Merge branch 'development' into 'master'

Development See merge request !30

Merge branch 'development' into 'master'
Development See merge request !30
811c1e98 · Andy Maksymowicz · 13e74394 · 39ca6325 · 811c1e98 · 13e74394
Commit 811c1e98 authored Jan 22, 2021 by Andy Maksymowicz
6 changed files
--- a/Dockerfile
+++ b/Dockerfile
-ARG BASE_REGISTRY=registry1.dsop.io
+ARG BASE_REGISTRY=registry1.dso.mil
 ARG BASE_IMAGE=redhat/openjdk/openjdk8-devel
 ARG BASE_TAG=1.8.0

-FROM jenkins/jenkins:2.249.3-centos as jenkins
+FROM jenkins/jenkins:2.263.2-centos as jenkins

 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}

-LABEL name="Jenkins" \
-      description="Jenkins Continuous Integration and Delivery server" \
-      vendor="Jenkins" \
-      summary="Jenkins 2.235.1" \
-      maintainer="Jenkins" \
-      version="2.249.3"

 USER root


--- a/Jenkinsfile
+++ b/Jenkinsfile
-@Library('DCCSCR@master') _
-dccscrPipeline( version: "2.249.3" )
\ No newline at end of file
--- a/README.md
+++ b/README.md
 # Official Jenkins Docker image

+# Approved for use behind a CNAP/CPN. It cannot be internet facing.
+
 [![Docker Stars](https://img.shields.io/docker/stars/jenkins/jenkins.svg)](https://hub.docker.com/r/jenkins/jenkins/)
 [![Docker Pulls](https://img.shields.io/docker/pulls/jenkins/jenkins.svg)](https://hub.docker.com/r/jenkins/jenkins/)
 [![Join the chat at https://gitter.im/jenkinsci/docker](https://badges.gitter.im/jenkinsci/docker.svg)](https://gitter.im/jenkinsci/docker?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
@@ -15,7 +17,7 @@ This is a fully functional Jenkins server.
 # Usage

 ```
-podman run -p 8080:8080 -p 50000:50000 nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
+podman run -p 8080:8080 -p 50000:50000 nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.263.2-development
 ```

 NOTE: read below the _build executors_ part for the role of the `50000` port mapping.
@@ -24,7 +26,7 @@ This will store the workspace in /var/jenkins_home. All Jenkins data lives in th
 You will probably want to make that an explicit volume so you can manage it and attach to another container for upgrades :

 ```
-podman run -p 8080:8080 -p 50000:50000 -v jenkins_home:/var/jenkins_home nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
+podman run -p 8080:8080 -p 50000:50000 -v jenkins_home:/var/jenkins_home nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.263.2-development
 ```

 this will automatically create a 'jenkins_home' [docker volume](https://docs.docker.com/storage/volumes/) on the host machine, that will survive the container stop/restart/deletion.
@@ -32,7 +34,7 @@ this will automatically create a 'jenkins_home' [docker volume](https://docs.doc
 NOTE: Avoid using a [bind mount](https://docs.docker.com/storage/bind-mounts/) from a folder on the host machine into `/var/jenkins_home`, as this might result in file permission issues (the user used inside the container might not have rights to the folder on the host machine). If you _really_ need to bind mount jenkins_home, ensure that the directory on the host is accessible by the jenkins user inside the container (jenkins user - uid 1000) or use `-u some_other_user` parameter with `podman run`.

 ```
-podman run -d -v jenkins_home:/var/jenkins_home -p 8080:8080 -p 50000:50000 nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
+podman run -d -v jenkins_home:/var/jenkins_home -p 8080:8080 -p 50000:50000 nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.263.2-development
 ```

 this will run Jenkins in detached mode with port forwarding and volume added. You can access logs with command 'docker logs CONTAINER_ID' in order to check first login token. ID of container will be returned from output of command above.
@@ -62,7 +64,7 @@ Jenkins.instance.setNumExecutors(5)
 and `Dockerfile`

 ```
-FROM nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
+FROM nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.263.2-development
 COPY executors.groovy /usr/share/jenkins/ref/init.groovy.d/executors.groovy
 ```

@@ -81,7 +83,7 @@ You might need to customize the JVM running Jenkins, typically to pass system pr
 variable for this purpose :

 ```
-podman run --name myjenkins -p 8080:8080 -p 50000:50000 --env JAVA_OPTS=-Dhudson.footerURL=http://mycompany.com nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
+podman run --name myjenkins -p 8080:8080 -p 50000:50000 --env JAVA_OPTS=-Dhudson.footerURL=http://mycompany.com nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.263.2-development
 ```

