docker-base-images/jenkins-ssh-agent-jdk17-dind
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
master
jenkins-ssh-agent-jdk17-dind/Dockerfile
amorozov df3d2924d9
All checks were successful
Gitea/docker-base-images/jenkins-ssh-agent-jdk17-dind/pipeline/head This commit looks good
Details
updated Dockerfile
2025-03-03 04:19:27 +03:00

139 lines
5.1 KiB
Docker
Raw Permalink Blame History

# MIT License
#
# Copyright (c) 2019-2022 Fabio Kruger and other contributors
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
ARG JAVA_VERSION=17.0.14_7
FROM docker:28.0.1-dind-alpine3.21 AS jre-build
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
# This Build ARG is populated by Docker
# Ref. https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
ARG TARGETPLATFORM
COPY jdk-download-url.sh /usr/bin/local/jdk-download-url.sh
COPY jdk-download.sh /usr/bin/local/jdk-download.sh
RUN chmod +x /usr/bin/local/jdk-download.sh && \
chmod +x /usr/bin/local/jdk-download-url.sh && \
cat /usr/bin/local/jdk-download.sh && \
cat /usr/bin/local/jdk-download-url.sh && \
echo "ASH HERE: $(which ash)"
ARG JAVA_VERSION=17.0.14_7
# hadolint ignore=DL3018
RUN apk add --no-cache \
ca-certificates \
jq \
curl
RUN /usr/bin/local/jdk-download.sh alpine
ENV PATH="/opt/jdk-${JAVA_VERSION}/bin:${PATH}"
RUN case "$(jlink --version 2>&1)" in \
"17."*) set -- "--compress=2" ;; \
# the compression argument is different for JDK21
"21."*) set -- "--compress=zip-6" ;; \
*) echo "ERROR: unmanaged jlink version pattern" && exit 1 ;; \
esac; \
jlink \
--strip-java-debug-attributes \
"$1" \
--add-modules ALL-MODULE-PATH \
--no-man-pages \
--no-header-files \
--output /javaruntime
FROM docker:28.0.1-dind-alpine3.21 AS build
ARG user=jenkins
ARG group=jenkins
ARG uid=1000
ARG gid=1000
ARG JENKINS_AGENT_HOME=/home/${user}
ENV JENKINS_AGENT_HOME=${JENKINS_AGENT_HOME}
ARG AGENT_WORKDIR="${JENKINS_AGENT_HOME}"/agent
# Persist agent workdir path through an environment variable for people extending the image
ENV AGENT_WORKDIR=${AGENT_WORKDIR}
RUN addgroup -g "${gid}" "${group}" \
# Set the home directory (h), set user and group id (u, G), set the shell, don't ask for password (D)
&& adduser -h "${JENKINS_AGENT_HOME}" -u "${uid}" -G "${group}" -s /bin/bash -D "${user}" \
# Unblock user
&& passwd -u "${user}" \
# Prepare subdirectories
&& mkdir -p "${JENKINS_AGENT_HOME}/.ssh/" "${JENKINS_AGENT_HOME}/.jenkins/" "${AGENT_WORKDIR}" \
&& chown -R "${uid}":"${gid}" "${JENKINS_AGENT_HOME}" "${AGENT_WORKDIR}"
RUN addgroup docker || true && \
addgroup ${user} docker
RUN apk add --no-cache \
bash \
git-lfs \
less \
musl-locales \
netcat-openbsd \
openssh \
patch
# setup SSH server
RUN sed -i /etc/ssh/sshd_config \
-e 's/#PermitRootLogin.*/PermitRootLogin yes/' \
-e 's/#PasswordAuthentication.*/PasswordAuthentication no/' \
-e 's/#SyslogFacility.*/SyslogFacility AUTH/' \
-e 's/#LogLevel.*/LogLevel INFO/' \
-e 's/#PermitUserEnvironment.*/PermitUserEnvironment yes/' \
&& mkdir /var/run/sshd
# Install JDK
ENV JAVA_HOME=/opt/java/openjdk
COPY --from=jre-build /javaruntime "$JAVA_HOME"
ENV PATH="${JAVA_HOME}/bin:${PATH}"
# VOLUME directive must happen after setting up permissions and content
VOLUME "${AGENT_WORKDIR}" "${JENKINS_AGENT_HOME}"/.jenkins "/tmp" "/run" "/var/run"
WORKDIR "${JENKINS_AGENT_HOME}"
# Alpine's ssh doesn't use $PATH defined in /etc/environment, so we define `$PATH` in `~/.ssh/environment`
# The file path has been created earlier in the file by `mkdir -p` and we also have configured sshd so that it will
# allow environment variables to be sourced (see `sed` command related to `PermitUserEnvironment`)
RUN echo "PATH=${PATH}" >> ${JENKINS_AGENT_HOME}/.ssh/environment
RUN mkdir -p /root/.ssh/ && echo "PATH=${PATH}" >> /root/.ssh/environment
COPY setup-sshd /usr/local/bin/setup-sshd
RUN chmod a+x /usr/local/bin/setup-sshd
EXPOSE 22
ENTRYPOINT ["setup-sshd"]
LABEL \
org.opencontainers.image.vendor="Jenkins project" \
org.opencontainers.image.title="Official Jenkins SSH Agent Docker image" \
org.opencontainers.image.description="A Jenkins agent image which allows using SSH to establish the connection" \
org.opencontainers.image.url="https://www.jenkins.io/" \
org.opencontainers.image.source="https://github.com/jenkinsci/docker-ssh-agent" \
org.opencontainers.image.licenses="MIT"
Reference in New Issue View Git Blame Copy Permalink