diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 3a4edf690ca5fd2213e31a83ede1503d5c73ccfa..0000000000000000000000000000000000000000 --- a/.gitignore +++ /dev/null @@ -1 +0,0 @@ -.project diff --git a/2.164.3/CHANGELOG.md b/2.164.3/CHANGELOG.md deleted file mode 100644 index 34d9a5192dd02cb8f58bae38fcff3294e44a6fa3..0000000000000000000000000000000000000000 --- a/2.164.3/CHANGELOG.md +++ /dev/null @@ -1,14 +0,0 @@ -# Changelog - -All notable changes to this project will be documented in this file. - -The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - -## [v2.60.3] - 05/06/19 - -### Added -Initial version - -### Changed - -### Removed \ No newline at end of file diff --git a/2.164.3/Dockerfile b/2.164.3/Dockerfile deleted file mode 100644 index 63062827b9420b0303c55acd7adf59ff9510be75..0000000000000000000000000000000000000000 --- a/2.164.3/Dockerfile +++ /dev/null @@ -1,84 +0,0 @@ -ARG BASE_REGISTRY=registry.access.redhat.com -ARG BASE_IMAGE=ubi7 -ARG BASE_TAG=7.7 -FROM $BASE_REGISTRY/$BASE_IMAGE:$BASE_TAG -LABEL dcar_status="pending-approval" - -RUN yum install -y --disableplugin=subscription-manager --nogpgcheck java-1.8.0-openjdk-devel curl git unzip && rm -rf /var/cache/yum/* - -ARG user=jenkins -ARG group=jenkins -ARG uid=1000 -ARG gid=1000 -ARG http_port=8080 -ARG agent_port=50000 -ARG JENKINS_HOME=/var/jenkins_home - -ENV JENKINS_HOME $JENKINS_HOME -ENV JENKINS_SLAVE_AGENT_PORT ${agent_port} - -# Jenkins is run with user `jenkins`, uid = 1000 -# If you bind mount a volume from the host or a data container, -# ensure you use the same uid -RUN mkdir -p $JENKINS_HOME \ - && chown ${uid}:${gid} $JENKINS_HOME \ - && groupadd -g ${gid} ${group} \ - && useradd -d "$JENKINS_HOME" -u ${uid} -g ${gid} -m -s /bin/bash ${user} - -# Jenkins home directory is a volume, so configuration and build history -# can be persisted and survive image upgrades -VOLUME $JENKINS_HOME - -# `/usr/share/jenkins/ref/` contains all reference configuration we want -# to set on a fresh new installation. Use it to bundle additional plugins -# or config file with your custom jenkins Docker image. -RUN mkdir -p /usr/share/jenkins/ref/init.groovy.d - - -# Use tini as subreaper in Docker container to adopt zombie processes -ARG TINI_VERSION=v0.16.1 -ARG TINI_SHA=5e01734c8b2e6429a1ebcc67e2d86d3bb0c4574dd7819a0aff2dca784580e040 -RUN curl -kfsSL https://nexus.52.61.140.4.nip.io/repository/cht/tini/release/${TINI_VERSION}/tini-static -o /sbin/tini \ - && echo "${TINI_SHA} /sbin/tini" | sha256sum -c - && chmod +x /sbin/tini - -ENV JENKINS_VERSION=2.164.3 - -# jenkins.war checksum, download will be validated using it -ARG JENKINS_SHA=a8af991f9085ff7f12baa2c9978554b2a18e5c4ed84327224d30e269e8f4a50e - -ARG JENKINS_URL=https://nexus.52.61.140.4.nip.io/repository/cht/jenkins/${JENKINS_VERSION}/jenkins.war -ARG JENKINS_PLUGINS_URL=https://nexus.52.61.140.4.nip.io/repository/cht/jenkins/jenkinsPlugins.zip - -RUN curl -kfsSL ${JENKINS_URL} -o /usr/share/jenkins/jenkins.war \ - && echo "${JENKINS_SHA} /usr/share/jenkins/jenkins.war" | sha256sum -c - - -RUN curl -o ${JENKINS_HOME}/jenkinsPlugins.zip -kfl ${JENKINS_PLUGINS_URL} \ - && mkdir -p ${JENKINS_HOME}/plugins \ - && mkdir -p /tmp/plugins \ - && unzip ${JENKINS_HOME}/jenkinsPlugins.zip -d /tmp/plugins \ - && chown -R ${uid}:${gid} /tmp/plugins - -ENV JENKINS_UC https://updates.jenkins.io -ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental -ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals -RUN chown -R ${user} "$JENKINS_HOME" /usr/share/jenkins/ref - -# for main web interface: -EXPOSE ${http_port} - -# will be used by attached slave agents: -EXPOSE ${agent_port} - -ENV COPY_REFERENCE_FILE_LOG $JENKINS_HOME/copy_reference_file.log - -COPY jenkins.sh /usr/local/bin/jenkins.sh -COPY tini-shim.sh /bin/tini -RUN chmod 777 /usr/local/bin/jenkins.sh - -USER ${user} - -ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/jenkins.sh"] - -# from a derived Dockerfile, can use `RUN plugins.sh active.txt` to setup /usr/share/jenkins/ref/plugins from a support bundle -# COPY plugins.sh /usr/local/bin/plugins.sh -# COPY install-plugins.sh /usr/local/bin/install-plugins.sh diff --git a/2.164.3/Jenkinsfile b/2.164.3/Jenkinsfile deleted file mode 100644 index 2bf82a4c7767a579a0bfcb49659d572ddfc2cc39..0000000000000000000000000000000000000000 --- a/2.164.3/Jenkinsfile +++ /dev/null @@ -1 +0,0 @@ -// TODO - define jenkinsfile for the opensource jenkins v2.60.3 image \ No newline at end of file diff --git a/2.164.3/LICENSE b/2.164.3/LICENSE deleted file mode 100644 index 17c729670e10395c66222fdf25e748414ef9ba1d..0000000000000000000000000000000000000000 --- a/2.164.3/LICENSE +++ /dev/null @@ -1,17 +0,0 @@ -As a work of the United States Government, this project is in the public domain within the United States. - -Additionally, we waive copyright and related rights in the work worldwide through the CC0 1.0 Universal public domain dedication. - -CC0 1.0 Universal Summary -This is a human-readable summary of the Legal