Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

impr(optimization/refactor): Optimized Debian dockerfiles, Enhanced readability + Enhanced code structure. (@Ilolm) #1948

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
+264 −176
Open

impr(optimization/refactor): Optimized Debian dockerfiles, Enhanced readability + Enhanced code structure. (@Ilolm) #1948

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
063405a
Optimized + Enhanced readability + Enhanced code structure
ilolm Nov 8, 2024
c2eb3f8
Resolved some issues
ilolm Nov 9, 2024
8be5443
Resolved hadolint+shellcheck build issues
ilolm Nov 9, 2024
997d6a3
Split the rest of the ARG/ENV statements
ilolm Nov 9, 2024
d8e466a
Merge branch 'master' into dockerfile_optimization
ilolm Nov 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
247 changes: 137 additions & 110 deletions debian/bookworm-slim/hotspot/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,31 @@
ARG BOOKWORM_TAG=20241016

FROM debian:bookworm-"${BOOKWORM_TAG}"-slim as jre-build
######################################################
# BUILD STAGE #
######################################################
FROM debian:bookworm-"${BOOKWORM_TAG}"-slim AS jre-build

ARG JAVA_VERSION=17.0.13_11

SHELL ["/bin/bash", "-o", "pipefail", "-c"]

COPY jdk-download-url.sh /usr/bin/jdk-download-url.sh
COPY jdk-download.sh /usr/bin/jdk-download.sh
COPY ["./jdk-download-url.sh", "./jdk-download.sh", "/usr/bin/"]

RUN apt-get update \
&& apt-get install --no-install-recommends -y \
ca-certificates \
curl \
jq \
&& rm -rf /var/lib/apt/lists/* \
&& /usr/bin/jdk-download.sh
&& apt-get install --no-install-recommends -y \
ca-certificates \
curl \
jq \
&& \

echo "Cleaning up" \
&& apt-get autoremove \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* && \

echo "Downloading jdk" \
&& chmod +x /usr/bin/jdk-download.sh \
&& /usr/bin/jdk-download.sh

ENV PATH="/opt/jdk-${JAVA_VERSION}/bin:${PATH}"

Expand All @@ -36,123 +46,140 @@ RUN case "$(jlink --version 2>&1)" in \
--no-header-files \
--output /javaruntime


######################################################
# CONTROLLER STAGE #
######################################################
FROM debian:bookworm-"${BOOKWORM_TAG}"-slim AS controller

RUN apt-get update \
&& apt-get install -y --no-install-recommends \
ca-certificates \
curl \
git \
gnupg \
gpg \
libfontconfig1 \
libfreetype6 \
procps \
ssh-client \
tini \
unzip \
tzdata \
&& rm -rf /var/lib/apt/lists/*
# metadata labels
LABEL \
org.opencontainers.image.vendor="Jenkins project" \
org.opencontainers.image.title="Official Jenkins Docker image" \
org.opencontainers.image.description="The Jenkins Continuous Integration and Delivery server" \
org.opencontainers.image.version="${JENKINS_VERSION}" \
org.opencontainers.image.url="https://www.jenkins.io/" \
org.opencontainers.image.source="https://github.com/jenkinsci/docker" \
org.opencontainers.image.revision="${COMMIT_SHA}" \
org.opencontainers.image.licenses="MIT"

RUN apt-get update \
&& apt-get install -y --no-install-recommends \
ca-certificates \
curl \
git \
gnupg \
gpg \
libfontconfig1 \
libfreetype6 \
procps \
ssh-client \
tini \
unzip \
tzdata \
&& \

echo "Cleaning up" \
&& apt-get autoremove \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*

# Installing git-lfs
RUN curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh -o /tmp/script.deb.sh \
&& bash /tmp/script.deb.sh \
&& rm -f /tmp/script.deb.sh \
&& apt-get install -y --no-install-recommends \
git-lfs \
&& rm -rf /var/lib/apt/lists/* \
&& git lfs install

ENV LANG=C.UTF-8

ARG TARGETARCH
ARG COMMIT_SHA

ARG user=jenkins
ARG group=jenkins
ARG uid=1000
ARG gid=1000
ARG http_port=8080
ARG agent_port=50000
ARG JENKINS_HOME=/var/jenkins_home
ARG REF=/usr/share/jenkins/ref

ENV JENKINS_HOME=$JENKINS_HOME
ENV JENKINS_SLAVE_AGENT_PORT=${agent_port}
ENV REF=$REF

# Jenkins is run with user `jenkins`, uid = 1000
# If you bind mount a volume from the host or a data container,
# ensure you use the same uid
RUN mkdir -p $JENKINS_HOME \
&& chown ${uid}:${gid} $JENKINS_HOME \
&& groupadd -g ${gid} ${group} \
&& useradd -d "$JENKINS_HOME" -u ${uid} -g ${gid} -l -m -s /bin/bash ${user}
&& bash /tmp/script.deb.sh \
&& rm -f /tmp/script.deb.sh \
&& apt-get install -y --no-install-recommends git-lfs \
&& git lfs install && \

# Jenkins home directory is a volume, so configuration and build history
# can be persisted and survive image upgrades
VOLUME $JENKINS_HOME
echo "Cleaning up" \
&& apt-get autoremove \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*

# $REF (defaults to `/usr/share/jenkins/ref/`) contains all reference configuration we want
# to set on a fresh new installation. Use it to bundle additional plugins
# or config file with your custom jenkins Docker image.
RUN mkdir -p ${REF}/init.groovy.d

# jenkins version being bundled in this docker image
#----------------------------------------------------------------------#
# JENKINS_VERSION: jenkins version being bundled in this docker image #
#----------------------------------------------------------------------#
ARG JENKINS_VERSION
ENV JENKINS_VERSION=${JENKINS_VERSION:-2.479}

# jenkins.war checksum, download will be validated using it
ARG JENKINS_SHA=910ea36cef37c45087e39d65e335988e036fccea47c79cc5a52e721a10cb1b49

# Can be used to customize where jenkins.war get downloaded from
ARG JENKINS_URL=https://repo.jenkins-ci.org/public/org/jenkins-ci/main/jenkins-war/${JENKINS_VERSION}/jenkins-war-${JENKINS_VERSION}.war

# could use ADD but this one does not check Last-Modified header neither does it allow to control checksum
# see https://github.com/docker/docker/issues/8331
RUN curl -fsSL ${JENKINS_URL} -o /usr/share/jenkins/jenkins.war \
&& echo "${JENKINS_SHA} /usr/share/jenkins/jenkins.war" >/tmp/jenkins_sha \
&& sha256sum -c --strict /tmp/jenkins_sha \
&& rm -f /tmp/jenkins_sha

ENV JENKINS_UC=https://updates.jenkins.io
ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental
ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals
RUN chown -R ${user} "$JENKINS_HOME" "$REF"
ENV JENKINS_VERSION="${JENKINS_VERSION:-2.479}"

#-----------------------------------------------------------------------------#
# JENKINS_SHA: jenkins.war checksum, download will be validated using it #
#-----------------------------------------------------------------------------#
# JENKINS_URL: Can be used to customize where jenkins.war get downloaded from #
#-----------------------------------------------------------------------------#
ARG JENKINS_SHA="910ea36cef37c45087e39d65e335988e036fccea47c79cc5a52e721a10cb1b49" \
JENKINS_URL="https://repo.jenkins-ci.org/public/org/jenkins-ci/main/jenkins-war/${JENKINS_VERSION}/jenkins-war-${JENKINS_VERSION}.war" \
TARGETARCH \
COMMIT_SHA \
user=jenkins \
group=jenkins \
uid=1000 \
gid=1000 \
http_port=8080 \
agent_port=50000 \
JENKINS_HOME="/var/jenkins_home" \
REF="/usr/share/jenkins/ref" \
PLUGIN_CLI_VERSION="2.13.2" \
PLUGIN_CLI_URL="https://github.com/jenkinsci/plugin-installation-manager-tool/releases/download/${PLUGIN_CLI_VERSION}/jenkins-plugin-manager-${PLUGIN_CLI_VERSION}.jar"

ENV LANG=C.UTF-8 \
JENKINS_HOME="$JENKINS_HOME" \
JENKINS_SLAVE_AGENT_PORT="${agent_port}" \
JENKINS_UC="https://updates.jenkins.io" \
JENKINS_UC_EXPERIMENTAL="https://updates.jenkins.io/experimental" \
JENKINS_INCREMENTALS_REPO_MIRROR="https://repo.jenkins-ci.org/incrementals" \
COPY_REFERENCE_FILE_LOG="$JENKINS_HOME/copy_reference_file.log" \
JAVA_HOME="/opt/java/openjdk" \
REF=$REF


#---------------------------------------------------------------#
# Jenkins is run with user `jenkins`, uid = 1000 #
# If you bind mount a volume from the host or a data container, #
# ensure you use the same uid #
#-------------------------------------------------------------------------------------------#
# $REF (defaults to `/usr/share/jenkins/ref/`) contains all reference configuration we want #
# to set on a fresh new installation. Use it to bundle additional plugins #
# or config file with your custom jenkins Docker image. #
#----------------------------------------------------------------------------------------------------------#
# could use ADD but this one does not check Last-Modified header neither does it allow to control checksum #
# see https://github.com/docker/docker/issues/8331 #
#----------------------------------------------------------------------------------------------------------#
RUN mkdir -p $JENKINS_HOME \
&& chown ${uid}:${gid} $JENKINS_HOME \
&& groupadd -g ${gid} ${group} \
&& useradd -d "$JENKINS_HOME" -u ${uid} -g ${gid} -l -m -s /bin/bash ${user} && \

ARG PLUGIN_CLI_VERSION=2.13.2
ARG PLUGIN_CLI_URL=https://github.com/jenkinsci/plugin-installation-manager-tool/releases/download/${PLUGIN_CLI_VERSION}/jenkins-plugin-manager-${PLUGIN_CLI_VERSION}.jar
RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar \
&& echo "$(curl -fsSL "${PLUGIN_CLI_URL}.sha256") /opt/jenkins-plugin-manager.jar" >/tmp/jenkins_sha \
&& sha256sum -c --strict /tmp/jenkins_sha \
&& rm -f /tmp/jenkins_sha
echo "---------------------------------------" \
&& mkdir -p ${REF}/init.groovy.d \
&& chown -R ${user} "$JENKINS_HOME" "$REF" && \

# for main web interface:
EXPOSE ${http_port}
echo "---------------------------------------" \
&& curl -fsSL ${JENKINS_URL} -o /usr/share/jenkins/jenkins.war \
&& echo "${JENKINS_SHA} /usr/share/jenkins/jenkins.war" >/tmp/jenkins_sha \
&& sha256sum -c --strict /tmp/jenkins_sha \
&& rm -f /tmp/jenkins_sha && \

# will be used by attached agents:
EXPOSE ${agent_port}
echo "---------------------------------------" \
&& curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar \
&& echo "$(curl -fsSL "${PLUGIN_CLI_URL}.sha256") /opt/jenkins-plugin-manager.jar" > /tmp/jenkins_sha \
&& sha256sum -c --strict /tmp/jenkins_sha \
&& rm -f /tmp/jenkins_sha

ENV COPY_REFERENCE_FILE_LOG=$JENKINS_HOME/copy_reference_file.log

ENV JAVA_HOME=/opt/java/openjdk
ENV PATH="${JAVA_HOME}/bin:${PATH}"
COPY --from=jre-build /javaruntime $JAVA_HOME

USER ${user}
COPY ["./jenkins-support", "./jenkins.sh", "/usr/local/bin/"]
COPY ["./jenkins-plugin-cli.sh", "/bin/jenkins-plugin-cli"]

COPY jenkins-support /usr/local/bin/jenkins-support
COPY jenkins.sh /usr/local/bin/jenkins.sh
COPY jenkins-plugin-cli.sh /bin/jenkins-plugin-cli
# Jenkins home directory is a volume, so configuration and build history
# can be persisted and survive image upgrades
VOLUME $JENKINS_HOME

ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/jenkins.sh"]
# for main web interface + for attached agents
EXPOSE ${http_port} ${agent_port}

# metadata labels
LABEL \
org.opencontainers.image.vendor="Jenkins project" \
org.opencontainers.image.title="Official Jenkins Docker image" \
org.opencontainers.image.description="The Jenkins Continuous Integration and Delivery server" \
org.opencontainers.image.version="${JENKINS_VERSION}" \
org.opencontainers.image.url="https://www.jenkins.io/" \
org.opencontainers.image.source="https://github.com/jenkinsci/docker" \
org.opencontainers.image.revision="${COMMIT_SHA}" \
org.opencontainers.image.licenses="MIT"
USER ${user}
ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/jenkins.sh"]
Loading