|
| 1 | +FROM openjdk:8-jdk |
| 2 | + |
| 3 | +RUN apt-get update && apt-get install -y git curl && rm -rf /var/lib/apt/lists/* |
| 4 | + |
| 5 | +ENV JENKINS_HOME /var/jenkins_home |
| 6 | +ENV JENKINS_SLAVE_AGENT_PORT 50000 |
| 7 | + |
| 8 | +ARG user=jenkins |
| 9 | +ARG group=jenkins |
| 10 | +ARG uid=1000 |
| 11 | +ARG gid=1000 |
| 12 | + |
| 13 | +# Jenkins is run with user `jenkins`, uid = 1000 |
| 14 | +# If you bind mount a volume from the host or a data container, |
| 15 | +# ensure you use the same uid |
| 16 | +RUN groupadd -g ${gid} ${group} \ |
| 17 | + && useradd -d "$JENKINS_HOME" -u ${uid} -g ${gid} -m -s /bin/bash ${user} |
| 18 | + |
| 19 | +# Jenkins home directory is a volume, so configuration and build history |
| 20 | +# can be persisted and survive image upgrades |
| 21 | +VOLUME /var/jenkins_home |
| 22 | + |
| 23 | +# `/usr/share/jenkins/ref/` contains all reference configuration we want |
| 24 | +# to set on a fresh new installation. Use it to bundle additional plugins |
| 25 | +# or config file with your custom jenkins Docker image. |
| 26 | +RUN mkdir -p /usr/share/jenkins/ref/init.groovy.d |
| 27 | + |
| 28 | +ENV TINI_VERSION 0.13.2 |
| 29 | +ENV TINI_SHA afbf8de8a63ce8e4f18cb3f34dfdbbd354af68a1 |
| 30 | + |
| 31 | +# Use tini as subreaper in Docker container to adopt zombie processes |
| 32 | +RUN curl -fsSL https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-static-amd64 -o /bin/tini && chmod +x /bin/tini \ |
| 33 | + && echo "$TINI_SHA /bin/tini" | sha1sum -c - |
| 34 | + |
| 35 | +COPY init.groovy /usr/share/jenkins/ref/init.groovy.d/tcp-slave-agent-port.groovy |
| 36 | + |
| 37 | +# jenkins version being bundled in this docker image |
| 38 | +ARG JENKINS_VERSION |
| 39 | +ENV JENKINS_VERSION ${JENKINS_VERSION:-2.32.3} |
| 40 | + |
| 41 | +# jenkins.war checksum, download will be validated using it |
| 42 | +ARG JENKINS_SHA=a25b9a314ca9e76f9673da7309e1882e32674223 |
| 43 | + |
| 44 | +# Can be used to customize where jenkins.war get downloaded from |
| 45 | +ARG JENKINS_URL=https://repo.jenkins-ci.org/public/org/jenkins-ci/main/jenkins-war/${JENKINS_VERSION}/jenkins-war-${JENKINS_VERSION}.war |
| 46 | + |
| 47 | +# could use ADD but this one does not check Last-Modified header neither does it allow to control checksum |
| 48 | +# see https://github.com/docker/docker/issues/8331 |
| 49 | +RUN curl -fsSL ${JENKINS_URL} -o /usr/share/jenkins/jenkins.war \ |
| 50 | + && echo "${JENKINS_SHA} /usr/share/jenkins/jenkins.war" | sha1sum -c - |
| 51 | + |
| 52 | +ENV JENKINS_UC https://updates.jenkins.io |
| 53 | +RUN chown -R ${user} "$JENKINS_HOME" /usr/share/jenkins/ref |
| 54 | + |
| 55 | + |
| 56 | +# Add jenkins to the correct group |
| 57 | +# see http://stackoverflow.com/questions/42164653/docker-in-docker-permissions-error |
| 58 | +# use "getent group docker | awk -F: '{printf "%d\n", $3}'" command on host to find correct value for gid or simply use 'id' |
| 59 | +ARG DOCKER_GID=998 |
| 60 | + |
| 61 | +RUN groupadd -g ${DOCKER_GID} docker \ |
| 62 | + && curl -sSL https://get.docker.com/ | sh \ |
| 63 | + && apt-get -q autoremove \ |
| 64 | + && apt-get -q clean -y \ |
| 65 | + && rm -rf /var/lib/apt/lists/* /var/cache/apt/*.bin |
| 66 | + |
| 67 | +# Install Docker-in-Docker from git@github.com:jpetazzo/dind.git |
| 68 | +# RUN apt-get update -qq && apt-get install -qqy apt-transport-https ca-certificates curl lxc iptables |
| 69 | +# Install Docker from Docker Inc. repositories. |
| 70 | +RUN apt-get install -y curl && curl -sSL https://get.docker.com/ | sh |
| 71 | +RUN usermod -aG docker jenkins |
| 72 | + |
| 73 | +# Install Docker-Compose |
| 74 | +RUN curl -L "https://github.com/docker/compose/releases/download/1.10.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose |
| 75 | +RUN chmod +x /usr/local/bin/docker-compose |
| 76 | + |
| 77 | + |
| 78 | +# for main web interface: |
| 79 | +EXPOSE 8080 |
| 80 | + |
| 81 | +# will be used by attached slave agents: |
| 82 | +EXPOSE 50000 |
| 83 | + |
| 84 | +ENV COPY_REFERENCE_FILE_LOG $JENKINS_HOME/copy_reference_file.log |
| 85 | + |
| 86 | +USER ${user} |
| 87 | + |
| 88 | +COPY jenkins-support /usr/local/bin/jenkins-support |
| 89 | +COPY jenkins.sh /usr/local/bin/jenkins.sh |
| 90 | +ENTRYPOINT ["/bin/tini", "--", "/usr/local/bin/jenkins.sh"] |
| 91 | + |
| 92 | +# from a derived Dockerfile, can use `RUN plugins.sh active.txt` to setup /usr/share/jenkins/ref/plugins from a support bundle |
| 93 | +COPY plugins.sh /usr/local/bin/plugins.sh |
| 94 | +COPY install-plugins.sh /usr/local/bin/install-plugins.sh |
| 95 | + |
| 96 | +# Only need below if we are starting from empty jenkins_home |
| 97 | +## Copy the RSA keys |
| 98 | +#RUN mkdir -p /var/jenkins_home/.ssh |
| 99 | +#RUN chown jenkins:jenkins /var/jenkins_home/.ssh |
| 100 | +#COPY keys/id_rsa /var/jenkins_home/.ssh/id_rsa.pub |
| 101 | +#COPY keys/id_rsa /var/jenkins_home/.ssh/id_rsa |
| 102 | +#COPY keys/known_hosts /var/jenkins_home/.ssh/known_hosts |
| 103 | +# |
| 104 | +#USER root |
| 105 | +#RUN chmod 600 /var/jenkins_home/.ssh/id_rsa |
| 106 | +#RUN chmod 644 /var/jenkins_home/.ssh/id_rsa.pub |
| 107 | +## ssh-keyscan -H github.com >> ~/.ssh/known_hosts |
| 108 | +## ssh-keyscan -H bitbucket.org >> ~/.ssh/known_hosts |
0 commit comments