diff --git a/jenkins/kubernetes/Dockerfile b/jenkins/kubernetes/Dockerfile index 2b29011..1e1f009 100644 --- a/jenkins/kubernetes/Dockerfile +++ b/jenkins/kubernetes/Dockerfile @@ -1,108 +1,108 @@ -ARG BASE_REGISTRY=registry.access.redhat.com -ARG BASE_IMAGE=ubi8/ubi -ARG BASE_TAG=8.3 -FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} - -### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels -LABEL name="Solutions Delivery Platform: Jenkins Master" \ - maintainer="terrana_steven@bah.com" \ - vendor="Booz Allen Hamilton" \ - version="2.263.4" \ - release="2.263.4" \ - summary="A Jenkins Master container" \ - description="The Jenkins Master container image for the Solutions Delivery Platform" - - -### add licenses to this directory -COPY LICENSE /licenses - -RUN INSTALL_PKGS="java-1.8.0-openjdk git openssh" && \ - yum -y update-minimal --setopt=tsflags=nodocs \ - --security && \ - yum -y install --setopt=tsflags=nodocs ${INSTALL_PKGS} - -ARG user=jenkins -ARG group=jenkins -ARG uid=1000 -ARG gid=1000 -ARG http_port=8080 -ARG agent_port=50000 -ARG JENKINS_HOME=/var/jenkins_home -ARG REF=/usr/share/jenkins/ref - -ENV JENKINS_HOME $JENKINS_HOME -ENV JENKINS_SLAVE_AGENT_PORT ${agent_port} -ENV REF $REF - -# Use tini as subreaper in Docker container to adopt zombie processes -ARG SDP_BUILD_DEPENDENCY_VERSION=dcar-1.8 -ARG TINI_VERSION=v0.19.0 - -# jenkins version being bundled in this docker image -ARG JENKINS_VERSION -ENV JENKINS_VERSION ${JENKINS_VERSION:-2.277.1} - -# Jenkins is run with user `jenkins`, uid = 1000 -# If you bind mount a volume from the host or a data container, -# ensure you use the same uid -RUN mkdir -p $JENKINS_HOME \ - && chown ${uid}:${gid} $JENKINS_HOME \ - && groupadd -g ${gid} ${group} \ - && useradd -d "$JENKINS_HOME" -u ${uid} -g ${gid} -m -s /bin/bash ${user} - -# Jenkins home directory is a volume, so configuration and build history -# can be persisted and survive image upgrades -VOLUME $JENKINS_HOME - -# $REF (defaults to `/usr/share/jenkins/ref/`) contains all reference configuration we want -# to set on a fresh new installation. Use it to bundle additional plugins -# or config file with your custom jenkins Docker image. -RUN mkdir -p ${REF}/init.groovy.d - -## Fetch Dependency bundle and verify signature - -RUN mkdir /root/tmp -RUN curl -sSLo /root/tmp/jenkins-dependencies-${JENKINS_VERSION}.tar.gz https://github.com/boozallen/sdp-images/releases/download/${SDP_BUILD_DEPENDENCY_VERSION}/jenkins-dependencies-${SDP_BUILD_DEPENDENCY_VERSION}.tar.gz -#COPY prebuild/jenkins-dependencies-${SDP_BUILD_DEPENDENCY_VERSION}.tar.gz /root/tmp/jenkins-dependencies-$JENKINS_VERSION.tar.gz - -COPY prebuild/BAH-public.key /root/tmp/. -COPY prebuild/jenkins-dependencies-${SDP_BUILD_DEPENDENCY_VERSION}.sig /root/tmp/. -COPY prebuild/jenkins-dependencies-${SDP_BUILD_DEPENDENCY_VERSION}.sha256 /root/tmp/. - -RUN cd /root/tmp/ && gpg --import BAH-public.key && \ - cd /root/tmp/ && gpg --verify jenkins-dependencies-${SDP_BUILD_DEPENDENCY_VERSION}.sig jenkins-dependencies-$JENKINS_VERSION.tar.gz && \ - cd /root/tmp/ && echo "$(cat jenkins-dependencies-${SDP_BUILD_DEPENDENCY_VERSION}.sha256) jenkins-dependencies-${JENKINS_VERSION}.tar.gz" | sha256sum --check --status && \ - cd /root/tmp && tar -xzf jenkins-dependencies-$JENKINS_VERSION.tar.gz - -## Install Tini -RUN cp /root/tmp/dependencies/tini/tini-$TINI_VERSION /sbin/tini \ - && chmod +x /sbin/tini - -## Install Jenkins war -RUN cp /root/tmp/dependencies/jenkins/jenkins-war-$JENKINS_VERSION.war /usr/share/jenkins/jenkins.war - -## Place plugins in temp directory -RUN mkdir /tmp/plugins && cp /root/tmp/dependencies/plugins/* /tmp/plugins && chown -R ${uid}:${gid} /tmp/plugins && rm -rf /root/tmp/* - -ENV JENKINS_UC https://updates.jenkins.io -ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental -ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals -ENV COPY_REFERENCE_FILE_LOG $JENKINS_HOME/copy_reference_file.log - -RUN chown -R ${user} "$JENKINS_HOME" "$REF" - -# for main web interface: -EXPOSE ${http_port} - -# will be used by attached slave agents: -EXPOSE ${agent_port} - -COPY resources/jenkins-support /usr/local/bin/jenkins-support -COPY resources/scripts/jenkins.sh /usr/local/bin/jenkins.sh -COPY resources/scripts/tini-shim.sh /bin/tini -RUN chmod +x /usr/local/bin/jenkins-support /usr/local/bin/jenkins.sh /bin/tini && \ - chown ${user} /usr/local/bin/jenkins-support /usr/local/bin/jenkins.sh /bin/tini - -USER ${user} -HEALTHCHECK --interval=30s --timeout=30s --start-period=10s --retries=3 CMD pgrep -f "jenkins" -ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/jenkins.sh"] +ARG BASE_REGISTRY=registry.access.redhat.com +ARG BASE_IMAGE=ubi8/ubi +ARG BASE_TAG=8.3 +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} + +### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels +LABEL name="Solutions Delivery Platform: Jenkins Master" \ + maintainer="terrana_steven@bah.com" \ + vendor="Booz Allen Hamilton" \ + version="2.277.3" \ + release="2.277.3" \ + summary="A Jenkins Master container" \ + description="The Jenkins Master container image for the Solutions Delivery Platform" + + +### add licenses to this directory +COPY LICENSE /licenses + +RUN INSTALL_PKGS="java-1.8.0-openjdk git openssh" && \ + yum -y update-minimal --setopt=tsflags=nodocs \ + --security && \ + yum -y install --setopt=tsflags=nodocs ${INSTALL_PKGS} + +ARG user=jenkins +ARG group=jenkins +ARG uid=1000 +ARG gid=1000 +ARG http_port=8080 +ARG agent_port=50000 +ARG JENKINS_HOME=/var/jenkins_home +ARG REF=/usr/share/jenkins/ref + +ENV JENKINS_HOME $JENKINS_HOME +ENV JENKINS_SLAVE_AGENT_PORT ${agent_port} +ENV REF $REF + +# Use tini as subreaper in Docker container to adopt zombie processes +ARG SDP_BUILD_DEPENDENCY_VERSION=dcar-1.9 +ARG TINI_VERSION=v0.19.0 + +# jenkins version being bundled in this docker image +ARG JENKINS_VERSION +ENV JENKINS_VERSION ${JENKINS_VERSION:-2.277.3} + +# Jenkins is run with user `jenkins`, uid = 1000 +# If you bind mount a volume from the host or a data container, +# ensure you use the same uid +RUN mkdir -p $JENKINS_HOME \ + && chown ${uid}:${gid} $JENKINS_HOME \ + && groupadd -g ${gid} ${group} \ + && useradd -d "$JENKINS_HOME" -u ${uid} -g ${gid} -m -s /bin/bash ${user} + +# Jenkins home directory is a volume, so configuration and build history +# can be persisted and survive image upgrades +VOLUME $JENKINS_HOME + +# $REF (defaults to `/usr/share/jenkins/ref/`) contains all reference configuration we want +# to set on a fresh new installation. Use it to bundle additional plugins +# or config file with your custom jenkins Docker image. +RUN mkdir -p ${REF}/init.groovy.d + +## Fetch Dependency bundle and verify signature + +RUN mkdir /root/tmp +RUN curl -sSLo /root/tmp/jenkins-dependencies-${JENKINS_VERSION}.tar.gz https://github.com/boozallen/sdp-images/releases/download/${SDP_BUILD_DEPENDENCY_VERSION}/jenkins-dependencies-${SDP_BUILD_DEPENDENCY_VERSION}.tar.gz +#COPY prebuild/jenkins-dependencies-${SDP_BUILD_DEPENDENCY_VERSION}.tar.gz /root/tmp/jenkins-dependencies-$JENKINS_VERSION.tar.gz + +COPY prebuild/BAH-public.key /root/tmp/. +COPY prebuild/jenkins-dependencies-${SDP_BUILD_DEPENDENCY_VERSION}.sig /root/tmp/. +COPY prebuild/jenkins-dependencies-${SDP_BUILD_DEPENDENCY_VERSION}.sha256 /root/tmp/. + +RUN cd /root/tmp/ && gpg --import BAH-public.key && \ + cd /root/tmp/ && gpg --verify