-
Notifications
You must be signed in to change notification settings - Fork 71
/
Dockerfile
114 lines (93 loc) · 4.78 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
ARG FROM_TAG=2.462.3
FROM jenkins/jenkins:${FROM_TAG}
ARG GOSU_VERSION=1.17
# Install plugins
COPY plugins.txt /usr/share/jenkins/ref/
## Issue with jenkins update site and letsencrypt cert. Using -k for the time being
ARG CURL_OPTIONS=-sSfLk
RUN jenkins-plugin-cli -f /usr/share/jenkins/ref/plugins.txt
# Using root to install and run entrypoint.
# We will change the user to jenkins using gosu
USER root
RUN \
# alpine - Install pip and shadow for usermod
if [ -f /etc/alpine-release ] ; then \
apk add --no-cache shadow python3 py3-setuptools py3-pip \
; \
# debian - Install pip
elif [ -f /etc/debian_version ] ; then \
apt-get update -y && \
apt-get install -y --no-install-recommends python3 python3-setuptools python3-pip && \
rm -rf /var/lib/apt/lists/* \
; \
fi
RUN pip3 install --break-system-packages --no-cache-dir --upgrade pip \
&& pip install --break-system-packages --no-cache-dir wheel \
&& pip install --break-system-packages --no-cache-dir awscli PyYAML six requests botocore boto3
RUN curl $CURL_OPTIONS https://releases.hashicorp.com/envconsul/0.13.2/envconsul_0.13.2_linux_amd64.zip -o /tmp/envconsul.zip && unzip /tmp/envconsul.zip -d /usr/bin/ && \
chmod +x /usr/bin/envconsul
RUN curl $CURL_OPTIONS -o /usr/bin/gosu https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-amd64 && \
chmod +x /usr/bin/gosu
# Separate between JENKINS_HOME and WORKSPACE dir. Best if we use NFS for JENKINS_HOME
RUN mkdir -p /jenkins-workspace-home && \
chown -R jenkins:jenkins /jenkins-workspace-home
# Do things on behalf of jenkins user
USER jenkins
# Add all init groovy scripts to ref folder and change their ext to .override
# so Jenkins will override them every time it starts
COPY init-scripts/* /usr/share/jenkins/ref/init.groovy.d/
RUN cd /usr/share/jenkins/ref/init.groovy.d/ && \
for f in *.groovy; do mv "$f" "${f}.override"; done
# Add configuration handlers groovy scripts
COPY config-handlers /usr/share/jenkins/config-handlers
VOLUME /jenkins-workspace-home
# Revert to root
USER root
COPY bin/* /usr/bin/
ENV CONFIG_FILE_LOCATION=/dev/shm/jenkins-config.yml
ENV TOKEN_FILE_LOCATION=/dev/shm/.api-token
ENV CONFIG_CACHE_DIR=/dev/shm/.jenkins-config-cache
ENV QUIET_STARTUP_FILE_LOCATION=/dev/shm/quiet-startup-mutex
####################################################################################
# GENERAL Configuration variables
####################################################################################
# Let the master be a master, don't run any jobs on it
ENV JENKINS_ENV_EXECUTERS=0
# If true, then workspaceDir will changed its defaults from ${JENKINS_HOME}/workspace
# to /jenkins-workspace-home/workspace/${ITEM_FULLNAME}
# This is useful in case your JENKINS_HOME is mapped to NFS mount,
# slowing down the workspace
ENV JENKINS_ENV_CHANGE_WORKSPACE_DIR=true
####################################################################################
# ADDITIONAL JAVA_OPTS
####################################################################################
# Each JAVA_OPTS_* variable will be added to the JAVA_OPTS variable before startup
#
# Don't run the setup wizard
ENV JAVA_OPTS_DISABLE_WIZARD="-Djenkins.install.runSetupWizard=false"
# See https://wiki.jenkins.io/display/JENKINS/Configuring+Content+Security+Policy
ENV JAVA_OPTS_CSP="-Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-same-origin allow-scripts; default-src 'self'; script-src * 'unsafe-eval'; img-src *; style-src * 'unsafe-inline'; font-src *\""
# See https://issues.jenkins-ci.org/browse/JENKINS-24752
ENV JAVA_OPTS_LOAD_STATS_CLOCK="-Dhudson.model.LoadStatistics.clock=1000"
####################################################################################
####################################################################################
# JNLP Tunnel Variables
####################################################################################
# Default port for http
ENV JENKINS_HTTP_PORT_FOR_SLAVES=8080
# This is used by docker slaves to get the actual jenkins URL
# in case jenkins is behind a load-balancer or a reverse proxy
#
# JENKINS_IP_FOR_SLAVES will be evaluated in the following order:
# $JENKINS_ENV_HOST_IP ||
# $(eval $JENKINS_ENV_HOST_IP_CMD) ||
# ''
#ENV JENKINS_ENV_HOST_IP=<REAL_IP>
#ENV JENKINS_ENV_HOST_IP_CMD='<command to fetch ip>'
# This variable will be evaluated and should retrun a valid IP address:
# AWS: JENKINS_ENV_HOST_IP_CMD='curl http://169.254.169.254/latest/meta-data/local-ipv4'
# General: JENKINS_ENV_HOST_IP_CMD='ip route | grep default | awk '"'"'{print $3}'"'"''
####################################################################################
# If sshd enabled, this will be the port
EXPOSE 16022
ENTRYPOINT ["tini", "--", "/usr/bin/entrypoint.sh"]