UNCLASSIFIED

Skip to content

GitLab

Commit e4235bdf authored by Matt Vasquez's avatar Matt Vasquez
Browse files

Peer Review Changes / Version Update

parent 4f3e742d
Hide whitespace changes
Inline Side-by-side
Showing with 489 additions and 37 deletions
Dockerfile
View file @ e4235bdf
ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082 ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082
ARG BASE_IMAGE=redhat/ubi/ubi8 ARG BASE_IMAGE=redhat/openjdk/openjdk8-devel
ARG BASE_TAG=1.8
ARG BASE_TAG=8.2 FROM jenkins/jenkins:2.235.1-centos as jenkins
FROM jenkins/jenkins:2.222.4-centos as jenkins
FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
LABEL name="Jenkins" \ LABEL name="Jenkins" \
description="Jenkins Continuous Integration and Delivery server" \ description="Jenkins Continuous Integration and Delivery server" \
vendor="Jenkins" \ vendor="Jenkins" \
summary="Jenkins 2.222.4" \ summary="Jenkins 2.235.1" \
maintainer="Jenkins" \ maintainer="Jenkins" \
version="2.222.4" version="2.235.1"
USER root
ENV JAVA_HOME /etc/alternatives/jre_openjdk ENV JAVA_HOME /usr/lib/jvm/java
ARG user=jenkins ARG user=jenkins
ARG group=jenkins ARG group=jenkins
...@@ -39,7 +40,7 @@ RUN mkdir -p $JENKINS_HOME && \ ...@@ -39,7 +40,7 @@ RUN mkdir -p $JENKINS_HOME && \
groupadd -g ${gid} ${group} && \ groupadd -g ${gid} ${group} && \
useradd -d "$JENKINS_HOME" -u ${uid} -g ${gid} -m -s /bin/bash ${user} && \ useradd -d "$JENKINS_HOME" -u ${uid} -g ${gid} -m -s /bin/bash ${user} && \
dnf update -y && \ dnf update -y && \
dnf install -y git java java-devel unzip --setopt=tsflags=nodocs && \ dnf install -y git unzip --setopt=tsflags=nodocs && \
git lfs install && \ git lfs install && \
dnf clean all && \ dnf clean all && \
rm -rf /var/cache/dnf && \ rm -rf /var/cache/dnf && \
...@@ -56,10 +57,6 @@ VOLUME $JENKINS_HOME ...@@ -56,10 +57,6 @@ VOLUME $JENKINS_HOME
COPY --from=jenkins /usr/share/jenkins/jenkins.war /usr/share/jenkins/jenkins.war COPY --from=jenkins /usr/share/jenkins/jenkins.war /usr/share/jenkins/jenkins.war
ENV JENKINS_UC https://updates.jenkins.io
ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental
ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals
# for main web interface: # for main web interface:
EXPOSE ${http_port} EXPOSE ${http_port}
...@@ -71,7 +68,7 @@ ENV COPY_REFERENCE_FILE_LOG $JENKINS_HOME/copy_reference_file.log ...@@ -71,7 +68,7 @@ ENV COPY_REFERENCE_FILE_LOG $JENKINS_HOME/copy_reference_file.log
USER ${user} USER ${user}
COPY --from=jenkins /usr/local/bin/jenkins-support /usr/local/bin/jenkins-support COPY --from=jenkins /usr/local/bin/jenkins-support /usr/local/bin/jenkins-support
COPY --from=jenkins /usr/local/bin/jenkins.sh /usr/local/bin/jenkins.sh COPY scripts/jenkins.sh /usr/local/bin/jenkins.sh
COPY --from=jenkins /bin/tini /bin/tini COPY --from=jenkins /bin/tini /bin/tini
COPY --from=jenkins /sbin/tini /sbin/tini COPY --from=jenkins /sbin/tini /sbin/tini
...@@ -80,5 +77,5 @@ HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD curl - ...@@ -80,5 +77,5 @@ HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD curl -
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/jenkins.sh"] ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/jenkins.sh"]
# from a derived Dockerfile, can use `RUN plugins.sh active.txt` to setup $REF/plugins from a support bundle # from a derived Dockerfile, can use `RUN plugins.sh active.txt` to setup $REF/plugins from a support bundle
COPY --from=jenkins /usr/local/bin/plugins.sh /usr/local/bin/plugins.sh COPY scripts/plugins.sh /usr/local/bin/plugins.sh
COPY --from=jenkins /usr/local/bin/install-plugins.sh /usr/local/bin/install-plugins.sh COPY scripts/install-plugins.sh /usr/local/bin/install-plugins.sh
\ No newline at end of file \ No newline at end of file
Jenkinsfile
View file @ e4235bdf
@Library('DCCSCR@master') _ @Library('DCCSCR@master') _
dccscrPipeline( version: "2.222.4" ) dccscrPipeline( version: "2.351.1" )
\ No newline at end of file \ No newline at end of file
README.md
View file @ e4235bdf
...@@ -15,7 +15,7 @@ This is a fully functional Jenkins server. ...@@ -15,7 +15,7 @@ This is a fully functional Jenkins server.
