UNCLASSIFIED

Skip to content

GitLab

You need to sign in or sign up before continuing.
Commit 4e9b28b9 authored by Matt Vasquez's avatar Matt Vasquez Committed by gavin.scallon
Browse files

Jenkins Contrib MR

parent d3102334
Show whitespace changes
Inline Side-by-side
Showing with 408 additions and 531 deletions
2.164.3/CHANGELOG.md deleted 100644 → 0
View file @ d3102334
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
## [v2.60.3] - 05/06/19
### Added
Initial version
### Changed
### Removed
\ No newline at end of file
2.164.3/Jenkinsfile deleted 100644 → 0
View file @ d3102334
// TODO - define jenkinsfile for the opensource jenkins v2.60.3 image
\ No newline at end of file
2.164.3/LICENSE deleted 100644 → 0
View file @ d3102334
As a work of the United States Government, this project is in the public domain within the United States.
Additionally, we waive copyright and related rights in the work worldwide through the CC0 1.0 Universal public domain dedication.
CC0 1.0 Universal Summary
This is a human-readable summary of the Legal Code (read the full text).
No Copyright
The person who associated a work with this deed has dedicated the work to the public domain by waiving all of his or her rights to the work worldwide under copyright law, including all related and neighboring rights, to the extent allowed by law.
You can copy, modify, distribute and perform the work, even for commercial purposes, all without asking permission.
Other Information
In no way are the patent or trademark rights of any person affected by CC0, nor are the rights that other persons may have in the work or in how the work is used, such as publicity or privacy rights.
Unless expressly stated otherwise, the person who associated a work with this deed makes no warranties about the work, and disclaims liability for all uses of the work, to the fullest extent permitted by applicable law. When using or citing the work, you should not imply endorsement by the author or the affirmer.
2.164.3/README.md deleted 100644 → 0
View file @ d3102334
# Jenkins v2.164.3
This is derived from https://github.com/jenkinsci/docker/blob/master/Dockerfile
## Ports
This container requires port 8080 to be exposed in order to effectively run. 50000
is used as the Jenkins Agent port.
## Volumes
This container relies on a volume specified by the environment variable JENKINS_HOME
which has the value '/var/jenkins_home'.
## Running the container
In order to run the container, enter the following command inside this directory:
`docker run -dit -p 8000:8000 <image id>`. This will run the container with port
8000 exposed.
## Scan Artifacts
Artifacts from the scan on the this container may be found [here](https://dsop-pipeline-artifacts.s3-us-gov-west-1.amazonaws.com/testing/container-scan-reports/opensource/jenkins-ubi7-stigd/repo_map.html).
## Other Info
This container has a default set of plugins which it pulls as a zip file from a
nexus. These default plugins are installed and available on launch in the case
that outside internet access is unavailable.
2.164.3/banner deleted 100644 → 0
View file @ d3102334
You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions:
-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.
-At any time, the USG may inspect and seize data stored on this IS.
-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.
-This IS includes security measures (e.g., authentication and access controls) to protect USG interests -- not for your personal benefit or privacy.
-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.
2.164.3/install-plugins.sh deleted 100644 → 0
View file @ d3102334
#!/bin/bash -eu
# Resolve dependencies and download plugins given on the command line
#
# FROM jenkins
# RUN install-plugins.sh docker-slaves github-branch-source
set -o pipefail
REF_DIR=${REF:-/usr/share/jenkins/ref/plugins}
FAILED="$REF_DIR/failed-plugins.txt"
. /usr/local/bin/jenkins-support
getLockFile() {
printf '%s' "$REF_DIR/${1}.lock"
}
getArchiveFilename() {
printf '%s' "$REF_DIR/${1}.jpi"
}
download() {
local plugin originalPlugin version lock ignoreLockFile url
plugin="$1"
version="${2:-latest}"
ignoreLockFile="${3:-}"
url="${4:-}"
lock="$(getLockFile "$plugin")"
if [[ $ignoreLockFile ]] || mkdir "$lock" &>/dev/null; then
if ! doDownload "$plugin" "$version" "$url"; then
# some plugin don't follow the rules about artifact ID
# typically: docker-plugin
originalPlugin="$plugin"
plugin="${plugin}-plugin"
if ! doDownload "$plugin" "$version" "$url"; then
echo "Failed to download plugin: $originalPlugin or $plugin" >&2
echo "Not downloaded: ${originalPlugin}" >> "$FAILED"
return 1
fi
fi
if ! checkIntegrity "$plugin"; then
echo "Downloaded file is not a valid ZIP: $(getArchiveFilename "$plugin")" >&2
echo "Download integrity: ${plugin}" >> "$FAILED"
return 1
fi
resolveDependencies "$plugin"
fi
}
doDownload() {
local plugin version url jpi
plugin="$1"
version="$2"
url="$3"
jpi="$(getArchiveFilename "$plugin")"
# If plugin already exists and is the same version do not download
if test -f "$jpi" && unzip -p "$jpi" META-INF/MANIFEST.MF | tr -d '\r' | grep "^Plugin-Version: ${version}$" > /dev/null; then
echo "Using provided plugin: $plugin"
return 0
fi
: '
if [[ -n $url ]] ; then
echo "Will use url=$url"