 # Configuring logging
@@ -96,7 +98,7 @@ handlers=java.util.logging.ConsoleHandler
 jenkins.level=FINEST
 java.util.logging.ConsoleHandler.level=FINEST
 EOF
-podman run --name myjenkins -p 8080:8080 -p 50000:50000 --env JAVA_OPTS="-Djava.util.logging.config.file=/var/jenkins_home/log.properties" -v `pwd`/data:/var/jenkins_home nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
+podman run --name myjenkins -p 8080:8080 -p 50000:50000 --env JAVA_OPTS="-Djava.util.logging.config.file=/var/jenkins_home/log.properties" -v `pwd`/data:/var/jenkins_home nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.263.2-development
 ```

 # Configuring reverse proxy
@@ -108,7 +110,7 @@ If you want to install Jenkins behind a reverse proxy with prefix, example: mysi

 Arguments you pass to podman running the Jenkins image are passed to jenkins launcher, so for example you can run:
 ```
-podman run nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development --version
+podman run nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.263.2-development --version
 ```
 This will show the Jenkins version, the same as when you run Jenkins from an executable war.

@@ -117,7 +119,7 @@ You can also define Jenkins arguments via `JENKINS_OPTS`. This is useful for cus
 to force use of HTTPS with a certificate included in the image.

 ```
-FROM nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
+FROM nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.263.2-development

 COPY https.pem /var/lib/jenkins/cert
 COPY https.key /var/lib/jenkins/pk
@@ -128,12 +130,12 @@ EXPOSE 8083
 You can also change the default slave agent port for jenkins by defining `JENKINS_SLAVE_AGENT_PORT` in a sample Dockerfile.

 ```
-FROM nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
+FROM nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.263.2-development
 ENV JENKINS_SLAVE_AGENT_PORT 50001
 ```
 or as a parameter to docker,
 ```
-podman run --name myjenkins -p 8080:8080 -p 50001:50001 --env JENKINS_SLAVE_AGENT_PORT=50001 nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
+podman run --name myjenkins -p 8080:8080 -p 50001:50001 --env JENKINS_SLAVE_AGENT_PORT=50001 nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.263.2-development
 ```

 **Note**: This environment variable will be used to set the port adding the
@@ -147,7 +149,7 @@ podman run --name myjenkins -p 8080:8080 -p 50001:50001 --env JENKINS_SLAVE_AGEN
 You can run your container as root - and install via apt-get, install as part of build steps via jenkins tool installers, or you can create your own Dockerfile to customise, for example:

 ```
-FROM nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
+FROM nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.263.2-development
 # if we want to install via apt
 USER root
 RUN apt-get update && apt-get install -y ruby make more-thing-here
@@ -160,7 +162,7 @@ For this purpose, use `/usr/share/jenkins/ref` as a place to define the default
 wish the target installation to look like :

 ```
-FROM nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
+FROM nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.263.2-development
 COPY custom.groovy /usr/share/jenkins/ref/init.groovy.d/custom.groovy
 ```

@@ -174,7 +176,7 @@ This script will perform downloads from update centers, and internet access is r
 During the download, the script will use update centers defined by the following environment variables:

 * `JENKINS_UC` - Main update center.
-  This update center may offer plugin versions depending on the Jenkins 2.235.1 Core versions.
+  This update center may offer plugin versions depending on the Jenkins 2.263.2 Core versions.
  Default value: https://updates.jenkins.io
 * `JENKINS_UC_EXPERIMENTAL` - [Experimental Update Center](https://jenkins.io/blog/2013/09/23/experimental-plugins-update-center/).
  This center offers Alpha and Beta versions of plugins.
@@ -198,7 +200,7 @@ Dependencies that are already included in the Jenkins war will only be downloade
 There are also custom version specifiers:

 * `latest` - download the latest version from the main update center.
-  For Jenkins 2.235.1 images
+  For Jenkins 2.263.2 images
  (example: `git:latest`)
 * `experimental` - download the latest version from the experimental update center defined by the `JENKINS_UC_EXPERIMENTAL` environment variable (example: `filesystem_scm:experimental`)
 * `incrementals;org.jenkins-ci.plugins.workflow;2.19-rc289.d09828a05a74[;githubUserId][;branchName]`
@@ -228,14 +230,14 @@ In case you have changed some default paths in the image, you can modify their v
 You can run the script manually in Dockerfile:

 ```Dockerfile
-FROM nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
+FROM nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.263.2-development
 RUN /usr/local/bin/install-plugins.sh docker-slaves github-branch-source:1.8
 ```

 Furthermore it is possible to pass a file that contains this set of plugins (with or without line breaks).