# Usage # Usage
``` ```
docker run -p 8080:8080 -p 50000:50000 jenkins/jenkins:2.222.4-centos podman run -p 8080:8080 -p 50000:50000 nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
``` ```
NOTE: read below the _build executors_ part for the role of the `50000` port mapping. NOTE: read below the _build executors_ part for the role of the `50000` port mapping.
...@@ -24,15 +24,15 @@ This will store the workspace in /var/jenkins_home. All Jenkins data lives in th ...@@ -24,15 +24,15 @@ This will store the workspace in /var/jenkins_home. All Jenkins data lives in th
You will probably want to make that an explicit volume so you can manage it and attach to another container for upgrades : You will probably want to make that an explicit volume so you can manage it and attach to another container for upgrades :
``` ```
docker run -p 8080:8080 -p 50000:50000 -v jenkins_home:/var/jenkins_home jenkins/jenkins:2.222.4-centos podman run -p 8080:8080 -p 50000:50000 -v jenkins_home:/var/jenkins_home nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
``` ```
this will automatically create a 'jenkins_home' [docker volume](https://docs.docker.com/storage/volumes/) on the host machine, that will survive the container stop/restart/deletion. this will automatically create a 'jenkins_home' [docker volume](https://docs.docker.com/storage/volumes/) on the host machine, that will survive the container stop/restart/deletion.
NOTE: Avoid using a [bind mount](https://docs.docker.com/storage/bind-mounts/) from a folder on the host machine into `/var/jenkins_home`, as this might result in file permission issues (the user used inside the container might not have rights to the folder on the host machine). If you _really_ need to bind mount jenkins_home, ensure that the directory on the host is accessible by the jenkins user inside the container (jenkins user - uid 1000) or use `-u some_other_user` parameter with `docker run`. NOTE: Avoid using a [bind mount](https://docs.docker.com/storage/bind-mounts/) from a folder on the host machine into `/var/jenkins_home`, as this might result in file permission issues (the user used inside the container might not have rights to the folder on the host machine). If you _really_ need to bind mount jenkins_home, ensure that the directory on the host is accessible by the jenkins user inside the container (jenkins user - uid 1000) or use `-u some_other_user` parameter with `podman run`.
``` ```
docker run -d -v jenkins_home:/var/jenkins_home -p 8080:8080 -p 50000:50000 jenkins/jenkins:2.222.4-centos podman run -d -v jenkins_home:/var/jenkins_home -p 8080:8080 -p 50000:50000 nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
``` ```
this will run Jenkins in detached mode with port forwarding and volume added. You can access logs with command 'docker logs CONTAINER_ID' in order to check first login token. ID of container will be returned from output of command above. this will run Jenkins in detached mode with port forwarding and volume added. You can access logs with command 'docker logs CONTAINER_ID' in order to check first login token. ID of container will be returned from output of command above.
...@@ -62,7 +62,7 @@ Jenkins.instance.setNumExecutors(5) ...@@ -62,7 +62,7 @@ Jenkins.instance.setNumExecutors(5)
and `Dockerfile` and `Dockerfile`
``` ```
FROM jenkins/jenkins:2.222.4-centos FROM nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
COPY executors.groovy /usr/share/jenkins/ref/init.groovy.d/executors.groovy COPY executors.groovy /usr/share/jenkins/ref/init.groovy.d/executors.groovy
``` ```
...@@ -81,7 +81,7 @@ You might need to customize the JVM running Jenkins, typically to pass system pr ...@@ -81,7 +81,7 @@ You might need to customize the JVM running Jenkins, typically to pass system pr
variable for this purpose : variable for this purpose :
``` ```
docker run --name myjenkins -p 8080:8080 -p 50000:50000 --env JAVA_OPTS=-Dhudson.footerURL=http://mycompany.com jenkins/jenkins:2.222.4-centos podman run --name myjenkins -p 8080:8080 -p 50000:50000 --env JAVA_OPTS=-Dhudson.footerURL=http://mycompany.com nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
``` ```
# Configuring logging # Configuring logging
...@@ -96,7 +96,7 @@ handlers=java.util.logging.ConsoleHandler ...@@ -96,7 +96,7 @@ handlers=java.util.logging.ConsoleHandler
jenkins.level=FINEST jenkins.level=FINEST
java.util.logging.ConsoleHandler.level=FINEST java.util.logging.ConsoleHandler.level=FINEST
EOF EOF
docker run --name myjenkins -p 8080:8080 -p 50000:50000 --env JAVA_OPTS="-Djava.util.logging.config.file=/var/jenkins_home/log.properties" -v `pwd`/data:/var/jenkins_home jenkins/jenkins:2.222.4-centos podman run --name myjenkins -p 8080:8080 -p 50000:50000 --env JAVA_OPTS="-Djava.util.logging.config.file=/var/jenkins_home/log.properties" -v `pwd`/data:/var/jenkins_home nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
``` ```
# Configuring reverse proxy # Configuring reverse proxy
...@@ -106,9 +106,9 @@ If you want to install Jenkins behind a reverse proxy with prefix, example: mysi ...@@ -106,9 +106,9 @@ If you want to install Jenkins behind a reverse proxy with prefix, example: mysi
# Passing Jenkins launcher parameters # Passing Jenkins launcher parameters
Arguments you pass to docker running the Jenkins image are passed to jenkins launcher, so for example you can run: Arguments you pass to podman running the Jenkins image are passed to jenkins launcher, so for example you can run:
``` ```
docker run jenkins/jenkins:2.222.4-centos --version podman run nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development --version
``` ```
This will show the Jenkins version, the same as when you run Jenkins from an executable war. This will show the Jenkins version, the same as when you run Jenkins from an executable war.
