2.235.2.3

Dockerfile

@@ -3,6 +3,8 @@ ARG BASE_IMAGE=redhat/openjdk/openjdk8-devel
 ARG BASE_TAG=1.8.0
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 
+USER root
+
 ENV JENKINS_HOME /var/jenkins_home
 ENV JENKINS_SLAVE_AGENT_PORT 50000
 # All reference configuration we want to set on a fresh new installation.
@@ -16,8 +18,6 @@ ARG group=jenkins
 ARG uid=1000
 ARG gid=1000
 
-USER 0
-
 RUN dnf update -y --nodocs && \
     dnf install -y --nodocs \
         git `# needed for some on-master operations` \
@@ -42,8 +42,8 @@ HEALTHCHECK --interval=5m --timeout=3s \
   CMD curl -fsL ${JENKINS_URL}/login || exit 1
 
 LABEL securitytxt="https://www.cloudbees.com/.well-known/security.txt"
-LABEL release=5a533c774ae77dd775097dec6ba8679b2e6c641e
-LABEL version=2.222.4.3
+LABEL release=5e3361ef7dfaac2735ee3c330732700c0c0c10ff
+LABEL version=2.235.2.3
 
 ARG TARBALL=files.tar
 COPY ${TARBALL} /tmp

Jenkinsfile

 @Library('DCCSCR@master') _
-dccscrPipeline(version: '2.222.4.3')
+dccscrPipeline(version: '2.235.2.3')

README.md

@@ -9,7 +9,7 @@ CloudBees Core consists of three Docker images installed via Helm chart:
 For each image, all files other than UBI and native packages
 are included in a `files.tar` marked with a SHA-256 checksum.
 
-A version of Core is given in the format `2.222.4.3`
+A version of Core is given in the format `2.235.2.3`
 where the first three components are aligned with a Jenkins LTS.
 The Helm chart is coversioned with `core-oc`.
 The `core-mm` image typically shares the same version,
@@ -22,13 +22,13 @@ plus whatever other customizations are desired:
 ```yaml
 OperationsCenter:
   Image:
-    dockerImage: your-registry/core-oc:2.222.4.3
+    dockerImage: your-registry/core-oc:2.235.2.3
 Master:
   Image:
-    dockerImage: your-registry/core-mm:2.222.4.3
+    dockerImage: your-registry/core-mm:2.235.2.3
 Agents:
   Image:
-    dockerImage: your-registry/agent:2.222.4.3
+    dockerImage: your-registry/agent:2.235.2.3
 ```
 
 and [install via Helm 3](https://docs.cloudbees.com/docs/cloudbees-core/latest/kubernetes-install-guide/installing-kubernetes-using-helm) using the local copy of the chart:

download.json

 {
   "resources": [
     {
-      "url": "https://dsop.s3.amazonaws.com/core-oc-files-0f4577ed2e1113fc47b6805b3e99794dbe962691fcdd1713d8c3899bee189970.tar",
+      "url": "https://dsop.s3.amazonaws.com/core-oc-files-4c8b18ea379c4729e452fcc71b864dc7a06b96fd0b267863610c639c9208fad4.tar",
       "filename": "files.tar",
       "validation": {
         "type": "sha256",
-        "value": "0f4577ed2e1113fc47b6805b3e99794dbe962691fcdd1713d8c3899bee189970"
+        "value": "4c8b18ea379c4729e452fcc71b864dc7a06b96fd0b267863610c639c9208fad4"
       }
     }
   ]

helm/Chart.yaml

 apiVersion: v1
-appVersion: 2.222.4.3
+appVersion: 2.235.2.3
 description: The Continuous Delivery Solution for Enterprises
 home: https://www.cloudbees.com/products/cloudbees-core
 icon: https://images.ctfassets.net/vtn4rfaw6n2j/7xprMMXARXDBuVxW4y8XfV/349fff91035050e3f2a8ff37bc0615b5/cloudbees-core-logo_header.svg
@@ -7,4 +7,4 @@ keywords:
 - cloudbees
 - jenkins
 name: cloudbees-core
-version: 3.14.0-DEVELOPMENT
+version: 3.16.1-DEVELOPMENT