elif [[ "$version" == "latest" && -n "$JENKINS_UC_LATEST" ]]; then
# If version-specific Update Center is available, which is the case for LTS versions,
# use it to resolve latest versions.
url="$JENKINS_UC_LATEST/latest/${plugin}.hpi"
elif [[ "$version" == "experimental" && -n "$JENKINS_UC_EXPERIMENTAL" ]]; then
# Download from the experimental update center
url="$JENKINS_UC_EXPERIMENTAL/latest/${plugin}.hpi"
elif [[ "$version" == incrementals* ]] ; then
# Download from Incrementals repo: https://jenkins.io/blog/2018/05/15/incremental-deployment/
# Example URL: https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/plugins/workflow/workflow-support/2.19-rc289.d09828a05a74/workflow-support-2.19-rc289.d09828a05a74.hpi
local groupId incrementalsVersion
arrIN=("${version//;/ }")
groupId=${arrIN[1]}
incrementalsVersion=${arrIN[2]}
url="${JENKINS_INCREMENTALS_REPO_MIRROR}/$(echo "${groupId}" | tr '.' '/')/${plugin}/${incrementalsVersion}/${plugin}-${incrementalsVersion}.hpi"
else
JENKINS_UC_DOWNLOAD=${JENKINS_UC_DOWNLOAD:-"$JENKINS_UC/download"}
url="$JENKINS_UC_DOWNLOAD/plugins/$plugin/$version/${plugin}.hpi"
fi
echo "Downloading plugin: $plugin from $url"
# We actually want to allow variable value to be split into multiple options passed to curl.
# This is needed to allow long options and any options that take value.
# shellcheck disable=SC2086
retry_command curl ${CURL_OPTIONS:--sSfL} --connect-timeout "${CURL_CONNECTION_TIMEOUT:-20}" --retry "${CURL_RETRY:-3}" --retry-delay "${CURL_RETRY_DELAY:-0}" --retry-max-time "${CURL_RETRY_MAX_TIME:-60}" "$url" -o "$jpi"
'
return $?
}
checkIntegrity() {
local plugin jpi
plugin="$1"
jpi="$(getArchiveFilename "$plugin")"
unzip -t -qq "$jpi" >/dev/null
return $?
}
resolveDependencies() {
local plugin jpi dependencies
plugin="$1"
jpi="$(getArchiveFilename "$plugin")"
dependencies="$(unzip -p "$jpi" META-INF/MANIFEST.MF | tr -d '\r' | tr '\n' '|' | sed -e 's#| ##g' | tr '|' '\n' | grep "^Plugin-Dependencies: " | sed -e 's#^Plugin-Dependencies: ##')"
if [[ ! $dependencies ]]; then
echo " > $plugin has no dependencies"
return
fi
echo " > $plugin depends on $dependencies"
IFS=',' read -r -a array <<< "$dependencies"
for d in "${array[@]}"
do
plugin="$(cut -d':' -f1 - <<< "$d")"
if [[ $d == *"resolution:=optional"* ]]; then
echo "Skipping optional dependency $plugin"
else
local pluginInstalled
if pluginInstalled="$(echo -e "${bundledPlugins}\n${installedPlugins}" | grep "^${plugin}:")"; then
pluginInstalled="${pluginInstalled//[$'\r']}"
local versionInstalled; versionInstalled=$(versionFromPlugin "${pluginInstalled}")
local minVersion; minVersion=$(versionFromPlugin "${d}")
if versionLT "${versionInstalled}" "${minVersion}"; then
echo "Upgrading bundled dependency $d ($minVersion > $versionInstalled)"
download "$plugin" &
else
echo "Skipping already installed dependency $d ($minVersion <= $versionInstalled)"
fi
else
download "$plugin" &
fi
fi
done
wait
}
bundledPlugins() {
local JENKINS_WAR=/usr/share/jenkins/jenkins.war
if [ -f $JENKINS_WAR ]
then
TEMP_PLUGIN_DIR=/tmp/plugintemp.$$
for i in $(jar tf $JENKINS_WAR | grep -E '[^detached-]plugins.*\..pi' | sort)
do
rm -fr $TEMP_PLUGIN_DIR
mkdir -p $TEMP_PLUGIN_DIR
PLUGIN=$(basename "$i"|cut -f1 -d'.')
(cd $TEMP_PLUGIN_DIR;jar xf "$JENKINS_WAR" "$i";jar xvf "$TEMP_PLUGIN_DIR/$i" META-INF/MANIFEST.MF >/dev/null 2>&1)
VER=$(grep -E -i Plugin-Version "$TEMP_PLUGIN_DIR/META-INF/MANIFEST.MF"|cut -d: -f2|sed 's/ //')
echo "$PLUGIN:$VER"
done
rm -fr $TEMP_PLUGIN_DIR
else
echo "war not found, installing all plugins: $JENKINS_WAR"
fi
}
versionFromPlugin() {
local plugin=$1
if [[ $plugin =~ .*:.* ]]; then
echo "${plugin##*:}"
else
echo "latest"
fi
}
installedPlugins() {
for f in "$REF_DIR"/*.jpi; do
echo "$(basename "$f" | sed -e 's/\.jpi//'):$(get_plugin_version "$f")"
done
}
jenkinsMajorMinorVersion() {
local JENKINS_WAR
JENKINS_WAR=/usr/share/jenkins/jenkins.war
if [[ -f "$JENKINS_WAR" ]]; then
local version major minor
version="$(java -jar $JENKINS_WAR --version)"
major="$(echo "$version" | cut -d '.' -f 1)"
minor="$(echo "$version" | cut -d '.' -f 2)"
echo "$major.$minor"
else
echo ""
fi
}
main() {
local plugin jenkinsVersion
local plugins=()
mkdir -p "$REF_DIR" || exit 1
rm -f "$FAILED"
# Read plugins from stdin or from the command line arguments
if [[ ($# -eq 0) ]]; then
while read -r line || [ "$line" != "" ]; do
# Remove leading/trailing spaces, comments, and empty lines
plugin=$(echo "${line}" | tr -d '\r' | sed -e 's/^[ \t]*//g' -e 's/[ \t]*$//g' -e 's/[ \t]*#.*$//g' -e '/^[ \t]*$/d')
# Avoid adding empty plugin into array
if [ ${#plugin} -ne 0 ]; then
plugins+=("${plugin}")
fi
done
else
plugins=("$@")
fi
# Create lockfile manually before first run to make sure any explicit version set is used.
echo "Creating initial locks..."
