firstBitMarksistskaya · nixel2007 · Nov 23, 2024 · Nov 22, 2024 · Nov 23, 2024 · Nov 23, 2024
diff --git a/k8s-jenkins-agent/Dockerfile b/k8s-jenkins-agent/Dockerfile
@@ -1,70 +1,83 @@
+# Для сборки использован стандартный шаблон jenkins-inbound-agent https://github.com/jenkinsci/docker-agent/blob/master/debian/Dockerfile
+# Стадию с as jre-build убрал, т.к. у нас на этот момент уже всегда есть джава в контейнере.
 ARG DOCKER_REGISTRY_URL
 ARG BASE_IMAGE
 ARG BASE_TAG
-ARG user=jenkins
 
-FROM ${DOCKER_REGISTRY_URL}/${BASE_IMAGE}:${BASE_TAG}
+FROM ${DOCKER_REGISTRY_URL}/${BASE_IMAGE}:${BASE_TAG} as agent
 
 LABEL maintainer="Nikita Gryzlov <[email protected]>, FirstBit"
 
-RUN set -xe \
-  && apt-get update \
-  && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
-      curl \
-      git \
-      locales \
-      openssh-client \
-      wget \
-      init \
-      openssh-server openssh-client \
-      apt-transport-https \
-  # git-lfs
-  && curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash \
-  && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+ARG user=jenkins
+ARG group=jenkins
+ARG uid=1000
+ARG gid=1000
+
+RUN groupadd -g "${gid}" "${group}" \
+  && useradd -l -c "Jenkins user" -d /home/"${user}" -u "${uid}" -g "${gid}" -m "${user}" || echo "user ${user} already exists."
-RUN groupadd -g "${gid}" "${group}" \
-  && useradd -l -c "Jenkins user" -d /home/"${user}" -u "${uid}" -g "${gid}" -m "${user}" || echo "user ${user} already exists."
+RUN groupadd -g "${gid}" "${group}" || true \
+  && id -u "${user}" &>/dev/null || useradd -l -c "Jenkins user" -d /home/"${user}" -u "${uid}" -g "${gid}" -m "${user}"
-RUN groupadd -g "${gid}" "${group}" \
-  && useradd -l -c "Jenkins user" -d /home/"${user}" -u "${uid}" -g "${gid}" -m "${user}" || echo "user ${user} already exists."
+RUN groupadd -g "${gid}" "${group}" || true \
+  && id -u "${user}" &>/dev/null || useradd -l -c "Jenkins user" -d /home/"${user}" -u "${uid}" -g "${gid}" -m "${user}"
+
+ARG AGENT_WORKDIR=/home/"${user}"/agent
+
+## Always use the latest Debian packages: no need for versions
+# hadolint ignore=DL3008
+RUN apt-get update \
+  && apt-get --yes --no-install-recommends install \
+    ca-certificates \
+    curl \
+    fontconfig \
+    git \
     git-lfs \
-  && rm -rf  \
-    /var/lib/apt/lists/* \
-    /var/cache/debconf \
-  && localedef -i ru_RU -c -f UTF-8 -A /usr/share/locale/locale.alias ru_RU.UTF-8
-
-RUN echo "deb http://security.ubuntu.com/ubuntu bionic-security main" | tee -a /etc/apt/sources.list
-RUN apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 3B4FE6ACC0B21F32 && apt-get update 
-#RUN apt-add-repository 'deb http://security.debian.org/debian-security stretch/updates main' && apt-get update
-#RUN apt-get update && apt install -y openjdk-11-jdk
-
+    less \
+    netbase \
+    openssh-client \
+    patch \
+    tzdata \
+  && apt-get clean \
+  && rm -rf /tmp/* /var/cache/* /var/lib/apt/lists/*
+
+ARG VERSION=3283.v92c105e0f819
+ADD --chown="${user}":"${group}" "https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar" /usr/share/jenkins/agent.jar
-ADD --chown="${user}":"${group}" "https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar" /usr/share/jenkins/agent.jar
+RUN curl -fsSL "https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar" -o /usr/share/jenkins/agent.jar \
+    && chown "${user}":"${group}" /usr/share/jenkins/agent.jar
-ADD --chown="${user}":"${group}" "https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar" /usr/share/jenkins/agent.jar
+RUN curl -fsSL "https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar" -o /usr/share/jenkins/agent.jar \
+    && chown "${user}":"${group}" /usr/share/jenkins/agent.jar
+RUN chmod 0644 /usr/share/jenkins/agent.jar \
+  && ln -sf /usr/share/jenkins/agent.jar /usr/share/jenkins/slave.jar
+
+ENV AGENT_WORKDIR=${AGENT_WORKDIR}
+RUN mkdir -p /home/"${user}"/.jenkins && mkdir -p "${AGENT_WORKDIR}"
+
+VOLUME /home/"${user}"/.jenkins
+VOLUME "${AGENT_WORKDIR}"
+WORKDIR /home/"${user}"
+ENV USER=${user}
+LABEL \
+  org.opencontainers.image.vendor="Jenkins project" \
+  org.opencontainers.image.title="Official Jenkins Agent Base Docker image" \
+  org.opencontainers.image.description="This is a base image, which provides the Jenkins agent executable (agent.jar)" \
+  org.opencontainers.image.version="${VERSION}" \
+  org.opencontainers.image.url="https://www.jenkins.io/" \
+  org.opencontainers.image.source="https://github.com/jenkinsci/docker-agent" \
+  org.opencontainers.image.licenses="MIT"
+
+## Inbound Agent image target
+FROM agent AS inbound-agent
 
-RUN groupadd -g 1000 jenkins \
-  && useradd -l -d /home/jenkins -u 1000 -g 1000 -m jenkins
-
-
-ARG AGENT_WORKDIR=/home/jenkins/agent
-
-# Install jenkins jnlp
-ARG VERSION=4.14
-RUN curl --create-dirs -sSLo /usr/share/jenkins/slave.jar https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/4.14/remoting-4.14.jar \
-    && chmod 755 /usr/share/jenkins \
-    && chmod 644 /usr/share/jenkins/slave.jar \
-    && chown jenkins:jenkins /usr/share/jenkins/slave.jar
+ARG user=jenkins
 
+USER root
 COPY ./k8s-jenkins-agent/jenkins-agent /usr/local/bin/jenkins-agent
-RUN chmod +x /usr/local/bin/jenkins-agent \
-    && chown jenkins:jenkins /usr/local/bin/jenkins-agent \
-    && ln -s /usr/local/bin/jenkins-agent /usr/local/bin/jenkins-slave
-
-RUN mkdir -p /home/jenkins/.jenkins \
-    && mkdir -p /home/jenkins/agent \
-    && chown -R jenkins:jenkins /home/jenkins
-
-
-ENV LANG ru_RU.UTF-8
+COPY ./k8s-jenkins-agent/docker-entrypoint.sh /docker-entrypoint.sh
 
-VOLUME /home/jenkins/.jenkins
-VOLUME /home/jenkins/agent
-
-WORKDIR /home/jenkins/agent
-
-COPY ./k8s-jenkins-agent/docker-entrypoint.sh /
-RUN chmod 755 /docker-entrypoint.sh \
+RUN chmod +x /usr/local/bin/jenkins-agent \
+    && ln -s /usr/local/bin/jenkins-agent /usr/local/bin/jenkins-slave \
+    && chmod 755 /docker-entrypoint.sh \
     && chmod +x /docker-entrypoint.sh
-
-ENTRYPOINT ["/docker-entrypoint.sh"]
+# USER ${user}
-# USER ${user}
+USER ${user}
-# USER ${user}
+USER ${user}
+
+LABEL \
+  org.opencontainers.image.vendor="Jenkins project" \
+  org.opencontainers.image.title="Official Jenkins Inbound Agent Base Docker image" \
+  org.opencontainers.image.description="This is an image for Jenkins agents using TCP or WebSockets to establish inbound connection to the Jenkins controller" \
+  org.opencontainers.image.version="${VERSION}" \
+  org.opencontainers.image.url="https://www.jenkins.io/" \
+  org.opencontainers.image.source="https://github.com/jenkinsci/docker-agent" \
+  org.opencontainers.image.licenses="MIT"
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
diff --git a/k8s-jenkins-agent/docker-entrypoint.sh b/k8s-jenkins-agent/docker-entrypoint.sh
@@ -4,4 +4,4 @@ if [ -f "/init" ]; then
     /init &
 fi
 
-wget -O agent.jar $JENKINS_URL/jnlpJars/agent.jar && java -Xms4096m -Xmx4096m -Dhudson.remoting.Launcher.pingIntervalSec=-1 -jar /home/jenkins/agent/agent.jar -jnlpUrl $JENKINS_URL/computer/$JENKINS_NAME/jenkins-agent.jnlp -secret $JENKINS_SECRET -noReconnect -workDir /home/jenkins/agent
+/usr/local/bin/jenkins-agent "$@"
-/usr/local/bin/jenkins-agent "$@"
+if [ ! -x "/usr/local/bin/jenkins-agent" ]; then
+    echo "Error: jenkins-agent not found or not executable"
+    exit 1
+fi
+
+/usr/local/bin/jenkins-agent "$@"
-/usr/local/bin/jenkins-agent "$@"
+if [ ! -x "/usr/local/bin/jenkins-agent" ]; then
+    echo "Error: jenkins-agent not found or not executable"
+    exit 1
+fi
+
+/usr/local/bin/jenkins-agent "$@"
diff --git a/k8s-jenkins-agent/jenkins-agent b/k8s-jenkins-agent/jenkins-agent
@@ -22,10 +22,14 @@
 #  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 #  THE SOFTWARE.
 
-# Usage jenkins-agent.sh [options] -url http://jenkins [SECRET] [AGENT_NAME]
+# Usage jenkins-agent.sh [options] -url http://jenkins -secret [SECRET] -name [AGENT_NAME]
 # Optional environment variables :
 # * JENKINS_JAVA_BIN : Java executable to use instead of the default in PATH or obtained from JAVA_HOME
 # * JENKINS_JAVA_OPTS : Java Options to use for the remoting process, otherwise obtained from JAVA_OPTS
+# * JENKINS_AGENT_FILE : Jenkins agent jar file location, /usr/share/jenkins/agent.jar will be used if this is not set
+# * REMOTING_OPTS : Generic way to pass additional CLI options to agent.jar (see -help)
+#
+# Deprecated environment variables (prefer setting REMOTING_OPTS)
 # * JENKINS_TUNNEL : HOST:PORT for a tunnel to route TCP traffic to jenkins host, when jenkins can't be directly accessed over network
 # * JENKINS_URL : alternate jenkins URL
 # * JENKINS_SECRET : agent secret, if not set as an argument
@@ -34,7 +38,7 @@
 # * JENKINS_WEB_SOCKET: true if the connection should be made via WebSocket rather than TCP
 # * JENKINS_DIRECT_CONNECTION: Connect directly to this TCP agent port, skipping the HTTP(S) connection parameter download.
 #                              Value: "<HOST>:<PORT>"
-# * JENKINS_INSTANCE_IDENTITY: The base64 encoded InstanceIdentity byte array of the Jenkins master. When this is set,
+# * JENKINS_INSTANCE_IDENTITY: The base64 encoded InstanceIdentity byte array of the Jenkins controller. When this is set,
 #                              the agent skips connecting to an HTTP(S) port for connection info.
 # * JENKINS_PROTOCOLS:         Specify the remoting protocols to attempt when instanceIdentity is provided.
 
@@ -106,28 +110,32 @@ else
 		fi
 	fi
 
+	if [ "$JENKINS_AGENT_FILE" ]; then
+		AGENT_FILE="$JENKINS_AGENT_FILE"
+	else
+		AGENT_FILE="/usr/share/jenkins/agent.jar"
+	fi
-	if [ "$JENKINS_AGENT_FILE" ]; then
-		AGENT_FILE="$JENKINS_AGENT_FILE"
-	else
-		AGENT_FILE="/usr/share/jenkins/agent.jar"
-	fi
+	if [ "$JENKINS_AGENT_FILE" ]; then
+		AGENT_FILE="$JENKINS_AGENT_FILE"
+	else
+		AGENT_FILE="/usr/share/jenkins/agent.jar"
+	fi
+	if [ ! -f "$AGENT_FILE" ]; then
+		echo "Error: Agent jar file not found: $AGENT_FILE"
+		exit 1
+	fi
+	if [ ! -r "$AGENT_FILE" ]; then
+		echo "Error: Agent jar file not readable: $AGENT_FILE"
+		exit 1
+	fi
-	if [ "$JENKINS_AGENT_FILE" ]; then
-		AGENT_FILE="$JENKINS_AGENT_FILE"
-	else
-		AGENT_FILE="/usr/share/jenkins/agent.jar"
-	fi
+	if [ "$JENKINS_AGENT_FILE" ]; then
+		AGENT_FILE="$JENKINS_AGENT_FILE"
+	else
+		AGENT_FILE="/usr/share/jenkins/agent.jar"
+	fi
+	if [ ! -f "$AGENT_FILE" ]; then
+		echo "Error: Agent jar file not found: $AGENT_FILE"
+		exit 1
+	fi
+	if [ ! -r "$AGENT_FILE" ]; then
+		echo "Error: Agent jar file not readable: $AGENT_FILE"
+		exit 1
+	fi
+
 	# if both required options are defined, do not pass the parameters
-	OPT_JENKINS_SECRET=""
 	if [ -n "$JENKINS_SECRET" ]; then
 		case "$@" in
 			*"${JENKINS_SECRET}"*) echo "Warning: SECRET is defined twice in command-line arguments and the environment variable" ;;
 			*)
-			OPT_JENKINS_SECRET="${JENKINS_SECRET}" ;;
+			SECRET="-secret ${JENKINS_SECRET}" ;;
 		esac
 	fi
 
-	OPT_JENKINS_AGENT_NAME=""
 	if [ -n "$JENKINS_AGENT_NAME" ]; then
 		case "$@" in
 			*"${JENKINS_AGENT_NAME}"*) echo "Warning: AGENT_NAME is defined twice in command-line arguments and the environment variable" ;;
 			*)
-			OPT_JENKINS_AGENT_NAME="${JENKINS_AGENT_NAME}" ;;
+			AGENT_NAME="-name ${JENKINS_AGENT_NAME}" ;;
 		esac
 	fi
 
 	#TODO: Handle the case when the command-line and Environment variable contain different values.
 	#It is fine it blows up for now since it should lead to an error anyway.
 
-        exec $JAVA_BIN $JAVA_OPTIONS -cp /usr/share/jenkins/agent.jar hudson.remoting.jnlp.Main -headless $TUNNEL $URL $WORKDIR $WEB_SOCKET $DIRECT $PROTOCOLS $INSTANCE_IDENTITY $OPT_JENKINS_SECRET $OPT_JENKINS_AGENT_NAME "$@"
+        exec $JAVA_BIN $JAVA_OPTIONS -jar $AGENT_FILE $SECRET $AGENT_NAME $TUNNEL $URL $WORKDIR $WEB_SOCKET $DIRECT $PROTOCOLS $INSTANCE_IDENTITY $REMOTING_OPTS "$@"
-        exec $JAVA_BIN $JAVA_OPTIONS -jar $AGENT_FILE $SECRET $AGENT_NAME $TUNNEL $URL $WORKDIR $WEB_SOCKET $DIRECT $PROTOCOLS $INSTANCE_IDENTITY $REMOTING_OPTS "$@"
+        exec "${JAVA_BIN}" ${JAVA_OPTIONS:+"${JAVA_OPTIONS}"} -jar "${AGENT_FILE}" \
+            ${SECRET:+"${SECRET}"} \
+            ${AGENT_NAME:+"${AGENT_NAME}"} \
+            ${TUNNEL:+"${TUNNEL}"} \
+            ${URL:+"${URL}"} \
+            ${WORKDIR:+"${WORKDIR}"} \
+            ${WEB_SOCKET:+"${WEB_SOCKET}"} \
+            ${DIRECT:+"${DIRECT}"} \
+            ${PROTOCOLS:+"${PROTOCOLS}"} \
+            ${INSTANCE_IDENTITY:+"${INSTANCE_IDENTITY}"} \
+            ${REMOTING_OPTS:+"${REMOTING_OPTS}"} \
+            "$@"
-        exec $JAVA_BIN $JAVA_OPTIONS -jar $AGENT_FILE $SECRET $AGENT_NAME $TUNNEL $URL $WORKDIR $WEB_SOCKET $DIRECT $PROTOCOLS $INSTANCE_IDENTITY $REMOTING_OPTS "$@"
+        exec "${JAVA_BIN}" ${JAVA_OPTIONS:+"${JAVA_OPTIONS}"} -jar "${AGENT_FILE}" \
+            ${SECRET:+"${SECRET}"} \
+            ${AGENT_NAME:+"${AGENT_NAME}"} \
+            ${TUNNEL:+"${TUNNEL}"} \
+            ${URL:+"${URL}"} \
+            ${WORKDIR:+"${WORKDIR}"} \
+            ${WEB_SOCKET:+"${WEB_SOCKET}"} \
+            ${DIRECT:+"${DIRECT}"} \
+            ${PROTOCOLS:+"${PROTOCOLS}"} \
+            ${INSTANCE_IDENTITY:+"${INSTANCE_IDENTITY}"} \
+            ${REMOTING_OPTS:+"${REMOTING_OPTS}"} \
+            "$@"
 
-fi
+fi