UNCLASSIFIED

Skip to content

GitLab

Commit 03903d54 authored by Al Fontaine's avatar Al Fontaine
Browse files

Merge branch 'beta-testing' into 'development' 

Beta-Testing to Development Branch

See merge request dsop/solutions-delivery-platform/jenkins/jenkinsfile-runner!1
parents 46a4eecb 3cea7c14
Pipeline #257189 passed with stages
in 11 minutes and 4 seconds
Hide whitespace changes
Inline Side-by-side
Showing with 342 additions and 1 deletion
Dockerfile 0 → 100644
View file @ 03903d54
ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082
ARG BASE_IMAGE=redhat/openjdk/openjdk11
ARG BASE_TAG=1.11
FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
USER root
ARG TARBALL=jenkinsfile-runner-dependencies-dcar-1.8
ENV JENKINS_UC https://updates.jenkins.io
ENV CASC_JENKINS_CONFIG /usr/share/jenkins/ref/casc
ENV PLUGINS /app/plugins.txt
ENV JENKINSFILE_PATH ""
ARG JENKINS_HOME=/var/jenkins_home
ARG TMP_DIR=/var/groovy-tmpdir
ARG user=jenkins
ARG group=jenkins
ARG uid=1000
ARG gid=1000
COPY LICENSE /licenses
COPY ${TARBALL}.tar.gz /tmp/${TARBALL}.tar.gz
RUN INSTALL_PKGS="git" && \
yum -y update-minimal --setopt=tsflags=nodocs \
--security && \
yum -y install --setopt=tsflags=nodocs ${INSTALL_PKGS}
RUN cd /tmp && tar -xzf ${TARBALL}.tar.gz \
&& mkdir -p $JENKINS_HOME $TMP_DIR /usr/share/jenkins /build \
&& mv dependencies/ref /usr/share/jenkins/ref \
&& mv dependencies/app /app \
&& rm -rf /tmp/* \
&& chown ${uid}:${gid} $JENKINS_HOME \
&& chown ${uid}:${gid} $TMP_DIR \
&& chown ${uid}:${gid} /app \
&& chown ${uid}:${gid} /usr/share/jenkins \
&& chown ${uid}:${gid} /build \
&& groupadd -g ${gid} ${group} \
&& useradd -d "$JENKINS_HOME" -d "$TMP_DIR" -d /app -d /usr/share/jenkins -u ${uid} -g ${gid} -m -s /bin/bash ${user}
RUN cd /usr/share/jenkins/ref/plugins && \
rm -rf github*
VOLUME /build
VOLUME /usr/share/jenkins/ref/casc
VOLUME $JENKINS_HOME
USER $user
ENTRYPOINT ["/app/bin/jenkinsfile-runner-launcher"]
LICENSE 0 → 100644
View file @ 03903d54
## Booz Allen Public License v1.0
### INTRODUCTION
The Booz Allen Public License allows government, non-profit academic, other non-profit, and commercial entities access to distinctive, disruptive, and robust code with the goal of Empowering People to Change the World℠. Products licensed under the Booz Allen Public License are founded on the basis that collective ingenuity can make the largest impact in the community.
### DEFINITIONS
* **Commercial Entity.** “Commercial Entity” means any individual or entity other than a government, non-profit academic, or other non-profit entity.
* **Derivative.** “Derivative” means any work of authorship in Source Code or Object Code form that results from an addition to, deletion from, or modification of the Source Code of the Product.
* **License.** “License” means this Booz Allen Public License.
* **Object Code.** “Object Code” means the form resulting from transformation or translation of Source Code into machine readable code, including but not limited to, compiled object code.
* **Originator.** “Originator” means each individual or legal entity that creates, contributes to the creation of, or owns the Product.
* **Patent Claims.** “Patent Claims” means any patent claim(s) in any patent to which Originator has a right to grant a license that would be infringed by Your making, using, selling, offering for sale, having made, or importing of the Product, but for the grant of this License.
* **Product.** “Product” means the Source Code of the software which the initial Originator made available under this License, and any Derivative of such Source Code.
* **Source Code.** “Source Code” means software in human-readable form.