 ```Dockerfile
-FROM nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
+FROM nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.263.2-development
 COPY plugins.txt /usr/share/jenkins/ref/plugins.txt
 RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt
 ```
@@ -277,7 +279,7 @@ which may be inappropriate.

 # Upgrading

-All the data needed is in the /var/jenkins_home directory - so depending on how you manage that - depends on how you upgrade. Generally - you can copy it out - and then "docker pull" the image again - and you will have the latest 2.235.1 - you can then start up with -v pointing to that data (/var/jenkins_home) and everything will be as you left it.
+All the data needed is in the /var/jenkins_home directory - so depending on how you manage that - depends on how you upgrade. Generally - you can copy it out - and then "docker pull" the image again - and you will have the latest 2.263.2 - you can then start up with -v pointing to that data (/var/jenkins_home) and everything will be as you left it.

 As always - please ensure that you know how to drive docker - especially volume handling!


--- a/download.yaml
+++ b/download.yaml
-resources:
-  - url: "docker://docker.io/jenkins/jenkins@sha256:76a2e282ad89382eb344dc667af266eab1bf8f8fa69a9785e7051d9078d629ab"
-    tag: "jenkins/jenkins:2.249.3-centos"
\ No newline at end of file
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
+---
+apiVersion: v1
+
+# The repository name in registry1, excluding /ironbank/
+name: "opensource/jenkins/jenkins"
+
+# List of tags to push for the repository in registry1
+# The most specific version should be the first tag and will be shown
+# on ironbank.dsop.io
+tags:
+- "2.263.2"
+- "latest"
+
+# Build args passed to Dockerfile ARGs
+args:
+  BASE_IMAGE: "redhat/openjdk/openjdk8-devel"
+  BASE_TAG: "1.8.0"
+
+# Docker image labels
+labels:
+  org.opencontainers.image.title: "jenkins"
+  ## Human-readable description of the software packaged in the image
+  org.opencontainers.image.description: "Jenkins is a CI/CD server."
+  ## License(s) under which contained software is distributed
+  org.opencontainers.image.licenses: "MIT"
+  ## URL to find more information on the image
+  org.opencontainers.image.url: "https://www.jenkins.io/"
+  ## Name of the distributing entity, organization or individual
+  org.opencontainers.image.vendor: "jenkins"
+  org.opencontainers.image.version: "2.263.2"
+  ## Keywords to help with search (ex. "cicd,gitops,golang")
+  mil.dso.ironbank.image.keywords: "cicd"
+  ## This value can be "opensource" or "commercial"
+  mil.dso.ironbank.image.type: "opensource"
+  ## Product the image belongs to for grouping multiple images
+  mil.dso.ironbank.product.name: "opensource/jenkins"
+
+# List of resources to make available to the offline build context
+resources:
+- url: "docker://docker.io/jenkins/jenkins@sha256:84897b3837cb90380da84bf1ac6758ad4babff0301d1fada8ea7a6d911cc68f3"
+  tag: "jenkins/jenkins:2.263.2-centos"
+
+# List of project maintainers
+# FIXME: Fill in the following details for the current container owner in the whitelist
+# FIXME: Include any other vendor information if applicable
+maintainers:
+- email: "bhearn@anchore.com"
+  # The name of the current container owner
+  name: "Blake Hearn"
+  # The gitlab username of the current container owner
+  username: "bhearn"
+  cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT
+# - name: "FIXME"
+#   username: "FIXME"
+#   email: "FIXME"
--- a/renovate.json
+++ b/renovate.json
 {
-  "assignees": ["@segren.tim"],
-  "baseBranches": ["development"],
+  "assignees": [
+    "@bhearn"
+  ],
+  "baseBranches": [
+    "development"
+  ],
  "regexManagers": [
    {
-      "fileMatch": ["^Dockerfile$"],
+      "fileMatch": [
+        "^Dockerfile$"
+      ],
      "matchStrings": [
        "version=\"(?<currentValue>.*?)\""
      ],
@@ -11,13 +17,24 @@
      "datasourceTemplate": "docker"
    },
    {
-      "fileMatch": ["^Jenkinsfile$"],
+      "fileMatch": [
+        "^hardening_manifest.yaml$"
+      ],
+      "matchStrings": [
+        "org\\.opencontainers\\.image\\.version:\\s+\"(?<currentValue>.+?)\""
+      ],
+      "depNameTemplate": "jenkins/jenkins",
+      "datasourceTemplate": "docker"
+    },
+    {
+      "fileMatch": [
+        "^hardening_manifest.yaml$"
+      ],
      "matchStrings": [
-        "version:\\s+\"(?<currentValue>.*?)\""
+        "tags:\\s+-\\s+\"(?<currentValue>.+?)\""
      ],
      "depNameTemplate": "jenkins/jenkins",
      "datasourceTemplate": "docker"
    }
  ]
 }
\ No newline at end of file
-