helm/requirements.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 1.31.0
 - name: cloudbees-sidecar-injector
   repository: https://charts.cloudbees.com/public/cloudbees
-  version: 2.0.2
-digest: sha256:3def1dbb081b36dfd4e884974dec82adc2191e7b9e0cc91dba2acc9bb0162764
-generated: "2020-02-19T09:43:35.50092+01:00"
+  version: 2.0.5
+digest: sha256:dcdcc490523e85471fbae554ad637a15d2581ffd192525b5a652c51177614201
+generated: "2020-06-29T17:22:35.309549+02:00"

helm/requirements.yaml

@@ -4,6 +4,6 @@ dependencies:
   repository: https://kubernetes-charts.storage.googleapis.com/
   condition: nginx-ingress.Enabled
 - name: cloudbees-sidecar-injector
-  version: 2.0.2
+  version: 2.0.5
   repository: https://charts.cloudbees.com/public/cloudbees
   condition: sidecarinjector.Enabled

helm/templates/NOTES.txt

 1. Once Operations Center is up and running, get your initial admin user password by running:
-  {{include "cloudbees-core.cli" . }} rollout status sts cjoc
-  {{include "cloudbees-core.cli" . }} exec cjoc-0 -- cat /var/jenkins_home/secrets/initialAdminPassword
+  {{include "cloudbees-core.cli" . }} rollout status sts cjoc --namespace {{ .Release.Namespace }}
+  {{include "cloudbees-core.cli" . }} exec cjoc-0 --namespace {{ .Release.Namespace }} -- cat /var/jenkins_home/secrets/initialAdminPassword
 {{- if .Values.OperationsCenter.HostName }}
 2. Visit {{ template "oc.url" . }}
 {{- else }}

helm/templates/_helpers.tpl

@@ -105,11 +105,32 @@ Sanitize Operations Center context path to never have a trailing slash
 {{ trimSuffix "/" .Values.OperationsCenter.ContextPath }}
 {{- end -}}
 
+{{- define "oc.defaultPort" -}}
+{{- if eq (include "oc.protocol" .) "https" -}}443{{- else if eq (include "oc.protocol" .) "http" -}}80{{- end -}}
+{{- end -}}
+
+{{- define "oc.port" -}}
+{{- .Values.OperationsCenter.Port | default (include "oc.defaultPort" .) -}}
+{{- end -}}
+
+{{- define "oc.optionalPort" -}}
+{{- if ne (include "oc.port" .) (include "oc.defaultPort" .) -}}
+:{{ include "oc.port" . }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Expected Operations Center Hostname. Include port if not 80/443.
+*/}}
+{{- define "oc.hostname" -}}
+{{ .Values.OperationsCenter.HostName }}{{- include "oc.optionalPort" . -}}
+{{- end -}}
+
 {{/*
 Expected Operations Center URL. Always ends with a trailing slash.
 */}}
 {{- define "oc.url" -}}
-{{- template "oc.protocol" . -}}://{{ .Values.OperationsCenter.HostName }}{{ include "oc.contextpath" . }}/
+{{- template "oc.protocol" . -}}://{{ include "oc.hostname" . }}{{ include "oc.contextpath" . }}/
 {{- end -}}
 
 {{- define "ingress.apiVersion" -}}
@@ -174,7 +195,7 @@ true
 {{- end -}}
 
 {{- define "oc.defaultFsGroup" -}}
-{{- if and (ne (default -1 .Values.OperationsCenter.RunAsUser) 0) (not (include "cloudbees-core.is-openshift" .)) -}}
+{{- if and (not (eq (toString .Values.OperationsCenter.RunAsUser) "0")) (not (include "cloudbees-core.is-openshift" .)) -}}
 1000
 {{- end -}}
 {{- end -}}
@@ -315,7 +336,7 @@ jmx
 {{- end -}}
 
 {{- define "persistence.storageclass" -}}
-{{- if (.Values.Persistence.StorageClass) and (ne "-" .Values.Persistence.StorageClass) -}}
+{{- if and (.Values.Persistence.StorageClass) (ne "-" (toString .Values.Persistence.StorageClass)) -}}
 {{ .Values.Persistence.StorageClass}}
 {{- else if (include "gke.storageclass.name" .) -}}
 {{ include "gke.storageclass.name" . }}

helm/templates/agents-configmap.yaml

 {{- if .Values.Agents.Enabled -}}
-# Clone of (an old version of) the launcher script from the official Jenkins agent image.
+# Clone of https://github.com/jenkinsci/docker-inbound-agent/blob/4.3-4/jenkins-agent
 # Normally the image will specify its own (up-to-date) launcher script and this is unused.
 # Only useful for migrations from CJE 1 where it is desirable to run a single-container agent
 # using an arbitrary image containing a JRE, in which case slave.jar will be downloaded from the master.
@@ -42,6 +42,13 @@ data:
     # * JENKINS_URL : alternate jenkins URL
     # * JENKINS_SECRET : agent secret, if not set as an argument
     # * JENKINS_AGENT_NAME : agent name, if not set as an argument
+    # * JENKINS_AGENT_WORKDIR : agent work directory, if not set by optional parameter -workDir
+    # * JENKINS_WEB_SOCKET: true if the connection should be made via WebSocket rather than TCP
+    # * JENKINS_DIRECT_CONNECTION: Connect directly to this TCP agent port, skipping the HTTP(S) connection parameter download.
+    #                              Value: "<HOST>:<PORT>"
+    # * JENKINS_INSTANCE_IDENTITY: The base64 encoded InstanceIdentity byte array of the Jenkins master. When this is set,
+    #                              the agent skips connecting to an HTTP(S) port for connection info.
+    # * JENKINS_PROTOCOLS:         Specify the remoting protocols to attempt when instanceIdentity is provided.
 
     if [ $# -eq 1 ]; then
 
@@ -59,6 +66,15 @@ data:
             fi ;;
         esac
 
+        # if -workDir is not provided, try env vars
+        if [ ! -z "$JENKINS_AGENT_WORKDIR" ]; then
+            case "$@" in
+                *"-workDir"*) echo "Warning: Work directory is defined twice in command-line arguments and the environment variable" ;;
+                *)
+                WORKDIR="-workDir $JENKINS_AGENT_WORKDIR" ;;
+            esac
+        fi
+
         if [ -n "$JENKINS_URL" ]; then
             URL="-url $JENKINS_URL"
         fi
@@ -67,6 +83,22 @@ data:
             JENKINS_AGENT_NAME="$JENKINS_NAME"
         fi
 
+        if [ "$JENKINS_WEB_SOCKET" = true ]; then
+            WEB_SOCKET=-webSocket
+        fi
+
+        if [ -n "$JENKINS_PROTOCOLS" ]; then
+            PROTOCOLS="-protocols $JENKINS_PROTOCOLS"
+        fi
+
+        if [ -n "$JENKINS_DIRECT_CONNECTION" ]; then
+            DIRECT="-direct $JENKINS_DIRECT_CONNECTION"
+        fi
+
+        if [ -n "$JENKINS_INSTANCE_IDENTITY" ]; then
+            INSTANCE_IDENTITY="-instanceIdentity $JENKINS_INSTANCE_IDENTITY"
+        fi
+
         if [ -z "$JNLP_PROTOCOL_OPTS" ]; then
             echo "Warning: JnlpProtocol3 is disabled by default, use JNLP_PROTOCOL_OPTS to alter the behavior"
             JNLP_PROTOCOL_OPTS="-Dorg.jenkinsci.remoting.engine.JnlpProtocol3.disabled=true"
@@ -108,6 +140,6 @@ data:
         #TODO: Handle the case when the command-line and Environment variable contain different values.
         #It is fine it blows up for now since it should lead to an error anyway.
 
-        exec java $JAVA_OPTS $JNLP_PROTOCOL_OPTS -cp $SLAVE_JAR hudson.remoting.jnlp.Main -headless $TUNNEL $URL $OPT_JENKINS_SECRET $OPT_JENKINS_AGENT_NAME "$@"
+        exec java $JAVA_OPTS $JNLP_PROTOCOL_OPTS -cp $SLAVE_JAR hudson.remoting.jnlp.Main -headless $TUNNEL $URL $WORKDIR $WEB_SOCKET $DIRECT $PROTOCOLS $INSTANCE_IDENTITY $OPT_JENKINS_SECRET $OPT_JENKINS_AGENT_NAME "$@"
     fi
   {{- end -}}

helm/templates/cjoc-role-master-management.yaml

@@ -119,6 +119,8 @@ rules:
   - list
   - get
   - create
+  - update
+  - patch
   - delete
 - apiGroups:
   - ""

helm/templates/cjoc-statefulset.yaml

@@ -75,9 +75,9 @@ spec:
       affinity:
 {{ toYaml .Values.OperationsCenter.Affinity | indent 8 }}
       {{- end }}
-      {{- if or (.Values.OperationsCenter.RunAsUser) (.Values.OperationsCenter.RunAsGroup) (include "oc.fsGroup" .) }}
+      {{- if or (not (eq (toString .Values.OperationsCenter.RunAsUser) "")) (.Values.OperationsCenter.RunAsGroup) (include "oc.fsGroup" .) }}
       securityContext:
-        {{- if .Values.OperationsCenter.RunAsUser }}
+        {{- if not (eq (toString .Values.OperationsCenter.RunAsUser) "") }}
         runAsUser: {{ .Values.OperationsCenter.RunAsUser }}
         {{- end }}
         {{- if .Values.OperationsCenter.RunAsGroup }}

helm/values.yaml

@@ -33,7 +33,7 @@ OperationsCenter:
 
   # Operations Center docker image
   Image:
-    dockerImage: dcar/core-oc:2.222.4.3
+    dockerImage: dcar/core-oc:2.235.2.3
     dockerPullPolicy: IfNotPresent
 
   # Platform enables specific settings, option defaults standard
@@ -51,6 +51,9 @@ OperationsCenter:
   Protocol: http
   # Protocol: https
 
+  # Port used to access CJOC. Defaults to 80/443 depending on Protocol. Can be overriden.
+  # Port: 80
+
   # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-requests-and-limits-of-pod-and-container
   Resources:
     Limits:
@@ -129,7 +132,7 @@ OperationsCenter:
 
   # Node labels and tolerations for pod assignment
   # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
-  NodeSelector: []
+  NodeSelector: {}
   # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
   Tolerations: []
 
@@ -208,7 +211,7 @@ Master:
 
   # Docker image inserted in Operations Center automatically
   Image:
-    dockerImage: dcar/core-mm:2.222.4.3
+    dockerImage: dcar/core-mm:2.235.2.3
     dockerPullPolicy: IfNotPresent
   # Additional Java options to pass to managed masters. For example, setting up a JMX port
   JavaOpts: null
@@ -226,7 +229,7 @@ Agents:
     Create: false
   Image:
     # Used to override the default docker image used for agents
-    dockerImage: dcar/agent:2.222.4.3
+    dockerImage: dcar/agent:2.235.2.3
 
 Persistence:
   ## Persistent Volume Storage Class for Jenkins Home

scripts/usr/local/bin/jenkins.sh

@@ -52,7 +52,7 @@ find /usr/share/jenkins/ref/ -type f -exec bash -c "copy_reference_file '{}'" \;
 
 # if `docker run` first argument start with `--` the user is passing jenkins launcher arguments
 if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then
-  eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=5a533c774ae77dd775097dec6ba8679b2e6c641e /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\""
+  eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=5e3361ef7dfaac2735ee3c330732700c0c0c10ff /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\""
 fi
 
 # As argument is not jenkins, assume user want to run his own process, for sample a `bash` shell to explore this image

[jenkins-gitlab]

Pipeline Status: SUCCESS
Branch: 2.235.2.3

graph LR
  0([setup]):::INTERNAL_SUCCESS --> 1([Import Artifacts]):::SUCCESS --> 2((/)):::INTERNAL_SUCCESS --> 3([Stage Artifacts]):::SUCCESS --> 4((/)):::INTERNAL_SUCCESS --> 5([Build]):::SUCCESS --> 6([Publish, Scan & Report]):::INTERNAL_NOT_BUILT

classDef SUCCESS font-size:10px
classDef FAILURE fill:#f44, font-size:10px
classDef SKIPPED font-size:10px
classDef ABORTED fill:#889, font-size:10px
classDef INTERNAL_SUCCESS font-size:10px, stroke-dasharray: 2, 1
classDef INTERNAL_FAILURE fill:#f44, font-size:10px, stroke-dasharray: 2, 1
classDef INTERNAL_SKIPPED font-size:10px, stroke-dasharray: 2, 1
classDef INTERNAL_ABORTED fill:#889, font-size:10px, stroke-dasharray: 2, 1