* **You.** “You” means either an individual or an entity (if you are taking this license on behalf of an entity) that exercises the rights granted under this License.
### LICENSE
**Government/Non-Profit Academic/Other Non-Profit.**
This Section applies if You are not a Commercial Entity.
* **License.** Subject to the terms and conditions of this License, each Originator hereby grants You a perpetual, worldwide, non-exclusive, royalty-free license to reproduce, display, perform, modify, distribute and otherwise use the Product and Derivatives, in Source Code and Object Code form, in accordance with the terms and conditions of this License in order to support the general public good and for your internal business purposes.
* **Distribution.** You may distribute to third parties copies of the Product, including any Derivative that You create, in Source Code or Object Code form. If You distribute copies of the Product, including any Derivative that You create, in Source Code form, such distribution must be under the terms of this License and You must inform recipients of the Source Code that the Product is governed under this License and how they can obtain a copy of this License. You may distribute to third parties copies of the Product, including any Derivative that You create, in Object Code form, or allow third parties to access or use the Product, including any Derivative that You create, under a license of Your choice.
* **Commercial Sales.** You may not distribute, or allow third parties to access or use, the Product or any Derivative for a fee, unless You first obtain permission from the Originator. If Booz Allen Hamilton is the Originator, please contact Booz Allen Hamilton at <opensource@bah.com>.
**Commercial Entities**.
This Section applies if You are a Commercial Entity.
* **License.** Subject to the terms and conditions of this License, each Originator hereby grants You a perpetual, worldwide, non-exclusive, royalty-free license to reproduce, display, perform, modify, distribute and otherwise use the Product and Derivatives, in Source Code and Object Code form, in accordance with the terms and conditions of this License for the sole purpose of Your internal business purposes and the provision of services to government, non-profit academic, and other non-profit entities.
* **Distribution and Derivatives.** You may distribute to third parties copies of the Product, including any Derivative that You create, in Source Code or Object Code form. If You distribute copies of the Product, including any Derivative that You create, in Source Code form, such distribution must be under the terms of this License and You must inform recipients of the Source Code that the Product is governed under this License and how they can obtain a copy of this License. You may distribute to third parties copies of the Product, including any Derivative that You create, in Object Code form, or allow third parties to access or use the Product, including any Derivative that You create, under a license of Your choice, provided that You make available, and inform the recipient of such distribution how they can obtain, a copy of the Source Code thereof, at no charge, and inform the recipient of the Source Code that the Product is governed under this License and how they can obtain a copy of this License.
* **Commercial Sales.** You may not distribute, or allow third parties to access or use, the Product or any Derivative for a fee, unless You first obtain permission from the Originator. If Booz Allen Hamilton, please contact Booz Allen Hamilton at <opensource@bah.com>.
**Patent Claim(s)**.
This Section applies regardless of whether You are a government, non-profit academic, or other non-profit entity or a Commercial Entity.
* **Patent License.** Subject to the limitations in the Sections above, each Originator hereby grants You a perpetual, worldwide, non-exclusive, royalty-free license under Patent Claims of such Originator to make, use, sell, offer for sale, have made, and import the Product. The foregoing patent license does not apply (a) to any code that an Originator has removed from the Product, or (b) for infringement caused by Your modifications of the Product or the combination of any Derivative created by You or on Your behalf with other software.
### GENERAL TERMS
This Section applies regardless of whether You are a government, non-profit academic, or other non-profit entity or a Commercial Entity.
* **Required Notices.** If You distribute the Product or a Derivative, in Object Code or Source Code form, You shall not remove or otherwise modify any proprietary markings or notices contained within or placed upon the Product or any Derivative. Any distribution of the Product or a Derivative, in Object Code or Source Code form, shall contain a clear and conspicuous Originator copyright and license reference in accordance with the below:
* *Unmodified Product Notice*: “This software package is licensed under the Booz Allen Public License. Copyright © 20__ [Copyright Holder Name]. All Rights Reserved.”
* *Derivative Notice*: “This software package is licensed under the Booz Allen Public License. Portions of this code are Copyright © 20__ [Copyright Holder Name]. All Rights Reserved.”