...@@ -117,7 +117,7 @@ You can also define Jenkins arguments via `JENKINS_OPTS`. This is useful for cus ...@@ -117,7 +117,7 @@ You can also define Jenkins arguments via `JENKINS_OPTS`. This is useful for cus
to force use of HTTPS with a certificate included in the image. to force use of HTTPS with a certificate included in the image.
``` ```
FROM jenkins/jenkins:2.222.4-centos FROM nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
COPY https.pem /var/lib/jenkins/cert COPY https.pem /var/lib/jenkins/cert
COPY https.key /var/lib/jenkins/pk COPY https.key /var/lib/jenkins/pk
...@@ -128,12 +128,12 @@ EXPOSE 8083 ...@@ -128,12 +128,12 @@ EXPOSE 8083
You can also change the default slave agent port for jenkins by defining `JENKINS_SLAVE_AGENT_PORT` in a sample Dockerfile. You can also change the default slave agent port for jenkins by defining `JENKINS_SLAVE_AGENT_PORT` in a sample Dockerfile.
``` ```
FROM jenkins/jenkins:2.222.4-centos FROM nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
ENV JENKINS_SLAVE_AGENT_PORT 50001 ENV JENKINS_SLAVE_AGENT_PORT 50001
``` ```
or as a parameter to docker, or as a parameter to docker,
``` ```
docker run --name myjenkins -p 8080:8080 -p 50001:50001 --env JENKINS_SLAVE_AGENT_PORT=50001 jenkins/jenkins:2.222.4-centos podman run --name myjenkins -p 8080:8080 -p 50001:50001 --env JENKINS_SLAVE_AGENT_PORT=50001 nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
``` ```
**Note**: This environment variable will be used to set the port adding the **Note**: This environment variable will be used to set the port adding the
...@@ -147,7 +147,7 @@ docker run --name myjenkins -p 8080:8080 -p 50001:50001 --env JENKINS_SLAVE_AGEN ...@@ -147,7 +147,7 @@ docker run --name myjenkins -p 8080:8080 -p 50001:50001 --env JENKINS_SLAVE_AGEN
You can run your container as root - and install via apt-get, install as part of build steps via jenkins tool installers, or you can create your own Dockerfile to customise, for example: You can run your container as root - and install via apt-get, install as part of build steps via jenkins tool installers, or you can create your own Dockerfile to customise, for example:
``` ```
FROM jenkins/jenkins:2.222.4-centos FROM nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
# if we want to install via apt # if we want to install via apt
USER root USER root
RUN apt-get update && apt-get install -y ruby make more-thing-here RUN apt-get update && apt-get install -y ruby make more-thing-here
...@@ -160,7 +160,7 @@ For this purpose, use `/usr/share/jenkins/ref` as a place to define the default ...@@ -160,7 +160,7 @@ For this purpose, use `/usr/share/jenkins/ref` as a place to define the default
wish the target installation to look like : wish the target installation to look like :
``` ```
FROM jenkins/jenkins:2.222.4-centos FROM nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
COPY custom.groovy /usr/share/jenkins/ref/init.groovy.d/custom.groovy COPY custom.groovy /usr/share/jenkins/ref/init.groovy.d/custom.groovy
``` ```
...@@ -174,7 +174,7 @@ This script will perform downloads from update centers, and internet access is r ...@@ -174,7 +174,7 @@ This script will perform downloads from update centers, and internet access is r
During the download, the script will use update centers defined by the following environment variables: During the download, the script will use update centers defined by the following environment variables:
* `JENKINS_UC` - Main update center. * `JENKINS_UC` - Main update center.
This update center may offer plugin versions depending on the Jenkins 2.222.4-centos Core versions. This update center may offer plugin versions depending on the Jenkins 2.235.1 Core versions.
Default value: https://updates.jenkins.io Default value: https://updates.jenkins.io
* `JENKINS_UC_EXPERIMENTAL` - [Experimental Update Center](https://jenkins.io/blog/2013/09/23/experimental-plugins-update-center/). * `JENKINS_UC_EXPERIMENTAL` - [Experimental Update Center](https://jenkins.io/blog/2013/09/23/experimental-plugins-update-center/).
This center offers Alpha and Beta versions of plugins. This center offers Alpha and Beta versions of plugins.
...@@ -198,7 +198,7 @@ Dependencies that are already included in the Jenkins war will only be downloade ...@@ -198,7 +198,7 @@ Dependencies that are already included in the Jenkins war will only be downloade
There are also custom version specifiers: There are also custom version specifiers:
* `latest` - download the latest version from the main update center. * `latest` - download the latest version from the main update center.
For Jenkins 2.222.4-centos images For Jenkins 2.235.1 images
(example: `git:latest`) (example: `git:latest`)
* `experimental` - download the latest version from the experimental update center defined by the `JENKINS_UC_EXPERIMENTAL` environment variable (example: `filesystem_scm:experimental`) * `experimental` - download the latest version from the experimental update center defined by the `JENKINS_UC_EXPERIMENTAL` environment variable (example: `filesystem_scm:experimental`)
* `incrementals;org.jenkins-ci.plugins.workflow;2.19-rc289.d09828a05a74[;githubUserId][;branchName]` * `incrementals;org.jenkins-ci.plugins.workflow;2.19-rc289.d09828a05a74[;githubUserId][;branchName]`
...@@ -228,14 +228,14 @@ In case you have changed some default paths in the image, you can modify their v ...@@ -228,14 +228,14 @@ In case you have changed some default paths in the image, you can modify their v
You can run the script manually in Dockerfile: You can run the script manually in Dockerfile:
```Dockerfile ```Dockerfile
FROM jenkins/jenkins:2.222.4-centos FROM nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
RUN /usr/local/bin/install-plugins.sh docker-slaves github-branch-source:1.8 RUN /usr/local/bin/install-plugins.sh docker-slaves github-branch-source:1.8
``` ```
Furthermore it is possible to pass a file that contains this set of plugins (with or without line breaks). Furthermore it is possible to pass a file that contains this set of plugins (with or without line breaks).
```Dockerfile ```Dockerfile
FROM jenkins/jenkins:2.222.4-centos FROM nexus-docker-secure.nexus.svc.cluster.local:18082/opensource/jenkins/jenkins:2.235.1-development
COPY plugins.txt /usr/share/jenkins/ref/plugins.txt COPY plugins.txt /usr/share/jenkins/ref/plugins.txt
RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt
``` ```
...@@ -277,7 +277,7 @@ which may be inappropriate. ...@@ -277,7 +277,7 @@ which may be inappropriate.
# Upgrading # Upgrading
All the data needed is in the /var/jenkins_home directory - so depending on how you manage that - depends on how you upgrade. Generally - you can copy it out - and then "docker pull" the image again - and you will have the latest 2.222.4-centos - you can then start up with -v pointing to that data (/var/jenkins_home) and everything will be as you left it. All the data needed is in the /var/jenkins_home directory - so depending on how you manage that - depends on how you upgrade. Generally - you can copy it out - and then "docker pull" the image again - and you will have the latest 2.235.1 - you can then start up with -v pointing to that data (/var/jenkins_home) and everything will be as you left it.
As always - please ensure that you know how to drive docker - especially volume handling! As always - please ensure that you know how to drive docker - especially volume handling!
......
