From 71e19559af78d268fde3750e0b926fe035703377 Mon Sep 17 00:00:00 2001 From: Ivan Pinatti Date: Fri, 2 Feb 2018 22:53:55 -0500 Subject: [PATCH 1/6] Added Docker build arguments + multiline YAML --- buildspec.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/buildspec.yml b/buildspec.yml index 8d2c09a..dd68aed 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -10,7 +10,15 @@ phases: commands: - echo "Build started on $(date)" - echo "Building the Docker image..." - - docker build --tag ${IMAGE_REPO_NAME} . + - > + docker build + --tag ${IMAGE_REPO_NAME} + --file Dockerfile + --build-arg JENKINS_URL="${JENKINS_URL}" + --build-arg COMPANY_NAME="${COMPANY_NAME}" + --build-arg COUNTRY_CODE="${COUNTRY_CODE}" + --build-arg TIME_ZONE="${TIME_ZONE}" + . - docker tag ${IMAGE_REPO_NAME}:${IMAGE_TAG} ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${IMAGE_REPO_NAME}:${IMAGE_TAG} - docker tag ${IMAGE_REPO_NAME}:${IMAGE_TAG} ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${IMAGE_REPO_NAME}:${STAGE} post_build: @@ -18,7 +26,7 @@ phases: - echo "Build completed on $(date)" - echo "Pushing the Docker image to ECR..." - docker push ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${IMAGE_REPO_NAME}:${IMAGE_TAG} - - docker push ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${IMAGE_REPO_NAME}:${STAGE} + - docker push ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${IMAGE_REPO_NAME}:${STAGE} - envsubst < "Dockerrun.aws.json.template" > "Dockerrun.aws.json" artifacts: files: From 4c315dd210fcdbd640ef537f962e46cc1d15af39 Mon Sep 17 00:00:00 2001 From: Ivan Pinatti Date: Fri, 2 Feb 2018 22:55:10 -0500 Subject: [PATCH 2/6] Encapsulate variables as good practice --- Dockerrun.aws.json.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerrun.aws.json.template b/Dockerrun.aws.json.template index a4591f9..03ecacf 100644 --- a/Dockerrun.aws.json.template +++ b/Dockerrun.aws.json.template @@ -19,7 +19,7 @@ } ], "Image": { - "Name": "$AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG", + "Name": "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${IMAGE_REPO_NAME}:${IMAGE_TAG}", "Update": "true" }, "Ports": [ From 103393c176c0d8dc5189f42480cbb7db9ab2f814 Mon Sep 17 00:00:00 2001 From: Ivan Pinatti Date: Fri, 2 Feb 2018 23:05:08 -0500 Subject: [PATCH 3/6] Change port to 8083 (HTTPS) --- Dockerrun.aws.json.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerrun.aws.json.template b/Dockerrun.aws.json.template index 03ecacf..ce2c885 100644 --- a/Dockerrun.aws.json.template +++ b/Dockerrun.aws.json.template @@ -24,7 +24,7 @@ }, "Ports": [ { - "ContainerPort": "8080" + "ContainerPort": "8083" } ] } From b423cd222958f35367341afc8fe80f73beba63d2 Mon Sep 17 00:00:00 2001 From: Ivan Pinatti Date: Fri, 2 Feb 2018 23:09:54 -0500 Subject: [PATCH 4/6] Overall reorganization for improved code readability Locked packages versions Added HTTPS code section Added ARG/ENV for TIME_ZONE selection Exposed 8083 HTTPS port --- Dockerfile | 60 +++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 55 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7e3050b..ffef183 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,57 @@ # https://hub.docker.com/r/jenkins/jenkins/tags/ -FROM jenkins/jenkins:2.102-alpine +FROM jenkins/jenkins:2.104-alpine +# set maintainer +LABEL maintainer "@cloudposse" + +# change user USER root -RUN apk update && apk upgrade && \ - apk add --no-cache bash git openssh gettext make docker +# install required packages +RUN readonly PACKAGES=" \ + bash=4.4.12-r2 \ + docker=17.10.0-r0 \ + gettext=0.19.8.1-r1 \ + git=2.15.0-r1 \ + make=4.2.1-r0 \ + openssh=7.5_p1-r8 \ + openssl=1.0.2n-r0 \ + " \ + && apk update \ + && apk upgrade \ + && apk add --no-cache ${PACKAGES} # Allow the jenkins user to run docker RUN adduser jenkins docker +# generate a self-signed certificate and configure HTTPS +ARG JENKINS_URL="jenkins.local" +ARG COMPANY_NAME="Cloudposse Inc" +ARG COUNTRY_CODE="US" + +ENV JENKINS_URL=${JENKINS_URL} \ + COMPANY_NAME=${COMPANY_NAME} \ + COUNTRY_CODE=${COUNTRY_CODE} + +RUN mkdir --parents /var/lib/jenkins \ + && openssl genrsa -out /var/lib/jenkins/key.pem \ + && openssl req -new \ + -subj "/CN=${JENKINS_URL}/O=${COMPANY_NAME}/C=${COUNTRY_CODE}" \ + -key /var/lib/jenkins/key.pem \ + -out /var/lib/jenkins/csr.pem \ + && openssl x509 -req \ + -days 365 \ + -in /var/lib/jenkins/csr.pem \ + -signkey /var/lib/jenkins/key.pem \ + -out /var/lib/jenkins/cert.pem \ + && chown jenkins:jenkins /var/lib/jenkins/*.pem + +ENV JENKINS_OPTS --httpPort=8080 \ + --httpsPort=8083 \ + --httpsCertificate=/var/lib/jenkins/cert.pem \ + --httpsPrivateKey=/var/lib/jenkins/key.pem + + # Drop back to the regular jenkins user USER jenkins @@ -18,7 +61,13 @@ USER jenkins # http://docs.oracle.com/javase/7/docs/technotes/guides/net/properties.html # https://aws.amazon.com/articles/4035 # https://stackoverflow.com/questions/29579589/whats-the-recommended-way-to-set-networkaddress-cache-ttl-in-elastic-beanstalk -ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false -Dhudson.DNSMultiCast.disabled=true -Djava.awt.headless=true -Dsun.net.inetaddr.ttl=60 -Duser.timezone=PST -Dorg.jenkinsci.plugins.gitclient.Git.timeOut=60" +ARG TIME_ZONE="PST" +ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false \ + -Dhudson.DNSMultiCast.disabled=true \ + -Djava.awt.headless=true \ + -Dsun.net.inetaddr.ttl=60 \ + -Duser.timezone=${TIME_ZONE} \ + -Dorg.jenkinsci.plugins.gitclient.Git.timeOut=60" # Preinstall plugins COPY plugins.txt /usr/share/jenkins/ref/plugins.txt @@ -31,4 +80,5 @@ COPY init.groovy /usr/share/jenkins/ref/init.groovy.d/ # Configure `Amazon EC2` plugin to start slaves on demand COPY init-ec2.groovy /usr/share/jenkins/ref/init.groovy.d/ -EXPOSE 8080 +# HTTP 8080 - HTTPS 8083 +EXPOSE 8080 8083 From 0335d4d4929535093e3b86c74f9fed46851db280 Mon Sep 17 00:00:00 2001 From: Ivan Pinatti Date: Fri, 2 Feb 2018 23:16:28 -0500 Subject: [PATCH 5/6] Added script to read environment variable and configure Jenkins URL --- init.groovy | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/init.groovy b/init.groovy index be16726..fcc1a36 100644 --- a/init.groovy +++ b/init.groovy @@ -8,6 +8,20 @@ import org.jenkinsci.plugins.* import org.jenkinsci.plugins.saml.* +// get environment variables +def environment_variables = System.getenv() +def jenkins_url = environment_variables['JENKINS_URL'] + +// get Jenkins location configuration +def jenkinsLocationConfiguration = jenkins.model.JenkinsLocationConfiguration.get() + +// set Jenkins URL +jenkinsLocationConfiguration.setUrl('https://' + jenkins_url) + +// save current Jenkins state to disk +jenkinsLocationConfiguration.save() + + def isValidString = { value -> if (value != null && value instanceof String && value.trim() != "") { return true From 05d37f7d9538b5879629223f3d24349c00621b9b Mon Sep 17 00:00:00 2001 From: Ivan Pinatti Date: Sun, 25 Feb 2018 00:45:47 -0500 Subject: [PATCH 6/6] Change company name --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ffef183..90cb46b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,7 +26,7 @@ RUN adduser jenkins docker # generate a self-signed certificate and configure HTTPS ARG JENKINS_URL="jenkins.local" -ARG COMPANY_NAME="Cloudposse Inc" +ARG COMPANY_NAME="Cloud Posse, LLC" ARG COUNTRY_CODE="US" ENV JENKINS_URL=${JENKINS_URL} \