* **Compliance with Laws.** You agree that You shall not reproduce, display, perform, modify, distribute and otherwise use the Product in any way that violates applicable law or regulation or infringes or violates the rights of others, including, but not limited to, third party intellectual property, privacy, and publicity rights.
* **Disclaimer.** You understand that the Product is licensed to You, and not sold. The Product is provided on an “As Is” basis, without any warranties, representations, and guarantees, whether oral or written, express, implied or statutory, with regard to the Product, including without limitation, warranties of merchantability, fitness for a particular purpose, title, non-infringement, non-interference, and warranties arising from course of dealing or usage of trade, to the maximum extent permitted by applicable law. Originator does not warrant that (i) the Product will meet your needs; (ii) the Product will be error-free or accessible at all times; or (iii) the use or the results of the use of the Product will be correct, accurate, timely, or otherwise reliable. You acknowledge that the Product has not been prepared to meet Your individual requirements, whether or not such requirements have been communicated to Originator. You assume all responsibility for use of the Product.
* **Limitation of Liability.** Under no circumstances and under no legal theory, whether tort (including negligence), contract, or otherwise, shall any Originator, or anyone who distributes the Product in accordance with this License, be liable to You for any direct, indirect, special, incidental, or consequential damages of any character including, without limitation, damages for lost profits, loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses, even if informed of the possibility of such damages.
* **Severability.** If the application of any provision of this License to any particular facts or circumstances shall be held to be invalid or unenforceable, then the validity and enforceability of other provisions of this License shall not in any way be affected or impaired thereby.
README.md
View file @ 03903d54
# jenkinsfile-runner
# jenkinsfile-runner 1.0-beta-27
## Introduction
Jenkinsfile-Runner is a slimmed version of Jenkins, utilizing the Jenkins pipeline execution engine a CLI tool. For more information on the open source project, please visit https://github.com/jenkinsci/jenkinsfile-runner
## SDP
To learn more about the Solutions Delivery Platform please visit https://boozallen.github.io/sdp-docs/overview/1/index.html
## Notes
Recommended resources for the image:
- Min cpu - 1 vCpu
- Min memory - 1 GB
- Storage min - 1 GB. To persist data, volumes can be mounted various folders outlined in the Dockerfile. Storage requirements will vary based on the amount of builds you wish to keep.
To run the container, you will need to volume mount a directory containing at least a Jenkinsfile for the container. By default, the container will look for the Jenkinsfile at /workspace in the container.
An example of running the container:
```
podman run -it -v$(pwd):/workspace jenkins/jenkinsfile-runner:latest
```
- To display the help screen, issue --help in the command section after calling the container: "docker run -it -v $(pwd):/workspace jenkins/jenkinsfile-runner:latest --help"
- To avoid using the jenkinfile-runner-launcher script, which is an opinionated helper script, use option "--entrypoint /app/bin/jenkinsfile-runner"
- If not using jenkinsfile-runner-launcher, you will have to specify the jenkinsfile (-f) and the war (-w) or jenkins version (-jv) to use
- Location of the Jenkins WAR: /app/jenkins
- Using the JTE option, you will need to provide the location of the pipeline_config file (-p) and in the casc file provide the location of JTE libraries
Example CASC Definition:
unclassified:
templateGlobalConfig:
tier:
configurationProvider: "null"
librarySources:
- libraryProvider:
scm:
baseDir: "libraries" #<- the relative path to the libraries folder in the git repo
scm:
git:
branches:
- name: "*/master"
buildChooser: "default"
userRemoteConfigs:
- url: "file:///workspace" #<- the root directory of the git repo volume mounted to the container
Help Screen Output:
```
Usage: jenkinsfile-runner [-huV] [-jte] [-ns] [--skipShutdown]
[-b=<buildNumber>] [-c=<cause>] [-f=<jenkinsfile>]
[-jv=<version>] [--libPath=<libPath>] [-m=<mirror>]
[-n=<jobName>] [-p=<pluginsDir>]
[-pc=<pipelineConfiguration>]
[--runHome=<jenkinsHome>]
[--runWorkspace=<runWorkspace>] [--scm=<scm>]
[-w=<warDir>] [--withInitHooks=<withInitHooks>]
[-a=<String=String>]... [COMMAND]
-f, --file=<jenkinsfile> Path to Jenkinsfile or directory containing a
Jenkinsfile, defaults to ./Jenkinsfile
--runWorkspace=<runWorkspace>
Path to the workspace of the run to be used within
the node{} context. It applies to both Jenkins
master and agents (or side containers) if any.
Requires Jenkins 2.119 or above
-n, --job-name=<jobName> Name of the job the run belongs to
-c, --cause=<cause> Cause of the run
-b, --build-number=<buildNumber>
Build number of the run
-a, --arg=<String=String> Parameters to be passed to the build. Use multiple
-a switches for multiple params
-ns, --no-sandbox Disable workflow job execution within sandbox
environment
-u, --keep-undefined-parameters
Keep undefined parameters if set
--scm=<scm> YAML definition of the SCM, with optional
credentials, to use for the project
-jte, --jenkins-templating-engine
Use the Jenkins Templating Engine for the build
-pc, --pipeline-configuration=<pipelineConfiguration>
The Pipeline Configuration File when using the
Jenkins Templating Engine
-w, --jenkins-war=<warDir> Path to exploded jenkins war directory.Depending
on packaging, it may contain the entire WAR or
just resources to be loaded by the WAR file, for
example Groovy hooks or extra libraries.
-p, --plugins=<pluginsDir> Plugins required to run pipeline. Either a plugins.
txt file or a /plugins installation directory.
Defaults to plugins.txt
-jv, --jenkins-version=<version>
Jenkins version to use if Jenkins WAR is not
specified by --jenkins-war. Defaults to the
latest LTS
-m, --mirror=<mirror> Download mirror site of Jenkins, defaults to http:
//updates.jenkins.io/download. Get the mirror
list from http://mirrors.jenkins-ci.org/status.
html
--runHome, --jenkinsHome=<jenkinsHome>
Path to the empty Jenkins Home directory to use
for this run. If not specified a temporary
directory will be created. Note that the
specified folder will not be disposed after the
run
--withInitHooks=<withInitHooks>
Path to a directory containing Groovy Init Hooks
to copy into init.groovy.d
--skipShutdown Forces Jenkinsfile Runner to skip the shutdown
logic. It reduces the instance termination time
but may lead to unexpected behavior in plugins
which release external resources on clean up
synchronous task queues on shutdown.
--libPath=<libPath> When a slim packaging is used, points to the
library directory which contains payload.jar and
setup.jar files
-h, --help Show this help message and exit.
-V, --version Print version information and exit.
Commands:
run Runs Jenkinsfile
cli Runs interactive Jenkins CLI
generate-completion Generate bash/zsh completion script for
jenkinsfile-runner.
version Shows Jenkinsfile Runner version
help Displays help information about the specified command
```
examples/Jenkinsfile 0 → 100644
View file @ 03903d54
stage('Read Evergreen YAML') {
node {
// Discover core version using Pipeline utility steps
sh 'curl -O https://raw.githubusercontent.com/jenkins-infra/evergreen/master/services/essentials.yaml'
def essentialsYaml = readYaml(file: "essentials.yaml")
echo "Jenkins Evergreen uses the following Core version: ${essentialsYaml.spec.core.version}"
}
}
hardening_manifest.yaml 0 → 100644
View file @ 03903d54
---
apiVersion: v1
# The repository name in registry1, excluding /ironbank/
name: "solutions-delivery-platform/jenkins/jenkins"
# List of tags to push for the repository in registry1
# The most specific version should be the first tag and will be shown
# on ironbank.dsop.io
tags:
- "1.0-beta-27"
- "latest"
# Build args passed to Dockerfile ARGs
args:
BASE_IMAGE: "redhat/openjdk/openjdk11"
BASE_TAG: "1.11"
# Docker image labels
labels:
org.opencontainers.image.title: "jenkinsfile-runner"
## Human-readable description of the software packaged in the image
org.opencontainers.image.description: "Jenkins execution engine for CI/CD pipelines"
## License(s) under which contained software is distributed
org.opencontainers.image.licenses: "Booz Allen Public License v1.0"
## URL to find more information on the image
org.opencontainers.image.url: "https://github.com/boozallen/sdp-images"
## Name of the distributing entity, organization or individual
org.opencontainers.image.vendor: "Booz Allen Hamiliton"
org.opencontainers.image.version: "1.0-beta-27"
## Keywords to help with search (ex. "cicd,gitops,golang")
mil.dso.ironbank.image.keywords: "Jenkins, Jenkinsfile-Runner, Runner, Jenkinsfile, CI/CD, ci, cd, SPD, automation, server, pipeline"
## This value can be "opensource" or "commercial"
mil.dso.ironbank.image.type: "opensource"
## Product the image belongs to for grouping multiple images
mil.dso.ironbank.product.name: "Solutions Delivery Platform"
# List of resources to make available to the offline build context
resources:
- filename: jenkinsfile-runner-dependencies-dcar-1.8.tar.gz
url: https://github.com/boozallen/sdp-images/releases/download/dcar-1.8/jenkinsfile-runner-dependencies-dcar-1.8.tar.gz
validation:
type: sha256
value: 174340489946288569958cab3d5159b0242547b8b0b104652ba0c0b81fb85987
# List of project maintainers
# FIXME: Fill in the following details for the current container owner in the whitelist
# FIXME: Include any other vendor information if applicable
maintainers:
- email: "spicer_casey@bah.com"
# # The name of the current container owner
name: "Casey Spicer"
# # The gitlab username of the current container owner
username: "cspicer"
# cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT
- name: "Al Fontaine"
username: "alfontaine"
email: "alan.fontaine@centauricorp.com"
resources/hardening_manifest.yaml.old 0 → 100644
View file @ 03903d54
---
apiVersion: v1
# The repository name in registry1, excluding /ironbank/
name: "solutions-delivery-platform/jenkins/jenkins"
# List of tags to push for the repository in registry1
# The most specific version should be the first tag and will be shown
# on ironbank.dsop.io
tags:
- "1.0-beta-27"
- "latest"
# Build args passed to Dockerfile ARGs
args:
BASE_IMAGE: "redhat/openjdk/openjdk11"
BASE_TAG: "1.11"
# Docker image labels
labels:
org.opencontainers.image.title: "jenkinsfile-runner"
## Human-readable description of the software packaged in the image
org.opencontainers.image.description: "Jenkins execution engine for CI/CD pipelines"
## License(s) under which contained software is distributed
org.opencontainers.image.licenses: "Booz Allen Public License v1.0"
## URL to find more information on the image
org.opencontainers.image.url: "https://github.com/boozallen/sdp-images"
## Name of the distributing entity, organization or individual
org.opencontainers.image.vendor: "Booz Allen Hamiliton"
org.opencontainers.image.version: "1.0-beta-27"
## Keywords to help with search (ex. "cicd,gitops,golang")
mil.dso.ironbank.image.keywords: "Jenkins, Jenkinsfile-Runner, Runner, Jenkinsfile, CI/CD, ci, cd, SPD, automation, server, pipeline"
## This value can be "opensource" or "commercial"
mil.dso.ironbank.image.type: "opensource"
## Product the image belongs to for grouping multiple images
mil.dso.ironbank.product.name: "Solutions Delivery Platform"
# List of resources to make available to the offline build context
resources:
- filename: jenkinsfile-runner-dependencies-dcar-1.8.tar.gz
url: https://github.com/boozallen/sdp-images/releases/download/dcar-1.8/jenkinsfile-runner-dependencies-dcar-1.8.tar.gz
validation:
type: sha256
value: 228b4f3d88cb330036a915a8528f9636569807a16d7e4da177d6432fa9bcf5ed
# List of project maintainers
# FIXME: Fill in the following details for the current container owner in the whitelist
# FIXME: Include any other vendor information if applicable
maintainers:
- email: "spicer_casey@bah.com"
# # The name of the current container owner
name: "Casey Spicer"
# # The gitlab username of the current container owner
username: "cspicer"
# cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT
- name: "Al Fontaine"
username: "alfontaine"
email: "alan.fontaine@centauricorp.com"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED