initial commit

.gitignore

@@ -0,0 +1 @@
+*.DS_Store

CONTRIBUTING.md

@@ -0,0 +1,15 @@
+# Contributing to reuse
+
+### Issues
+
+Feel free to submit bugs or feature requests as issues.
+
+### Pull Requests
+
+These rules must be followed for any contributions to be merged into master.
+
+1. Fork this repo
+1. Make any desired changes
+1. Validate you changes meet your desired use case
+1. Ensure documentation has been updated
+1. Open a pull-request

Dockerfile

@@ -0,0 +1,25 @@
+ARG JENKINS_VER=2.60.3
+ARG JENKINS_REL=1
+
+FROM jenkins/jenkins:${JENKINS_VER}
+
+USER root
+
+COPY files/jenkins_wrapper.sh /usr/local/bin/jenkins_wrapper.sh
+
+RUN echo -n ${JENKINS_VER} > /usr/share/jenkins/ref/jenkins.install.UpgradeWizard.state && \
+echo -n ${JENKINS_VER} > /usr/share/jenkins/ref/jenkins.install.InstallUtil.lastExecVersion && \
+# allow slave to master control - https://wiki.jenkins.io/display/JENKINS/Slave+To+Master+Access+Control
+mkdir -p /usr/share/jenkins/ref/secrets/ && echo false > /usr/share/jenkins/ref/secrets/slave-to-master-security-kill-switch && \
+# Create file for plugin versioning
+echo ${JENKINS_VER}-${JENKINS_VER} > /usr/share/jenkins/ref/jenkins.docker.image.version && \
+sed -i -e "s/##JENKINS_VER##/${JENKINS_VER}/g; s/##JENKINS_REL##/${JENKINS_REL}/g" /usr/local/bin/jenkins_wrapper.sh && \
+chmod 0755 /usr/local/bin/jenkins_wrapper.sh
+
+ENTRYPOINT ["/bin/tini", "--", "/usr/local/bin/jenkins_wrapper.sh"]
+
+USER jenkins
+
+# Install plugins that are predefined in the base-plugins.txt file
+COPY files/base-plugins.txt /usr/share/jenkins/base-plugins.txt
+RUN cat /usr/share/jenkins/base-plugins.txt | xargs /usr/local/bin/install-plugins.sh

Dockerfile.debug

@@ -0,0 +1,6 @@
+ARG JENKINS_VER=2.60.3
+ARG JENKINS_REL=1
+
+FROM target/jenkins-docker-master:${JENKINS_VER}-${JENKINS_REL}
+COPY files/debug_logs.groovy /usr/share/jenkins/ref/init.groovy.d/debug_logs.groovy
+COPY files/debug_logging.properties /usr/share/jenkins/debug_logging.properties

LICENSE.txt

@@ -0,0 +1,13 @@
+Copyright (C) 2017 Target Brands, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

README.md

@@ -0,0 +1,27 @@
+# jenkins-docker-master
+
+## About this repo
+This is the Git repo of the Jenkins Dockerfile used in the Jenkins at Your Service (JAYS) architecture.
+
+JAYS is a platform for providing multiple Jenkins instances in a Docker Swarm cluster.
+
+More information about JAYS coming soon.
+
+## Usage
+
+This image extends the official [Jenkins LTS images](https://hub.docker.com/r/jenkins/jenkins)
+and as such, many of the options prescribed there apply to this image as well.
+
+The base image is intended to be extended by using groovy scripts to setup ACLs using the `github-oauth` plugin. We have provided example groovy scripts in the `examples` directory of this Github repo.
+
+The following environment variables can be used to set up Jenkins:
+
+| Variable                          | Description | Example |
+| --------------------------------- | ----------- | ------- |
+| JENKINS_SLAVE_AGENT_PORT          | Specify the TCP port for the slave agent to use. Must be unique to the cluster | `5001` |
+| JAVA_OPTS                         | Specify any additional java options for running. | `-Djava.util.logging.config.file=/var/jenkins_home/log.properties` |
+
+## Supported tags and respective `Dockerfile` links
+
+ * `latest`, `2.60.3-1`
+ * `debug-latest`, `debug-2.60.3-1`

examples/Dockerfile

@@ -0,0 +1,15 @@
+ARG JENKINS_VER=2.60.3
+ARG JENKINS_REL=1
+
+FROM target/jenkins-docker-master:${JENKINS_VER}-${JENKINS_REL}
+USER root
+
+RUN curl -L https://github.com/logzio/jmx2graphite/releases/download/v1.1.0/jmx2graphite-1.1.0-javaagent.jar > /usr/share/jenkins/jmx2graphite.jar
+
+USER jenkins
+
+COPY base-plugins.txt /usr/share/jenkins/base-plugins.txt
+RUN cat /usr/share/jenkins/base-plugins.txt | xargs /usr/local/bin/install-plugins.sh
+
+COPY setup_security.groovy /usr/share/jenkins/ref/init.groovy.d/setup.groovy.override
+COPY setup_reporting.groovy /usr/share/jenkins/ref/init.groovy.d/setup_reporting.groovy.override

examples/README.md

@@ -0,0 +1,85 @@
+## setup_security
+The `setup_security.groovy` script does the following:
+
+  * Set [executors](https://support.cloudbees.com/hc/en-us/articles/216456477-What-is-a-Jenkins-Executor-and-how-can-I-best-utilize-my-executors) to 0
+  * Set [quiet period](https://jenkins.io/blog/2010/08/11/quiet-period-feature/) to 5
+  * Set [slave agent port](http://javadoc.jenkins-ci.org/jenkins/model/Jenkins.html#setSlaveAgentPort-int-) to a user provided environment variable
+  * Set [jenkins url](http://javadoc.jenkins-ci.org/jenkins/model/JenkinsLocationConfiguration.html#setUrl-java.lang.String-) to a user provided environment variable
+  * Create a admin user
+    * Sets email address to user provided environment variable
+    * Sets ssh keypair to user provided environment variable
+  * Setup new GithubSecurityRealm for [github-oauth](https://plugins.jenkins.io/github-oauth)
+  * Setup new RoleBasedAuthorizationStrategy for [role-strategy](https://plugins.jenkins.io/role-strategy)
+    * Define admin, developer, authenticated, and anonymous user roles and permissions
+
+### Usage
+
+1. Extend the base image and include the script
+
+  ```
+  FROM target/jenkins-docker-master:latest
+
+  COPY setup_security.groovy   /usr/share/jenkins/ref/init.groovy.d/setup_security.groovy.override
+  ```
+
+  **Note**: The security script requires that the [git](https://plugins.jenkins.io/git), [github](https://plugins.jenkins.io/github), [github-oauth](https://plugins.jenkins.io/github-oauth), [matrix-auth](https://plugins.jenkins.io/matrix-auth), and [role-strategy](https://plugins.jenkins.io/role-strategy) plugins are installed
+
+1. Create a GitHub OAuth App by following the instructions on [GitHub](https://developer.github.com/enterprise/2.10/v3/oauth/)
+  * Example homepage url - `https://accounting.jenkins.company.com`
+  * Example Authorization callback URL - `https://accounting.jenkins.company.com/securityRealm/finishLogin`
+  * Take note of the Client ID and Client secret as they will be used later
+
+1. Define company specific environment variables
+
+| Variable                          | Description | Example |
+| --------------------------------- | ----------- | ------- |
+| GHE_KEY                           | TheGitHub OAuth Key | `abcdef0123456789abcd` |
+| GHE_SECRET                        | TheGitHub OAuth Secret | `h5qosu6bmrgrl8dgwynfps4e1z2jnio4hid2u3gp` |
+| JENKINS_ACL_MEMBERS_admin         | A GitHub Org*Team to be admins of this instance | `target*Admins` |
+| JENKINS_ACL_MEMBERS_developer     | A GitHub Org*Team to be developers on this instance (optional) |  `jenkins*Contributors` |
+| ADMIN_SSH_PUBKEY                  | An ssh public key for the admin team to manage this instance |  `ssh-rsa AAAAB3N....9CUz` |
+| JENKINS_URL                       | Specify the public URL used to access this instance | `https://accoutning.jenkins.company.com/` |
+| JENKINS_ADMIN_EMAIL               | Specify the email address associated with the owners of this instance | `[email protected]` |
+| GHE_ADMIN                         | The default GitHub Org*Team to be admins of this instance | `Jenkins*Admins`
+
+## setup_reporting
+The `setup_reporting.groovy` script does the following:
+
+  * Sets up Graphite Metrics Reporting
+
+### Usage
+
+1. Extend the base image by including the reporting script and installing the [jmx2graphite jar](https://github.com/logzio/jmx2graphite)
+
+  ```
+  FROM target/jenkins-docker-master:latest
+
+  COPY setup_reporting.groovy   /usr/share/jenkins/ref/init.groovy.d/setup_reporting.groovy.override
+
+  RUN curl -L https://github.com/logzio/jmx2graphite/releases/download/v1.1.0/jmx2graphite-1.1.0-javaagent.jar > /usr/share/jenkins/jmx2graphite.jar
+  ```
+
+  **Note**: The reporting script requires that the [metrics](https://plugins.jenkins.io/metrics) and [metrics-graphite](https://plugins.jenkins.io/metrics-graphite) plugins are installed
+
+1. Define company specific environment variables
+
+| Variable                          | Description | Example |
+| --------------------------------- | ----------- | ------- |
+| GRAPHITE_HOST                     | Specify the URL or IP address where to send graphite metrics | `graphite.company.com` |
+| NAME                           | Name of the Jenkins master | `accounting` |
+| TEAM                           | Team using the Jenkins master | `stores` |
+
+
+## Installing plugins
+Installing additional plugins is as simple as creating a text file with the list of plugins and extending the base image to include it.
+
+The examples/base-plugins.txt file is a list of our favorite plugins to install
+
+### Usage
+
+  ```
+  FROM target/jenkins-docker-master:latest
+
+  COPY base-plugins.txt /usr/share/jenkins/base-plugins.txt
+  RUN cat /usr/share/jenkins/base-plugins.txt | xargs /usr/local/bin/install-plugins.sh
+  ```

examples/base-plugins.txt

@@ -0,0 +1,39 @@
+artifactory
+build-token-root
+cloudbees-folder
+copyartifact
+credentials
+credentials-binding
+envinject
+git
+github
+github-oauth
+ghprb
+greenballs
+groovy
+job-dsl
+kubernetes
+mailer
+matrix-auth
+metrics
+metrics-graphite
+parameterized-trigger
+plain-credentials
+pipeline-model-definition
+pipeline-stage-view
+role-strategy
+script-security
+ssh-credentials
+ssh-slaves
+subversion
+urltrigger
+workflow-api
+workflow-aggregator
+workflow-cps
+workflow-multibranch
+workflow-job:2.11
+workflow-scm-step
+workflow-step-api
+workflow-support
+github-branch-source
+ws-cleanup

examples/jenkins_wrapper.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+# This enables you to directly tie versions of plugins to a specific version of Jenkins
+# The base dockerfile installs plugins, but it won't override plugins that are pinned,
+# so we will copy the plugin directory on each new version of Jenkins
+# More information - https://wiki.jenkins.io/display/JENKINS/Pinned+Plugins
+if [ "$(cat /var/jenkins_home/jenkins.docker.image.version)" != "##JENKINS_VER##-##JENKINS_REL##" ] ; then
+  echo "Updating plugins..."
+  cp -var /usr/share/jenkins/ref/plugins/* /var/jenkins_home/plugins
+  echo "##JENKINS_VER##-##JENKINS_REL##" > /var/jenkins_home/jenkins.docker.image.version
+fi
+
+# setup java options
+JAVA_OPTS="${JAVA_OPTS} -server -XX:+UseG1GC -XX:+ExplicitGCInvokesConcurrent -XX:+ParallelRefProcEnabled -XX:+UseStringDeduplication -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=20 -XX:G1HeapRegionSize=8m -XX:MetaspaceSize=500M -Djava.awt.headless=true -Djenkins.model.Jenkins.logStartupPerformance=true -Dhudson.InitReactorRunner.concurrency=64 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85"
+export JAVA_OPTS
+
+# https://github.com/jenkinsci/docker/blob/master/jenkins.sh
+exec /usr/local/bin/jenkins.sh "$@"

examples/setup_reporting.groovy

@@ -0,0 +1,24 @@
+import jenkins.model.*
+
+import java.util.*
+import java.lang.reflect.*
+import net.sf.json.*
+import net.sf.json.groovy.*
+import java.util.logging.ConsoleHandler
+import java.util.logging.LogManager
+
+import jenkins.metrics.api.MetricsAccessKey
+import jenkins.metrics.impl.graphite.GraphiteServer
+
+def env = System.getenv()
+def logger = LogManager.getLogManager().getLogger("hudson.WebAppMain")
+
+def instance = Jenkins.getInstance()
+
+logger.info("Setting up Graphite Metrics Reporting")
+
+graphite = new jenkins.metrics.impl.graphite.GraphiteServer(env['GRAPHITE_HOST'],2003,env['TEAM']+"."+env['NAME'])
+List<GraphiteServer> graphiteServers = new ArrayList<GraphiteServer>()
+graphiteServers.add(graphite)
+GraphiteServer.DescriptorImpl graphiteImpl = new GraphiteServer.DescriptorImpl()
+graphiteImpl.setServers(graphiteServers)