jenkins-dependencies-${SDP_BUILD_DEPENDENCY_VERSION}.sig jenkins-dependencies-$JENKINS_VERSION.tar.gz && \ + cd /root/tmp/ && echo "$(cat jenkins-dependencies-${SDP_BUILD_DEPENDENCY_VERSION}.sha256) jenkins-dependencies-${JENKINS_VERSION}.tar.gz" | sha256sum --check --status && \ + cd /root/tmp && tar -xzf jenkins-dependencies-$JENKINS_VERSION.tar.gz + +## Install Tini +RUN cp /root/tmp/dependencies/tini/tini-$TINI_VERSION /sbin/tini \ + && chmod +x /sbin/tini + +## Install Jenkins war +RUN cp /root/tmp/dependencies/jenkins/jenkins-war-$JENKINS_VERSION.war /usr/share/jenkins/jenkins.war + +## Place plugins in temp directory +RUN mkdir /tmp/plugins && cp /root/tmp/dependencies/plugins/* /tmp/plugins && chown -R ${uid}:${gid} /tmp/plugins && rm -rf /root/tmp/* + +ENV JENKINS_UC https://updates.jenkins.io +ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental +ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals +ENV COPY_REFERENCE_FILE_LOG $JENKINS_HOME/copy_reference_file.log + +RUN chown -R ${user} "$JENKINS_HOME" "$REF" + +# for main web interface: +EXPOSE ${http_port} + +# will be used by attached slave agents: +EXPOSE ${agent_port} + +COPY resources/jenkins-support /usr/local/bin/jenkins-support +COPY resources/scripts/jenkins.sh /usr/local/bin/jenkins.sh +COPY resources/scripts/tini-shim.sh /bin/tini +RUN chmod +x /usr/local/bin/jenkins-support /usr/local/bin/jenkins.sh /bin/tini && \ + chown ${user} /usr/local/bin/jenkins-support /usr/local/bin/jenkins.sh /bin/tini + +USER ${user} +HEALTHCHECK --interval=30s --timeout=30s --start-period=10s --retries=3 CMD pgrep -f "jenkins" +ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/jenkins.sh"] diff --git a/jenkins/kubernetes/Makefile b/jenkins/kubernetes/Makefile index 0827003..981e379 100644 --- a/jenkins/kubernetes/Makefile +++ b/jenkins/kubernetes/Makefile @@ -1,41 +1,41 @@ -OWNER = boozallen -REPO = sdp-images -IMAGE = jenkins -VERSION = dcar-1.8 -JENKINS_VERSION=2.277.1 - -REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO) -TAG = $(REGISTRY)/$(IMAGE):$(VERSION) - -.PHONY: help Makefile -.ONESHELL: push - - -# Put it first so that "make" without argument is like "make help". -help: ## Show target options - @fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//' - -build: ## build container image - docker build . -t $(TAG) - -push: ## builds and publishes container image - $(eval user := $(shell read -p "GitHub Username: " username; echo $$username)) - $(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token)) - @echo - @docker login $(REGISTRY) -u $(user) -p $(pass); - make build - docker push $(TAG) - -build-dep: ## build container dependencies - $(eval dir := $(shell pwd)) - docker run -it -v $(dir)/prebuild:/var/jenkins_home/tmp jenkins/jenkins:${JENKINS_VERSION}-lts /var/jenkins_home/tmp/pull-plugins.sh - docker run -it -v $(dir)/prebuild:/root/prebuild:z registry.access.redhat.com/ubi8/ubi:8.3 /root/prebuild/pull-from-centos.sh - docker run -it -v $(dir)/prebuild:/root/prebuild:z registry.access.redhat.com/ubi8/ubi:8.3 /root/prebuild/build-dep.sh - -info: - @echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))" - -# Catch-all target: route all unknown targets to Sphinx using the new -# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). -%: Makefile - echo "Make command $@ not found" +OWNER = boozallen +REPO = sdp-images +IMAGE = jenkins +VERSION = dcar-1.9 +JENKINS_VERSION=2.277.3 + +REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO) +TAG = $(REGISTRY)/$(IMAGE):$(VERSION) + +.PHONY: help Makefile +.ONESHELL: push + + +# Put it first so that "make" without argument is like "make help". +help: ## Show target options + @fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//' + +build: ## build container image + docker build . -t $(TAG) + +push: ## builds and publishes container image + $(eval user := $(shell read -p "GitHub Username: " username; echo $$username)) + $(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token)) + @echo + @docker login $(REGISTRY) -u $(user) -p $(pass); + make build + docker push $(TAG) + +build-dep: ## build container dependencies + $(eval dir := $(shell pwd)) + docker run --user root -it -v $(dir)/prebuild:/var/jenkins_home/tmp jenkins/jenkins:${JENKINS_VERSION}-lts /var/jenkins_home/tmp/pull-plugins.sh + docker run --user root -it -v $(dir)/prebuild:/root/prebuild:z registry.access.redhat.com/ubi8/ubi:8.3 /root/prebuild/pull-from-centos.sh + docker run --user root -it -v $(dir)/prebuild:/root/prebuild:z registry.access.redhat.com/ubi8/ubi:8.3 /root/prebuild/build-dep.sh + +info: + @echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))" + +# Catch-all target: route all unknown targets to Sphinx using the new +# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). +%: Makefile + echo "Make command $@ not found" diff --git a/jenkins/kubernetes/prebuild/build-dep.sh b/jenkins/kubernetes/prebuild/build-dep.sh index 917c6fd..312679f 100755 --- a/jenkins/kubernetes/prebuild/build-dep.sh +++ b/jenkins/kubernetes/prebuild/build-dep.sh @@ -2,7 +2,7 @@ set -xe -SDP_BUILD_DEPENDENCY_VERSION=dcar-1.8 +SDP_BUILD_DEPENDENCY_VERSION=dcar-1.9 cd /root/prebuild tar czvf jenkins-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz dependencies diff --git a/jenkins/kubernetes/prebuild/jenkins-dependencies-dcar-1.8.sha256 b/jenkins/kubernetes/prebuild/jenkins-dependencies-dcar-1.8.sha256 deleted file mode 100644 index 4f8d6cf..0000000 --- a/jenkins/kubernetes/prebuild/jenkins-dependencies-dcar-1.8.sha256 +++ /dev/null @@ -1 +0,0 @@ -1a195a7e7414b2e5f1ea62a4b38aa4c8ae3916aaa3bb24aa157015232d2198b0 diff --git a/jenkins/kubernetes/prebuild/jenkins-dependencies-dcar-1.8.sig b/jenkins/kubernetes/prebuild/jenkins-dependencies-dcar-1.8.sig deleted file mode 100644 index 67ab3a4..0000000 Binary files a/jenkins/kubernetes/prebuild/jenkins-dependencies-dcar-1.8.sig and /dev/null differ diff --git a/jenkins/kubernetes/prebuild/jenkins-dependencies-dcar-1.9.sha256 b/jenkins/kubernetes/prebuild/jenkins-dependencies-dcar-1.9.sha256 new file mode 100644 index 0000000..0e67be1 --- /dev/null +++ b/jenkins/kubernetes/prebuild/jenkins-dependencies-dcar-1.9.sha256 @@ -0,0 +1 @@ +b33e9f256d16a90834934ce0f9eb19c3ff4102f592fe74cefd203d94652b33ca diff --git a/jenkins/kubernetes/prebuild/jenkins-dependencies-dcar-1.9.sig b/jenkins/kubernetes/prebuild/jenkins-dependencies-dcar-1.9.sig new file mode 100644 index 0000000..aec5e6b Binary files /dev/null and b/jenkins/kubernetes/prebuild/jenkins-dependencies-dcar-1.9.sig differ diff --git a/jenkins/kubernetes/prebuild/plugins.txt b/jenkins/kubernetes/prebuild/plugins.txt old mode 100755 new mode 100644 index dd82d44..8423181 --- a/jenkins/kubernetes/prebuild/plugins.txt +++ b/jenkins/kubernetes/prebuild/plugins.txt @@ -1,3 +1,3 @@ -groovy:2.3 -git:4.5.0 -templating-engine:1.7.1 +groovy:2.3 +git:4.7.0 +templating-engine:2.2.2 diff --git a/jenkins/kubernetes/prebuild/pull-from-centos.sh b/jenkins/kubernetes/prebuild/pull-from-centos.sh index 651dbd2..c84d9a4 100755 --- a/jenkins/kubernetes/prebuild/pull-from-centos.sh +++ b/jenkins/kubernetes/prebuild/pull-from-centos.sh @@ -4,7 +4,7 @@ set -xe TINI_VERSION=v0.19.0 -JENKINS_VERSION=2.277.1 +JENKINS_VERSION=2.277.3 mkdir /root/prebuild/dependencies/tini/ curl -kfsSL https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-static-amd64 -o /root/prebuild/dependencies/tini/tini-${TINI_VERSION}