for plugin in "${plugins[@]}"; do
mkdir "$(getLockFile "${plugin%%:*}")"
done
echo "Analyzing war..."
bundledPlugins="$(bundledPlugins)"
echo "Registering preinstalled plugins..."
installedPlugins="$(installedPlugins)"
# Check if there's a version-specific update center, which is the case for LTS versions
jenkinsVersion="$(jenkinsMajorMinorVersion)"
if curl -fsL -o /dev/null "$JENKINS_UC/$jenkinsVersion"; then
JENKINS_UC_LATEST="$JENKINS_UC/$jenkinsVersion"
echo "Using version-specific update center: $JENKINS_UC_LATEST..."
else
JENKINS_UC_LATEST=
fi
echo "Downloading plugins..."
for plugin in "${plugins[@]}"; do
local reg='^([^:]+):?([^:]+)?:?([^:]+)?:?(http.+)?'
if [[ $plugin =~ $reg ]]; then
local pluginId="${BASH_REMATCH[1]}"
local version="${BASH_REMATCH[2]}"
local lock="${BASH_REMATCH[3]}"
local url="${BASH_REMATCH[4]}"
download "$pluginId" "$version" "${lock:-true}" "${url}" &
else
echo "Skipping the line '${plugin}' as it does not look like a reference to a plugin"
fi
done
wait
echo
echo "WAR bundled plugins:"
echo "${bundledPlugins}"
echo
echo "Installed plugins:"
installedPlugins
if [[ -f $FAILED ]]; then
echo "Some plugins failed to download!" "$(<"$FAILED")" >&2
exit 1
fi
echo "Cleaning up locks"
find "$REF_DIR" -regex ".*.lock" | while read -r filepath; do
rm -r "$filepath"
done
}
main "$@"
\ No newline at end of file
2.164.3/jenkins.sh deleted 100644 → 0
View file @ d3102334
#! /bin/bash -e
: "${JENKINS_WAR:="/usr/share/jenkins/jenkins.war"}"
: "${JENKINS_HOME:="/var/jenkins_home"}"
touch "${COPY_REFERENCE_FILE_LOG}" || { echo "Can not write to ${COPY_REFERENCE_FILE_LOG}. Wrong volume permissions?"; exit 1; }
echo "--- Copying files at $(date)" >> "$COPY_REFERENCE_FILE_LOG"
find /usr/share/jenkins/ref/ \( -type f -o -type l \) -exec bash -c '. /usr/local/bin/jenkins-support; for arg; do copy_reference_file "$arg"; done' _ {} +
mkdir ${JENKINS_HOME}/plugins
cp /tmp/plugins/* ${JENKINS_HOME}/plugins
rm -rf /tmp/plugins
# if `docker run` first argument start with `--` the user is passing jenkins launcher arguments
if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then
# read JAVA_OPTS and JENKINS_OPTS into arrays to avoid need for eval (and associated vulnerabilities)
java_opts_array=()
while IFS= read -r -d '' item; do
java_opts_array+=( "$item" )
done < <([[ $JAVA_OPTS ]] && xargs printf '%s\0' <<<"$JAVA_OPTS")
readonly agent_port_property='jenkins.model.Jenkins.slaveAgentPort'
if [ -n "${JENKINS_SLAVE_AGENT_PORT:-}" ] && [[ "${JAVA_OPTS:-}" != *"${agent_port_property}"* ]]; then
java_opts_array+=( "-D${agent_port_property}=${JENKINS_SLAVE_AGENT_PORT}" )
fi
if [[ "$DEBUG" ]] ; then
java_opts_array+=( \
'-Xdebug' \
'-Xrunjdwp:server=y,transport=dt_socket,address=5005,suspend=y' \
)
fi
jenkins_opts_array=( )
while IFS= read -r -d '' item; do
jenkins_opts_array+=( "$item" )
done < <([[ $JENKINS_OPTS ]] && xargs printf '%s\0' <<<"$JENKINS_OPTS")
exec java -Duser.home="$JENKINS_HOME" "${java_opts_array[@]}" -jar ${JENKINS_WAR} "${jenkins_opts_array[@]}" "$@"
fi
# As argument is not jenkins, assume user want to run his own process, for example a `bash` shell to explore this image
exec "$@"
\ No newline at end of file
2.164.3/jenkins:2.164.3-whitelist deleted 100644 → 0
View file @ d3102334
{
"image_name": "jenkins",
"image_tag": "2.164.3",
"image_parent_name": "ubi7",
"image_parent_tag": "7.7",
"whitelisted_vulnerabilities": ["CVE-IDUNNO", "CVE-MORETESTING"],
"report_s3": "https://dsop-pipeline-artifacts.s3-us-gov-west-1.amazonaws.com/testing/container-scan-reports/opensource/jenkins-v2.164.3/repo_map.html"
}
2.164.3/plugins.sh deleted 100644 → 0
View file @ d3102334
#! /bin/bash
# Parse a support-core plugin -style txt file as specification for jenkins plugins to be installed
# in the reference directory, so user can define a derived Docker image with just :
#
# FROM jenkins
# COPY plugins.txt /plugins.txt
# RUN /usr/local/bin/plugins.sh /plugins.txt
#
# Note: Plugins already installed are skipped
#
set -e
echo "WARN: plugins.sh is deprecated, please switch to install-plugins.sh"
if [ -z "$1" ]
then
echo "
USAGE:
Parse a support-core plugin -style txt file as specification for jenkins plugins to be installed
in the reference directory, so user can define a derived Docker image with just :
FROM jenkins
COPY plugins.txt /plugins.txt
RUN /usr/local/bin/plugins.sh /plugins.txt
Note: Plugins already installed are skipped
"
exit 1
else
JENKINS_INPUT_JOB_LIST=$1
if [ ! -f "$JENKINS_INPUT_JOB_LIST" ]
then
echo "ERROR File not found: $JENKINS_INPUT_JOB_LIST"
exit 1
fi
fi
# the war includes a # of plugins, to make the build efficient filter out
# the plugins so we dont install 2x - there about 17!
if [ -d "$JENKINS_HOME" ]
then
TEMP_ALREADY_INSTALLED=$JENKINS_HOME/preinstalled.plugins.$$.txt
else
echo "ERROR $JENKINS_HOME not found"
exit 1
fi
JENKINS_PLUGINS_DIR=${JENKINS_HOME}/plugins
if [ -d "$JENKINS_PLUGINS_DIR" ]
then
echo "Analyzing: $JENKINS_PLUGINS_DIR"
for i in "$JENKINS_PLUGINS_DIR"/*/; do
JENKINS_PLUGIN=$(basename "$i")
JENKINS_PLUGIN_VER=$(grep -E -i Plugin-Version "$i/META-INF/MANIFEST.MF"|cut -d: -f2|sed 's/ //')
echo "$JENKINS_PLUGIN:$JENKINS_PLUGIN_VER"
done >"$TEMP_ALREADY_INSTALLED"
else
JENKINS_WAR=/usr/share/jenkins/jenkins.war
if [ -f "$JENKINS_WAR" ]
then
echo "Analyzing war: $JENKINS_WAR"
TEMP_PLUGIN_DIR=/tmp/plugintemp.$$
while read -r i <&3; do
rm -fr "$TEMP_PLUGIN_DIR"
mkdir -p "$TEMP_PLUGIN_DIR"
PLUGIN=$(basename "$i"|cut -f1 -d'.')
(cd "$TEMP_PLUGIN_DIR" || exit; jar xf "$JENKINS_WAR" "$i"; jar xvf "$TEMP_PLUGIN_DIR/$i" META-INF/MANIFEST.MF >/dev/null 2>&1)
VER=$(grep -E -i Plugin-Version "$TEMP_PLUGIN_DIR/META-INF/MANIFEST.MF"|cut -d: -f2|sed 's/ //')
echo "$PLUGIN:$VER"
done 3< <(jar tf "$JENKINS_WAR" | grep -E '[^detached-]plugins.*\..pi' | sort) > "$TEMP_ALREADY_INSTALLED"
rm -fr "$TEMP_PLUGIN_DIR"
else
rm -f "$TEMP_ALREADY_INSTALLED"
echo "ERROR file not found: $JENKINS_WAR"
exit 1
fi
fi
REF=/usr/share/jenkins/ref/plugins
mkdir -p $REF
COUNT_PLUGINS_INSTALLED=0
while read -r spec || [ -n "$spec" ]; do
plugin=()
IFS=' ' read -r -a plugin <<< "${spec//:/ }"
[[ ${plugin[0]} =~ ^# ]] && continue
[[ ${plugin[0]} =~ ^[[:space:]]*$ ]] && continue
[[ -z ${plugin[1]} ]] && plugin[1]="latest"
if [ -z "$JENKINS_UC_DOWNLOAD" ]; then
JENKINS_UC_DOWNLOAD=$JENKINS_UC/download
fi
if ! grep -q "${plugin[0]}:${plugin[1]}" "$TEMP_ALREADY_INSTALLED"
then
echo "Downloading ${plugin[0]}:${plugin[1]}"
curl --retry 3 --retry-delay 5 -sSL -f "${JENKINS_UC_DOWNLOAD}/plugins/${plugin[0]}/${plugin[1]}/${plugin[0]}.hpi" -o "$REF/${plugin[0]}.jpi"
unzip -qqt "$REF/${plugin[0]}.jpi"
(( COUNT_PLUGINS_INSTALLED += 1 ))
else
echo " ... skipping already installed: ${plugin[0]}:${plugin[1]}"
fi
done < "$JENKINS_INPUT_JOB_LIST"
echo "---------------------------------------------------"
if (( "$COUNT_PLUGINS_INSTALLED" > 0 ))
then
echo "INFO: Successfully installed $COUNT_PLUGINS_INSTALLED plugins."
if [ -d "$JENKINS_PLUGINS_DIR" ]
then
echo "INFO: Please restart the container for changes to take effect!"
fi
else
echo "INFO: No changes, all plugins previously installed."
fi
echo "---------------------------------------------------"
#cleanup
rm "$TEMP_ALREADY_INSTALLED"
exit 0
\ No newline at end of file
2.164.3/tini-shim.sh deleted 100644 → 0
View file @ d3102334
#! /bin/bash
set -euo pipefail
cat <<EOF
***************************************************************************
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING *
***************************************************************************
Please update your scripts to use /sbin/tini or simply tini going forward.