Code (read the full text). - -No Copyright -The person who associated a work with this deed has dedicated the work to the public domain by waiving all of his or her rights to the work worldwide under copyright law, including all related and neighboring rights, to the extent allowed by law. - -You can copy, modify, distribute and perform the work, even for commercial purposes, all without asking permission. - -Other Information -In no way are the patent or trademark rights of any person affected by CC0, nor are the rights that other persons may have in the work or in how the work is used, such as publicity or privacy rights. - -Unless expressly stated otherwise, the person who associated a work with this deed makes no warranties about the work, and disclaims liability for all uses of the work, to the fullest extent permitted by applicable law. When using or citing the work, you should not imply endorsement by the author or the affirmer. - diff --git a/2.164.3/README.md b/2.164.3/README.md deleted file mode 100644 index 4b957733cbd9078e00bfc252b608ef3924a6c54f..0000000000000000000000000000000000000000 --- a/2.164.3/README.md +++ /dev/null @@ -1,24 +0,0 @@ -# Jenkins v2.164.3 - -This is derived from https://github.com/jenkinsci/docker/blob/master/Dockerfile - -## Ports -This container requires port 8080 to be exposed in order to effectively run. 50000 -is used as the Jenkins Agent port. - -## Volumes -This container relies on a volume specified by the environment variable JENKINS_HOME -which has the value '/var/jenkins_home'. - -## Running the container -In order to run the container, enter the following command inside this directory: -`docker run -dit -p 8000:8000 `. This will run the container with port -8000 exposed. - -## Scan Artifacts -Artifacts from the scan on the this container may be found [here](https://dsop-pipeline-artifacts.s3-us-gov-west-1.amazonaws.com/testing/container-scan-reports/opensource/jenkins-ubi7-stigd/repo_map.html). - -## Other Info -This container has a default set of plugins which it pulls as a zip file from a -nexus. These default plugins are installed and available on launch in the case -that outside internet access is unavailable. diff --git a/2.164.3/banner b/2.164.3/banner deleted file mode 100644 index 5e12379778b4e268bcd3c8800ef6e03cbb17cd8a..0000000000000000000000000000000000000000 --- a/2.164.3/banner +++ /dev/null @@ -1,6 +0,0 @@ -You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: --The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. --At any time, the USG may inspect and seize data stored on this IS. --Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. --This IS includes security measures (e.g., authentication and access controls) to protect USG interests -- not for your personal benefit or privacy. --Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details. diff --git a/2.164.3/install-plugins.sh b/2.164.3/install-plugins.sh deleted file mode 100644 index ceb074b6cc51782e92821ae4c2ed31324fbbe0f6..0000000000000000000000000000000000000000 --- a/2.164.3/install-plugins.sh +++ /dev/null @@ -1,276 +0,0 @@ -#!/bin/bash -eu - -# Resolve dependencies and download plugins given on the command line -# -# FROM jenkins -# RUN install-plugins.sh docker-slaves github-branch-source - -set -o pipefail - -REF_DIR=${REF:-/usr/share/jenkins/ref/plugins} -FAILED="$REF_DIR/failed-plugins.txt" - -. /usr/local/bin/jenkins-support - -getLockFile() { - printf '%s' "$REF_DIR/${1}.lock" -} - -getArchiveFilename() { - printf '%s' "$REF_DIR/${1}.jpi" -} - -download() { - local plugin originalPlugin version lock ignoreLockFile url - plugin="$1" - version="${2:-latest}" - ignoreLockFile="${3:-}" - url="${4:-}" - lock="$(getLockFile "$plugin")" - - if [[ $ignoreLockFile ]] || mkdir "$lock" &>/dev/null; then - if ! doDownload "$plugin" "$version" "$url"; then - # some plugin don't follow the rules about artifact ID - # typically: docker-plugin - originalPlugin="$plugin" - plugin="${plugin}-plugin" - if ! doDownload "$plugin" "$version" "$url"; then - echo "Failed to download plugin: $originalPlugin or $plugin" >&2 - echo "Not downloaded: ${originalPlugin}" >> "$FAILED" - return 1 - fi - fi - - if ! checkIntegrity "$plugin"; then - echo "Downloaded file is not a valid ZIP: $(getArchiveFilename "$plugin")" >&2 - echo "Download integrity: ${plugin}" >> "$FAILED" - return 1 - fi - - resolveDependencies "$plugin" - fi -} - -doDownload() { - local plugin version url jpi - plugin="$1" - version="$2" - url="$3" - jpi="$(getArchiveFilename "$plugin")" - - # If plugin already exists and is the same version do not download - if test -f "$jpi" && unzip -p "$jpi" META-INF/MANIFEST.MF | tr -d '\r' | grep "^Plugin-Version: ${version}$" > /dev/null; then - echo "Using provided plugin: $plugin" - return 0 - fi - - : ' - if [[ -n $url ]] ; then - echo "Will use url=$url" - elif [[ "$version" == "latest" && -n "$JENKINS_UC_LATEST" ]]; then - # If version-specific Update Center is available, which is the case for LTS