download.yaml
View file @ e4235bdf
resources: resources:
- url: "docker://docker.io/jenkins/jenkins@sha256:7cafb6b93b0276c1b70c8ce22152b89835a6c6169d8bfd91532d2553e9bc8fa0" - url: "docker://docker.io/jenkins/jenkins@sha256:0285ec17a91ec9269c41ba3d5abb5db4aa24a22b0bbe43d9d302fa9136fff889"
tag: "jenkins/jenkins:2.222.4-centos" tag: "jenkins/jenkins:2.235.1-centos"
\ No newline at end of file \ No newline at end of file
scripts/install-plugins.sh 0 → 100644
View file @ e4235bdf
#!/bin/bash -eu
# Resolve dependencies and download plugins given on the command line
#
# FROM jenkins
# RUN install-plugins.sh docker-slaves github-branch-source
#
# Environment variables:
# REF: directory with preinstalled plugins. Default: /usr/share/jenkins/ref/plugins
# JENKINS_WAR: full path to the jenkins.war. Default: /usr/share/jenkins/jenkins.war
# JENKINS_UC: url of the Update Center. Default: ""
# JENKINS_UC_EXPERIMENTAL: url of the Experimental Update Center for experimental versions of plugins. Default: ""
# JENKINS_INCREMENTALS_REPO_MIRROR: url of the incrementals repo mirror. Default: ""
# JENKINS_UC_DOWNLOAD: download url of the Update Center. Default: JENKINS_UC/download
# CURL_OPTIONS When downloading the plugins with curl. Curl options. Default: -sSfL
# CURL_CONNECTION_TIMEOUT When downloading the plugins with curl. <seconds> Maximum time allowed for connection. Default: 20
# CURL_RETRY When downloading the plugins with curl. Retry request if transient problems occur. Default: 3
# CURL_RETRY_DELAY When downloading the plugins with curl. <seconds> Wait time between retries. Default: 0
# CURL_RETRY_MAX_TIME When downloading the plugins with curl. <seconds> Retry only within this period. Default: 60
set -o pipefail
JENKINS_WAR=${JENKINS_WAR:-/usr/share/jenkins/jenkins.war}
. /usr/local/bin/jenkins-support
REF_DIR="${REF}/plugins"
FAILED="$REF_DIR/failed-plugins.txt"
getLockFile() {
printf '%s' "$REF_DIR/${1}.lock"
}
getArchiveFilename() {
printf '%s' "$REF_DIR/${1}.jpi"
}
download() {
local plugin originalPlugin version lock ignoreLockFile url
plugin="$1"
version="${2:-latest}"
ignoreLockFile="${3:-}"
url="${4:-}"
lock="$(getLockFile "$plugin")"
if [[ $ignoreLockFile ]] || mkdir "$lock" &>/dev/null; then
if ! doDownload "$plugin" "$version" "$url"; then
# some plugin don't follow the rules about artifact ID
# typically: docker-plugin
originalPlugin="$plugin"
plugin="${plugin}-plugin"
if ! doDownload "$plugin" "$version" "$url"; then
echo "Failed to download plugin: $originalPlugin or $plugin" >&2
echo "Not downloaded: ${originalPlugin}" >> "$FAILED"
return 1
fi
fi
if ! checkIntegrity "$plugin"; then
echo "Downloaded file is not a valid ZIP: $(getArchiveFilename "$plugin")" >&2
echo "Download integrity: ${plugin}" >> "$FAILED"
return 1
fi
resolveDependencies "$plugin"
fi
}
doDownload() {
local plugin version url jpi
plugin="$1"
version="$2"
url="$3"
jpi="$(getArchiveFilename "$plugin")"
# If plugin already exists and is the same version do not download
if test -f "$jpi" && unzip -p "$jpi" META-INF/MANIFEST.MF | tr -d '\r' | grep "^Plugin-Version: ${version}$" > /dev/null; then
echo "Using provided plugin: $plugin"
return 0
fi
if [[ -n $url ]] ; then
echo "Will use url=$url"
elif [[ "$version" == "latest" && -n "$JENKINS_UC_LATEST" ]]; then
# If version-specific Update Center is available, which is the case for LTS versions,
# use it to resolve latest versions.
url="$JENKINS_UC_LATEST/latest/${plugin}.hpi"
elif [[ "$version" == "experimental" && -n "$JENKINS_UC_EXPERIMENTAL" ]]; then
# Download from the experimental update center
url="$JENKINS_UC_EXPERIMENTAL/latest/${plugin}.hpi"
elif [[ "$version" == incrementals* ]] ; then
# Download from Incrementals repo: https://jenkins.io/blog/2018/05/15/incremental-deployment/
# Example URL: https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/plugins/workflow/workflow-support/2.19-rc289.d09828a05a74/workflow-support-2.19-rc289.d09828a05a74.hpi
local groupId incrementalsVersion
# add a trailing ; so the \n gets added to the end
readarray -t "-d;" arrIN <<<"${version};";
unset 'arrIN[-1]';
groupId=${arrIN[1]}
incrementalsVersion=${arrIN[2]}
url="${JENKINS_INCREMENTALS_REPO_MIRROR}/$(echo "${groupId}" | tr '.' '/')/${plugin}/${incrementalsVersion}/${plugin}-${incrementalsVersion}.hpi"
else
JENKINS_UC_DOWNLOAD=${JENKINS_UC_DOWNLOAD:-"$JENKINS_UC/download"}
url="$JENKINS_UC_DOWNLOAD/plugins/$plugin/$version/${plugin}.hpi"
fi
echo "Downloading plugin: $plugin from $url"
# We actually want to allow variable value to be split into multiple options passed to curl.
# This is needed to allow long options and any options that take value.
# shellcheck disable=SC2086
retry_command curl ${CURL_OPTIONS:--sSfL} --connect-timeout "${CURL_CONNECTION_TIMEOUT:-20}" --retry "${CURL_RETRY:-3}" --retry-delay "${CURL_RETRY_DELAY:-0}" --retry-max-time "${CURL_RETRY_MAX_TIME:-60}" "$url" -o "$jpi"
return $?
}
checkIntegrity() {
local plugin jpi
plugin="$1"
jpi="$(getArchiveFilename "$plugin")"
unzip -t -qq "$jpi" >/dev/null
return $?
}
resolveDependencies() {
local plugin jpi dependencies
plugin="$1"
jpi="$(getArchiveFilename "$plugin")"
dependencies="$(unzip -p "$jpi" META-INF/MANIFEST.MF | tr -d '\r' | tr '\n' '|' | sed -e 's#| ##g' | tr '|' '\n' | grep "^Plugin-Dependencies: " | sed -e 's#^Plugin-Dependencies: ##')"
if [[ ! $dependencies ]]; then
echo " > $plugin has no dependencies"
return
fi
echo " > $plugin depends on $dependencies"
IFS=',' read -r -a array <<< "$dependencies"
for d in "${array[@]}"
do
plugin="$(cut -d':' -f1 - <<< "$d")"
if [[ $d == *"resolution:=optional"* ]]; then
echo "Skipping optional dependency $plugin"
else
local pluginInstalled
if pluginInstalled="$(echo -e "${bundledPlugins}\n${installedPlugins}" | grep "^${plugin}:")"; then
pluginInstalled="${pluginInstalled//[$'\r']}"
local versionInstalled; versionInstalled=$(versionFromPlugin "${pluginInstalled}")
local minVersion; minVersion=$(versionFromPlugin "${d}")
if versionLT "${versionInstalled}" "${minVersion}"; then
echo "Upgrading bundled dependency $d ($minVersion > $versionInstalled)"
download "$plugin" &
else
echo "Skipping already installed dependency $d ($minVersion <= $versionInstalled)"
fi
else
download "$plugin" &
fi
fi
done
wait
}
bundledPlugins() {
if [ -f "$JENKINS_WAR" ]
then
TEMP_PLUGIN_DIR=/tmp/plugintemp.$$
for i in $(jar tf "$JENKINS_WAR" | grep -E '[^detached-]plugins.*\..pi' | sort)
do
rm -fr $TEMP_PLUGIN_DIR
mkdir -p $TEMP_PLUGIN_DIR
PLUGIN=$(basename "$i"|cut -f1 -d'.')
(cd $TEMP_PLUGIN_DIR;jar xf "$JENKINS_WAR" "$i";jar xvf "$TEMP_PLUGIN_DIR/$i" META-INF/MANIFEST.MF >/dev/null 2>&1)
VER=$(grep -E -i Plugin-Version "$TEMP_PLUGIN_DIR/META-INF/MANIFEST.MF"|cut -d: -f2|sed 's/ //')
echo "$PLUGIN:$VER"
done
rm -fr $TEMP_PLUGIN_DIR
else
echo "war not found, installing all plugins: $JENKINS_WAR"
fi
}
versionFromPlugin() {
local plugin=$1
if [[ $plugin =~ .*:.* ]]; then
echo "${plugin##*:}"
else
echo "latest"
fi
}
installedPlugins() {
for f in "$REF_DIR"/*.jpi; do
echo "$(basename "$f" | sed -e 's/\.jpi//'):$(get_plugin_version "$f")"
done
}
jenkinsMajorMinorVersion() {
if [[ -f "$JENKINS_WAR" ]]; then
local version major minor
version="$(java -jar "$JENKINS_WAR" --version)"
major="$(echo "$version" | cut -d '.' -f 1)"
minor="$(echo "$version" | cut -d '.' -f 2)"
echo "$major.$minor"
else
echo ""
fi
}
main() {
local plugin jenkinsVersion
local plugins=()
mkdir -p "$REF_DIR" || exit 1
rm -f "$FAILED"
# Read plugins from stdin or from the command line arguments
if [[ ($# -eq 0) ]]; then
while read -r line || [ "$line" != "" ]; do
# Remove leading/trailing spaces, comments, and empty lines
plugin=$(echo "${line}" | tr -d '\r' | sed -e 's/^[ \t]*//g' -e 's/[ \t]*$//g' -e 's/[ \t]*#.*$//g' -e '/^[ \t]*$/d')
# Avoid adding empty plugin into array
if [ ${#plugin} -ne 0 ]; then
plugins+=("${plugin}")
fi
done
else
plugins=("$@")
fi
# Create lockfile manually before first run to make sure any explicit version set is used.
echo "Creating initial locks..."