Previous path has been preserved for backwards compatibility,
but WILL BE REMOVED in the future. (around Jenkins >= 2.107.2+)
Now sleeping 2 minutes...
EOF
sleep 120
exec tini "$@"
\ No newline at end of file
2.164.3/Dockerfile Dockerfile
View file @ 4e9b28b9
ARG BASE_REGISTRY=registry.access.redhat.com
ARG BASE_IMAGE=ubi7
ARG BASE_TAG=7.7
FROM $BASE_REGISTRY/$BASE_IMAGE:$BASE_TAG
LABEL dcar_status="pending-approval"
ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082
ARG BASE_IMAGE=redhat/ubi/ubi8
RUN yum install -y --disableplugin=subscription-manager --nogpgcheck java-1.8.0-openjdk-devel curl git unzip && rm -rf /var/cache/yum/*
ARG BASE_TAG=8.2
FROM jenkins/jenkins:2.222.4-centos as jenkins
FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
LABEL name="Jenkins" \
description="Jenkins Continuous Integration and Delivery server" \
vendor="Jenkins" \
summary="Jenkins 2.222.4" \
maintainer="Jenkins" \
version="2.222.4"
ENV JAVA_HOME /etc/alternatives/jre_openjdk
ARG user=jenkins
ARG group=jenkins
......@@ -13,55 +23,42 @@ ARG gid=1000
ARG http_port=8080
ARG agent_port=50000
ARG JENKINS_HOME=/var/jenkins_home
ARG REF=/usr/share/jenkins/ref
ENV JENKINS_HOME $JENKINS_HOME
ENV JENKINS_SLAVE_AGENT_PORT ${agent_port}
ENV REF $REF
COPY --from=jenkins /usr/bin/git-lfs /usr/bin/git-lfs
# Jenkins is run with user `jenkins`, uid = 1000
# If you bind mount a volume from the host or a data container,
# ensure you use the same uid
RUN mkdir -p $JENKINS_HOME \
&& chown ${uid}:${gid} $JENKINS_HOME \
&& groupadd -g ${gid} ${group} \
&& useradd -d "$JENKINS_HOME" -u ${uid} -g ${gid} -m -s /bin/bash ${user}
RUN mkdir -p $JENKINS_HOME && \
chown ${uid}:${gid} $JENKINS_HOME && \
groupadd -g ${gid} ${group} && \
useradd -d "$JENKINS_HOME" -u ${uid} -g ${gid} -m -s /bin/bash ${user} && \
dnf update -y && \
dnf install -y git java java-devel unzip --setopt=tsflags=nodocs && \
git lfs install && \
dnf clean all && \
rm -rf /var/cache/dnf && \
# $REF (defaults to `/usr/share/jenkins/ref/`) contains all reference configuration we want
# to set on a fresh new installation. Use it to bundle additional plugins
# or config file with your custom jenkins Docker image.
mkdir -p ${REF}/init.groovy.d && \
chown -R ${user} "$JENKINS_HOME" "$REF" && \
chmod 00775 /usr/libexec/openssh/ssh-keysign
# Jenkins home directory is a volume, so configuration and build history
# can be persisted and survive image upgrades
VOLUME $JENKINS_HOME
# `/usr/share/jenkins/ref/` contains all reference configuration we want
# to set on a fresh new installation. Use it to bundle additional plugins
# or config file with your custom jenkins Docker image.
RUN mkdir -p /usr/share/jenkins/ref/init.groovy.d
# Use tini as subreaper in Docker container to adopt zombie processes
ARG TINI_VERSION=v0.16.1
ARG TINI_SHA=5e01734c8b2e6429a1ebcc67e2d86d3bb0c4574dd7819a0aff2dca784580e040
RUN curl -kfsSL https://nexus.52.61.140.4.nip.io/repository/cht/tini/release/${TINI_VERSION}/tini-static -o /sbin/tini \
&& echo "${TINI_SHA} /sbin/tini" | sha256sum -c - && chmod +x /sbin/tini
ENV JENKINS_VERSION=2.164.3
# jenkins.war checksum, download will be validated using it
ARG JENKINS_SHA=a8af991f9085ff7f12baa2c9978554b2a18e5c4ed84327224d30e269e8f4a50e
ARG JENKINS_URL=https://nexus.52.61.140.4.nip.io/repository/cht/jenkins/${JENKINS_VERSION}/jenkins.war
ARG JENKINS_PLUGINS_URL=https://nexus.52.61.140.4.nip.io/repository/cht/jenkins/jenkinsPlugins.zip
RUN curl -kfsSL ${JENKINS_URL} -o /usr/share/jenkins/jenkins.war \
&& echo "${JENKINS_SHA} /usr/share/jenkins/jenkins.war" | sha256sum -c -
RUN curl -o ${JENKINS_HOME}/jenkinsPlugins.zip -kfl ${JENKINS_PLUGINS_URL} \
&& mkdir -p ${JENKINS_HOME}/plugins \
&& mkdir -p /tmp/plugins \
&& unzip ${JENKINS_HOME}/jenkinsPlugins.zip -d /tmp/plugins \
&& chown -R ${uid}:${gid} /tmp/plugins
COPY --from=jenkins /usr/share/jenkins/jenkins.war /usr/share/jenkins/jenkins.war
ENV JENKINS_UC https://updates.jenkins.io
ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental
ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals
RUN chown -R ${user} "$JENKINS_HOME" /usr/share/jenkins/ref
# for main web interface:
EXPOSE ${http_port}
......@@ -71,14 +68,15 @@ EXPOSE ${agent_port}
ENV COPY_REFERENCE_FILE_LOG $JENKINS_HOME/copy_reference_file.log
COPY jenkins.sh /usr/local/bin/jenkins.sh
COPY tini-shim.sh /bin/tini
RUN chmod 777 /usr/local/bin/jenkins.sh
USER ${user}
COPY --from=jenkins /usr/local/bin/jenkins-support /usr/local/bin/jenkins-support
COPY --from=jenkins /usr/local/bin/jenkins.sh /usr/local/bin/jenkins.sh
COPY --from=jenkins /bin/tini /bin/tini
COPY --from=jenkins /sbin/tini /sbin/tini
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/jenkins.sh"]