versions, - # use it to resolve latest versions. - url="$JENKINS_UC_LATEST/latest/${plugin}.hpi" - elif [[ "$version" == "experimental" && -n "$JENKINS_UC_EXPERIMENTAL" ]]; then - # Download from the experimental update center - url="$JENKINS_UC_EXPERIMENTAL/latest/${plugin}.hpi" - elif [[ "$version" == incrementals* ]] ; then - # Download from Incrementals repo: https://jenkins.io/blog/2018/05/15/incremental-deployment/ - # Example URL: https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/plugins/workflow/workflow-support/2.19-rc289.d09828a05a74/workflow-support-2.19-rc289.d09828a05a74.hpi - local groupId incrementalsVersion - arrIN=("${version//;/ }") - groupId=${arrIN[1]} - incrementalsVersion=${arrIN[2]} - url="${JENKINS_INCREMENTALS_REPO_MIRROR}/$(echo "${groupId}" | tr '.' '/')/${plugin}/${incrementalsVersion}/${plugin}-${incrementalsVersion}.hpi" - else - JENKINS_UC_DOWNLOAD=${JENKINS_UC_DOWNLOAD:-"$JENKINS_UC/download"} - url="$JENKINS_UC_DOWNLOAD/plugins/$plugin/$version/${plugin}.hpi" - fi - - echo "Downloading plugin: $plugin from $url" - # We actually want to allow variable value to be split into multiple options passed to curl. - # This is needed to allow long options and any options that take value. - # shellcheck disable=SC2086 - retry_command curl ${CURL_OPTIONS:--sSfL} --connect-timeout "${CURL_CONNECTION_TIMEOUT:-20}" --retry "${CURL_RETRY:-3}" --retry-delay "${CURL_RETRY_DELAY:-0}" --retry-max-time "${CURL_RETRY_MAX_TIME:-60}" "$url" -o "$jpi" - ' - return $? -} - -checkIntegrity() { - local plugin jpi - plugin="$1" - jpi="$(getArchiveFilename "$plugin")" - - unzip -t -qq "$jpi" >/dev/null - return $? -} - -resolveDependencies() { - local plugin jpi dependencies - plugin="$1" - jpi="$(getArchiveFilename "$plugin")" - - dependencies="$(unzip -p "$jpi" META-INF/MANIFEST.MF | tr -d '\r' | tr '\n' '|' | sed -e 's#| ##g' | tr '|' '\n' | grep "^Plugin-Dependencies: " | sed -e 's#^Plugin-Dependencies: ##')" - - if [[ ! $dependencies ]]; then - echo " > $plugin has no dependencies" - return - fi - - echo " > $plugin depends on $dependencies" - - IFS=',' read -r -a array <<< "$dependencies" - - for d in "${array[@]}" - do - plugin="$(cut -d':' -f1 - <<< "$d")" - if [[ $d == *"resolution:=optional"* ]]; then - echo "Skipping optional dependency $plugin" - else - local pluginInstalled - if pluginInstalled="$(echo -e "${bundledPlugins}\n${installedPlugins}" | grep "^${plugin}:")"; then - pluginInstalled="${pluginInstalled//[$'\r']}" - local versionInstalled; versionInstalled=$(versionFromPlugin "${pluginInstalled}") - local minVersion; minVersion=$(versionFromPlugin "${d}") - if versionLT "${versionInstalled}" "${minVersion}"; then - echo "Upgrading bundled dependency $d ($minVersion > $versionInstalled)" - download "$plugin" & - else - echo "Skipping already installed dependency $d ($minVersion <= $versionInstalled)" - fi - else - download "$plugin" & - fi - fi - done - wait -} - -bundledPlugins() { - local JENKINS_WAR=/usr/share/jenkins/jenkins.war - if [ -f $JENKINS_WAR ] - then - TEMP_PLUGIN_DIR=/tmp/plugintemp.$$ - for i in $(jar tf $JENKINS_WAR | grep -E '[^detached-]plugins.*\..pi' | sort) - do - rm -fr $TEMP_PLUGIN_DIR - mkdir -p $TEMP_PLUGIN_DIR - PLUGIN=$(basename "$i"|cut -f1 -d'.') - (cd $TEMP_PLUGIN_DIR;jar xf "$JENKINS_WAR" "$i";jar xvf "$TEMP_PLUGIN_DIR/$i" META-INF/MANIFEST.MF >/dev/null 2>&1) - VER=$(grep -E -i Plugin-Version "$TEMP_PLUGIN_DIR/META-INF/MANIFEST.MF"|cut -d: -f2|sed 's/ //') - echo "$PLUGIN:$VER" - done - rm -fr $TEMP_PLUGIN_DIR - else - echo "war not found, installing all plugins: $JENKINS_WAR" - fi -} - -versionFromPlugin() { - local plugin=$1 - if [[ $plugin =~ .*:.* ]]; then - echo "${plugin##*:}" - else - echo "latest" - fi - -} - -installedPlugins() { - for f in "$REF_DIR"/*.jpi; do - echo "$(basename "$f" | sed -e 's/\.jpi//'):$(get_plugin_version "$f")" - done -} - -jenkinsMajorMinorVersion() { - local JENKINS_WAR - JENKINS_WAR=/usr/share/jenkins/jenkins.war - if [[ -f "$JENKINS_WAR" ]]; then - local version major minor - version="$(java -jar $JENKINS_WAR --version)" - major="$(echo "$version" | cut -d '.' -f 1)" - minor="$(echo "$version" | cut -d '.' -f 2)" - echo "$major.$minor" - else - echo "" - fi -} - -main() { - local plugin jenkinsVersion - local plugins=() - - mkdir -p "$REF_DIR" || exit 1 - rm -f "$FAILED" - - # Read plugins from stdin or from the command line arguments - if [[ ($# -eq 0) ]]; then - while read -r line || [ "$line" != "" ]; do - # Remove leading/trailing spaces, comments, and empty lines - plugin=$(echo "${line}" | tr -d '\r' | sed -e 's/^[ \t]*//g' -e 's/[ \t]*$//g' -e 's/[ \t]*#.