for plugin in "${plugins[@]}"; do
mkdir "$(getLockFile "${plugin%%:*}")"
done
echo "Analyzing war $JENKINS_WAR..."
bundledPlugins="$(bundledPlugins)"
echo "Registering preinstalled plugins..."
installedPlugins="$(installedPlugins)"
# Check if there's a version-specific update center, which is the case for LTS versions
jenkinsVersion="$(jenkinsMajorMinorVersion)"
if curl -fsL -o /dev/null "$JENKINS_UC/$jenkinsVersion"; then
JENKINS_UC_LATEST="$JENKINS_UC/$jenkinsVersion"
echo "Using version-specific update center: $JENKINS_UC_LATEST..."
else
JENKINS_UC_LATEST=
fi
echo "Downloading plugins..."
for plugin in "${plugins[@]}"; do
local reg='^([^:]+):?([^:]+)?:?([^:]+)?:?(http.+)?'
if [[ $plugin =~ $reg ]]; then
local pluginId="${BASH_REMATCH[1]}"
local version="${BASH_REMATCH[2]}"
local lock="${BASH_REMATCH[3]}"
local url="${BASH_REMATCH[4]}"
download "$pluginId" "$version" "${lock:-true}" "${url}" &
else
echo "Skipping the line '${plugin}' as it does not look like a reference to a plugin"
fi
done
wait
echo
echo "WAR bundled plugins:"
echo "${bundledPlugins}"
echo
echo "Installed plugins:"
installedPlugins
if [[ -f $FAILED ]]; then
echo "Some plugins failed to download!" "$(<"$FAILED")" >&2
exit 1
fi
echo "Cleaning up locks"
find "$REF_DIR" -regex ".*.lock" | while read -r filepath; do
rm -r "$filepath"
done
}
main "$@"
scripts/jenkins.sh 0 → 100644
View file @ e4235bdf
#! /bin/bash -e
: "${JENKINS_WAR:="/usr/share/jenkins/jenkins.war"}"
: "${JENKINS_HOME:="/var/jenkins_home"}"
: "${COPY_REFERENCE_FILE_LOG:="${JENKINS_HOME}/copy_reference_file.log"}"
: "${REF:="/usr/share/jenkins/ref"}"
touch "${COPY_REFERENCE_FILE_LOG}" || { echo "Can not write to ${COPY_REFERENCE_FILE_LOG}. Wrong volume permissions?"; exit 1; }
echo "--- Copying files at $(date)" >> "$COPY_REFERENCE_FILE_LOG"
find "${REF}" \( -type f -o -type l \) -exec bash -c '. /usr/local/bin/jenkins-support; for arg; do copy_reference_file "$arg"; done' _ {} +
# if `docker run` first argument start with `--` the user is passing jenkins launcher arguments
if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then
# read JAVA_OPTS and JENKINS_OPTS into arrays to avoid need for eval (and associated vulnerabilities)
java_opts_array=()
while IFS= read -r -d '' item; do
java_opts_array+=( "$item" )
done < <([[ $JAVA_OPTS ]] && xargs printf '%s\0' <<<"$JAVA_OPTS")
readonly agent_port_property='jenkins.model.Jenkins.slaveAgentPort'
if [ -n "${JENKINS_SLAVE_AGENT_PORT:-}" ] && [[ "${JAVA_OPTS:-}" != *"${agent_port_property}"* ]]; then
java_opts_array+=( "-D${agent_port_property}=${JENKINS_SLAVE_AGENT_PORT}" )
fi
if [[ "$DEBUG" ]] ; then
java_opts_array+=( \
'-Xdebug' \
'-Xrunjdwp:server=y,transport=dt_socket,address=5005,suspend=y' \
)
fi
jenkins_opts_array=( )
while IFS= read -r -d '' item; do
jenkins_opts_array+=( "$item" )
done < <([[ $JENKINS_OPTS ]] && xargs printf '%s\0' <<<"$JENKINS_OPTS")
exec java -Duser.home="$JENKINS_HOME" "${java_opts_array[@]}" -jar ${JENKINS_WAR} "${jenkins_opts_array[@]}" "$@"
fi
# As argument is not jenkins, assume user want to run his own process, for example a `bash` shell to explore this image
exec "$@"
scripts/plugins.sh 0 → 100644
View file @ e4235bdf
#! /bin/bash
# Parse a support-core plugin -style txt file as specification for jenkins plugins to be installed
# in the reference directory, so user can define a derived Docker image with just :
#
# FROM jenkins
# COPY plugins.txt /plugins.txt
# RUN /usr/local/bin/plugins.sh /plugins.txt
#
# Note: Plugins already installed are skipped
#
set -e
echo "WARN: plugins.sh is deprecated, please switch to install-plugins.sh"
if [ -z "$1" ]
then
echo "
USAGE:
Parse a support-core plugin -style txt file as specification for jenkins plugins to be installed
in the reference directory, so user can define a derived Docker image with just :
FROM jenkins
COPY plugins.txt /plugins.txt
RUN /usr/local/bin/plugins.sh /plugins.txt
Note: Plugins already installed are skipped
"
exit 1
else
JENKINS_INPUT_JOB_LIST=$1
if [ ! -f "$JENKINS_INPUT_JOB_LIST" ]
then
echo "ERROR File not found: $JENKINS_INPUT_JOB_LIST"
exit 1
fi
fi
# the war includes a # of plugins, to make the build efficient filter out
# the plugins so we dont install 2x - there about 17!
if [ -d "$JENKINS_HOME" ]
then
TEMP_ALREADY_INSTALLED=$JENKINS_HOME/preinstalled.plugins.$$.txt
else
echo "ERROR $JENKINS_HOME not found"
exit 1
fi
JENKINS_PLUGINS_DIR=${JENKINS_HOME}/plugins
if [ -d "$JENKINS_PLUGINS_DIR" ]
then
echo "Analyzing: $JENKINS_PLUGINS_DIR"
for i in "$JENKINS_PLUGINS_DIR"/*/; do
JENKINS_PLUGIN=$(basename "$i")
JENKINS_PLUGIN_VER=$(grep -E -i Plugin-Version "$i/META-INF/MANIFEST.MF"|cut -d: -f2|sed 's/ //')
echo "$JENKINS_PLUGIN:$JENKINS_PLUGIN_VER"
done >"$TEMP_ALREADY_INSTALLED"
else
JENKINS_WAR=/usr/share/jenkins/jenkins.war
if [ -f "$JENKINS_WAR" ]
then
echo "Analyzing war: $JENKINS_WAR"
TEMP_PLUGIN_DIR=/tmp/plugintemp.$$
while read -r i <&3; do
rm -fr "$TEMP_PLUGIN_DIR"
mkdir -p "$TEMP_PLUGIN_DIR"
PLUGIN=$(basename "$i"|cut -f1 -d'.')
(cd "$TEMP_PLUGIN_DIR" || exit; jar xf "$JENKINS_WAR" "$i"; jar xvf "$TEMP_PLUGIN_DIR/$i" META-INF/MANIFEST.MF >/dev/null 2>&1)
VER=$(grep -E -i Plugin-Version "$TEMP_PLUGIN_DIR/META-INF/MANIFEST.MF"|cut -d: -f2|sed 's/ //')
echo "$PLUGIN:$VER"
done 3< <(jar tf "$JENKINS_WAR" | grep -E '[^detached-]plugins.*\..pi' | sort) > "$TEMP_ALREADY_INSTALLED"
rm -fr "$TEMP_PLUGIN_DIR"
else
rm -f "$TEMP_ALREADY_INSTALLED"
echo "ERROR file not found: $JENKINS_WAR"
exit 1
fi
fi
REF=/usr/share/jenkins/ref/plugins
mkdir -p $REF
COUNT_PLUGINS_INSTALLED=0
while read -r spec || [ -n "$spec" ]; do
plugin=()
IFS=' ' read -r -a plugin <<< "${spec//:/ }"
[[ ${plugin[0]} =~ ^# ]] && continue
[[ ${plugin[0]} =~ ^[[:space:]]*$ ]] && continue
[[ -z ${plugin[1]} ]] && plugin[1]="latest"
if [ -z "$JENKINS_UC_DOWNLOAD" ]; then
JENKINS_UC_DOWNLOAD=$JENKINS_UC/download
fi
if ! grep -q "${plugin[0]}:${plugin[1]}" "$TEMP_ALREADY_INSTALLED"
then
echo "Downloading ${plugin[0]}:${plugin[1]}"
curl --retry 3 --retry-delay 5 -sSL -f "${JENKINS_UC_DOWNLOAD}/plugins/${plugin[0]}/${plugin[1]}/${plugin[0]}.hpi" -o "$REF/${plugin[0]}.jpi"
unzip -qqt "$REF/${plugin[0]}.jpi"
(( COUNT_PLUGINS_INSTALLED += 1 ))
else
echo " ... skipping already installed: ${plugin[0]}:${plugin[1]}"
fi
done < "$JENKINS_INPUT_JOB_LIST"
echo "---------------------------------------------------"
if (( "$COUNT_PLUGINS_INSTALLED" > 0 ))
then
echo "INFO: Successfully installed $COUNT_PLUGINS_INSTALLED plugins."
if [ -d "$JENKINS_PLUGINS_DIR" ]
then
echo "INFO: Please restart the container for changes to take effect!"
fi
else
echo "INFO: No changes, all plugins previously installed."
fi
echo "---------------------------------------------------"
#cleanup
rm "$TEMP_ALREADY_INSTALLED"
exit 0
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED