adding the defaults.
- Around line 15-17: The base image FROM
quay.io/wildfly/wildfly:26.1.3.Final-jdk11 is valid but JDK11 removed Java EE
modules (JAXB/JAX-WS/CORBA); audit your app for references to those APIs (search
for javax.xml.bind, javax.jws, org.omg/CORBA) and either add explicit
Jakarta/standalone libraries or enable modules in WildFly, and if you must
compile against Java 8 API set maven.compiler.release=8 in your build (replace
existing source/target 1.8) so the compiled bytecode and API surface match
expectations.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

fd -n "Dockerfile" -t f

Repository: egovernments/URBAN

Length of output: 292

---

🏁 Script executed:

cat -n financial-module-system/finance/Dockerfile | head -40

Repository: egovernments/URBAN

Length of output: 1371

---

🏁 Script executed:

rg -n "WORK_DIR" --type-list | head -20

Repository: egovernments/URBAN

Length of output: 451

---

🏁 Script executed:

rg "WORK_DIR" -t yaml -t sh -t json --max-count 50

Repository: egovernments/URBAN

Length of output: 658

---

🏁 Script executed:

fd -t f -e yml -e yaml | grep -E "(docker|compose|ci|github|gitlab)" | head -20

Repository: egovernments/URBAN

Length of output: 1861

---

🏁 Script executed:

rg -l "docker" -t yaml -t yml | head -10

Repository: egovernments/URBAN

Length of output: 89

---

🏁 Script executed:

find . -name "docker-compose*" -o -name ".gitlab-ci.yml" -o -name ".github" -type d

Repository: egovernments/URBAN

Length of output: 118

---

🏁 Script executed:

find . -path "*/github/workflows*" -o -path "*/.gitlab-ci.yml" -type f 2>/dev/null | head -10

Repository: egovernments/URBAN

Length of output: 44

---

🏁 Script executed:

find .github -type f -name "*.yml" -o -name "*.yaml" | head -10

Repository: egovernments/URBAN

Length of output: 247

---

🏁 Script executed:

rg "WORK_DIR" -g "*.yml" -g "*.yaml" -g "*.json"

Repository: egovernments/URBAN

Length of output: 44

---

🏁 Script executed:

find . -name "docker-compose*" -type f

Repository: egovernments/URBAN

Length of output: 44

---

🏁 Script executed:

rg "docker.*build" -A 3 -B 3 | head -50

Repository: egovernments/URBAN

Length of output: 2876

---

🏁 Script executed:

rg "financial-module-system" .github/workflows/ -A 5 -B 2

Repository: egovernments/URBAN

Length of output: 44

---

🏁 Script executed:

find financial-module-system -name "build-config.yml" -o -name "README*" -type f | head -10

Repository: egovernments/URBAN

Length of output: 725

---

🏁 Script executed:

cat -n .github/workflows/backendbuild.yaml | grep -A 10 -B 10 "financial-module"

Repository: egovernments/URBAN

Length of output: 44

---

🏁 Script executed:

cat -n financial-module-system/finance/Dockerfile

Repository: egovernments/URBAN

Length of output: 1371

---

🏁 Script executed:

cat -n financial-module-system/finance/build/build-config.yml

Repository: egovernments/URBAN

Length of output: 676

---

🏁 Script executed:

cat -n financial-module-system/finance/README.md | head -100

Repository: egovernments/URBAN

Length of output: 5863

---

🏁 Script executed:

cat -n financial-module-system/README.md | head -50

Repository: egovernments/URBAN

Length of output: 2968

---

🏁 Script executed:

rg -l "build-config" --type sh --type py

Repository: egovernments/URBAN

Length of output: 44

---

🏁 Script executed:

rg "build-config" -A 5 -B 5 --type sh --type py | head -100

Repository: egovernments/URBAN

Length of output: 44

---

🏁 Script executed:

find . -name "*build*.sh" -o -name "*build*.py" | head -20

Repository: egovernments/URBAN

Length of output: 114

---

🏁 Script executed:

cat -n financial-module-system/finance/build-config.yml 2>/dev/null || cat -n financial-module-system/finance/build/build-config.yml

Repository: egovernments/URBAN

Length of output: 676

---

🏁 Script executed:

cat -n financial-module-system/finance/dev-utils/build.sh

Repository: egovernments/URBAN

Length of output: 455

---

🏁 Script executed:

cat -n financial-module-system/finance/build.sh 2>/dev/null || echo "File not found at this path"

Repository: egovernments/URBAN

Length of output: 89

---

🏁 Script executed:

find . -name "build.sh" -type f -exec grep -l "docker" {} \;

Repository: egovernments/URBAN

Length of output: 44

---

🏁 Script executed:

find . -type f \( -name "*.json" -o -name "*.js" -o -name "*.py" -o -name "*.sh" \) -exec grep -l "build-config" {} \;

Repository: egovernments/URBAN

Length of output: 44

---

🏁 Script executed:

rg "\.build\[" -A 5 -B 5 --type py --type js

Repository: egovernments/URBAN

Length of output: 44

---

🏁 Script executed:

find . -path "*/\.*" -prune -o -name "Makefile" -type f -print

Repository: egovernments/URBAN

Length of output: 104

---

🏁 Script executed:

cat -n financial-module-system/finance/Makefile

Repository: egovernments/URBAN

Length of output: 1633

---

🏁 Script executed:

rg "docker.*build" -A 10 -B 2 financial-module-system/finance/

Repository: egovernments/URBAN

Length of output: 44

---

🏁 Script executed:

rg "docker build" -A 5 -B 5

Repository: egovernments/URBAN

Length of output: 44

---

🏁 Script executed:

head -30 financial-module-system/finance/Dockerfile

Repository: egovernments/URBAN

Length of output: 1196

---

🏁 Script executed:

find . -name "docker-compose.yml" -o -name "docker-compose.yaml" 2>/dev/null

Repository: egovernments/URBAN

Length of output: 44

---

🏁 Script executed:

rg "WORK_DIR" financial-module-system/ -B 2 -A 2

Repository: egovernments/URBAN

Length of output: 5998

---

ARG WORK_DIR has no default value — build will fail if omitted.

If WORK_DIR is not passed via --build-arg, it resolves to an empty string. On line 9, COPY ${WORK_DIR} ./${WORK_DIR} becomes COPY ./ which is invalid syntax and will fail with "COPY requires at least 2 arguments". On line 22, the path becomes /app//egov-ear/target/ which will fail if the file doesn't exist.

The build-config.yml specifies work-dir: egov, which is the intended value. Add this as the default:

Proposed fix

-ARG WORK_DIR
+ARG WORK_DIR=egov

Apply the same default in the runtime stage (line 20):

-ARG WORK_DIR
+ARG WORK_DIR=egov

Also applies to: 19-22

🤖 Prompt for AI Agents

In `@financial-module-system/finance/Dockerfile` at line 5, The ARG WORK_DIR in
the Dockerfile lacks a default which allows it to be empty and breaks COPY and
path resolution; set a default value (work-dir: egov) by changing the ARG
declaration to include =egov in both the build stage and the runtime/final stage
(ensure both occurrences of ARG WORK_DIR become ARG WORK_DIR=egov) so COPY
${WORK_DIR} ./${WORK_DIR} and any runtime paths like /app/${WORK_DIR}/target/
resolve correctly; verify the Dockerfile uses ${WORK_DIR} consistently in COPY
and path references (e.g., in the build stage COPY and the runtime stage paths)
after adding the defaults.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

WildFly 26.1.3.Final-jdk11 quay.io container image

💡 Result:

The WildFly “classic” container images on Quay use the tag format:

quay.io/wildfly/wildfly:<wildfly-version>-<jdk> (github.com)

So the image you’re looking for (WildFly 26.1.3.Final on JDK 11) would be:

docker pull quay.io/wildfly/wildfly:26.1.3.Final-jdk11
# or
podman pull quay.io/wildfly/wildfly:26.1.3.Final-jdk11

If that exact tag doesn’t exist in the registry, the official docs recommend using the floating JDK tag instead (still JDK 11, but “latest WildFly available for JDK11”):

docker pull quay.io/wildfly/wildfly:latest-jdk11

(github.com)

Citations:

• 1: https://github.com/wildfly/wildfly-container?utm_source=openai
• 2: https://github.com/wildfly/wildfly-container?utm_source=openai

---

🌐 Web query:

WildFly 26.x JDK 11 compatibility requirements

💡 Result:

WildFly 26.x is compatible with JDK 11 with these requirements/notes:

• Supported Java versions (runtime): WildFly 26 / 26.1 runs on the LTS Java SE releases and was heavily tested on Java SE 8, 11, and 17. [1][2]
• JDK 11 execution mode: WildFly runs on Java 11 (and later) in classpath mode (i.e., not using the Java module-path as the primary launch mechanism). [1][2]
• WildFly Preview (26.x): WildFly Preview 26.x was also tested for compatibility on Java SE 11 (and 17). [1][2]

If by “requirements” you mean a minimum Java version: WildFly 26.x still supports Java 8, so JDK 11 is not the minimum for 26.x. [1][2]

Sources:
[1] WildFly 26 release announcement (Dec 16, 2021)
[2] WildFly 26.1 release announcement (Apr 14, 2022)

---

🌐 Web query:

building with JDK 8 running on JDK 11 forward compatibility

💡 Result:

If you build Java 8 bytecode and want it to run on a Java 11 JVM, that’s generally supported as long as you only use Java 8–available APIs and avoid JDK-internal APIs (the JVM is designed for strong backward compatibility).

Best practice: compile “for Java 8” even if you use JDK 11 to build

Using only -source 8 -target 8 is not enough when compiling on newer JDKs, because you can accidentally compile against newer platform APIs and then fail at runtime on Java 8. That’s why javac --release exists. [1]

• Command line:

  javac --release 8 ...

• Maven:

  <properties>
    <maven.compiler.release>8</maven.compiler.release>
  </properties>

  This uses javac --release on JDK 9+ and helps ensure you don’t accidentally use newer APIs. [2]

When “Java 8 code” can fail on Java 11 at runtime

Even if you compiled on JDK 8, running on JDK 11 can fail if you relied on parts of the JDK that were removed or are no longer included by default:

• Java EE / CORBA modules removed in Java 11 (e.g., JAXB/JAX-WS/CORBA). Apps that depended on those being “in the JDK” can get ClassNotFoundException / NoDefClassFoundError on Java 11 unless you add replacement dependencies. [3]
• Illegal reflective access warnings / future breakage risk if libraries use deep reflection into JDK internals (common with older frameworks). Java’s module system introduced these warnings and tightening over time. [4]

Practical recommendation

• If your goal is: build once (target 8) and run on 8 and 11+, use JDK 11+ toolchain with --release 8 (or Maven maven.compiler.release=8) to keep the API surface truly Java-8 compatible. [1][2]
• When running on Java 11, explicitly add dependencies for anything that used to come from Java EE/CORBA-in-the-JDK (notably JAXB/JAX-WS), if applicable. [3]

Sources:
[1] OpenJDK JEP 247 (“Compile for Older Platform Versions”) https://openjdk.org/jeps/247
[2] Apache Maven Compiler Plugin docs (“Setting the --release of the Java Compiler”) https://maven.apache.org/plugins/maven-compiler-plugin/examples/set-compiler-release.html
[3] Oracle JDK 11 Migration Guide (Java EE / CORBA modules removed) https://docs.oracle.com/en/java/javase/11/migrate/
[4] JEP 261 / illegal reflective access behavior (overview/reference) https://jeps.dev/docs/jdk9/261

---

Image tag is valid and compatible—but verify Java EE module usage.

The tag quay.io/wildfly/wildfly:26.1.3.Final-jdk11 follows the official WildFly container image format and is available on Quay. WildFly 26.x runs on JDK 11 (in classpath mode) and was heavily tested with it.

However, Java EE modules (JAXB, JAX-WS, CORBA) were removed in Java 11. If your application depends on any of these, you'll get ClassNotFoundException at runtime unless you add explicit replacement dependencies. Before deploying, verify that the application doesn't rely on removed Java EE/CORBA APIs, or add the necessary Jakarta/Java EE dependencies if it does.

Consider using maven.compiler.release=8 (instead of just source/target 1.8) to enforce Java 8 API surface during compilation.

🤖 Prompt for AI Agents

In `@financial-module-system/finance/Dockerfile` around lines 15 - 17, The base
image FROM quay.io/wildfly/wildfly:26.1.3.Final-jdk11 is valid but JDK11 removed
Java EE modules (JAXB/JAX-WS/CORBA); audit your app for references to those APIs
(search for javax.xml.bind, javax.jws, org.omg/CORBA) and either add explicit
Jakarta/standalone libraries or enable modules in WildFly, and if you must
compile against Java 8 API set maven.compiler.release=8 in your build (replace
existing source/target 1.8) so the compiled bytecode and API surface match
expectations.

[vinothrallapalli-eGov]

We are using the customized wildfly 11, can't directly use the wildfly 26 version. The application won't work with this.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

financial-module-system/finance/Dockerfile (1)

1-25: 🧹 Nitpick | 🔵 Trivial

Consider adding a HEALTHCHECK instruction.

Static analysis (Trivy DS-0026, Checkov CKV_DOCKER_2) flags the missing HEALTHCHECK. Since WildFly exposes a management interface, you could add a basic health check:

 CMD ["/opt/jboss/wildfly/bin/standalone.sh", "-b", "0.0.0.0", "-bmanagement", "0.0.0.0", "-Ddb.migration.enabled=true", "-Ddev.mode=true", "-Ddb.flyway.validateon.migrate=true"]
+
+HEALTHCHECK --interval=30s --timeout=10s --retries=3 \
+  CMD curl -f http://localhost:9990/health || exit 1

Adjust the endpoint to match your actual health/readiness path. If health checks are handled externally (e.g., Kubernetes probes), this can be deferred.