diff --git a/.github/workflows/build-publish-jenkins-image.yaml b/.github/workflows/build-publish-jenkins-image.yaml index 417892f..0ece0c0 100644 --- a/.github/workflows/build-publish-jenkins-image.yaml +++ b/.github/workflows/build-publish-jenkins-image.yaml @@ -1,4 +1,4 @@ -name: build-publish-jenkins-image +name: build-publish-jenkins-jdk11-image on: # push: # branches: @@ -10,9 +10,9 @@ on: permissions: contents: write -run-name: build-publish-jenkins-core-image +run-name: build-publish-jenkins-jdk11-image jobs: - build-publish-jenkins-image: + build-publish-jenkins-jdk11-image: runs-on: ubuntu-latest steps: diff --git a/.github/workflows/build-publish-jenkins-jdk17-image.yaml b/.github/workflows/build-publish-jenkins-jdk17-image.yaml new file mode 100644 index 0000000..e16ee62 --- /dev/null +++ b/.github/workflows/build-publish-jenkins-jdk17-image.yaml @@ -0,0 +1,75 @@ +name: build-publish-jenkins-jdk17-image +on: +# push: +# branches: +# - main + workflow_dispatch: + schedule: + - cron: '0 0 5,20 * *' + +permissions: + contents: write + +run-name: build-publish-jenkins-jdk17-image +jobs: + build-publish-jenkins-jdk17-image: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set job start time + run: echo "JOB_START_TIME=$(date -u +"%d %B %A %Y %H:%M UTC")" >> $GITHUB_ENV + + - name: Git config and create new tag + if: github.ref == 'refs/heads/main' # Run only on main branch + run: | + # Run bash script to get new tag + bash get_latest_version_create_tag.sh + + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build and publish docker image with tag +# env: +# NEW_VERSION: $NEW_VERSION + uses: docker/build-push-action@v5 + with: + push: true + platforms: linux/amd64,linux/arm64 + tags: | + ${{ secrets.DOCKERHUB_USERNAME }}/jenkins-core-jdk17-image:${{ env.NEW_VERSION }} + ${{ secrets.DOCKERHUB_USERNAME }}/jenkins-core-jdk17-image:latest + build-args: | + "JENKINS_USER=${{ secrets.JENKINS_USER }}" + "JENKINS_PASS=${{ secrets.JENKINS_PASS }}" + "GITHUB_APP_KEY=${{ secrets.GH_APP_KEY }}" + "GITHUB_APP_ID=${{ secrets.GH_APP_ID }}" + + - name: set up docker and scan docker image for vulnerabilities + uses: docker-practice/actions-setup-docker@master + - run: | + set -x + docker version + docker run -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy image ${{ secrets.DOCKERHUB_USERNAME }}/jenkins-core-jdk17-image:latest + + - name: Set job end time + run: echo "JOB_END_TIME=$(date -u +"%d %B %A %Y %H:%M UTC")" >> $GITHUB_ENV + + - name: Write to workflow job summary + run: | + SUMMARY=$'# Building jenkins-core-image\n' + SUMMARY=$'[jenkins-core-jdk17-image available here](https://hub.docker.com/r/dockerofkrishnadhas/jenkins-core-jdk17-image)\n' + SUMMARY+=$'**Job Start 📅 Time:** ${{ env.JOB_START_TIME }}\n' + SUMMARY+=$'**Job End 📅 Time:** ${{ env.JOB_END_TIME }}\n' + echo "$SUMMARY" >> $GITHUB_STEP_SUMMARY \ No newline at end of file diff --git a/.github/workflows/build-publish-jenkins-jdk21-image.yaml b/.github/workflows/build-publish-jenkins-jdk21-image.yaml new file mode 100644 index 0000000..98fa294 --- /dev/null +++ b/.github/workflows/build-publish-jenkins-jdk21-image.yaml @@ -0,0 +1,75 @@ +name: build-publish-jenkins-jdk21-image +on: +# push: +# branches: +# - main + workflow_dispatch: + schedule: + - cron: '0 0 5,20 * *' + +permissions: + contents: write + +run-name: build-publish-jenkins-jdk21-image +jobs: + build-publish-jenkins-jdk21-image: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set job start time + run: echo "JOB_START_TIME=$(date -u +"%d %B %A %Y %H:%M UTC")" >> $GITHUB_ENV + + - name: Git config and create new tag + if: github.ref == 'refs/heads/main' # Run only on main branch + run: | + # Run bash script to get new tag + bash get_latest_version_create_tag.sh + + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build and publish docker image with tag +# env: +# NEW_VERSION: $NEW_VERSION + uses: docker/build-push-action@v5 + with: + push: true + platforms: linux/amd64,linux/arm64 + tags: | + ${{ secrets.DOCKERHUB_USERNAME }}/jenkins-core-jdk21-image:${{ env.NEW_VERSION }} + ${{ secrets.DOCKERHUB_USERNAME }}/jenkins-core-jdk21-image:latest + build-args: | + "JENKINS_USER=${{ secrets.JENKINS_USER }}" + "JENKINS_PASS=${{ secrets.JENKINS_PASS }}" + "GITHUB_APP_KEY=${{ secrets.GH_APP_KEY }}" + "GITHUB_APP_ID=${{ secrets.GH_APP_ID }}" + + - name: set up docker and scan docker image for vulnerabilities + uses: docker-practice/actions-setup-docker@master + - run: | + set -x + docker version + docker run -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy image ${{ secrets.DOCKERHUB_USERNAME }}/jenkins-core-jdk21-image:latest + + - name: Set job end time + run: echo "JOB_END_TIME=$(date -u +"%d %B %A %Y %H:%M UTC")" >> $GITHUB_ENV + + - name: Write to workflow job summary + run: | + SUMMARY=$'# Building jenkins-core-jdk21-image\n' + SUMMARY=$'[jenkins-core-jdk21-image available here](https://hub.docker.com/r/dockerofkrishnadhas/jenkins-core-jdk21-image)\n' + SUMMARY+=$'**Job Start 📅 Time:** ${{ env.JOB_START_TIME }}\n' + SUMMARY+=$'**Job End 📅 Time:** ${{ env.JOB_END_TIME }}\n' + echo "$SUMMARY" >> $GITHUB_STEP_SUMMARY \ No newline at end of file diff --git a/README.md b/README.md index 4859d9f..f843827 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,14 @@ # create-jenkins-docker-image-and-publish-periodically Create jenkins docker images and build them periodicaly and scan using trivy +# Images being built and updated + +| Image Name | jdk version | +|----------------------------------------------|--------------| +| dockerofkrishnadhas/jenkins-core-image | jdk11 | +| dockerofkrishnadhas/jenkins-core-jdk17-image | jdk17 | +| dockerofkrishnadhas/jenkins-core-jdk21-image | jdk21 | + # How everything works * Dockerfile --> The core instructions on building jenkins docker image diff --git a/docker-compose.yaml b/docker-compose.yaml index a5f140e..ec9133b 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -3,7 +3,7 @@ services: jenkins: build: context: . - dockerfile: Dockerfile + dockerfile: /Dockerfile # replace x with 11 or 17 or 21 as erquired restart: always ports: - 8080:8080 # For UI use diff --git a/Dockerfile b/jdk-11/Dockerfile similarity index 98% rename from Dockerfile rename to jdk-11/Dockerfile index bbdea88..3bf5887 100644 --- a/Dockerfile +++ b/jdk-11/Dockerfile @@ -58,7 +58,7 @@ COPY plugins.yaml ${JENKINS_HOME}/plugins.yaml # Copy user.groovy,number_of_executors.groovy to /usr/share/jenkins/ref/init.groovy.d/ where jenkins init scripts will run COPY *.groovy /usr/share/jenkins/ref/init.groovy.d/ # Configuration as code and set as a environment variable -COPY ./config-as-code.yaml $JENKINS_HOME/config-as-code.yaml +COPY config-as-code.yaml $JENKINS_HOME/config-as-code.yaml ENV CASC_JENKINS_CONFIG=$JENKINS_HOME/config-as-code.yaml # Install plugin using jenkins cli RUN java -jar $JENKINS_HOME/jenkins-plugin-manager.jar --plugin-file $JENKINS_HOME/plugins.yaml --plugin-download-directory ${JENKINS_HOME}/plugins --output yaml diff --git a/jdk-17/Dockerfile b/jdk-17/Dockerfile new file mode 100644 index 0000000..2f78128 --- /dev/null +++ b/jdk-17/Dockerfile @@ -0,0 +1,73 @@ +# Base image referring official build from jenkins - jdk 17 +FROM jenkins/jenkins:lts-jdk17 +# Jenkins default user and password will be passed on run time +ARG JENKINS_USER +ARG JENKINS_PASS +ARG GITHUB_APP_KEY +ARG GITHUB_APP_ID +ENV JENKINS_USER=${JENKINS_USER} +ENV JENKINS_PASS=${JENKINS_PASS} +ENV GITHUB_APP_KEY=${GITHUB_APP_KEY} +ENV GITHUB_APP_ID=${GITHUB_APP_ID} +# Added a label +LABEL authors="githubofkrishnadhas" +# Root user +USER root +# Install basic packages needed +RUN apt-get update -y \ + && apt-get install --no-install-recommends -y -qq \ + ca-certificates \ + curl \ + apt-transport-https \ + gnupg \ + wget \ + software-properties-common \ + lsb-release \ + git \ + vim \ + unzip \ + jq \ + && apt-get upgrade -y \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* \ + && rm -rf /var/cache/apk/* +# Install docker +RUN apt-get update -y && \ + install -m 0755 -d /etc/apt/keyrings && \ + curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc && \ + chmod a+r /etc/apt/keyrings/docker.asc && \ + echo \ + "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \ + $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ + tee /etc/apt/sources.list.d/docker.list > /dev/null && \ + apt-get update && \ + apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y && \ + usermod -a -G docker jenkins +# Install azure cli latest available version for debian +RUN curl -sL https://aka.ms/InstallAzureCLIDeb | bash +# Fetch the latest release data from GitHub API & Install Jenkins CLI to install plugin manager +RUN latest_release=$(curl -s https://api.github.com/repos/jenkinsci/plugin-installation-manager-tool/releases/latest | jq 'del(.body)') && \ + echo "GitHub API response:" && echo "$latest_release" && \ + tag_name=$(echo "$latest_release" | jq -r .tag_name) && \ + echo "Latest release tag of plugin-installation-manager-tool: $tag_name" && \ + download_url=$(echo "$latest_release" | jq -r '.assets[] | select(.name | endswith(".jar")) | .browser_download_url') && \ + echo "Download URL: $download_url" && \ + curl -fsSL "${download_url}" -o $JENKINS_HOME/jenkins-plugin-manager.jar +# copy plugins.yaml file for installing plugins using jenkins cli +COPY plugins.yaml ${JENKINS_HOME}/plugins.yaml +# Copy user.groovy,number_of_executors.groovy to /usr/share/jenkins/ref/init.groovy.d/ where jenkins init scripts will run +COPY *.groovy /usr/share/jenkins/ref/init.groovy.d/ +# Configuration as code and set as a environment variable +COPY config-as-code.yaml $JENKINS_HOME/config-as-code.yaml +ENV CASC_JENKINS_CONFIG=$JENKINS_HOME/config-as-code.yaml +# Install plugin using jenkins cli +RUN java -jar $JENKINS_HOME/jenkins-plugin-manager.jar --plugin-file $JENKINS_HOME/plugins.yaml --plugin-download-directory ${JENKINS_HOME}/plugins --output yaml +# File permissions for JENKINS_HOME for jenkins user +RUN chown -R jenkins:jenkins /var/jenkins_home && \ + chmod -R 755 /var/jenkins_home +# Switching to default user +USER jenkins +# Skip initial setup +ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false" + + diff --git a/jdk-21/Dockerfile b/jdk-21/Dockerfile new file mode 100644 index 0000000..3bf5887 --- /dev/null +++ b/jdk-21/Dockerfile @@ -0,0 +1,73 @@ +# Base image referring official build from jenkins - jdk 11 +FROM jenkins/jenkins:lts-jdk11 +# Jenkins default user and password will be passed on run time +ARG JENKINS_USER +ARG JENKINS_PASS +ARG GITHUB_APP_KEY +ARG GITHUB_APP_ID +ENV JENKINS_USER=${JENKINS_USER} +ENV JENKINS_PASS=${JENKINS_PASS} +ENV GITHUB_APP_KEY=${GITHUB_APP_KEY} +ENV GITHUB_APP_ID=${GITHUB_APP_ID} +# Added a label +LABEL authors="githubofkrishnadhas" +# Root user +USER root +# Install basic packages needed +RUN apt-get update -y \ + && apt-get install --no-install-recommends -y -qq \ + ca-certificates \ + curl \ + apt-transport-https \ + gnupg \ + wget \ + software-properties-common \ + lsb-release \ + git \ + vim \ + unzip \ + jq \ + && apt-get upgrade -y \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* \ + && rm -rf /var/cache/apk/* +# Install docker +RUN apt-get update -y && \ + install -m 0755 -d /etc/apt/keyrings && \ + curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc && \ + chmod a+r /etc/apt/keyrings/docker.asc && \ + echo \ + "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \ + $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ + tee /etc/apt/sources.list.d/docker.list > /dev/null && \ + apt-get update && \ + apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y && \ + usermod -a -G docker jenkins +# Install azure cli latest available version for debian +RUN curl -sL https://aka.ms/InstallAzureCLIDeb | bash +# Fetch the latest release data from GitHub API & Install Jenkins CLI to install plugin manager +RUN latest_release=$(curl -s https://api.github.com/repos/jenkinsci/plugin-installation-manager-tool/releases/latest | jq 'del(.body)') && \ + echo "GitHub API response:" && echo "$latest_release" && \ + tag_name=$(echo "$latest_release" | jq -r .tag_name) && \ + echo "Latest release tag of plugin-installation-manager-tool: $tag_name" && \ + download_url=$(echo "$latest_release" | jq -r '.assets[] | select(.name | endswith(".jar")) | .browser_download_url') && \ + echo "Download URL: $download_url" && \ + curl -fsSL "${download_url}" -o $JENKINS_HOME/jenkins-plugin-manager.jar +# copy plugins.yaml file for installing plugins using jenkins cli +COPY plugins.yaml ${JENKINS_HOME}/plugins.yaml +# Copy user.groovy,number_of_executors.groovy to /usr/share/jenkins/ref/init.groovy.d/ where jenkins init scripts will run +COPY *.groovy /usr/share/jenkins/ref/init.groovy.d/ +# Configuration as code and set as a environment variable +COPY config-as-code.yaml $JENKINS_HOME/config-as-code.yaml +ENV CASC_JENKINS_CONFIG=$JENKINS_HOME/config-as-code.yaml +# Install plugin using jenkins cli +RUN java -jar $JENKINS_HOME/jenkins-plugin-manager.jar --plugin-file $JENKINS_HOME/plugins.yaml --plugin-download-directory ${JENKINS_HOME}/plugins --output yaml +# File permissions for JENKINS_HOME for jenkins user +RUN chown -R jenkins:jenkins /var/jenkins_home && \ + chmod -R 755 /var/jenkins_home +# Switching to default user +USER jenkins +# Skip initial setup +ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false" + +