Merge pull request #4 from devwithkrishna/feature/jdk17-jdk21-build

jdk 17 and 21 images

.github/workflows/build-publish-jenkins-image.yaml

@@ -1,4 +1,4 @@
-name: build-publish-jenkins-image
+name: build-publish-jenkins-jdk11-image
 on:
 #  push:
 #    branches:
@@ -10,9 +10,9 @@ on:
 permissions:
   contents: write
 
-run-name: build-publish-jenkins-core-image
+run-name: build-publish-jenkins-jdk11-image
 jobs:
-  build-publish-jenkins-image:
+  build-publish-jenkins-jdk11-image:
     runs-on: ubuntu-latest
 
     steps:

.github/workflows/build-publish-jenkins-jdk17-image.yaml

@@ -0,0 +1,75 @@
+name: build-publish-jenkins-jdk17-image
+on:
+#  push:
+#    branches:
+#      - main
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 5,20 * *'
+
+permissions:
+  contents: write
+
+run-name: build-publish-jenkins-jdk17-image
+jobs:
+  build-publish-jenkins-jdk17-image:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set job start time
+        run: echo "JOB_START_TIME=$(date -u +"%d %B %A %Y %H:%M UTC")" >> $GITHUB_ENV
+
+      - name: Git config and create new tag
+        if: github.ref == 'refs/heads/main' # Run only on main branch
+        run: |
+          # Run bash script to get new tag
+          bash get_latest_version_create_tag.sh
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and publish docker image with tag
+#        env:
+#          NEW_VERSION: $NEW_VERSION
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            ${{ secrets.DOCKERHUB_USERNAME }}/jenkins-core-jdk17-image:${{ env.NEW_VERSION }}
+            ${{ secrets.DOCKERHUB_USERNAME }}/jenkins-core-jdk17-image:latest
+          build-args: |
+            "JENKINS_USER=${{ secrets.JENKINS_USER }}"
+            "JENKINS_PASS=${{ secrets.JENKINS_PASS }}"
+            "GITHUB_APP_KEY=${{ secrets.GH_APP_KEY }}"
+            "GITHUB_APP_ID=${{ secrets.GH_APP_ID }}"           
+
+      - name: set up docker and scan docker image for vulnerabilities
+        uses: docker-practice/actions-setup-docker@master
+      - run: |
+          set -x
+          docker version
+          docker run -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy image ${{ secrets.DOCKERHUB_USERNAME }}/jenkins-core-jdk17-image:latest
+
+      - name: Set job end time
+        run: echo "JOB_END_TIME=$(date -u +"%d %B %A %Y %H:%M UTC")" >> $GITHUB_ENV
+
+      - name: Write to workflow job summary
+        run: |
+          SUMMARY=$'# Building jenkins-core-image\n'
+          SUMMARY=$'[jenkins-core-jdk17-image available here](https://hub.docker.com/r/dockerofkrishnadhas/jenkins-core-jdk17-image)\n'
+          SUMMARY+=$'**Job Start 📅 Time:** ${{ env.JOB_START_TIME }}\n'
+          SUMMARY+=$'**Job End 📅 Time:** ${{ env.JOB_END_TIME }}\n'
+          echo "$SUMMARY" >> $GITHUB_STEP_SUMMARY

.github/workflows/build-publish-jenkins-jdk21-image.yaml

@@ -0,0 +1,75 @@
+name: build-publish-jenkins-jdk21-image
+on:
+#  push:
+#    branches:
+#      - main
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 5,20 * *'
+
+permissions:
+  contents: write
+
+run-name: build-publish-jenkins-jdk21-image
+jobs:
+  build-publish-jenkins-jdk21-image:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set job start time
+        run: echo "JOB_START_TIME=$(date -u +"%d %B %A %Y %H:%M UTC")" >> $GITHUB_ENV
+
+      - name: Git config and create new tag
+        if: github.ref == 'refs/heads/main' # Run only on main branch
+        run: |
+          # Run bash script to get new tag
+          bash get_latest_version_create_tag.sh
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and publish docker image with tag
+#        env:
+#          NEW_VERSION: $NEW_VERSION
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            ${{ secrets.DOCKERHUB_USERNAME }}/jenkins-core-jdk21-image:${{ env.NEW_VERSION }}
+            ${{ secrets.DOCKERHUB_USERNAME }}/jenkins-core-jdk21-image:latest
+          build-args: |
+            "JENKINS_USER=${{ secrets.JENKINS_USER }}"
+            "JENKINS_PASS=${{ secrets.JENKINS_PASS }}"
+            "GITHUB_APP_KEY=${{ secrets.GH_APP_KEY }}"
+            "GITHUB_APP_ID=${{ secrets.GH_APP_ID }}"           
+
+      - name: set up docker and scan docker image for vulnerabilities
+        uses: docker-practice/actions-setup-docker@master
+      - run: |
+          set -x
+          docker version
+          docker run -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy image ${{ secrets.DOCKERHUB_USERNAME }}/jenkins-core-jdk21-image:latest
+
+      - name: Set job end time
+        run: echo "JOB_END_TIME=$(date -u +"%d %B %A %Y %H:%M UTC")" >> $GITHUB_ENV
+
+      - name: Write to workflow job summary
+        run: |
+          SUMMARY=$'# Building jenkins-core-jdk21-image\n'
+          SUMMARY=$'[jenkins-core-jdk21-image available here](https://hub.docker.com/r/dockerofkrishnadhas/jenkins-core-jdk21-image)\n'
+          SUMMARY+=$'**Job Start 📅 Time:** ${{ env.JOB_START_TIME }}\n'
+          SUMMARY+=$'**Job End 📅 Time:** ${{ env.JOB_END_TIME }}\n'
+          echo "$SUMMARY" >> $GITHUB_STEP_SUMMARY

README.md

@@ -1,6 +1,14 @@
 # create-jenkins-docker-image-and-publish-periodically
 Create jenkins docker images and build them periodicaly and scan using trivy
 
+# Images being built and updated
+
+| Image Name                                   | jdk version |
+|----------------------------------------------|--------------|
+| dockerofkrishnadhas/jenkins-core-image       | jdk11 |
+| dockerofkrishnadhas/jenkins-core-jdk17-image | jdk17 |
+| dockerofkrishnadhas/jenkins-core-jdk21-image | jdk21 |
+
 # How everything works
 
 * Dockerfile --> The core instructions on building jenkins docker image

docker-compose.yaml

@@ -3,7 +3,7 @@ services:
   jenkins:
     build:
       context: .
-      dockerfile: Dockerfile
+      dockerfile: <jdk-x>/Dockerfile # replace x with 11 or 17 or 21 as erquired
     restart: always
     ports:
       - 8080:8080 # For UI use

Dockerfile → jdk-11/Dockerfile

@@ -58,7 +58,7 @@ COPY plugins.yaml ${JENKINS_HOME}/plugins.yaml
 # Copy user.groovy,number_of_executors.groovy  to /usr/share/jenkins/ref/init.groovy.d/ where jenkins init scripts will run
 COPY *.groovy /usr/share/jenkins/ref/init.groovy.d/
 # Configuration as code and set as a environment variable
-COPY ./config-as-code.yaml $JENKINS_HOME/config-as-code.yaml
+COPY config-as-code.yaml $JENKINS_HOME/config-as-code.yaml
 ENV CASC_JENKINS_CONFIG=$JENKINS_HOME/config-as-code.yaml
 # Install plugin using jenkins cli
 RUN java -jar $JENKINS_HOME/jenkins-plugin-manager.jar --plugin-file $JENKINS_HOME/plugins.yaml --plugin-download-directory ${JENKINS_HOME}/plugins --output yaml

jdk-17/Dockerfile

@@ -0,0 +1,73 @@
+# Base image referring official build from jenkins - jdk 17
+FROM jenkins/jenkins:lts-jdk17
+# Jenkins default user and password will be passed on run time
+ARG JENKINS_USER
+ARG JENKINS_PASS
+ARG GITHUB_APP_KEY
+ARG GITHUB_APP_ID
+ENV JENKINS_USER=${JENKINS_USER}
+ENV JENKINS_PASS=${JENKINS_PASS}
+ENV GITHUB_APP_KEY=${GITHUB_APP_KEY}
+ENV GITHUB_APP_ID=${GITHUB_APP_ID}
+# Added a label
+LABEL authors="githubofkrishnadhas"
+# Root user
+USER root
+# Install basic packages needed
+RUN apt-get update -y \
+  && apt-get install --no-install-recommends -y -qq \
+    ca-certificates \
+    curl \
+    apt-transport-https \
+    gnupg \
+    wget \
+    software-properties-common \
+    lsb-release \
+    git \
+    vim \
+    unzip \
+    jq \
+  && apt-get upgrade -y \
+  && apt-get clean \
+  && rm -rf /var/lib/apt/lists/* \
+  && rm -rf /var/cache/apk/*
+# Install docker
+RUN  apt-get update -y && \
+     install -m 0755 -d /etc/apt/keyrings && \
+     curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc && \
+     chmod a+r /etc/apt/keyrings/docker.asc && \
+      echo \
+      "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
+      $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+      tee /etc/apt/sources.list.d/docker.list > /dev/null && \
+     apt-get update && \
+     apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y && \
+     usermod -a -G docker jenkins
+# Install azure cli latest available version for debian
+RUN curl -sL https://aka.ms/InstallAzureCLIDeb | bash
+# Fetch the latest release data from GitHub API & Install Jenkins CLI to install plugin manager
+RUN latest_release=$(curl -s https://api.github.com/repos/jenkinsci/plugin-installation-manager-tool/releases/latest | jq 'del(.body)') && \
+    echo "GitHub API response:" && echo "$latest_release" && \
+    tag_name=$(echo "$latest_release" | jq -r .tag_name) && \
+    echo "Latest release tag of plugin-installation-manager-tool: $tag_name" && \
+    download_url=$(echo "$latest_release" | jq -r '.assets[] | select(.name | endswith(".jar")) | .browser_download_url') && \
+    echo "Download URL: $download_url" && \
+    curl -fsSL "${download_url}" -o $JENKINS_HOME/jenkins-plugin-manager.jar
+# copy plugins.yaml file for installing plugins using jenkins cli
+COPY plugins.yaml ${JENKINS_HOME}/plugins.yaml
+# Copy user.groovy,number_of_executors.groovy  to /usr/share/jenkins/ref/init.groovy.d/ where jenkins init scripts will run
+COPY *.groovy /usr/share/jenkins/ref/init.groovy.d/
+# Configuration as code and set as a environment variable
+COPY config-as-code.yaml $JENKINS_HOME/config-as-code.yaml
+ENV CASC_JENKINS_CONFIG=$JENKINS_HOME/config-as-code.yaml
+# Install plugin using jenkins cli
+RUN java -jar $JENKINS_HOME/jenkins-plugin-manager.jar --plugin-file $JENKINS_HOME/plugins.yaml --plugin-download-directory ${JENKINS_HOME}/plugins --output yaml
+# File permissions for JENKINS_HOME for jenkins user
+RUN chown -R jenkins:jenkins /var/jenkins_home && \
+    chmod -R 755 /var/jenkins_home
+# Switching to default user
+USER jenkins
+# Skip initial setup
+ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false"
+
+

jdk-21/Dockerfile

@@ -0,0 +1,73 @@
+# Base image referring official build from jenkins - jdk 11
+FROM jenkins/jenkins:lts-jdk11
+# Jenkins default user and password will be passed on run time
+ARG JENKINS_USER
+ARG JENKINS_PASS
+ARG GITHUB_APP_KEY
+ARG GITHUB_APP_ID
+ENV JENKINS_USER=${JENKINS_USER}
+ENV JENKINS_PASS=${JENKINS_PASS}
+ENV GITHUB_APP_KEY=${GITHUB_APP_KEY}
+ENV GITHUB_APP_ID=${GITHUB_APP_ID}
+# Added a label
+LABEL authors="githubofkrishnadhas"
+# Root user
+USER root
+# Install basic packages needed
+RUN apt-get update -y \
+  && apt-get install --no-install-recommends -y -qq \
+    ca-certificates \
+    curl \
+    apt-transport-https \
+    gnupg \
+    wget \
+    software-properties-common \
+    lsb-release \
+    git \
+    vim \
+    unzip \
+    jq \
+  && apt-get upgrade -y \
+  && apt-get clean \
+  && rm -rf /var/lib/apt/lists/* \
+  && rm -rf /var/cache/apk/*
+# Install docker
+RUN  apt-get update -y && \
+     install -m 0755 -d /etc/apt/keyrings && \
+     curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc && \
+     chmod a+r /etc/apt/keyrings/docker.asc && \
+      echo \
+      "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
+      $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+      tee /etc/apt/sources.list.d/docker.list > /dev/null && \
+     apt-get update && \
+     apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y && \
+     usermod -a -G docker jenkins
+# Install azure cli latest available version for debian
+RUN curl -sL https://aka.ms/InstallAzureCLIDeb | bash
+# Fetch the latest release data from GitHub API & Install Jenkins CLI to install plugin manager
+RUN latest_release=$(curl -s https://api.github.com/repos/jenkinsci/plugin-installation-manager-tool/releases/latest | jq 'del(.body)') && \
+    echo "GitHub API response:" && echo "$latest_release" && \
+    tag_name=$(echo "$latest_release" | jq -r .tag_name) && \
+    echo "Latest release tag of plugin-installation-manager-tool: $tag_name" && \
+    download_url=$(echo "$latest_release" | jq -r '.assets[] | select(.name | endswith(".jar")) | .browser_download_url') && \
+    echo "Download URL: $download_url" && \
+    curl -fsSL "${download_url}" -o $JENKINS_HOME/jenkins-plugin-manager.jar
+# copy plugins.yaml file for installing plugins using jenkins cli
+COPY plugins.yaml ${JENKINS_HOME}/plugins.yaml
+# Copy user.groovy,number_of_executors.groovy  to /usr/share/jenkins/ref/init.groovy.d/ where jenkins init scripts will run
+COPY *.groovy /usr/share/jenkins/ref/init.groovy.d/
+# Configuration as code and set as a environment variable
+COPY config-as-code.yaml $JENKINS_HOME/config-as-code.yaml
+ENV CASC_JENKINS_CONFIG=$JENKINS_HOME/config-as-code.yaml
+# Install plugin using jenkins cli
+RUN java -jar $JENKINS_HOME/jenkins-plugin-manager.jar --plugin-file $JENKINS_HOME/plugins.yaml --plugin-download-directory ${JENKINS_HOME}/plugins --output yaml
+# File permissions for JENKINS_HOME for jenkins user
+RUN chown -R jenkins:jenkins /var/jenkins_home && \
+    chmod -R 755 /var/jenkins_home
+# Switching to default user
+USER jenkins
+# Skip initial setup
+ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false"
+
+