*$//g' -e '/^[ \t]*$/d') - - # Avoid adding empty plugin into array - if [ ${#plugin} -ne 0 ]; then - plugins+=("${plugin}") - fi - done - else - plugins=("$@") - fi - - # Create lockfile manually before first run to make sure any explicit version set is used. - echo "Creating initial locks..." - for plugin in "${plugins[@]}"; do - mkdir "$(getLockFile "${plugin%%:*}")" - done - - echo "Analyzing war..." - bundledPlugins="$(bundledPlugins)" - - echo "Registering preinstalled plugins..." - installedPlugins="$(installedPlugins)" - - # Check if there's a version-specific update center, which is the case for LTS versions - jenkinsVersion="$(jenkinsMajorMinorVersion)" - if curl -fsL -o /dev/null "$JENKINS_UC/$jenkinsVersion"; then - JENKINS_UC_LATEST="$JENKINS_UC/$jenkinsVersion" - echo "Using version-specific update center: $JENKINS_UC_LATEST..." - else - JENKINS_UC_LATEST= - fi - - echo "Downloading plugins..." - for plugin in "${plugins[@]}"; do - local reg='^([^:]+):?([^:]+)?:?([^:]+)?:?(http.+)?' - if [[ $plugin =~ $reg ]]; then - local pluginId="${BASH_REMATCH[1]}" - local version="${BASH_REMATCH[2]}" - local lock="${BASH_REMATCH[3]}" - local url="${BASH_REMATCH[4]}" - download "$pluginId" "$version" "${lock:-true}" "${url}" & - else - echo "Skipping the line '${plugin}' as it does not look like a reference to a plugin" - fi - done - wait - - echo - echo "WAR bundled plugins:" - echo "${bundledPlugins}" - echo - echo "Installed plugins:" - installedPlugins - - if [[ -f $FAILED ]]; then - echo "Some plugins failed to download!" "$(<"$FAILED")" >&2 - exit 1 - fi - - echo "Cleaning up locks" - find "$REF_DIR" -regex ".*.lock" | while read -r filepath; do - rm -r "$filepath" - done - -} - -main "$@" \ No newline at end of file diff --git a/2.164.3/jenkins.sh b/2.164.3/jenkins.sh deleted file mode 100644 index 8bdffb93178411d9b9bca58f4bbab4110de6e25e..0000000000000000000000000000000000000000 --- a/2.164.3/jenkins.sh +++ /dev/null @@ -1,42 +0,0 @@ -#! /bin/bash -e - -: "${JENKINS_WAR:="/usr/share/jenkins/jenkins.war"}" -: "${JENKINS_HOME:="/var/jenkins_home"}" -touch "${COPY_REFERENCE_FILE_LOG}" || { echo "Can not write to ${COPY_REFERENCE_FILE_LOG}. Wrong volume permissions?"; exit 1; } -echo "--- Copying files at $(date)" >> "$COPY_REFERENCE_FILE_LOG" -find /usr/share/jenkins/ref/ \( -type f -o -type l \) -exec bash -c '. /usr/local/bin/jenkins-support; for arg; do copy_reference_file "$arg"; done' _ {} + -mkdir ${JENKINS_HOME}/plugins -cp /tmp/plugins/* ${JENKINS_HOME}/plugins -rm -rf /tmp/plugins - -# if `docker run` first argument start with `--` the user is passing jenkins launcher arguments -if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then - - # read JAVA_OPTS and JENKINS_OPTS into arrays to avoid need for eval (and associated vulnerabilities) - java_opts_array=() - while IFS= read -r -d '' item; do - java_opts_array+=( "$item" ) - done < <([[ $JAVA_OPTS ]] && xargs printf '%s\0' <<<"$JAVA_OPTS") - - readonly agent_port_property='jenkins.model.Jenkins.slaveAgentPort' - if [ -n "${JENKINS_SLAVE_AGENT_PORT:-}" ] && [[ "${JAVA_OPTS:-}" != *"${agent_port_property}"* ]]; then - java_opts_array+=( "-D${agent_port_property}=${JENKINS_SLAVE_AGENT_PORT}" ) - fi - - if [[ "$DEBUG" ]] ; then - java_opts_array+=( \ - '-Xdebug' \ - '-Xrunjdwp:server=y,transport=dt_socket,address=5005,suspend=y' \ - ) - fi - - jenkins_opts_array=( ) - while IFS= read -r -d '' item; do - jenkins_opts_array+=( "$item" ) - done < <([[ $JENKINS_OPTS ]] && xargs printf '%s\0' <<<"$JENKINS_OPTS") - - exec java -Duser.home="$JENKINS_HOME" "${java_opts_array[@]}" -jar ${JENKINS_WAR} "${jenkins_opts_array[@]}" "$@" -fi - -# As argument is not jenkins, assume user want to run his own process, for example a `bash` shell to explore this image -exec "$@" \ No newline at end of file diff --git a/2.164.3/jenkins:2.164.3-whitelist b/2.164.3/jenkins:2.164.3-whitelist deleted file mode 100644 index a98f02676e30d8d7a77b13dbebe4ac50d1d01288..0000000000000000000000000000000000000000 --- a/2.164.3/jenkins:2.164.3-whitelist +++ /dev/null @@ -1,8 +0,0 @@ -{ - "image_name": "jenkins", - "image_tag": "2.164.3", - "image_parent_name": "ubi7", - "image_parent_tag": "7.7", - "whitelisted_vulnerabilities": ["CVE-IDUNNO", "CVE-MORETESTING"], - "report_s3": "https://dsop-pipeline-artifacts.s3-us-gov-west-1.amazonaws.com/testing/container-scan-reports/opensource/jenkins-v2.164.3/repo_map.html" -} diff --git a/2.164.3/plugins.sh b/2.164.3/plugins.sh deleted file mode 100644 index d6a94bd8bce0e493c25afb4399a3e560b91f007d..0000000000000000000000000000000000000000 --- a/2.164.3/plugins.sh +++ /dev/null @@ -1,125 +0,0 @@ -#! /bin/bash - -# Parse a support-core plugin -style txt file as specification for jenkins plugins to be installed -# in the reference directory, so user can define a derived Docker image with just : -# -# FROM jenkins -# COPY plugins.txt /plugins.txt -# RUN /usr/local/bin/plugins.sh /plugins.txt -# -# Note: Plugins already installed are skipped -# - -set -e - -echo "WARN: plugins.sh is deprecated, please switch to install-plugins.sh" - -if [ -z "$1" ] -then - echo " -USAGE: - Parse a support-core plugin -style txt file as specification for jenkins plugins to be installed - in the reference directory, so user can define a derived Docker image with just : - - FROM jenkins - COPY plugins.txt /plugins.txt - RUN /usr/local/bin/plugins.sh /plugins.txt - - Note: Plugins already installed are skipped - -" - exit 1 -else - JENKINS_INPUT_JOB_LIST=$1 - if [ ! -f "$JENKINS_INPUT_JOB_LIST" ] - then - echo "ERROR File not found: $JENKINS_INPUT_JOB_LIST" - exit 1 - fi -fi - -# the war includes a # of plugins, to make the build efficient filter out -# the plugins so we dont install 2x - there about 17! -if [ -d "$JENKINS_HOME" ] -then - TEMP_ALREADY_INSTALLED=$JENKINS_HOME/preinstalled.plugins.$$.txt -else - echo "ERROR $JENKINS_HOME not found" - exit 1 -fi - -JENKINS_PLUGINS_DIR=${JENKINS_HOME}/plugins -if [ -d "$JENKINS_PLUGINS_DIR" ] -then - echo "Analyzing: $JENKINS_PLUGINS_DIR" - for i in "$JENKINS_PLUGINS_DIR"/*/; do - JENKINS_PLUGIN=$(basename "$i") - JENKINS_PLUGIN_VER=$(grep -E -i Plugin-Version "$i/META-INF/MANIFEST.MF"|cut -d: -f2|sed 's/ //') - echo "$JENKINS_PLUGIN:$JENKINS_PLUGIN_VER" - done >"$TEMP_ALREADY_INSTALLED" -else - JENKINS_WAR=/usr/share/jenkins/jenkins.war - if [ -f "$JENKINS_WAR" ] - then - echo "Analyzing war: $JENKINS_WAR" - TEMP_PLUGIN_DIR=/tmp/plugintemp.$$ - while read -r i <&3; do - rm -fr "$TEMP_PLUGIN_DIR" - mkdir -p "$TEMP_PLUGIN_DIR" - PLUGIN=$(basename "$i"|cut -f1 -d'.') - (cd "$TEMP_PLUGIN_DIR" || exit; jar xf "$JENKINS_WAR" "$i"; jar xvf "$TEMP_PLUGIN_DIR/$i" META-INF/MANIFEST.MF >/dev/null 2>&1) - VER=$(grep -E -i Plugin-Version "$TEMP_PLUGIN_DIR/META-INF/MANIFEST.MF"|cut -d: -f2|sed 's/ //') - echo "$PLUGIN:$VER" - done 3< <(jar tf "$JENKINS_WAR" | grep -E '[^detached-]plugins.*\..pi' | sort) > "$TEMP_ALREADY_INSTALLED" - rm -fr "$TEMP_PLUGIN_DIR" - else - rm -f "$TEMP_ALREADY_INSTALLED" - echo "ERROR file not found: $JENKINS_WAR" - exit 1 - fi -fi - -REF=/usr/share/jenkins/ref/plugins -mkdir -p $REF -COUNT_PLUGINS_INSTALLED=0 -while read -r spec || [ -n "$spec" ]; do - - plugin=() - IFS=' ' read -r -a plugin <<< "${spec//:/ }" - [[ ${plugin[0]} =~ ^# ]] && continue - [[ ${plugin[0]} =~ ^[[:space:]]*$ ]] && continue - [[ -z ${plugin[1]} ]] && plugin[1]="latest" - - if [ -z "$JENKINS_UC_DOWNLOAD" ]; then - JENKINS_UC_DOWNLOAD=$JENKINS_UC/download - fi - - if ! grep -q "${plugin[0]}:${plugin[1]}" "$TEMP_ALREADY_INSTALLED" - then - echo "Downloading ${plugin[0]}:${plugin[1]}" - curl --retry 3 --retry-delay 5 -sSL -f "${JENKINS_UC_DOWNLOAD}/plugins/${plugin[0]}/${plugin[1]}/${plugin[0]}.hpi" -o "$REF/${plugin[0]}.jpi" - unzip -qqt "$REF/${plugin[0]}.jpi" - (( COUNT_PLUGINS_INSTALLED += 1 )) - else - echo " ... skipping already installed: ${plugin[0]}:${plugin[1]}" - fi -done < "$JENKINS_INPUT_JOB_LIST" - -echo "---------------------------------------------------" -if (( "$COUNT_PLUGINS_INSTALLED" > 0 )) -then - echo "INFO: Successfully installed $COUNT_PLUGINS_INSTALLED plugins." - - if [ -d "$JENKINS_PLUGINS_DIR" ] - then - echo "INFO: Please restart the container for changes to take effect!" - fi -else - echo "INFO: No changes, all plugins previously installed." - -fi -echo "---------------------------------------------------" - -#cleanup -rm "$TEMP_ALREADY_INSTALLED" -exit 0 \ No newline at end of file diff --git a/2.164.3/tini-shim.sh b/2.164.3/tini-shim.sh deleted file mode 100644 index 65647146351df21bbece12a358b8c373ed51d46d..0000000000000000000000000000000000000000 --- a/2.164.3/tini-shim.sh +++ /dev/null @@ -1,17 +0,0 @@ -#! /bin/bash -set -euo pipefail - -cat <= 2.107.2+) - -Now sleeping 2 minutes... -EOF - -sleep 120 - -exec tini "$@" \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..fd687e4aaddeab34f119bab6c7be39821efa50cf --- /dev/null +++ b/Dockerfile @@ -0,0 +1,82 @@ +ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082 +ARG BASE_IMAGE=redhat/ubi/ubi8 + +ARG BASE_TAG=8.2 + +FROM jenkins/jenkins:2.222.4-centos as jenkins + +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} + +LABEL name="Jenkins" \ + description="Jenkins Continuous Integration and Delivery server" \ + vendor="Jenkins" \ + summary="Jenkins 2.222.4" \ + maintainer="Jenkins" \ + version="2.222.4" + +ENV JAVA_HOME /etc/alternatives/jre_openjdk + +ARG user=jenkins +ARG group=jenkins +ARG uid=1000 +ARG gid=1000 +ARG http_port=8080 +ARG agent_port=50000 +ARG JENKINS_HOME=/var/jenkins_home +ARG REF=/usr/share/jenkins/ref + +ENV JENKINS_HOME $JENKINS_HOME +ENV JENKINS_SLAVE_AGENT_PORT ${agent_port} +ENV REF $REF + +COPY --from=jenkins /usr/bin/git-lfs /usr/bin/git-lfs + +# Jenkins is run with user `jenkins`, uid = 1000 +# If you bind mount a volume from the host or a data container, +# ensure you use the same uid +RUN mkdir -p $JENKINS_HOME && \ + chown ${uid}:${gid} $JENKINS_HOME && \ + groupadd -g ${gid} ${group} && \ + useradd -d "$JENKINS_HOME" -u ${uid} -g ${gid} -m -s /bin/bash ${user} && \ + dnf update -y && \ + dnf install -y git java java-devel unzip --setopt=tsflags=nodocs && \ + git lfs install && \ + dnf clean all && \ + rm -rf /var/cache/dnf && \ +# $REF (defaults to `/usr/share/jenkins/ref/`) contains all reference configuration we want +# to set on a fresh new installation. Use it to bundle additional plugins +# or config file with your custom jenkins Docker image. + mkdir -p ${REF}/init.groovy.d && \ + chown -R ${user} "$JENKINS_HOME" "$REF" && \ + chmod 00775 /usr/libexec/openssh/ssh-keysign + +# Jenkins home directory is a volume, so configuration and build history +# can be persisted and survive image upgrades +VOLUME $JENKINS_HOME + +COPY --from=jenkins /usr/share/jenkins/jenkins.war /usr/share/jenkins/jenkins.war + +ENV JENKINS_UC https://updates.jenkins.io +ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental +ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals + +# for main web interface: +EXPOSE ${http_port} + +# will be used by attached slave agents: +EXPOSE ${agent_port} + +ENV COPY_REFERENCE_FILE_LOG $JENKINS_HOME/copy_reference_file.log + +USER ${user} + +COPY --from=jenkins /usr/local/bin/jenkins-support /usr/local/bin/jenkins-support +COPY --from=jenkins /usr/local/bin/jenkins.sh /usr/local/bin/jenkins.sh +COPY --from=jenkins /bin/tini /bin/tini +COPY --from=jenkins /sbin/tini /sbin/tini + +ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/jenkins.sh"] + +# from a derived Dockerfile, can use `RUN plugins.sh active.txt` to setup $REF/plugins from a support bundle +COPY --from=jenkins /usr/local/bin/plugins.sh /usr/local/bin/plugins.sh +COPY --from=jenkins /usr/local/bin/install-plugins.sh /usr/local/bin/install-plugins.sh \ No newline at end of file diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000000000000000000000000000000000000..254043ee74da880e7a59173b5b324d649fb9a1a2 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,2 @@ +@Library('DCCSCR@master') _ +dccscrPipeline( version: "2.222.4" ) \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000000000000000000000000000000000000..366a2c3e5ad220b2212216c3e64b271dccde5da0 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +The MIT License + +Copyright (c) 2014-, Michael Neale, Nicolas de Loof, Carlos Sanchez, and a number of other of contributors + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000000000000000000000000000000000000..d2595b5dccb00c560b4660cbd0e80aefd2509f6f --- /dev/null +++ b/README.md @@ -0,0 +1,300 @@ +# Official Jenkins Docker image + +[![Docker Stars](https://img.shields.io/docker/stars/jenkins/jenkins.svg)](https://hub.docker.com/r/jenkins/jenkins/) +[![Docker Pulls](https://img.shields.io/docker/pulls/jenkins/jenkins.svg)](https://hub.docker.com/r/jenkins/jenkins/) +[![Join the chat at https://gitter.im/jenkinsci/docker](https://badges.gitter.im/jenkinsci/docker.svg)](https://gitter.im/jenkinsci/docker?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) + +The Jenkins Continuous Integration and Delivery server [available on Docker Hub](https://hub.docker.com/r/jenkins/jenkins). + +This is a fully functional Jenkins server. +[https://jenkins.io/](https://jenkins.io/). + + + + +# Usage + +``` +docker run -p 8080:8080 -p 50000:50000 jenkins/jenkins:2.222.4-centos +``` + +NOTE: read below the _build executors_ part for the role of the `50000` port mapping. + +This will store the workspace in /var/jenkins_home. All Jenkins data lives in there - including plugins and configuration. +You will probably want to make that an explicit volume so you can manage it and attach to another container for upgrades : + +``` +docker run -p 8080:8080 -p 50000:50000 -v jenkins_home:/var/jenkins_home jenkins/jenkins:2.222.4-centos +``` + +this will automatically create a 'jenkins_home' [docker volume](https://docs.docker.com/storage/volumes/) on the host machine, that will survive the container stop/restart/deletion. + +NOTE: Avoid using a [bind mount](https://docs.docker.com/storage/bind-mounts/) from a folder on the host machine into `/var/jenkins_home`, as this might result in file permission issues (the user used inside the container might not have rights to the folder on the host machine). If you _really_ need to bind mount jenkins_home, ensure that the directory on the host is accessible by the jenkins user inside the container (jenkins user - uid 1000) or use `-u some_other_user` parameter with `docker run`. + +``` +docker run -d -v jenkins_home:/var/jenkins_home -p 8080:8080 -p 50000:50000 jenkins/jenkins:2.222.4-centos +``` + +this will run Jenkins in detached mode with port forwarding and volume added. You can access logs with command 'docker logs CONTAINER_ID' in order to check first login token. ID of container will be returned from output of command above. + +## Backing up data + +If you bind mount in a volume - you can simply back up that directory +(which is jenkins_home) at any time. + +This is highly recommended. Treat the jenkins_home directory as you would a database - in Docker you would generally put a database on a volume. + +If your volume is inside a container - you can use ```docker cp $ID:/var/jenkins_home``` command to extract the data, or other options to find where the volume data is. +Note that some symlinks on some OSes may be converted to copies (this can confuse jenkins with lastStableBuild links etc) + +For more info check Docker docs section on [Managing data in containers](https://docs.docker.com/engine/tutorials/dockervolumes/) + +# Setting the number of executors + +You can specify and set the number of executors of your Jenkins master instance using a groovy script. By default its set to 2 executors, but you can extend the image and change it to your desired number of executors : + +`executors.groovy` +``` +import jenkins.model.* +Jenkins.instance.setNumExecutors(5) +``` + +and `Dockerfile` + +``` +FROM jenkins/jenkins:2.222.4-centos +COPY executors.groovy /usr/share/jenkins/ref/init.groovy.d/executors.groovy +``` + + +# Attaching build executors + +You can run builds on the master out of the box. + +But if you want to attach build slave servers **through JNLP (Java Web Start)**: make sure you map the port: ```-p 50000:50000``` - which will be used when you connect a slave agent. + +If you are only using [SSH slaves](https://wiki.jenkins-ci.org/display/JENKINS/SSH+Slaves+plugin), then you do **NOT** need to put that port mapping. + +# Passing JVM parameters + +You might need to customize the JVM running Jenkins, typically to pass system properties ([list of props](https://wiki.jenkins.io/display/JENKINS/Features+controlled+by+system+properties)) or tweak heap memory settings. Use JAVA_OPTS environment +variable for this purpose : + +``` +docker run --name myjenkins -p 8080:8080 -p 50000:50000 --env JAVA_OPTS=-Dhudson.footerURL=http://mycompany.com jenkins/jenkins:2.222.4-centos +``` + +# Configuring logging + +Jenkins logging can be configured through a properties file and `java.util.logging.config.file` Java property. +For example: + +``` +mkdir data +cat > data/log.properties < If this property is already set in **JAVA_OPTS**, then the value of +`JENKINS_SLAVE_AGENT_PORT` will be ignored. + +# Installing more tools + +You can run your container as root - and install via apt-get, install as part of build steps via jenkins tool installers, or you can create your own Dockerfile to customise, for example: + +``` +FROM jenkins/jenkins:2.222.4-centos +# if we want to install via apt +USER root +RUN apt-get update && apt-get install -y ruby make more-thing-here +# drop back to the regular jenkins user - good practice +USER jenkins +``` + +In such a derived image, you can customize your jenkins instance with hook scripts or additional plugins. +For this purpose, use `/usr/share/jenkins/ref` as a place to define the default JENKINS_HOME content you +wish the target installation to look like : + +``` +FROM jenkins/jenkins:2.222.4-centos +COPY custom.groovy /usr/share/jenkins/ref/init.groovy.d/custom.groovy +``` + +## Preinstalling plugins + +You can rely on the `install-plugins.sh` script to pass a set of plugins to download with their dependencies. +This script will perform downloads from update centers, and internet access is required for the default update centers. + +### Setting update centers + +During the download, the script will use update centers defined by the following environment variables: + +* `JENKINS_UC` - Main update center. + This update center may offer plugin versions depending on the Jenkins 2.222.4-centos Core versions. + Default value: https://updates.jenkins.io +* `JENKINS_UC_EXPERIMENTAL` - [Experimental Update Center](https://jenkins.io/blog/2013/09/23/experimental-plugins-update-center/). + This center offers Alpha and Beta versions of plugins. + Default value: https://updates.jenkins.io/experimental +* `JENKINS_INCREMENTALS_REPO_MIRROR` - + Defines Maven mirror to be used to download plugins from the + [Incrementals repo](https://jenkins.io/blog/2018/05/15/incremental-deployment/). + Default value: https://repo.jenkins-ci.org/incrementals +* `JENKINS_UC_DOWNLOAD` - Download url of the Update Center. + Default value: `$JENKINS_UC/download` + +It is possible to override the environment variables in images. + +:exclamation: Note that changing this variables **will not** change the Update Center being used by Jenkins runtime. + +### Plugin version format + +Use plugin artifact ID, without `-plugin` extension, and append the version if needed separated by `:`. +Dependencies that are already included in the Jenkins war will only be downloaded if their required version is newer than the one included. + +There are also custom version specifiers: + +* `latest` - download the latest version from the main update center. + For Jenkins 2.222.4-centos images + (example: `git:latest`) +* `experimental` - download the latest version from the experimental update center defined by the `JENKINS_UC_EXPERIMENTAL` environment variable (example: `filesystem_scm:experimental`) +* `incrementals;org.jenkins-ci.plugins.workflow;2.19-rc289.d09828a05a74[;githubUserId][;branchName]` +- download the plugin from the [Incrementals repo](https://jenkins.io/blog/2018/05/15/incremental-deployment/). + * For this option you need to specify `groupId` of the plugin. + Note that this value may change between plugin versions without notice. + * In order to automatically update Incrementals in plugins.txt, it is possible to use the Incrementals Maven Plugin: + `mvn incrementals:updatePluginsTxt -DpluginsFile=plugins.txt`. + [More Info](https://github.com/jenkinsci/incrementals-tools#updating-versions-for-jenkins-docker-images) + +### Fine-tune the downloads + +The script uses `curl` to download the plugins. You can configure the options with some environment variables: +* `CURL_OPTIONS`: When downloading the plugins with curl. Curl options. Default value: `-sSfL` +* `CURL_CONNECTION_TIMEOUT`: When downloading the plugins with curl. Maximum time allowed for connection. Default value: `20` +* `CURL_RETRY`: When downloading the plugins with curl. Retry request if transient problems occur. Default value: `3` +* `CURL_RETRY_DELAY`: When downloading the plugins with curl. Wait time between retries. Default value: `0` +* `CURL_RETRY_MAX_TIME`: When downloading the plugins with curl. Retry only within this period. Default value: `60` + +### Other environment variables +In case you have changed some default paths in the image, you can modify their values with these environment variables: +* `REF`: directory with preinstalled plugins. Default value: `/usr/share/jenkins/ref/plugins` +* `JENKINS_WAR`: full path to the jenkins.war. Default value: `/usr/share/jenkins/jenkins.war` + +### Script usage + +You can run the script manually in Dockerfile: + +```Dockerfile +FROM jenkins/jenkins:2.222.4-centos +RUN /usr/local/bin/install-plugins.sh docker-slaves github-branch-source:1.8 +``` + +Furthermore it is possible to pass a file that contains this set of plugins (with or without line breaks). + +```Dockerfile +FROM jenkins/jenkins:2.222.4-centos +COPY plugins.txt /usr/share/jenkins/ref/plugins.txt +RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt +``` + +When jenkins container starts, it will check `JENKINS_HOME` has this reference content, and copy them +there if required. It will not override such files, so if you upgraded some plugins from UI they won't +be reverted on next start. + +In case you *do* want to override, append '.override' to the name of the reference file. E.g. a file named +`/usr/share/jenkins/ref/config.xml.override` will overwrite an existing `config.xml` file in JENKINS_HOME. + +Also see [JENKINS-24986](https://issues.jenkins-ci.org/browse/JENKINS-24986) + + +Here is an example to get the list of plugins from an existing server: + +``` +JENKINS_HOST=username:password@myhost.com:port +curl -sSL "http://$JENKINS_HOST/pluginManager/api/xml?depth=1&xpath=/*/*/shortName|/*/*/version&wrapper=plugins" | perl -pe 's/.*?([\w-]+).*?([^<]+)()(<\/\w+>)+/\1 \2\n/g'|sed 's/ /:/' +``` + +Example Output: + +``` +cucumber-testresult-plugin:0.8.2 +pam-auth:1.1 +matrix-project:1.4.1 +script-security:1.13 +... +``` + +For 2.x-derived images, you may also want to + + RUN echo 2.0 > /usr/share/jenkins/ref/jenkins.install.UpgradeWizard.state + +to indicate that this Jenkins installation is fully configured. +Otherwise a banner will appear prompting the user to install additional plugins, +which may be inappropriate. + +# Upgrading + +All the data needed is in the /var/jenkins_home directory - so depending on how you manage that - depends on how you upgrade. Generally - you can copy it out - and then "docker pull" the image again - and you will have the latest 2.222.4-centos - you can then start up with -v pointing to that data (/var/jenkins_home) and everything will be as you left it. + +As always - please ensure that you know how to drive docker - especially volume handling! + +## Upgrading plugins + +By default, plugins will be upgraded if they haven't been upgraded manually and if the version from the docker image is newer than the version in the container. Versions installed by the docker image are tracked through a marker file. + +To force upgrades of plugins that have been manually upgraded, run the docker image with `-e PLUGINS_FORCE_UPGRADE=true`. + +The default behaviour when upgrading from a docker image that didn't write marker files is to leave existing plugins in place. If you want to upgrade existing plugins without marker you may run the docker image with `-e TRY_UPGRADE_IF_NO_MARKER=true`. Then plugins will be upgraded if the version provided by the docker image is newer. + +## Hacking + +If you wish to contribute fixes to this repository, please refer to the [dedicated documentation](HACKING.adoc). + +# Questions? + +Jump on irc.freenode.net and the #jenkins room. Ask! + +[system-property]: https://wiki.jenkins.io/display/JENKINS/Features+controlled+by+system+properties \ No newline at end of file diff --git a/download.yaml b/download.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f8a4e5e793db97d6a02716410d319b67622237c5 --- /dev/null +++ b/download.yaml @@ -0,0 +1,3 @@ +resources: + - url: "docker://docker.io/jenkins/jenkins@sha256:7cafb6b93b0276c1b70c8ce22152b89835a6c6169d8bfd91532d2553e9bc8fa0" + tag: "jenkins/jenkins:2.222.4-centos" \ No newline at end of file