# from a derived Dockerfile, can use `RUN plugins.sh active.txt` to setup /usr/share/jenkins/ref/plugins from a support bundle
# COPY plugins.sh /usr/local/bin/plugins.sh
# COPY install-plugins.sh /usr/local/bin/install-plugins.sh
# from a derived Dockerfile, can use `RUN plugins.sh active.txt` to setup $REF/plugins from a support bundle
COPY --from=jenkins /usr/local/bin/plugins.sh /usr/local/bin/plugins.sh
COPY --from=jenkins /usr/local/bin/install-plugins.sh /usr/local/bin/install-plugins.sh
\ No newline at end of file
Jenkinsfile 0 → 100644
View file @ 4e9b28b9
@Library('DCCSCR@master') _
dccscrPipeline( version: "2.222.4" )
\ No newline at end of file
LICENSE 0 → 100644
View file @ 4e9b28b9
The MIT License
Copyright (c) 2014-, Michael Neale, Nicolas de Loof, Carlos Sanchez, and a number of other of contributors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
\ No newline at end of file
README.md 0 → 100644
View file @ 4e9b28b9
# Official Jenkins Docker image
[![Docker Stars](https://img.shields.io/docker/stars/jenkins/jenkins.svg)](https://hub.docker.com/r/jenkins/jenkins/)
[![Docker Pulls](https://img.shields.io/docker/pulls/jenkins/jenkins.svg)](https://hub.docker.com/r/jenkins/jenkins/)
[![Join the chat at https://gitter.im/jenkinsci/docker](https://badges.gitter.im/jenkinsci/docker.svg)](https://gitter.im/jenkinsci/docker?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
The Jenkins Continuous Integration and Delivery server [available on Docker Hub](https://hub.docker.com/r/jenkins/jenkins).
This is a fully functional Jenkins server.
[https://jenkins.io/](https://jenkins.io/).
<img src="https://jenkins.io/sites/default/files/jenkins_logo.png"/>
# Usage
```
docker run -p 8080:8080 -p 50000:50000 jenkins/jenkins:2.222.4-centos
```
NOTE: read below the _build executors_ part for the role of the `50000` port mapping.
This will store the workspace in /var/jenkins_home. All Jenkins data lives in there - including plugins and configuration.
You will probably want to make that an explicit volume so you can manage it and attach to another container for upgrades :
```
docker run -p 8080:8080 -p 50000:50000 -v jenkins_home:/var/jenkins_home jenkins/jenkins:2.222.4-centos
```
this will automatically create a 'jenkins_home' [docker volume](https://docs.docker.com/storage/volumes/) on the host machine, that will survive the container stop/restart/deletion.
NOTE: Avoid using a [bind mount](https://docs.docker.com/storage/bind-mounts/) from a folder on the host machine into `/var/jenkins_home`, as this might result in file permission issues (the user used inside the container might not have rights to the folder on the host machine). If you _really_ need to bind mount jenkins_home, ensure that the directory on the host is accessible by the jenkins user inside the container (jenkins user - uid 1000) or use `-u some_other_user` parameter with `docker run`.
```
docker run -d -v jenkins_home:/var/jenkins_home -p 8080:8080 -p 50000:50000 jenkins/jenkins:2.222.4-centos
```
this will run Jenkins in detached mode with port forwarding and volume added. You can access logs with command 'docker logs CONTAINER_ID' in order to check first login token. ID of container will be returned from output of command above.
## Backing up data
If you bind mount in a volume - you can simply back up that directory
(which is jenkins_home) at any time.
This is highly recommended. Treat the jenkins_home directory as you would a database - in Docker you would generally put a database on a volume.
If your volume is inside a container - you can use ```docker cp $ID:/var/jenkins_home``` command to extract the data, or other options to find where the volume data is.
Note that some symlinks on some OSes may be converted to copies (this can confuse jenkins with lastStableBuild links etc)
For more info check Docker docs section on [Managing data in containers](https://docs.docker.com/engine/tutorials/dockervolumes/)
# Setting the number of executors
You can specify and set the number of executors of your Jenkins master instance using a groovy script. By default its set to 2 executors, but you can extend the image and change it to your desired number of executors :
`executors.groovy`
```
import jenkins.model.*
Jenkins.instance.setNumExecutors(5)
```
and `Dockerfile`
```
FROM jenkins/jenkins:2.222.4-centos
COPY executors.groovy /usr/share/jenkins/ref/init.groovy.d/executors.groovy
```
# Attaching build executors
You can run builds on the master out of the box.
But if you want to attach build slave servers **through JNLP (Java Web Start)**: make sure you map the port: ```-p 50000:50000``` - which will be used when you connect a slave agent.
If you are only using [SSH slaves](https://wiki.jenkins-ci.org/display/JENKINS/SSH+Slaves+plugin), then you do **NOT** need to put that port mapping.
# Passing JVM parameters
You might need to customize the JVM running Jenkins, typically to pass system properties ([list of props](https://wiki.jenkins.io/display/JENKINS/Features+controlled+by+system+properties)) or tweak heap memory settings. Use JAVA_OPTS environment
variable for this purpose :
```
docker run --name myjenkins -p 8080:8080 -p 50000:50000 --env JAVA_OPTS=-Dhudson.footerURL=http://mycompany.com jenkins/jenkins:2.222.4-centos
```
# Configuring logging
Jenkins logging can be configured through a properties file and `java.util.logging.config.file` Java property.
For example:
```
mkdir data
cat > data/log.properties <<EOF
handlers=java.util.logging.ConsoleHandler
jenkins.level=FINEST
java.util.logging.ConsoleHandler.level=FINEST
EOF
docker run --name myjenkins -p 8080:8080 -p 50000:50000 --env JAVA_OPTS="-Djava.util.logging.config.file=/var/jenkins_home/log.properties" -v `pwd`/data:/var/jenkins_home jenkins/jenkins:2.222.4-centos
```
# Configuring reverse proxy
If you want to install Jenkins behind a reverse proxy with prefix, example: mysite.com/jenkins, you need to add environment variable `JENKINS_OPTS="--prefix=/jenkins"` and then follow the below procedures to configure your reverse proxy, which will depend if you have Apache or Nginx:
- [Apache](https://wiki.jenkins-ci.org/display/JENKINS/Running+Jenkins+behind+Apache)
- [Nginx](https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy)
# Passing Jenkins launcher parameters
Arguments you pass to docker running the Jenkins image are passed to jenkins launcher, so for example you can run:
```
docker run jenkins/jenkins:2.222.4-centos --version
```
This will show the Jenkins version, the same as when you run Jenkins from an executable war.
You can also define Jenkins arguments via `JENKINS_OPTS`. This is useful for customizing arguments to the jenkins
launcher in a derived Jenkins image. The following sample Dockerfile uses this option
to force use of HTTPS with a certificate included in the image.
```
FROM jenkins/jenkins:2.222.4-centos
COPY https.pem /var/lib/jenkins/cert
COPY https.key /var/lib/jenkins/pk
ENV JENKINS_OPTS --httpPort=-1 --httpsPort=8083 --httpsCertificate=/var/lib/jenkins/cert --httpsPrivateKey=/var/lib/jenkins/pk
EXPOSE 8083
```
You can also change the default slave agent port for jenkins by defining `JENKINS_SLAVE_AGENT_PORT` in a sample Dockerfile.
```
FROM jenkins/jenkins:2.222.4-centos
ENV JENKINS_SLAVE_AGENT_PORT 50001
```
or as a parameter to docker,
```
docker run --name myjenkins -p 8080:8080 -p 50001:50001 --env JENKINS_SLAVE_AGENT_PORT=50001 jenkins/jenkins:2.222.4-centos
```
**Note**: This environment variable will be used to set the port adding the
[system property][system-property] `jenkins.model.Jenkins.slaveAgentPort` to **JAVA_OPTS**.
> If this property is already set in **JAVA_OPTS**, then the value of
`JENKINS_SLAVE_AGENT_PORT` will be ignored.
# Installing more tools
You can run your container as root - and install via apt-get, install as part of build steps via jenkins tool installers, or you can create your own Dockerfile to customise, for example:
```
FROM jenkins/jenkins:2.222.4-centos
# if we want to install via apt
USER root
RUN apt-get update && apt-get install -y ruby make more-thing-here
# drop back to the regular jenkins user - good practice
USER jenkins
```
In such a derived image, you can customize your jenkins instance with hook scripts or additional plugins.
For this purpose, use `/usr/share/jenkins/ref` as a place to define the default JENKINS_HOME content you
wish the target installation to look like :
```
FROM jenkins/jenkins:2.222.4-centos
COPY custom.groovy /usr/share/jenkins/ref/init.groovy.d/custom.groovy
```
## Preinstalling plugins
You can rely on the `install-plugins.sh` script to pass a set of plugins to download with their dependencies.
This script will perform downloads from update centers, and internet access is required for the default update centers.
### Setting update centers
During the download, the script will use update centers defined by the following environment variables:
* `JENKINS_UC` - Main update center.
This update center may offer plugin versions depending on the Jenkins 2.222.4-centos Core versions.
Default value: https://updates.jenkins.io
* `JENKINS_UC_EXPERIMENTAL` - [Experimental Update Center](https://jenkins.io/blog/2013/09/23/experimental-plugins-update-center/).
This center offers Alpha and Beta versions of plugins.
Default value: https://updates.jenkins.io/experimental
* `JENKINS_INCREMENTALS_REPO_MIRROR` -
Defines Maven mirror to be used to download plugins from the
[Incrementals repo](https://jenkins.io/blog/2018/05/15/incremental-deployment/).
Default value: https://repo.jenkins-ci.org/incrementals
* `JENKINS_UC_DOWNLOAD` - Download url of the Update Center.
Default value: `$JENKINS_UC/download`
It is possible to override the environment variables in images.
:exclamation: Note that changing this variables **will not** change the Update Center being used by Jenkins runtime.
### Plugin version format
Use plugin artifact ID, without `-plugin` extension, and append the version if needed separated by `:`.
Dependencies that are already included in the Jenkins war will only be downloaded if their required version is newer than the one included.
There are also custom version specifiers:
* `latest` - download the latest version from the main update center.
For Jenkins 2.222.4-centos images
(example: `git:latest`)
* `experimental` - download the latest version from the experimental update center defined by the `JENKINS_UC_EXPERIMENTAL` environment variable (example: `filesystem_scm:experimental`)
* `incrementals;org.jenkins-ci.plugins.workflow;2.19-rc289.d09828a05a74[;githubUserId][;branchName]`
- download the plugin from the [Incrementals repo](https://jenkins.io/blog/2018/05/15/incremental-deployment/).
* For this option you need to specify `groupId` of the plugin.
Note that this value may change between plugin versions without notice.
* In order to automatically update Incrementals in plugins.txt, it is possible to use the Incrementals Maven Plugin:
`mvn incrementals:updatePluginsTxt -DpluginsFile=plugins.txt`.
[More Info](https://github.com/jenkinsci/incrementals-tools#updating-versions-for-jenkins-docker-images)
### Fine-tune the downloads
The script uses `curl` to download the plugins. You can configure the options with some environment variables:
* `CURL_OPTIONS`: When downloading the plugins with curl. Curl options. Default value: `-sSfL`
* `CURL_CONNECTION_TIMEOUT`: When downloading the plugins with curl. <seconds> Maximum time allowed for connection. Default value: `20`
* `CURL_RETRY`: When downloading the plugins with curl. Retry request if transient problems occur. Default value: `3`
* `CURL_RETRY_DELAY`: When downloading the plugins with curl. <seconds> Wait time between retries. Default value: `0`
* `CURL_RETRY_MAX_TIME`: When downloading the plugins with curl. <seconds> Retry only within this period. Default value: `60`
### Other environment variables
In case you have changed some default paths in the image, you can modify their values with these environment variables:
* `REF`: directory with preinstalled plugins. Default value: `/usr/share/jenkins/ref/plugins`
* `JENKINS_WAR`: full path to the jenkins.war. Default value: `/usr/share/jenkins/jenkins.war`
### Script usage
You can run the script manually in Dockerfile:
```Dockerfile
FROM jenkins/jenkins:2.222.4-centos
RUN /usr/local/bin/install-plugins.sh docker-slaves github-branch-source:1.8
```
Furthermore it is possible to pass a file that contains this set of plugins (with or without line breaks).
```Dockerfile
FROM jenkins/jenkins:2.222.4-centos
COPY plugins.txt /usr/share/jenkins/ref/plugins.txt
RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt
```
When jenkins container starts, it will check `JENKINS_HOME` has this reference content, and copy them
there if required. It will not override such files, so if you upgraded some plugins from UI they won't
be reverted on next start.
In case you *do* want to override, append '.override' to the name of the reference file. E.g. a file named
`/usr/share/jenkins/ref/config.xml.override` will overwrite an existing `config.xml` file in JENKINS_HOME.
Also see [JENKINS-24986](https://issues.jenkins-ci.org/browse/JENKINS-24986)
Here is an example to get the list of plugins from an existing server:
```
JENKINS_HOST=username:password@myhost.com:port
curl -sSL "http://$JENKINS_HOST/pluginManager/api/xml?depth=1&xpath=/*/*/shortName|/*/*/version&wrapper=plugins" | perl -pe 's/.*?<shortName>([\w-]+).*?<version>([^<]+)()(<\/\w+>)+/\1 \2\n/g'|sed 's/ /:/'
```
Example Output:
```
cucumber-testresult-plugin:0.8.2
pam-auth:1.1
matrix-project:1.4.1
script-security:1.13
...
```
For 2.x-derived images, you may also want to
RUN echo 2.0 > /usr/share/jenkins/ref/jenkins.install.UpgradeWizard.state
to indicate that this Jenkins installation is fully configured.
Otherwise a banner will appear prompting the user to install additional plugins,
which may be inappropriate.
# Upgrading
All the data needed is in the /var/jenkins_home directory - so depending on how you manage that - depends on how you upgrade. Generally - you can copy it out - and then "docker pull" the image again - and you will have the latest 2.222.4-centos - you can then start up with -v pointing to that data (/var/jenkins_home) and everything will be as you left it.
As always - please ensure that you know how to drive docker - especially volume handling!
## Upgrading plugins
By default, plugins will be upgraded if they haven't been upgraded manually and if the version from the docker image is newer than the version in the container. Versions installed by the docker image are tracked through a marker file.
To force upgrades of plugins that have been manually upgraded, run the docker image with `-e PLUGINS_FORCE_UPGRADE=true`.
The default behaviour when upgrading from a docker image that didn't write marker files is to leave existing plugins in place. If you want to upgrade existing plugins without marker you may run the docker image with `-e TRY_UPGRADE_IF_NO_MARKER=true`. Then plugins will be upgraded if the version provided by the docker image is newer.
## Hacking
If you wish to contribute fixes to this repository, please refer to the [dedicated documentation](HACKING.adoc).
# Questions?
Jump on irc.freenode.net and the #jenkins room. Ask!
[system-property]: https://wiki.jenkins.io/display/JENKINS/Features+controlled+by+system+properties
\ No newline at end of file
download.yaml 0 → 100644
View file @ 4e9b28b9
resources:
- url: "docker://docker.io/jenkins/jenkins@sha256:7cafb6b93b0276c1b70c8ce22152b89835a6c6169d8bfd91532d2553e9bc8fa0"
tag: "jenkins/jenkins:2.222.4-centos"
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED