diff --git a/CHANGELOG.md b/CHANGELOG.md index b0f0ba79a..cd95d1566 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ ## Unreleased ### Added +- Added rhel9 dockerfiles for all jenkins agents ([#1140](https://github.com/opendevstack/ods-quickstarters/pull/1140)) ### Changed diff --git a/Makefile b/Makefile index aec015b1d..d62ba27c4 100644 --- a/Makefile +++ b/Makefile @@ -11,7 +11,7 @@ ODS_NAMESPACE := $(shell grep ODS_NAMESPACE $(CURDIR)/../ods-configuration/ods-c install-jenkins-agent: install-jenkins-agent-golang install-jenkins-agent-jdk install-jenkins-agent-nodejs install-jenkins-agent-python install-jenkins-agent-scala install-jenkins-agent-terraform-2306 install-jenkins-agent-terraform-2408 install-jenkins-agent-rust .PHONY: install-jenkins-agent -.## Update OpenShift resources related Jenkins agent resources. +## Update OpenShift resources related Jenkins agent resources. apply-jenkins-agent-build: apply-jenkins-agent-golang-build apply-jenkins-agent-jdk-build apply-jenkins-agent-nodejs18-build apply-jenkins-agent-nodejs20-build apply-jenkins-agent-nodejs22-build apply-jenkins-agent-nodejs24-build apply-jenkins-agent-python-build apply-jenkins-agent-scala-build apply-jenkins-agent-terraform-build-2306 apply-jenkins-agent-terraform-build-2408 apply-jenkins-agent-rust-build .PHONY: apply-jenkins-agent-build diff --git a/common/jenkins-agents/golang/docker/Dockerfile.ubi9 b/common/jenkins-agents/golang/docker/Dockerfile.ubi9 new file mode 100644 index 000000000..08e885aa7 --- /dev/null +++ b/common/jenkins-agents/golang/docker/Dockerfile.ubi9 @@ -0,0 +1,27 @@ +FROM opendevstackorg/ods-jenkins-agent-base-ubi8:latest + +ARG goDistributionUrl +ARG golangciVersion + +RUN yum install -y gcc gcc-c++ + +RUN cd /tmp && \ + curl -LfSso /tmp/go.tar.gz $goDistributionUrl && \ + tar -C /usr/local -xzf go.tar.gz && \ + rm -f /tmp/go.tar.gz && \ + cd - && \ + mkdir /go && \ + /usr/local/go/bin/go version + +ENV PATH $PATH:/usr/local/go/bin +ENV GOBIN /usr/local/bin + +COPY install-golangci-lint.sh /tmp/install-golangci-lint.sh +RUN /tmp/install-golangci-lint.sh -b /usr/local/bin $golangciVersion && \ + rm -f /tmp/install-golangci-lint.sh + +RUN go install github.com/jstemmer/go-junit-report/v2@v2.1.0 + +RUN mkdir -p /home/jenkins/go && chmod -R g+w /home/jenkins + +WORKDIR /go diff --git a/common/jenkins-agents/golang/ocp-config/bc.yml b/common/jenkins-agents/golang/ocp-config/bc.yml index 13fc09abb..3454f864d 100644 --- a/common/jenkins-agents/golang/ocp-config/bc.yml +++ b/common/jenkins-agents/golang/ocp-config/bc.yml @@ -14,7 +14,7 @@ parameters: - name: ODS_GIT_REF required: true - name: JENKINS_AGENT_DOCKERFILE_PATH - value: Dockerfile.ubi8 + value: Dockerfile.ubi9 description: Dockerfile variant to use - name: GO_DISTRIBUTION_URL value: https://go.dev/dl/go1.23.0.linux-amd64.tar.gz @@ -41,11 +41,11 @@ objects: limits: cpu: "1" memory: "2Gi" - ephemeral-storage: "8Gi" + ephemeral-storage: "16Gi" requests: cpu: "200m" memory: "1Gi" - ephemeral-storage: "5Gi" + ephemeral-storage: "10Gi" runPolicy: Serial source: contextDir: common/jenkins-agents/golang/docker diff --git a/common/jenkins-agents/jdk/docker/Dockerfile.ubi9 b/common/jenkins-agents/jdk/docker/Dockerfile.ubi9 new file mode 100644 index 000000000..de97d0d0f --- /dev/null +++ b/common/jenkins-agents/jdk/docker/Dockerfile.ubi9 @@ -0,0 +1,85 @@ +FROM opendevstackorg/ods-jenkins-agent-base-ubi8:latest + +# Labels consumed by Red Hat build service +LABEL com.redhat.component="jenkins-agent-jdk-rhel9-container" \ + name="openshift4/jenkins-agent-jdk-rhel9" \ + architecture="x86_64" \ + io.k8s.display-name="Jenkins Agent JDK" \ + io.k8s.description="The jenkins agent jdk image has java 11, 17 and 21 installed on top of the jenkins agent base image." \ + io.openshift.tags="openshift,jenkins,agent,jdk" \ + maintainer="openshift-dev-services+jenkins@redhat.com" + +ARG nexusUrl +ARG nexusUsername +ARG nexusPassword + +ENV LANG=en_US.UTF-8 \ + LC_ALL=en_US.UTF-8 + +# Container support is now integrated in Java 11, the +UseCGroupMemoryLimitForHeap option has been pruned +ENV JAVA_TOOL_OPTIONS="-XX:+UnlockExperimentalVMOptions -Dsun.zip.disableMemoryMapping=true" + +# Workaround we use when running behind proxy +# Basically we put the proxy certificate in certs folder +# COPY certs/* /etc/pki/ca-trust/source/anchors/ +# RUN update-ca-trust force-enable && update-ca-trust extract + +# Install Java devel 11, 17 21 and binutils +# Note: use java scripts are executed to test the scripts but also use-j11.sh in called 3nd place to set is as default version +RUN yum install -y java-11-openjdk-devel java-17-openjdk-devel java-21-openjdk-devel binutils && \ + yum clean all -y && \ + rm -rf /var/cache/yum + +# Copy and use java scripts. +COPY use-j*.sh /usr/local/bin/ +RUN chmod +x /usr/local/bin/use-j*.sh && \ + chmod ugo+s /usr/local/bin/use-j*.sh && \ + sh -c 'chmod ugo+s $(which alternatives)' && \ + ls -la /usr/local/bin/use-j*.sh && \ + echo "--- STARTS JDK 11/17/21 TESTS ---" && \ + use-j11.sh && \ + use-j21.sh && \ + use-j17.sh && \ + echo "--- ENDS JDK 11/17/21 TESTS ---" + +# Set maven (nexus+proxy) and gradle (proxy) settings +ENV MAVEN_OPTS="-Duser.home=$HOME" \ + GRADLE_USER_HOME=/home/jenkins/.gradle +# TODO: Remove MAVEN_OPTS env once cri-o pushes the $HOME variable in /etc/passwd +ADD .m2/settings.xml $HOME/.m2/ +COPY set_maven_proxy.sh /tmp/set_maven_proxy.sh +COPY set_gradle_proxy.sh /tmp/set_gradle_proxy.sh +RUN mkdir -p $GRADLE_USER_HOME && \ + chmod +x /tmp/set_gradle_proxy.sh && \ + /tmp/set_gradle_proxy.sh && \ + mkdir -p $HOME/.m2 && \ + chmod +x /tmp/set_maven_proxy.sh && \ + mv $HOME/.m2/settings.xml $HOME/.m2/settings.xml.orig && \ + /tmp/set_maven_proxy.sh && \ + xpr=$(cat /tmp/mvn_proxy) && \ + xpr="${xpr//\//\\/}" && \ + xpr="${xpr//|/\\|}" && \ + cat $HOME/.m2/settings.xml.orig | sed -e "s||$xpr|g" > $HOME/.m2/settings.xml && \ + sed -i "s/__NEXUS_USER/$nexusUsername/gi" $HOME/.m2/settings.xml && \ + sed -i "s/__NEXUS_PW/$nexusPassword/gi" $HOME/.m2/settings.xml && \ + sed -i "s|__NEXUS_URL|$nexusUrl|gi" $HOME/.m2/settings.xml && \ + cat $HOME/.m2/settings.xml + +RUN chown -R 1001:0 $HOME && \ + chmod -R g+rwX $HOME && \ + chmod -c 666 /etc/pki/ca-trust/extracted/java/cacerts && \ + ls -la /etc/pki/ca-trust/extracted/java/cacerts + +# temporary java version switch bugfix +USER root +RUN chgrp -R 0 /var/lib/alternatives && \ + chmod -R g=u /var/lib/alternatives && \ + chgrp -R 0 /etc/alternatives && \ + chmod -R g=u /etc/alternatives && \ + chmod -R u+w /usr/bin && \ + chgrp -R 0 /usr/bin && \ + chmod -R g=u /usr/bin && \ + chgrp -R 0 /usr/share/man && \ + chmod -R g=u /usr/share/man + +USER 1001 diff --git a/common/jenkins-agents/jdk/ocp-config/bc.yml b/common/jenkins-agents/jdk/ocp-config/bc.yml index fe11a3b8a..c4324f98e 100644 --- a/common/jenkins-agents/jdk/ocp-config/bc.yml +++ b/common/jenkins-agents/jdk/ocp-config/bc.yml @@ -20,7 +20,7 @@ parameters: - name: ODS_GIT_REF required: true - name: JENKINS_AGENT_DOCKERFILE_PATH - value: Dockerfile.ubi8 + value: Dockerfile.ubi9 description: Dockerfile variant to use objects: - apiVersion: build.openshift.io/v1 @@ -41,11 +41,11 @@ objects: limits: cpu: "1" memory: "2Gi" - ephemeral-storage: "8Gi" + ephemeral-storage: "16Gi" requests: cpu: "200m" memory: "1Gi" - ephemeral-storage: "5Gi" + ephemeral-storage: "10Gi" runPolicy: Serial source: contextDir: common/jenkins-agents/jdk/docker diff --git a/common/jenkins-agents/nodejs18/docker/Dockerfile.ubi8 b/common/jenkins-agents/nodejs18/docker/Dockerfile.ubi8 index b4b5e7634..401d32c57 100644 --- a/common/jenkins-agents/nodejs18/docker/Dockerfile.ubi8 +++ b/common/jenkins-agents/nodejs18/docker/Dockerfile.ubi8 @@ -1,8 +1,8 @@ FROM opendevstackorg/ods-jenkins-agent-base-ubi8:latest # Labels consumed by Red Hat build service -LABEL com.redhat.component="jenkins-agent-nodejs-18-rhel7-container" \ - name="openshift4/jenkins-agent-nodejs-18-rhel7" \ +LABEL com.redhat.component="jenkins-agent-nodejs-rhel8-container" \ + name="openshift4/jenkins-agent-nodejs-rhel8" \ architecture="x86_64" \ io.k8s.display-name="Jenkins Agent Nodejs" \ io.k8s.description="The jenkins agent nodejs image has the nodejs tools on top of the jenkins agent base image." \ @@ -39,7 +39,7 @@ RUN curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version $YARN_VERS # Install Cypress dependencies # https://docs.cypress.io/guides/getting-started/installing-cypress.html#System-requirements COPY yum.repos.d/google-chrome.repo /etc/yum.repos.d/google-chrome.repo -COPY yum.repos.d/almalinux.repo /etc/yum.repos.d/almalinux.repo +COPY yum.repos.d/almalinux8.repo /etc/yum.repos.d/almalinux8.repo COPY yum.repos.d/microsoft-edge.repo /etc/yum.repos.d/microsoft-edge.repo RUN yum repolist \ && yum install -y xorg-x11-server-Xvfb gtk2-devel gtk3-devel libnotify-devel GConf2 nss libXScrnSaver alsa-lib \ diff --git a/common/jenkins-agents/nodejs18/docker/Dockerfile.ubi9 b/common/jenkins-agents/nodejs18/docker/Dockerfile.ubi9 new file mode 100644 index 000000000..3753b4ff4 --- /dev/null +++ b/common/jenkins-agents/nodejs18/docker/Dockerfile.ubi9 @@ -0,0 +1,60 @@ +FROM opendevstackorg/ods-jenkins-agent-base-ubi8:latest + +# Labels consumed by Red Hat build service +LABEL com.redhat.component="jenkins-agent-nodejs-rhel9-container" \ + name="openshift4/jenkins-agent-nodejs-rhel9" \ + architecture="x86_64" \ + io.k8s.display-name="Jenkins Agent Nodejs" \ + io.k8s.description="The jenkins agent nodejs image has the nodejs tools on top of the jenkins agent base image." \ + io.openshift.tags="openshift,jenkins,agent,nodejs" \ + maintainer="openshift-dev-services+jenkins@redhat.com" + +ARG nexusUrl +ARG nexusAuth + +ENV NODEJS_VERSION=18 \ + YARN_VERSION=1.22.18 \ + NPM_CONFIG_PREFIX=$HOME/.npm-global \ + NPM_CONFIG_CAFILE=/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem \ + PATH=$HOME/.yarn/bin:$HOME/.config/yarn/global/node_modules/.bin:$HOME/node_modules/.bin/:$HOME/.npm-global/bin/:$PATH \ + LANG=en_US.UTF-8 \ + LC_ALL=en_US.UTF-8 + +COPY contrib/bin/configure-agent /usr/local/bin/configure-agent + +# Install NodeJS +RUN INSTALL_PKGS="nodejs nodejs-nodemon make gcc-c++" && \ + curl -fsSL https://rpm.nodesource.com/setup_${NODEJS_VERSION}.x | bash - && \ + yum install -y --setopt=tsflags=nodocs --disableplugin=subscription-manager $INSTALL_PKGS && \ + rpm -V $INSTALL_PKGS && \ + yum clean all -y + +# Install Yarn +# https://classic.yarnpkg.com/en/docs/install +RUN curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version $YARN_VERSION + +# Install Cypress dependencies +# https://docs.cypress.io/guides/getting-started/installing-cypress.html#System-requirements +COPY yum.repos.d/google-chrome.repo /etc/yum.repos.d/google-chrome.repo +COPY yum.repos.d/almalinux9.repo /etc/yum.repos.d/almalinux9.repo +COPY yum.repos.d/microsoft-edge.repo /etc/yum.repos.d/microsoft-edge.repo +RUN yum repolist \ + && yum install -y xorg-x11-server-Xvfb gtk2-devel gtk3-devel libnotify-devel nss libXScrnSaver alsa-lib \ + && yum install -y --enablerepo google-chrome google-chrome-stable \ + && yum install -y --enablerepo edge microsoft-edge-stable \ + && yum clean all -y + +RUN npm config set registry=$nexusUrl/repository/npmjs/ && \ + npm config set //${nexusUrl#*://}/repository/npmjs/:_auth=$(echo -n $nexusAuth | base64) && \ + npm config set email=no-reply@opendevstack.org && \ + npm config set strict-ssl=true && \ + yarn config set registry $nexusUrl/repository/npmjs/ -g && \ + echo node version: $(node --version) && \ + echo npm version: $(npm --version) && \ + echo npx version: $(npx --version) && \ + echo yarn version: $(yarn --version) + +RUN chown -R 1001:0 $HOME && \ + chmod -R g+rwX $HOME + +USER 1001 diff --git a/common/jenkins-agents/nodejs18/docker/yum.repos.d/almalinux.repo b/common/jenkins-agents/nodejs18/docker/yum.repos.d/almalinux8.repo similarity index 100% rename from common/jenkins-agents/nodejs18/docker/yum.repos.d/almalinux.repo rename to common/jenkins-agents/nodejs18/docker/yum.repos.d/almalinux8.repo diff --git a/common/jenkins-agents/nodejs18/docker/yum.repos.d/almalinux9.repo b/common/jenkins-agents/nodejs18/docker/yum.repos.d/almalinux9.repo new file mode 100644 index 000000000..a9ac9c610 --- /dev/null +++ b/common/jenkins-agents/nodejs18/docker/yum.repos.d/almalinux9.repo @@ -0,0 +1,13 @@ +[almalinux-baseos] +name=AlmaLinux-9-BaseOS +baseurl=https://repo.almalinux.org/almalinux/9/BaseOS/x86_64/os/ +enabled=1 +gpgcheck=1 +gpgkey=https://repo.almalinux.org/almalinux/9/BaseOS/x86_64/os/RPM-GPG-KEY-AlmaLinux-9 + +[almalinux-appstream] +name=AlmaLinux-9-AppStream +baseurl=https://repo.almalinux.org/almalinux/9/AppStream/x86_64/os/ +enabled=1 +gpgcheck=1 +gpgkey=https://repo.almalinux.org/almalinux/9/AppStream/x86_64/os/RPM-GPG-KEY-AlmaLinux-9 \ No newline at end of file diff --git a/common/jenkins-agents/nodejs18/ocp-config/bc.yml b/common/jenkins-agents/nodejs18/ocp-config/bc.yml index 9408c1f16..1da759ff0 100644 --- a/common/jenkins-agents/nodejs18/ocp-config/bc.yml +++ b/common/jenkins-agents/nodejs18/ocp-config/bc.yml @@ -18,7 +18,7 @@ parameters: - name: ODS_GIT_REF required: true - name: JENKINS_AGENT_DOCKERFILE_PATH - value: Dockerfile.ubi8 + value: Dockerfile.ubi9 description: Dockerfile variant to use objects: - apiVersion: build.openshift.io/v1 @@ -39,11 +39,11 @@ objects: limits: cpu: "1" memory: "3Gi" - ephemeral-storage: "20Gi" + ephemeral-storage: "30Gi" requests: cpu: "200m" memory: "2Gi" - ephemeral-storage: "15Gi" + ephemeral-storage: "20Gi" runPolicy: Serial source: contextDir: common/jenkins-agents/nodejs18/docker diff --git a/common/jenkins-agents/nodejs20/docker/Dockerfile.ubi8 b/common/jenkins-agents/nodejs20/docker/Dockerfile.ubi8 index aba3bb7e9..21ca40b16 100644 --- a/common/jenkins-agents/nodejs20/docker/Dockerfile.ubi8 +++ b/common/jenkins-agents/nodejs20/docker/Dockerfile.ubi8 @@ -1,8 +1,8 @@ FROM opendevstackorg/ods-jenkins-agent-base-ubi8:latest # Labels consumed by Red Hat build service -LABEL com.redhat.component="jenkins-agent-nodejs-20-rhel7-container" \ - name="openshift4/jenkins-agent-nodejs-20-rhel7" \ +LABEL com.redhat.component="jenkins-agent-nodejs-rhel8-container" \ + name="openshift4/jenkins-agent-nodejs-rhel8" \ architecture="x86_64" \ io.k8s.display-name="Jenkins Agent Nodejs" \ io.k8s.description="The jenkins agent nodejs image has the nodejs tools on top of the jenkins agent base image." \ @@ -39,7 +39,7 @@ RUN curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version $YARN_VERS # Install Cypress dependencies # https://docs.cypress.io/guides/getting-started/installing-cypress.html#System-requirements COPY yum.repos.d/google-chrome.repo /etc/yum.repos.d/google-chrome.repo -COPY yum.repos.d/almalinux.repo /etc/yum.repos.d/almalinux.repo +COPY yum.repos.d/almalinux8.repo /etc/yum.repos.d/almalinux8.repo COPY yum.repos.d/microsoft-edge.repo /etc/yum.repos.d/microsoft-edge.repo RUN yum repolist \ && yum install -y xorg-x11-server-Xvfb gtk2-devel gtk3-devel libnotify-devel GConf2 nss libXScrnSaver alsa-lib \ diff --git a/common/jenkins-agents/nodejs20/docker/Dockerfile.ubi9 b/common/jenkins-agents/nodejs20/docker/Dockerfile.ubi9 new file mode 100644 index 000000000..9dfc171b5 --- /dev/null +++ b/common/jenkins-agents/nodejs20/docker/Dockerfile.ubi9 @@ -0,0 +1,60 @@ +FROM opendevstackorg/ods-jenkins-agent-base-ubi8:latest + +# Labels consumed by Red Hat build service +LABEL com.redhat.component="jenkins-agent-nodejs-rhel9-container" \ + name="openshift4/jenkins-agent-nodejs-rhel9" \ + architecture="x86_64" \ + io.k8s.display-name="Jenkins Agent Nodejs" \ + io.k8s.description="The jenkins agent nodejs image has the nodejs tools on top of the jenkins agent base image." \ + io.openshift.tags="openshift,jenkins,agent,nodejs" \ + maintainer="openshift-dev-services+jenkins@redhat.com" + +ARG nexusUrl +ARG nexusAuth + +ENV NODEJS_VERSION=20 \ + YARN_VERSION=1.22.19 \ + NPM_CONFIG_PREFIX=$HOME/.npm-global \ + NPM_CONFIG_CAFILE=/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem \ + PATH=$HOME/.yarn/bin:$HOME/.config/yarn/global/node_modules/.bin:$HOME/node_modules/.bin/:$HOME/.npm-global/bin/:$PATH \ + LANG=en_US.UTF-8 \ + LC_ALL=en_US.UTF-8 + +COPY contrib/bin/configure-agent /usr/local/bin/configure-agent + +# Install NodeJS +RUN INSTALL_PKGS="nodejs nodejs-nodemon make gcc-c++" && \ + curl -fsSL https://rpm.nodesource.com/setup_${NODEJS_VERSION}.x | bash - && \ + yum install -y --setopt=tsflags=nodocs --disableplugin=subscription-manager $INSTALL_PKGS && \ + rpm -V $INSTALL_PKGS && \ + yum clean all -y + +# Install Yarn +# https://classic.yarnpkg.com/en/docs/install +RUN curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version $YARN_VERSION + +# Install Cypress dependencies +# https://docs.cypress.io/guides/getting-started/installing-cypress.html#System-requirements +COPY yum.repos.d/google-chrome.repo /etc/yum.repos.d/google-chrome.repo +COPY yum.repos.d/almalinux9.repo /etc/yum.repos.d/almalinux9.repo +COPY yum.repos.d/microsoft-edge.repo /etc/yum.repos.d/microsoft-edge.repo +RUN yum repolist \ + && yum install -y xorg-x11-server-Xvfb gtk2-devel gtk3-devel libnotify-devel nss libXScrnSaver alsa-lib \ + && yum install -y --enablerepo google-chrome google-chrome-stable \ + && yum install -y --enablerepo edge microsoft-edge-stable \ + && yum clean all -y + +RUN npm config set registry=$nexusUrl/repository/npmjs/ && \ + npm config set //${nexusUrl#*://}/repository/npmjs/:_auth=$(echo -n $nexusAuth | base64) && \ + npm config set email=no-reply@opendevstack.org && \ + npm config set strict-ssl=true && \ + yarn config set registry $nexusUrl/repository/npmjs/ -g && \ + echo node version: $(node --version) && \ + echo npm version: $(npm --version) && \ + echo npx version: $(npx --version) && \ + echo yarn version: $(yarn --version) + +RUN chown -R 1001:0 $HOME && \ + chmod -R g+rwX $HOME + +USER 1001 diff --git a/common/jenkins-agents/nodejs20/docker/yum.repos.d/almalinux.repo b/common/jenkins-agents/nodejs20/docker/yum.repos.d/almalinux8.repo similarity index 100% rename from common/jenkins-agents/nodejs20/docker/yum.repos.d/almalinux.repo rename to common/jenkins-agents/nodejs20/docker/yum.repos.d/almalinux8.repo diff --git a/common/jenkins-agents/nodejs20/docker/yum.repos.d/almalinux9.repo b/common/jenkins-agents/nodejs20/docker/yum.repos.d/almalinux9.repo new file mode 100644 index 000000000..a9ac9c610 --- /dev/null +++ b/common/jenkins-agents/nodejs20/docker/yum.repos.d/almalinux9.repo @@ -0,0 +1,13 @@ +[almalinux-baseos] +name=AlmaLinux-9-BaseOS +baseurl=https://repo.almalinux.org/almalinux/9/BaseOS/x86_64/os/ +enabled=1 +gpgcheck=1 +gpgkey=https://repo.almalinux.org/almalinux/9/BaseOS/x86_64/os/RPM-GPG-KEY-AlmaLinux-9 + +[almalinux-appstream] +name=AlmaLinux-9-AppStream +baseurl=https://repo.almalinux.org/almalinux/9/AppStream/x86_64/os/ +enabled=1 +gpgcheck=1 +gpgkey=https://repo.almalinux.org/almalinux/9/AppStream/x86_64/os/RPM-GPG-KEY-AlmaLinux-9 \ No newline at end of file diff --git a/common/jenkins-agents/nodejs20/ocp-config/bc.yml b/common/jenkins-agents/nodejs20/ocp-config/bc.yml index ae8aa0421..c3f2948c6 100644 --- a/common/jenkins-agents/nodejs20/ocp-config/bc.yml +++ b/common/jenkins-agents/nodejs20/ocp-config/bc.yml @@ -18,7 +18,7 @@ parameters: - name: ODS_GIT_REF required: true - name: JENKINS_AGENT_DOCKERFILE_PATH - value: Dockerfile.ubi8 + value: Dockerfile.ubi9 description: Dockerfile variant to use objects: - apiVersion: build.openshift.io/v1 @@ -39,11 +39,11 @@ objects: limits: cpu: "1" memory: "3Gi" - ephemeral-storage: "20Gi" + ephemeral-storage: "30Gi" requests: cpu: "200m" memory: "2Gi" - ephemeral-storage: "15Gi" + ephemeral-storage: "20Gi" runPolicy: Serial source: contextDir: common/jenkins-agents/nodejs20/docker diff --git a/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8 b/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8 index 5adc6a61b..9c0688f09 100644 --- a/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8 +++ b/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8 @@ -1,8 +1,8 @@ FROM opendevstackorg/ods-jenkins-agent-base-ubi8:latest # Labels consumed by Red Hat build service -LABEL com.redhat.component="jenkins-agent-nodejs-22-rhel7-container" \ - name="openshift4/jenkins-agent-nodejs-22-rhel7" \ +LABEL com.redhat.component="jenkins-agent-nodejs-rhel8-container" \ + name="openshift4/jenkins-agent-nodejs-rhel8" \ architecture="x86_64" \ io.k8s.display-name="Jenkins Agent Nodejs" \ io.k8s.description="The jenkins agent nodejs image has the nodejs tools on top of the jenkins agent base image." \ @@ -39,7 +39,7 @@ RUN curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version $YARN_VERS # Install Cypress dependencies # https://docs.cypress.io/guides/getting-started/installing-cypress.html#System-requirements COPY yum.repos.d/google-chrome.repo /etc/yum.repos.d/google-chrome.repo -COPY yum.repos.d/almalinux.repo /etc/yum.repos.d/almalinux.repo +COPY yum.repos.d/almalinux8.repo /etc/yum.repos.d/almalinux8.repo COPY yum.repos.d/microsoft-edge.repo /etc/yum.repos.d/microsoft-edge.repo RUN yum repolist \ && yum install -y xorg-x11-server-Xvfb gtk2-devel gtk3-devel libnotify-devel GConf2 nss libXScrnSaver alsa-lib \ diff --git a/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi9 b/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi9 new file mode 100644 index 000000000..1bc6f642f --- /dev/null +++ b/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi9 @@ -0,0 +1,60 @@ +FROM opendevstackorg/ods-jenkins-agent-base-ubi8:latest + +# Labels consumed by Red Hat build service +LABEL com.redhat.component="jenkins-agent-nodejs-rhel9-container" \ + name="openshift4/jenkins-agent-nodejs-rhel9" \ + architecture="x86_64" \ + io.k8s.display-name="Jenkins Agent Nodejs" \ + io.k8s.description="The jenkins agent nodejs image has the nodejs tools on top of the jenkins agent base image." \ + io.openshift.tags="openshift,jenkins,agent,nodejs" \ + maintainer="openshift-dev-services+jenkins@redhat.com" + +ARG nexusUrl +ARG nexusAuth + +ENV NODEJS_VERSION=22 \ + YARN_VERSION=1.22.19 \ + NPM_CONFIG_PREFIX=$HOME/.npm-global \ + NPM_CONFIG_CAFILE=/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem \ + PATH=$HOME/.yarn/bin:$HOME/.config/yarn/global/node_modules/.bin:$HOME/node_modules/.bin/:$HOME/.npm-global/bin/:$PATH \ + LANG=en_US.UTF-8 \ + LC_ALL=en_US.UTF-8 + +COPY contrib/bin/configure-agent /usr/local/bin/configure-agent + +# Install NodeJS +RUN INSTALL_PKGS="nodejs nodejs-nodemon make gcc-c++" && \ + curl -fsSL https://rpm.nodesource.com/setup_${NODEJS_VERSION}.x | bash - && \ + yum install -y --setopt=tsflags=nodocs --disableplugin=subscription-manager $INSTALL_PKGS && \ + rpm -V $INSTALL_PKGS && \ + yum clean all -y + +# Install Yarn +# https://classic.yarnpkg.com/en/docs/install +RUN curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version $YARN_VERSION + +# Install Cypress dependencies +# https://docs.cypress.io/guides/getting-started/installing-cypress.html#System-requirements +COPY yum.repos.d/google-chrome.repo /etc/yum.repos.d/google-chrome.repo +COPY yum.repos.d/almalinux9.repo /etc/yum.repos.d/almalinux9.repo +COPY yum.repos.d/microsoft-edge.repo /etc/yum.repos.d/microsoft-edge.repo +RUN yum repolist \ + && yum install -y xorg-x11-server-Xvfb gtk2-devel gtk3-devel libnotify-devel nss libXScrnSaver alsa-lib \ + && yum install -y --enablerepo google-chrome google-chrome-stable \ + && yum install -y --enablerepo edge microsoft-edge-stable \ + && yum clean all -y + +RUN npm config set registry=$nexusUrl/repository/npmjs/ && \ + npm config set //${nexusUrl#*://}/repository/npmjs/:_auth=$(echo -n $nexusAuth | base64) && \ + npm config set email=no-reply@opendevstack.org && \ + npm config set strict-ssl=true && \ + yarn config set registry $nexusUrl/repository/npmjs/ -g && \ + echo node version: $(node --version) && \ + echo npm version: $(npm --version) && \ + echo npx version: $(npx --version) && \ + echo yarn version: $(yarn --version) + +RUN chown -R 1001:0 $HOME && \ + chmod -R g+rwX $HOME + +USER 1001 diff --git a/common/jenkins-agents/nodejs22/docker/yum.repos.d/almalinux.repo b/common/jenkins-agents/nodejs22/docker/yum.repos.d/almalinux8.repo similarity index 100% rename from common/jenkins-agents/nodejs22/docker/yum.repos.d/almalinux.repo rename to common/jenkins-agents/nodejs22/docker/yum.repos.d/almalinux8.repo diff --git a/common/jenkins-agents/nodejs22/docker/yum.repos.d/almalinux9.repo b/common/jenkins-agents/nodejs22/docker/yum.repos.d/almalinux9.repo new file mode 100644 index 000000000..a9ac9c610 --- /dev/null +++ b/common/jenkins-agents/nodejs22/docker/yum.repos.d/almalinux9.repo @@ -0,0 +1,13 @@ +[almalinux-baseos] +name=AlmaLinux-9-BaseOS +baseurl=https://repo.almalinux.org/almalinux/9/BaseOS/x86_64/os/ +enabled=1 +gpgcheck=1 +gpgkey=https://repo.almalinux.org/almalinux/9/BaseOS/x86_64/os/RPM-GPG-KEY-AlmaLinux-9 + +[almalinux-appstream] +name=AlmaLinux-9-AppStream +baseurl=https://repo.almalinux.org/almalinux/9/AppStream/x86_64/os/ +enabled=1 +gpgcheck=1 +gpgkey=https://repo.almalinux.org/almalinux/9/AppStream/x86_64/os/RPM-GPG-KEY-AlmaLinux-9 \ No newline at end of file diff --git a/common/jenkins-agents/nodejs22/ocp-config/bc.yml b/common/jenkins-agents/nodejs22/ocp-config/bc.yml index d839c509d..acee45636 100644 --- a/common/jenkins-agents/nodejs22/ocp-config/bc.yml +++ b/common/jenkins-agents/nodejs22/ocp-config/bc.yml @@ -18,7 +18,7 @@ parameters: - name: ODS_GIT_REF required: true - name: JENKINS_AGENT_DOCKERFILE_PATH - value: Dockerfile.ubi8 + value: Dockerfile.ubi9 description: Dockerfile variant to use objects: - apiVersion: build.openshift.io/v1 @@ -39,11 +39,11 @@ objects: limits: cpu: "1" memory: "3Gi" - ephemeral-storage: "20Gi" + ephemeral-storage: "30Gi" requests: cpu: "200m" memory: "2Gi" - ephemeral-storage: "15Gi" + ephemeral-storage: "20Gi" runPolicy: Serial source: contextDir: common/jenkins-agents/nodejs22/docker diff --git a/common/jenkins-agents/nodejs24/docker/Dockerfile.ubi8 b/common/jenkins-agents/nodejs24/docker/Dockerfile.ubi8 index d5112b2ed..73b894939 100644 --- a/common/jenkins-agents/nodejs24/docker/Dockerfile.ubi8 +++ b/common/jenkins-agents/nodejs24/docker/Dockerfile.ubi8 @@ -1,8 +1,8 @@ FROM opendevstackorg/ods-jenkins-agent-base-ubi8:latest # Labels consumed by Red Hat build service -LABEL com.redhat.component="jenkins-agent-nodejs-24-rhel7-container" \ - name="openshift4/jenkins-agent-nodejs-24-rhel7" \ +LABEL com.redhat.component="jenkins-agent-nodejs-rhel8-container" \ + name="openshift4/jenkins-agent-nodejs-rhel8" \ architecture="x86_64" \ io.k8s.display-name="Jenkins Agent Nodejs" \ io.k8s.description="The jenkins agent nodejs image has the nodejs tools on top of the jenkins agent base image." \ @@ -39,7 +39,7 @@ RUN curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version $YARN_VERS # Install Cypress dependencies # https://docs.cypress.io/guides/getting-started/installing-cypress.html#System-requirements COPY yum.repos.d/google-chrome.repo /etc/yum.repos.d/google-chrome.repo -COPY yum.repos.d/almalinux.repo /etc/yum.repos.d/almalinux.repo +COPY yum.repos.d/almalinux8.repo /etc/yum.repos.d/almalinux8.repo COPY yum.repos.d/microsoft-edge.repo /etc/yum.repos.d/microsoft-edge.repo RUN yum repolist \ && yum install -y xorg-x11-server-Xvfb gtk2-devel gtk3-devel libnotify-devel GConf2 nss libXScrnSaver alsa-lib \ diff --git a/common/jenkins-agents/nodejs24/docker/Dockerfile.ubi9 b/common/jenkins-agents/nodejs24/docker/Dockerfile.ubi9 new file mode 100644 index 000000000..4cc0d71d6 --- /dev/null +++ b/common/jenkins-agents/nodejs24/docker/Dockerfile.ubi9 @@ -0,0 +1,60 @@ +FROM opendevstackorg/ods-jenkins-agent-base-ubi8:latest + +# Labels consumed by Red Hat build service +LABEL com.redhat.component="jenkins-agent-nodejs-rhel9-container" \ + name="openshift4/jenkins-agent-nodejs-rhel9" \ + architecture="x86_64" \ + io.k8s.display-name="Jenkins Agent Nodejs" \ + io.k8s.description="The jenkins agent nodejs image has the nodejs tools on top of the jenkins agent base image." \ + io.openshift.tags="openshift,jenkins,agent,nodejs" \ + maintainer="openshift-dev-services+jenkins@redhat.com" + +ARG nexusUrl +ARG nexusAuth + +ENV NODEJS_VERSION=24 \ + YARN_VERSION=1.22.19 \ + NPM_CONFIG_PREFIX=$HOME/.npm-global \ + NPM_CONFIG_CAFILE=/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem \ + PATH=$HOME/.yarn/bin:$HOME/.config/yarn/global/node_modules/.bin:$HOME/node_modules/.bin/:$HOME/.npm-global/bin/:$PATH \ + LANG=en_US.UTF-8 \ + LC_ALL=en_US.UTF-8 + +COPY contrib/bin/configure-agent /usr/local/bin/configure-agent + +# Install NodeJS +RUN INSTALL_PKGS="nodejs nodejs-nodemon make gcc-c++" && \ + curl -fsSL https://rpm.nodesource.com/setup_${NODEJS_VERSION}.x | bash - && \ + yum install -y --setopt=tsflags=nodocs --disableplugin=subscription-manager $INSTALL_PKGS && \ + rpm -V $INSTALL_PKGS && \ + yum clean all -y + +# Install Yarn +# https://classic.yarnpkg.com/en/docs/install +RUN curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version $YARN_VERSION + +# Install Cypress dependencies +# https://docs.cypress.io/guides/getting-started/installing-cypress.html#System-requirements +COPY yum.repos.d/google-chrome.repo /etc/yum.repos.d/google-chrome.repo +COPY yum.repos.d/almalinux9.repo /etc/yum.repos.d/almalinux9.repo +COPY yum.repos.d/microsoft-edge.repo /etc/yum.repos.d/microsoft-edge.repo +RUN yum repolist \ + && yum install -y xorg-x11-server-Xvfb gtk2-devel gtk3-devel libnotify-devel nss libXScrnSaver alsa-lib \ + && yum install -y --enablerepo google-chrome google-chrome-stable \ + && yum install -y --enablerepo edge microsoft-edge-stable \ + && yum clean all -y + +RUN npm config set registry=$nexusUrl/repository/npmjs/ && \ + npm config set //${nexusUrl#*://}/repository/npmjs/:_auth=$(echo -n $nexusAuth | base64) && \ + npm config set email=no-reply@opendevstack.org && \ + npm config set strict-ssl=true && \ + yarn config set registry $nexusUrl/repository/npmjs/ -g && \ + echo node version: $(node --version) && \ + echo npm version: $(npm --version) && \ + echo npx version: $(npx --version) && \ + echo yarn version: $(yarn --version) + +RUN chown -R 1001:0 $HOME && \ + chmod -R g+rwX $HOME + +USER 1001 diff --git a/common/jenkins-agents/terraform-2306/docker/yum.repos.d/almalinux.repo b/common/jenkins-agents/nodejs24/docker/yum.repos.d/almalinux8.repo similarity index 100% rename from common/jenkins-agents/terraform-2306/docker/yum.repos.d/almalinux.repo rename to common/jenkins-agents/nodejs24/docker/yum.repos.d/almalinux8.repo diff --git a/common/jenkins-agents/nodejs24/docker/yum.repos.d/almalinux9.repo b/common/jenkins-agents/nodejs24/docker/yum.repos.d/almalinux9.repo new file mode 100644 index 000000000..a9ac9c610 --- /dev/null +++ b/common/jenkins-agents/nodejs24/docker/yum.repos.d/almalinux9.repo @@ -0,0 +1,13 @@ +[almalinux-baseos] +name=AlmaLinux-9-BaseOS +baseurl=https://repo.almalinux.org/almalinux/9/BaseOS/x86_64/os/ +enabled=1 +gpgcheck=1 +gpgkey=https://repo.almalinux.org/almalinux/9/BaseOS/x86_64/os/RPM-GPG-KEY-AlmaLinux-9 + +[almalinux-appstream] +name=AlmaLinux-9-AppStream +baseurl=https://repo.almalinux.org/almalinux/9/AppStream/x86_64/os/ +enabled=1 +gpgcheck=1 +gpgkey=https://repo.almalinux.org/almalinux/9/AppStream/x86_64/os/RPM-GPG-KEY-AlmaLinux-9 \ No newline at end of file diff --git a/common/jenkins-agents/nodejs24/ocp-config/bc.yml b/common/jenkins-agents/nodejs24/ocp-config/bc.yml index 3338bd928..bd44e8c65 100644 --- a/common/jenkins-agents/nodejs24/ocp-config/bc.yml +++ b/common/jenkins-agents/nodejs24/ocp-config/bc.yml @@ -18,7 +18,7 @@ parameters: - name: ODS_GIT_REF required: true - name: JENKINS_AGENT_DOCKERFILE_PATH - value: Dockerfile.ubi8 + value: Dockerfile.ubi9 description: Dockerfile variant to use objects: - apiVersion: build.openshift.io/v1 @@ -39,11 +39,11 @@ objects: limits: cpu: "1" memory: "3Gi" - ephemeral-storage: "20Gi" + ephemeral-storage: "30Gi" requests: cpu: "200m" memory: "2Gi" - ephemeral-storage: "15Gi" + ephemeral-storage: "20Gi" runPolicy: Serial source: contextDir: common/jenkins-agents/nodejs24/docker diff --git a/common/jenkins-agents/python/docker/Dockerfile.ubi9 b/common/jenkins-agents/python/docker/Dockerfile.ubi9 new file mode 100644 index 000000000..32e5b5c06 --- /dev/null +++ b/common/jenkins-agents/python/docker/Dockerfile.ubi9 @@ -0,0 +1,42 @@ +FROM opendevstackorg/ods-jenkins-agent-base-ubi8:latest + +LABEL maintainer="Gerard Castillo " + +ARG nexusHost +ARG nexusAuth + +ENV PYTHONUNBUFFERED=1 \ + PYTHONIOENCODING=UTF-8 \ + UV_INDEX_URL=https://${nexusAuth}@${nexusHost}/repository/pypi-all/simple \ + UV_TRUSTED_HOST=${nexusHost} \ + PIP_TRUSTED_HOST=${nexusHost} \ + UV_CA_CERTIFICATE=/etc/ssl/certs/ca-bundle.crt \ + PATH=$HOME/.local/bin:$JAVA_HOME/bin:$PATH + +ENV UV_DEFAULT_INDEX=${UV_INDEX_URL} \ + PIP_INDEX_URL=${UV_INDEX_URL} \ + PIP_CERT=${UV_CA_CERTIFICATE} + +RUN yum install -y autoconf automake gcc gcc-c++ openssl-devel libffi-devel && \ + curl -LsSf https://astral.sh/uv/install.sh | sh && \ + mkdir -p $HOME/.config/pip && \ + echo "[global]" > $HOME/.config/pip/pip.conf && \ + echo "index-url = https://${nexusAuth}@${nexusHost}/repository/pypi-all/simple" >> $HOME/.config/pip/pip.conf && \ + echo "trusted-host = ${nexusHost}" >> $HOME/.config/pip/pip.conf && \ + yum -y clean all + +RUN for pyVersion in 3.8 3.9 3.11 3.12; do \ + uv python install $pyVersion && \ + uv pip install --verbose --system --break-system-packages --python $pyVersion --trusted-host ${nexusHost} \ + virtualenv==20.26.3 \ + setuptools==72.2.0 \ + Cython==3.0.11 \ + pypandoc==1.13; \ + done && \ + uv tool update-shell + +# Enables default user to access $HOME folder +RUN chown -R 1001:0 $HOME && \ + chmod -R a+rw $HOME + +USER 1001 diff --git a/common/jenkins-agents/python/ocp-config/bc.yml b/common/jenkins-agents/python/ocp-config/bc.yml index f3adef639..94f27cf51 100644 --- a/common/jenkins-agents/python/ocp-config/bc.yml +++ b/common/jenkins-agents/python/ocp-config/bc.yml @@ -14,7 +14,7 @@ parameters: - name: ODS_GIT_REF required: true - name: JENKINS_AGENT_DOCKERFILE_PATH - value: Dockerfile.ubi8 + value: Dockerfile.ubi9 description: Dockerfile variant to use - name: NEXUS_HOST description: "Your Nexus Instance Host" @@ -40,11 +40,11 @@ objects: resources: limits: cpu: "1" - ephemeral-storage: "8Gi" + ephemeral-storage: "16Gi" memory: "2Gi" requests: cpu: "200m" - ephemeral-storage: "5Gi" + ephemeral-storage: "10Gi" memory: "1Gi" runPolicy: Serial source: diff --git a/common/jenkins-agents/rust/docker/Dockerfile.ubi9 b/common/jenkins-agents/rust/docker/Dockerfile.ubi9 new file mode 100644 index 000000000..34a7428a2 --- /dev/null +++ b/common/jenkins-agents/rust/docker/Dockerfile.ubi9 @@ -0,0 +1,44 @@ +FROM opendevstackorg/ods-jenkins-agent-base-ubi8:latest + +LABEL maintainer="Gerard C.L. " + +ARG rustVersion +ARG rustToolchain +ARG cargoNextestVersion +ARG cargoLlvmCovVersion +ARG cargoGenerateVersion +ARG cargoDenyVersion + +ENV PATH="$HOME/.cargo/bin:$PATH" +ENV USER="rust-agent" +ENV CARGO_NEXTEST_VERSION=${cargoNextestVersion} \ + CARGO_LLVM_COV_VERSION=${cargoLlvmCovVersion} \ + CARGO_GENERATE_VERSION=${cargoGenerateVersion} \ + CARGO_DENY_VERSION=${cargoDenyVersion} \ + RUST_VERSION=${rustVersion} + +RUN yum install -y binutils cpp gcc glibc-devel glibc-headers kernel-headers libasan libatomic \ + libgomp libmpc libpkgconf libubsan libxcrypt-devel llvm-libs pkgconf pkgconf-m4 pkgconf-pkg-config \ + openssl-devel cpan perl-IPC-Cmd && \ + cpan install FindBin + +RUN mkdir -p $HOME/.cargo/bin $HOME/.rustup && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- \ + -y --profile complete --default-toolchain ${rustVersion} -t ${rustToolchain} && \ + cargo -V && \ + # Download binaries and install to $HOME/.cargo/bin + curl --proto '=https' --tlsv1.2 -fsSL https://github.com/nextest-rs/nextest/releases/download/cargo-nextest-$CARGO_NEXTEST_VERSION/cargo-nextest-$CARGO_NEXTEST_VERSION-$rustToolchain.tar.gz | tar xzf - -C "$HOME/.cargo/bin" && \ + curl --proto '=https' --tlsv1.2 -fsSL https://github.com/cargo-generate/cargo-generate/releases/download/v$CARGO_GENERATE_VERSION/cargo-generate-v$CARGO_GENERATE_VERSION-$rustToolchain.tar.gz | tar xzf - -C "$HOME/.cargo/bin" && \ + # curl --proto '=https' --tlsv1.2 -fsSL https://github.com/taiki-e/cargo-llvm-cov/releases/download/v$CARGO_LLVM_COV_VERSION/cargo-llvm-cov-$rustToolchain.tar.gz | tar xzf - -C "$HOME/.cargo/bin" && \ + # cargo LLVM coverage crate is recommended to be compiled as it takes care to add the OS lib dependencies the proper way + cargo install cargo-llvm-cov --locked --version $CARGO_LLVM_COV_VERSION && \ + # install cargo deny as release sources do not provide our rust toolchain target + cargo install cargo-deny --locked --version $CARGO_DENY_VERSION && \ + cargo --version && \ + cargo nextest --version && \ + cargo llvm-cov --version && \ + cargo generate --version && \ + cargo deny --version + +RUN chgrp -R 0 $HOME/.cargo $HOME/.rustup && \ + chmod -R g=u $HOME/.cargo $HOME/.rustup diff --git a/common/jenkins-agents/rust/ocp-config/bc.yml b/common/jenkins-agents/rust/ocp-config/bc.yml index b047284c0..0609a58c6 100644 --- a/common/jenkins-agents/rust/ocp-config/bc.yml +++ b/common/jenkins-agents/rust/ocp-config/bc.yml @@ -14,7 +14,7 @@ parameters: - name: ODS_GIT_REF required: true - name: JENKINS_AGENT_DOCKERFILE_PATH - value: Dockerfile.ubi8 + value: Dockerfile.ubi9 description: Dockerfile variant to use - name: RUST_VERSION description: "The Rust version" @@ -59,11 +59,11 @@ objects: limits: cpu: "2" memory: "4Gi" - ephemeral-storage: "30Gi" + ephemeral-storage: "50Gi" requests: cpu: "500m" memory: "3Gi" - ephemeral-storage: "20Gi" + ephemeral-storage: "30Gi" runPolicy: Serial source: contextDir: common/jenkins-agents/rust/docker diff --git a/common/jenkins-agents/scala/docker/Dockerfile.ubi9 b/common/jenkins-agents/scala/docker/Dockerfile.ubi9 new file mode 100644 index 000000000..c6b15663d --- /dev/null +++ b/common/jenkins-agents/scala/docker/Dockerfile.ubi9 @@ -0,0 +1,68 @@ +FROM opendevstackorg/ods-jenkins-agent-base-ubi8:latest + +LABEL maintainer="Jan Frank " + +ARG nexusUrl +ARG nexusUsername +ARG nexusPassword + +# Container support is now integrated in Java 11, the +UseCGroupMemoryLimitForHeap option has been pruned +ENV JAVA_TOOL_OPTIONS="-XX:+UnlockExperimentalVMOptions -Dsun.zip.disableMemoryMapping=true" + +# Install sbt and java devel 11/17 +ENV SBT_VERSION=1.8.2 +ENV SBT_CREDENTIALS="$HOME/.sbt/.credentials" +RUN rm -f /etc/yum.repos.d/bintray-rpm.repo && \ + curl -L https://www.scala-sbt.org/sbt-rpm.repo > sbt-rpm.repo && \ + mv sbt-rpm.repo /etc/yum.repos.d/ && \ + yum -y install sbt-$SBT_VERSION java-11-openjdk-devel java-17-openjdk-devel && \ + yum clean all && \ + rm -rf /var/cache/yum + +# Copy use java scripts. +COPY use-j*.sh /usr/local/bin/ +RUN chmod +x /usr/local/bin/use-j*.sh && \ + chmod ugo+s /usr/local/bin/use-j*.sh && \ + sh -c 'chmod ugo+s $(which alternatives)' && \ + ls -la /usr/local/bin/use-j*.sh && \ + echo "--- STARTS JDK 11/17 TESTS ---" && \ + use-j11.sh && \ + use-j17.sh && \ + echo "--- ENDS JDK 11/17 TESTS ---" + +COPY sbtconfig/repositories $HOME/.sbt/repositories +COPY sbtconfig/credentials.sbt $HOME/.sbt/1.0/plugins/credentials.sbt +COPY sbtconfig/credentials $HOME/.sbt/.credentials +COPY sbtconfig/sbtopts /etc/sbt/sbtopts +COPY set_sbt_proxy.sh /tmp/set_sbt_proxy.sh + +RUN cat $HOME/.sbt/repositories | sed -e "s|NEXUS_URL|$nexusUrl|g" > $HOME/.sbt/repositories.tmp && \ + mv $HOME/.sbt/repositories.tmp $HOME/.sbt/repositories && \ + nexusHost=$(echo $nexusUrl | sed -e "s|https://||g" | sed -e "s|http://||g") && \ + nexusHost=$(echo $nexusHost | sed -e "s|:.*||g") && \ + sed -i.bak -e "s|NEXUS_HOST|$nexusHost|g" $HOME/.sbt/.credentials && \ + sed -i.bak -e "s|NEXUS_USERNAME|$nexusUsername|g" $HOME/.sbt/.credentials && \ + sed -i.bak -e "s|NEXUS_PASSWORD|$nexusPassword|g" $HOME/.sbt/.credentials && \ + rm $HOME/.sbt/.credentials.bak && \ + cd /tmp && \ + /tmp/set_sbt_proxy.sh && \ + if [ ! -f "/usr/bin/sbt" ]; then echo "sbt path /usr/bin/sbt could not be found"; exit 1 ; fi + +RUN chown -R 1001:0 $HOME && \ + chmod -R g+rwX $HOME && \ + chmod -c 666 /etc/pki/ca-trust/extracted/java/cacerts && \ + ls -la /etc/pki/ca-trust/extracted/java/cacerts + +# temporary java version switch bugfix +USER root +RUN chgrp -R 0 /var/lib/alternatives && \ + chmod -R g=u /var/lib/alternatives && \ + chgrp -R 0 /etc/alternatives && \ + chmod -R g=u /etc/alternatives && \ + chmod -R u+w /usr/bin && \ + chgrp -R 0 /usr/bin && \ + chmod -R g=u /usr/bin && \ + chgrp -R 0 /usr/share/man && \ + chmod -R g=u /usr/share/man + +USER 1001 \ No newline at end of file diff --git a/common/jenkins-agents/scala/ocp-config/bc.yml b/common/jenkins-agents/scala/ocp-config/bc.yml index 737107eff..bd08d0087 100644 --- a/common/jenkins-agents/scala/ocp-config/bc.yml +++ b/common/jenkins-agents/scala/ocp-config/bc.yml @@ -20,7 +20,7 @@ parameters: - name: ODS_GIT_REF required: true - name: JENKINS_AGENT_DOCKERFILE_PATH - value: Dockerfile.ubi8 + value: Dockerfile.ubi9 description: Dockerfile variant to use objects: - apiVersion: build.openshift.io/v1 @@ -41,11 +41,11 @@ objects: limits: cpu: "1" memory: "2Gi" - ephemeral-storage: "8Gi" + ephemeral-storage: "16Gi" requests: cpu: "200m" memory: "1Gi" - ephemeral-storage: "5Gi" + ephemeral-storage: "10Gi" runPolicy: Serial source: contextDir: common/jenkins-agents/scala/docker diff --git a/common/jenkins-agents/terraform-2306/docker/Dockerfile.ubi8 b/common/jenkins-agents/terraform-2306/docker/Dockerfile.ubi8 index cc9df54ba..694478f4e 100644 --- a/common/jenkins-agents/terraform-2306/docker/Dockerfile.ubi8 +++ b/common/jenkins-agents/terraform-2306/docker/Dockerfile.ubi8 @@ -12,7 +12,7 @@ LABEL com.redhat.component="jenkins-agent-terraform-ubi8-docker" \ io.k8s.description="The jenkins agent image has terraform and other tools on top of the jenkins agent base image." \ io.openshift.tags="openshift,jenkins,agent,terraform,aws,azure" -ARG nexusUrl +ARG nexusHost ARG nexusAuth ARG NPMJS_REGISTRY_FLAG @@ -51,9 +51,9 @@ COPY python_requirements /tmp/requirements.txt # COPY certs/* /etc/pki/ca-trust/source/anchors/ # RUN update-ca-trust force-enable && update-ca-trust extract -COPY yum.repos.d/almalinux.repo /etc/yum.repos.d/almalinux.repo +COPY yum.repos.d/almalinux8.repo /etc/yum.repos.d/almalinux8.repo RUN sed -i 's@^\s*enabled\s*=.*$@enabled = 1@g' /etc/yum.repos.d/*.repo \ - && sed -i 's@^\s*enabled\s*=.*$@enabled = 0@g' /etc/yum.repos.d/almalinux.repo \ + && sed -i 's@^\s*enabled\s*=.*$@enabled = 0@g' /etc/yum.repos.d/almalinux8.repo \ && grep -i '\(name\|enabled\)' /etc/yum.repos.d/*.repo RUN set -x \ @@ -105,8 +105,8 @@ RUN INSTALL_NODE="nodejs nodejs-nodemon" \ && yum install -y --setopt=tsflags=nodocs --disableplugin=subscription-manager $INSTALL_NODE \ && rpm -V $INSTALL_NODE \ && yum clean all -y \ - && npm config set registry=$nexusUrl/repository/npmjs/ \ - && npm config set //${nexusUrl#*://}/repository/npmjs/:_auth=$(echo -n $nexusAuth | base64) \ + && npm config set registry=$nexusHost/repository/npmjs/ \ + && npm config set //${nexusHost#*://}/repository/npmjs/:_auth=$(echo -n $nexusAuth | base64) \ && npm config set email=no-reply@opendevstack.org \ && npm config set strict-ssl=true diff --git a/common/jenkins-agents/terraform-2306/docker/Dockerfile.ubi9 b/common/jenkins-agents/terraform-2306/docker/Dockerfile.ubi9 new file mode 100644 index 000000000..67477ffe2 --- /dev/null +++ b/common/jenkins-agents/terraform-2306/docker/Dockerfile.ubi9 @@ -0,0 +1,203 @@ +FROM opendevstackorg/ods-jenkins-agent-base-ubi8:latest + +LABEL maintainer="Erhard Wais , Frank Joas , Josef Hartmann , Steve Taylor " + +# Labels consumed by Red Hat build service +LABEL com.redhat.component="jenkins-agent-terraform-ubi9-docker" \ + name="openshift/jenkins-agent-terraform-ubi9" \ + version="0.1" \ + architecture="x86_64" \ + release="1" \ + io.k8s.display-name="Jenkins Agent Terraform" \ + io.k8s.description="The jenkins agent image has terraform and other tools on top of the jenkins agent base image." \ + io.openshift.tags="openshift,jenkins,agent,terraform,aws,azure" + +ARG nexusHost +ARG nexusUrl=https://${nexusHost} +ARG nexusAuth +ARG NPMJS_REGISTRY_FLAG + +ENV TERRAFORM_VERSION=1.4.6 \ + TERRAFORM_CONFIG_INSPECT_VERSION=0.2.0 \ + TERRAFORM_DOCS_VERSION=v0.16.0 \ + RUBY_VERSION=3.2.2 \ + PACKER_VERSION=1.8.7 \ + CONSUL_VERSION=1.15.2 \ + TFENV_VERSION=3.0.0 \ + TFLINT_VERSION=0.46.1 \ + NODEJS_VERSION=18 \ + BUNDLER_VERSION=2.4.13 \ + AGE_VERSION=1.1.1 \ + GEM_HOME=/opt/bundle \ + RBENV_ROOT=/opt/rbenv \ + RBENV_SHELL=bash \ + NPM_CONFIG_CAFILE=/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem \ + UV_INDEX_URL=https://${nexusAuth}@${nexusHost}/repository/pypi-all/simple \ + UV_TRUSTED_HOST=${nexusHost} \ + PIP_TRUSTED_HOST=${nexusHost} \ + UV_CA_CERTIFICATE=/etc/ssl/certs/ca-bundle.crt + + +ENV UV_DEFAULT_INDEX=${UV_INDEX_URL} \ + PIP_INDEX_URL=${UV_INDEX_URL} \ + PIP_CERT=${UV_CA_CERTIFICATE} + +ENV INSTALL_PKGS="yum-utils gcc make git-core zlib zlib-devel gcc-c++ patch \ + readline \ + libffi-devel libyaml-devel openssl-devel make bzip2 autoconf curl sqlite-devel xz \ + jq parallel" +ENV INSTALL_DNF_PKGS="readline-devel bison automake libtool" +ENV PATH=/opt/tfenv/bin:/opt/rbenv/shims:/opt/rbenv/bin:/opt/node/bin:$HOME/.local/bin:$JAVA_HOME/bin:$PATH +ENV HOME=/home/jenkins + +RUN sh -c "rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm || true" +COPY python_requirements /tmp/requirements.txt + +# Workaroud we use when running behind proxy +# Basically we put the proxy certificate in certs folder +# COPY certs/* /etc/pki/ca-trust/source/anchors/ +# RUN update-ca-trust force-enable && update-ca-trust extract + +COPY yum.repos.d/almalinux9.repo /etc/yum.repos.d/almalinux9.repo +RUN sed -i 's@^\s*enabled\s*=.*$@enabled = 1@g' /etc/yum.repos.d/*.repo \ + && sed -i 's@^\s*enabled\s*=.*$@enabled = 0@g' /etc/yum.repos.d/almalinux9.repo \ + && grep -i '\(name\|enabled\)' /etc/yum.repos.d/*.repo + +RUN set -x \ + && dnf -y repolist \ + && dnf -y install --allowerasing $INSTALL_PKGS \ + && dnf -y install --allowerasing --enablerepo almalinux-baseos --enablerepo almalinux-appstream $INSTALL_DNF_PKGS \ + && dnf clean all + +RUN curl -LsSf https://astral.sh/uv/install.sh | sh && \ + mkdir -p $HOME/.config/pip && \ + echo "[global]" > $HOME/.config/pip/pip.conf && \ + echo "index-url = https://${nexusAuth}@${nexusHost}/repository/pypi-all/simple" >> $HOME/.config/pip/pip.conf && \ + echo "trusted-host = ${nexusHost}" >> $HOME/.config/pip/pip.conf + +RUN for pyVersion in 3.8 3.9 3.11; do \ + uv python install $pyVersion && \ + uv pip install --verbose --system --break-system-packages --python $pyVersion --trusted-host ${nexusHost} --prerelease=allow \ + virtualenv \ + pycodestyle \ + -r /tmp/requirements.txt; \ + done && \ + rm -f /tmp/requirements.txt && \ + uv python pin 3.11 && \ + uv tool update-shell + +# Install awscli2 +RUN curl -sSL "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \ + && unzip -qq awscliv2.zip \ + && ./aws/install \ + && rm -f awscliv2.zip \ + && rm -Rf ./aws + +# Install awssamcli +RUN curl -sSL "https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-x86_64.zip" -o "awssam.zip" \ + && unzip -qq -d awssam awssam.zip \ + && ./awssam/install && rm -f awssam.zip && rm -Rf ./awssam + +# Install NodeJS +RUN INSTALL_NODE="nodejs nodejs-nodemon" \ + && curl -fsSL https://rpm.nodesource.com/setup_${NODEJS_VERSION}.x | bash - \ + && yum install -y --setopt=tsflags=nodocs --disableplugin=subscription-manager $INSTALL_NODE \ + && rpm -V $INSTALL_NODE \ + && yum clean all -y \ + && npm config set registry=$nexusUrl/repository/npmjs/ \ + && npm config set //${nexusUrl#*://}/repository/npmjs/:_auth=$(echo -n $nexusAuth | base64) \ + && npm config set email=no-reply@opendevstack.org \ + && npm config set strict-ssl=true + +# Install aws cdk +RUN npm install -g ${NPMJS_REGISTRY_FLAG} aws-cdk \ + && node --version \ + && cdk --version + +# Install terraform +RUN wget -q -O /tmp/terraform.zip "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" \ + && unzip /tmp/terraform.zip -d /usr/local/bin \ + && rm -rf /tmp/terraform.zip \ + && terraform -h + +# Install tfenv +RUN umask 0002 && cd /opt && git clone --branch v${TFENV_VERSION} https://github.com/tfutils/tfenv.git \ + && TFENV_CURL_OUTPUT=0 /opt/tfenv/bin/tfenv install ${TERRAFORM_VERSION} \ + && /opt/tfenv/bin/tfenv use ${TERRAFORM_VERSION} \ + && chown -R 1001:0 /opt/tfenv \ + && chmod +x /opt/tfenv/bin/* \ + && terraform -version \ + && tfenv list + +# Install tflint +RUN wget -q -O /tmp/tflint.zip "https://github.com/terraform-linters/tflint/releases/download/v${TFLINT_VERSION}/tflint_linux_amd64.zip" \ + && unzip /tmp/tflint.zip -d /usr/local/bin \ + && rm -rf /tmp/tflint.zip \ + && tflint --version + +# Install packer +RUN wget -q -O /tmp/packer.zip "https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_linux_amd64.zip" \ + && unzip /tmp/packer.zip -d /usr/local/bin \ + && rm -rf /tmp/packer.zip \ + && packer --version + +# Install terraform-config-inspect +RUN wget -q -O /tmp/terraform-config-inspect.tar.gz https://github.com/nichtraunzer/terraform-config-inspect/releases/download/v${TERRAFORM_CONFIG_INSPECT_VERSION}/terraform-config-inspect_${TERRAFORM_CONFIG_INSPECT_VERSION}_linux_amd64.tar.gz \ + && tar zxpf /tmp/terraform-config-inspect.tar.gz -C /usr/local/bin/ \ + && rm -f /tmp/terraform-config-inspect.tar.gz \ + && chmod 755 /usr/local/bin/terraform-config-inspect + +# Install terraform-docs +RUN wget -q -O /tmp/terraform-docs.tar.gz https://github.com/terraform-docs/terraform-docs/releases/download/${TERRAFORM_DOCS_VERSION}/terraform-docs-${TERRAFORM_DOCS_VERSION}-linux-amd64.tar.gz \ + && tar zxpf /tmp/terraform-docs.tar.gz -C /usr/local/bin/ terraform-docs \ + && chmod +x /usr/local/bin/terraform-docs + +# Install consul-cli +RUN wget -q "https://releases.hashicorp.com/consul/${CONSUL_VERSION}/consul_${CONSUL_VERSION}_linux_amd64.zip" \ + && unzip consul_${CONSUL_VERSION}_linux_amd64.zip -d /usr/local/bin \ + && rm -f consul_${CONSUL_VERSION}_linux_amd64.zip \ + && chmod +x /usr/local/bin/consul \ + && /usr/local/bin/consul -version + +# Install age +RUN wget -q -O /tmp/age.tar.gz https://github.com/FiloSottile/age/releases/download/v${AGE_VERSION}/age-v${AGE_VERSION}-linux-amd64.tar.gz \ + && tar xzf /tmp/age.tar.gz -C /usr/local/bin \ + && rm -f /tmp/age.tar.gz + +RUN chmod +t /tmp \ + && chown -R 1001:0 $HOME \ + && chmod -R g+rwX $HOME \ + && mkdir -p $GEM_HOME \ + && chmod 2770 $GEM_HOME + +COPY Gemfile Gemfile.lock $GEM_HOME/ + +RUN chown -R 1001:0 $GEM_HOME \ + && chmod -R g+rw $GEM_HOME \ + && ls -lisa /home/jenkins $GEM_HOME + +# Setup ruby env and bundler gems +# RUBY https://syslint.com/blog/tutorial/how-to-install-ruby-on-rails-with-rbenv-on-centos-7-or-rhel-7/ +RUN cd /opt \ + && umask 0002 \ + && git clone https://github.com/rbenv/rbenv.git /opt/rbenv \ + && echo 'export PATH="/opt/rbenv/shims:/opt/rbenv/bin:$PATH"' >> ~/.bash_profile \ + && echo 'eval "$(rbenv init -)"' >> ~/.bash_profile \ + && source ~/.bash_profile \ + && git clone https://github.com/rbenv/ruby-build.git /opt/rbenv/plugins/ruby-build \ + && echo 'export PATH="/opt/rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bash_profile \ + && source ~/.bash_profile \ + && MAKE_OPTS='-j 4' rbenv install $RUBY_VERSION \ + && rbenv global $RUBY_VERSION \ + && gem install bundler -v $BUNDLER_VERSION \ + && RBENV_VERSION=$RUBY_VERSION gem install bundler -v $BUNDLER_VERSION \ + && bundle config default $BUNDLER_VERSION \ + && RBENV_VERSION=$RUBY_VERSION bundle config default $BUNDLER_VERSION \ + && bundle config set --global path $GEM_HOME \ + && RBENV_VERSION=$RUBY_VERSION bundle config set --global path $GEM_HOME \ + && cd $GEM_HOME \ + && BUNDLE_SILENCE_ROOT_WARNING=true bundle install --full-index --jobs=8 \ + && rm -Rf /home/jenkins/.bundle/cache + +USER 1001 + diff --git a/common/jenkins-agents/terraform-2306/docker/python_requirements b/common/jenkins-agents/terraform-2306/docker/python_requirements index 2f647a27f..40e1ca749 100644 --- a/common/jenkins-agents/terraform-2306/docker/python_requirements +++ b/common/jenkins-agents/terraform-2306/docker/python_requirements @@ -3,7 +3,7 @@ boto3~=1.26 requests~=2.27 simplejson~=3.19 argparse~=1.4 -botocore +botocore~=1.37 pipenv~=2023.4 python-hcl2~=2.0 pre-commit~=3.3.1 diff --git a/common/jenkins-agents/terraform-2408/docker/yum.repos.d/almalinux.repo b/common/jenkins-agents/terraform-2306/docker/yum.repos.d/almalinux8.repo similarity index 100% rename from common/jenkins-agents/terraform-2408/docker/yum.repos.d/almalinux.repo rename to common/jenkins-agents/terraform-2306/docker/yum.repos.d/almalinux8.repo diff --git a/common/jenkins-agents/terraform-2306/docker/yum.repos.d/almalinux9.repo b/common/jenkins-agents/terraform-2306/docker/yum.repos.d/almalinux9.repo new file mode 100644 index 000000000..a9ac9c610 --- /dev/null +++ b/common/jenkins-agents/terraform-2306/docker/yum.repos.d/almalinux9.repo @@ -0,0 +1,13 @@ +[almalinux-baseos] +name=AlmaLinux-9-BaseOS +baseurl=https://repo.almalinux.org/almalinux/9/BaseOS/x86_64/os/ +enabled=1 +gpgcheck=1 +gpgkey=https://repo.almalinux.org/almalinux/9/BaseOS/x86_64/os/RPM-GPG-KEY-AlmaLinux-9 + +[almalinux-appstream] +name=AlmaLinux-9-AppStream +baseurl=https://repo.almalinux.org/almalinux/9/AppStream/x86_64/os/ +enabled=1 +gpgcheck=1 +gpgkey=https://repo.almalinux.org/almalinux/9/AppStream/x86_64/os/RPM-GPG-KEY-AlmaLinux-9 \ No newline at end of file diff --git a/common/jenkins-agents/terraform-2306/ocp-config/bc.yml b/common/jenkins-agents/terraform-2306/ocp-config/bc.yml index dba710946..7e5d4eb0e 100644 --- a/common/jenkins-agents/terraform-2306/ocp-config/bc.yml +++ b/common/jenkins-agents/terraform-2306/ocp-config/bc.yml @@ -6,7 +6,7 @@ parameters: - name: ODS_BITBUCKET_PROJECT description: Bitbucket project name. value: opendevstack -- name: NEXUS_URL +- name: NEXUS_HOST required: true - name: NEXUS_AUTH required: true @@ -18,7 +18,7 @@ parameters: - name: ODS_GIT_REF required: true - name: JENKINS_AGENT_DOCKERFILE_PATH - value: Dockerfile.ubi8 + value: Dockerfile.ubi9 description: Dockerfile variant to use objects: - apiVersion: build.openshift.io/v1 @@ -39,11 +39,11 @@ objects: limits: cpu: "2" memory: "8Gi" - ephemeral-storage: "30Gi" + ephemeral-storage: "50Gi" requests: cpu: "500m" memory: "5Gi" - ephemeral-storage: "20Gi" + ephemeral-storage: "30Gi" runPolicy: Serial source: contextDir: common/jenkins-agents/terraform-2306/docker @@ -56,8 +56,8 @@ objects: strategy: dockerStrategy: buildArgs: - - name: nexusUrl - value: ${NEXUS_URL} + - name: nexusHost + value: ${NEXUS_HOST} - name: nexusAuth value: ${NEXUS_AUTH} dockerfilePath: ${JENKINS_AGENT_DOCKERFILE_PATH} diff --git a/common/jenkins-agents/terraform-2408/docker/Dockerfile.ubi8 b/common/jenkins-agents/terraform-2408/docker/Dockerfile.ubi8 index afff2800a..df0415d9c 100644 --- a/common/jenkins-agents/terraform-2408/docker/Dockerfile.ubi8 +++ b/common/jenkins-agents/terraform-2408/docker/Dockerfile.ubi8 @@ -12,7 +12,7 @@ LABEL com.redhat.component="jenkins-agent-terraform-ubi8-docker" \ io.k8s.description="The jenkins agent image has terraform and other tools on top of the jenkins agent base image." \ io.openshift.tags="openshift,jenkins,agent,terraform,aws,azure" -ARG nexusUrl +ARG nexusHost ARG nexusAuth ARG NPMJS_REGISTRY_FLAG @@ -56,9 +56,9 @@ COPY python_requirements /tmp/requirements.txt # COPY certs/* /etc/pki/ca-trust/source/anchors/ # RUN update-ca-trust force-enable && update-ca-trust extract -COPY yum.repos.d/almalinux.repo /etc/yum.repos.d/almalinux.repo +COPY yum.repos.d/almalinux8.repo /etc/yum.repos.d/almalinux8.repo RUN sed -i 's@^\s*enabled\s*=.*$@enabled = 1@g' /etc/yum.repos.d/*.repo \ - && sed -i 's@^\s*enabled\s*=.*$@enabled = 0@g' /etc/yum.repos.d/almalinux.repo \ + && sed -i 's@^\s*enabled\s*=.*$@enabled = 0@g' /etc/yum.repos.d/almalinux8.repo \ && grep -i '\(name\|enabled\)' /etc/yum.repos.d/*.repo RUN set -x \ @@ -110,8 +110,8 @@ RUN INSTALL_NODE="nodejs nodejs-nodemon" \ && yum install -y --setopt=tsflags=nodocs --disableplugin=subscription-manager $INSTALL_NODE \ && rpm -V $INSTALL_NODE \ && yum clean all -y \ - && npm config set registry=$nexusUrl/repository/npmjs/ \ - && npm config set //${nexusUrl#*://}/repository/npmjs/:_auth=$(echo -n $nexusAuth | base64) \ + && npm config set registry=$nexusHost/repository/npmjs/ \ + && npm config set //${nexusHost#*://}/repository/npmjs/:_auth=$(echo -n $nexusAuth | base64) \ && npm config set email=no-reply@opendevstack.org \ && npm config set strict-ssl=true diff --git a/common/jenkins-agents/terraform-2408/docker/Dockerfile.ubi9 b/common/jenkins-agents/terraform-2408/docker/Dockerfile.ubi9 new file mode 100644 index 000000000..8371e2086 --- /dev/null +++ b/common/jenkins-agents/terraform-2408/docker/Dockerfile.ubi9 @@ -0,0 +1,216 @@ +FROM opendevstackorg/ods-jenkins-agent-base-ubi8:latest + +LABEL maintainer="Erhard Wais , Frank Joas , Josef Hartmann , Steve Taylor " + +# Labels consumed by Red Hat build service +LABEL com.redhat.component="jenkins-agent-terraform-ubi9-docker" \ + name="openshift/jenkins-agent-terraform-ubi9" \ + version="0.1" \ + architecture="x86_64" \ + release="1" \ + io.k8s.display-name="Jenkins Agent Terraform" \ + io.k8s.description="The jenkins agent image has terraform and other tools on top of the jenkins agent base image." \ + io.openshift.tags="openshift,jenkins,agent,terraform,aws,azure" + +ARG nexusHost +ARG nexusUrl=https://${nexusHost} +ARG nexusAuth +ARG NPMJS_REGISTRY_FLAG + +ENV TERRAFORM_VERSION=1.9.4 \ + TERRAFORM_CONFIG_INSPECT_VERSION=0.2.0 \ + TERRAFORM_DOCS_VERSION=v0.18.0 \ + RUBY_VERSION=3.3.4 \ + PACKER_VERSION=1.11.2 \ + CONSUL_VERSION=1.19.1 \ + TENV_VERSION=3.0.0 \ + TENV_AUTO_INSTALL=true \ + TENV_ROOT=/opt/tenv \ + GO_VERSION=1.21.13 \ + GOBIN=/usr/local/go/bin \ + TFLINT_VERSION=0.52.0 \ + NODEJS_VERSION=20 \ + BUNDLER_VERSION=2.5.17 \ + AGE_VERSION=1.2.0 \ + GEM_HOME=/opt/bundle \ + RBENV_ROOT=/opt/rbenv \ + RBENV_SHELL=bash \ + TASK_VERSION=3.38.0 \ + NPM_CONFIG_CAFILE=/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem \ + UV_INDEX_URL=https://${nexusAuth}@${nexusHost}/repository/pypi-all/simple \ + UV_TRUSTED_HOST=${nexusHost} \ + PIP_TRUSTED_HOST=${nexusHost} \ + UV_CA_CERTIFICATE=/etc/ssl/certs/ca-bundle.crt + + +ENV UV_DEFAULT_INDEX=${UV_INDEX_URL} \ + PIP_INDEX_URL=${UV_INDEX_URL} \ + PIP_CERT=${UV_CA_CERTIFICATE} + +ENV INSTALL_PKGS="yum-utils gcc make git-core zlib zlib-devel gcc-c++ patch \ + readline \ + libffi-devel libyaml-devel openssl-devel make bzip2 autoconf curl sqlite-devel xz \ + jq parallel" +ENV INSTALL_DNF_PKGS="readline-devel bison automake libtool xorriso" +ENV PATH=/opt/rbenv/shims:/opt/rbenv/bin:/opt/node/bin:/usr/bin:/usr/local/go/bin:$HOME/.local/bin:$JAVA_HOME/bin:$PATH +ENV HOME=/home/jenkins + +RUN sh -c "rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm || true" +COPY python_requirements /tmp/requirements.txt + +# Workaroud we use when running behind proxy +# Basically we put the proxy certificate in certs folder +# COPY certs/* /etc/pki/ca-trust/source/anchors/ +# RUN update-ca-trust force-enable && update-ca-trust extract + +COPY yum.repos.d/almalinux9.repo /etc/yum.repos.d/almalinux9.repo +RUN sed -i 's@^\s*enabled\s*=.*$@enabled = 1@g' /etc/yum.repos.d/*.repo \ + && sed -i 's@^\s*enabled\s*=.*$@enabled = 0@g' /etc/yum.repos.d/almalinux9.repo \ + && grep -i '\(name\|enabled\)' /etc/yum.repos.d/*.repo + +RUN set -x \ + && dnf -y repolist \ + && dnf -y install --allowerasing $INSTALL_PKGS \ + && dnf -y install --allowerasing --enablerepo almalinux-baseos --enablerepo almalinux-appstream $INSTALL_DNF_PKGS + +RUN curl -LsSf https://astral.sh/uv/install.sh | sh && \ + mkdir -p $HOME/.config/pip && \ + echo "[global]" > $HOME/.config/pip/pip.conf && \ + echo "index-url = https://${nexusAuth}@${nexusHost}/repository/pypi-all/simple" >> $HOME/.config/pip/pip.conf && \ + echo "trusted-host = ${nexusHost}" >> $HOME/.config/pip/pip.conf + +RUN for pyVersion in 3.9 3.11 3.12; do \ + uv python install $pyVersion && \ + uv pip install --verbose --system --break-system-packages --python $pyVersion --trusted-host ${nexusHost} --prerelease=allow \ + virtualenv \ + pycodestyle \ + -r /tmp/requirements.txt; \ + done && \ + rm -f /tmp/requirements.txt && \ + uv python pin 3.12 && \ + uv tool update-shell + +# Install awscli2 +RUN curl -sSL "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \ + && unzip -qq awscliv2.zip \ + && ./aws/install \ + && rm -f awscliv2.zip \ + && rm -Rf ./aws + +# Install awssamcli +RUN curl -sSL "https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-x86_64.zip" -o "awssam.zip" \ + && unzip -qq -d awssam awssam.zip \ + && ./awssam/install && rm -f awssam.zip && rm -Rf ./awssam + +# Install NodeJS +RUN INSTALL_NODE="nodejs nodejs-nodemon" \ + && curl -fsSL https://rpm.nodesource.com/setup_${NODEJS_VERSION}.x | bash - \ + && yum install -y --setopt=tsflags=nodocs --disableplugin=subscription-manager $INSTALL_NODE \ + && rpm -V $INSTALL_NODE \ + && yum clean all -y \ + && npm config set registry=$nexusUrl/repository/npmjs/ \ + && npm config set //${nexusUrl#*://}/repository/npmjs/:_auth=$(echo -n $nexusAuth | base64) \ + && npm config set email=no-reply@opendevstack.org \ + && npm config set strict-ssl=true + +# Install aws cdk +RUN npm install -g ${NPMJS_REGISTRY_FLAG} aws-cdk \ + && node --version \ + && cdk --version + +# Install tenv & install terraform +RUN mkdir -p "${TENV_ROOT}" && chmod 2775 "${TENV_ROOT}" && chown 1001:0 "${TENV_ROOT}" \ + && dnf install -y https://github.com/tofuutils/tenv/releases/download/v${TENV_VERSION}/tenv_v${TENV_VERSION}_amd64.rpm \ + && dnf clean all \ + && tenv tf install ${TERRAFORM_VERSION} \ + && tenv tf use ${TERRAFORM_VERSION} \ + && tenv version \ + && terraform -version \ + && tenv tf list \ + && echo 'export PATH=$(/usr/bin/tenv update-path)' > /etc/profile.d/tenv.sh \ + && chown -R 1001:0 "${TENV_ROOT}" \ + && chmod -R 2775 "${TENV_ROOT}" + +# Install GO for terratest +RUN cd /tmp \ + && curl -LfSso /tmp/go.tar.gz https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz \ + && tar -C /usr/local -xzf go.tar.gz \ + && rm -f /tmp/go.tar.gz \ + && /usr/local/go/bin/go version + +# Install go-task +RUN sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d v${TASK_VERSION} \ + && task --version + +# Install tflint +RUN wget -q -O /tmp/tflint.zip "https://github.com/terraform-linters/tflint/releases/download/v${TFLINT_VERSION}/tflint_linux_amd64.zip" \ + && unzip /tmp/tflint.zip -d /usr/local/bin \ + && rm -rf /tmp/tflint.zip \ + && tflint --version + +# Install packer +RUN wget -q -O /tmp/packer.zip "https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_linux_amd64.zip" \ + && unzip /tmp/packer.zip -d /usr/local/bin packer \ + && rm -rf /tmp/packer.zip \ + && packer --version + +# Install terraform-config-inspect +RUN wget -q -O /tmp/terraform-config-inspect.tar.gz https://github.com/nichtraunzer/terraform-config-inspect/releases/download/v${TERRAFORM_CONFIG_INSPECT_VERSION}/terraform-config-inspect_${TERRAFORM_CONFIG_INSPECT_VERSION}_linux_amd64.tar.gz \ + && tar zxpf /tmp/terraform-config-inspect.tar.gz -C /usr/local/bin/ terraform-config-inspect \ + && rm -f /tmp/terraform-config-inspect.tar.gz \ + && chmod 755 /usr/local/bin/terraform-config-inspect + +# Install terraform-docs +RUN wget -q -O /tmp/terraform-docs.tar.gz https://github.com/terraform-docs/terraform-docs/releases/download/${TERRAFORM_DOCS_VERSION}/terraform-docs-${TERRAFORM_DOCS_VERSION}-linux-amd64.tar.gz \ + && tar zxpf /tmp/terraform-docs.tar.gz -C /usr/local/bin/ terraform-docs \ + && chmod +x /usr/local/bin/terraform-docs \ + && rm -f /tmp/terraform-docs.tar.gz + +# Install consul-cli +RUN wget -q "https://releases.hashicorp.com/consul/${CONSUL_VERSION}/consul_${CONSUL_VERSION}_linux_amd64.zip" \ + && unzip consul_${CONSUL_VERSION}_linux_amd64.zip -d /usr/local/bin consul \ + && rm -f consul_${CONSUL_VERSION}_linux_amd64.zip \ + && chmod +x /usr/local/bin/consul \ + && /usr/local/bin/consul -version + +# Install age +RUN wget -q -O /tmp/age.tar.gz https://github.com/FiloSottile/age/releases/download/v${AGE_VERSION}/age-v${AGE_VERSION}-linux-amd64.tar.gz \ + && tar xzf /tmp/age.tar.gz -C /usr/local/bin \ + && rm -f /tmp/age.tar.gz + +RUN chmod +t /tmp \ + && chown -R 1001:0 $HOME \ + && chmod -R g+rwX $HOME \ + && mkdir -p $GEM_HOME \ + && chmod 2770 $GEM_HOME + +COPY Gemfile Gemfile.lock $GEM_HOME/ + +RUN chown -R 1001:0 $GEM_HOME \ + && chmod -R g+rw $GEM_HOME \ + && ls -lisa /home/jenkins $GEM_HOME + +# Setup ruby env and bundler gems +# RUBY https://syslint.com/blog/tutorial/how-to-install-ruby-on-rails-with-rbenv-on-centos-7-or-rhel-7/ +RUN cd /opt \ + && umask 0002 \ + && git clone https://github.com/rbenv/rbenv.git /opt/rbenv \ + && echo 'export PATH="/opt/rbenv/shims:/opt/rbenv/bin:$PATH"' >> ~/.bash_profile \ + && echo 'eval "$(rbenv init -)"' >> ~/.bash_profile \ + && source ~/.bash_profile \ + && git clone https://github.com/rbenv/ruby-build.git /opt/rbenv/plugins/ruby-build \ + && echo 'export PATH="/opt/rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bash_profile \ + && source ~/.bash_profile \ + && MAKE_OPTS='-j 4' rbenv install $RUBY_VERSION \ + && rbenv global $RUBY_VERSION \ + && gem install bundler -v $BUNDLER_VERSION \ + && RBENV_VERSION=$RUBY_VERSION gem install bundler -v $BUNDLER_VERSION \ + && bundle config default $BUNDLER_VERSION \ + && RBENV_VERSION=$RUBY_VERSION bundle config default $BUNDLER_VERSION \ + && bundle config set --global path $GEM_HOME \ + && RBENV_VERSION=$RUBY_VERSION bundle config set --global path $GEM_HOME \ + && cd $GEM_HOME \ + && BUNDLE_SILENCE_ROOT_WARNING=true bundle install --full-index --jobs=8 \ + && rm -Rf /home/jenkins/.bundle/cache + +USER 1001 diff --git a/common/jenkins-agents/terraform-2408/docker/python_requirements b/common/jenkins-agents/terraform-2408/docker/python_requirements index e85eaae86..e546ab4cb 100644 --- a/common/jenkins-agents/terraform-2408/docker/python_requirements +++ b/common/jenkins-agents/terraform-2408/docker/python_requirements @@ -3,7 +3,7 @@ boto3~=1.34 requests~=2.32 simplejson~=3.19 argparse~=1.4 -botocore +botocore~=1.37 pipenv~=2024.0 python-hcl2~=2.0 pre-commit~=3.8.0 diff --git a/common/jenkins-agents/nodejs24/docker/yum.repos.d/almalinux.repo b/common/jenkins-agents/terraform-2408/docker/yum.repos.d/almalinux8.repo similarity index 99% rename from common/jenkins-agents/nodejs24/docker/yum.repos.d/almalinux.repo rename to common/jenkins-agents/terraform-2408/docker/yum.repos.d/almalinux8.repo index 64ed35aa6..d26a001f7 100644 --- a/common/jenkins-agents/nodejs24/docker/yum.repos.d/almalinux.repo +++ b/common/jenkins-agents/terraform-2408/docker/yum.repos.d/almalinux8.repo @@ -10,4 +10,4 @@ name=AlmaLinux-8-AppStream baseurl=https://repo.almalinux.org/almalinux/8/AppStream/x86_64/os/ enabled=1 gpgcheck=1 -gpgkey=https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux +gpgkey=https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux \ No newline at end of file diff --git a/common/jenkins-agents/terraform-2408/docker/yum.repos.d/almalinux9.repo b/common/jenkins-agents/terraform-2408/docker/yum.repos.d/almalinux9.repo new file mode 100644 index 000000000..a9ac9c610 --- /dev/null +++ b/common/jenkins-agents/terraform-2408/docker/yum.repos.d/almalinux9.repo @@ -0,0 +1,13 @@ +[almalinux-baseos] +name=AlmaLinux-9-BaseOS +baseurl=https://repo.almalinux.org/almalinux/9/BaseOS/x86_64/os/ +enabled=1 +gpgcheck=1 +gpgkey=https://repo.almalinux.org/almalinux/9/BaseOS/x86_64/os/RPM-GPG-KEY-AlmaLinux-9 + +[almalinux-appstream] +name=AlmaLinux-9-AppStream +baseurl=https://repo.almalinux.org/almalinux/9/AppStream/x86_64/os/ +enabled=1 +gpgcheck=1 +gpgkey=https://repo.almalinux.org/almalinux/9/AppStream/x86_64/os/RPM-GPG-KEY-AlmaLinux-9 \ No newline at end of file diff --git a/common/jenkins-agents/terraform-2408/ocp-config/bc.yml b/common/jenkins-agents/terraform-2408/ocp-config/bc.yml index 2f20fc387..2b5a01be1 100644 --- a/common/jenkins-agents/terraform-2408/ocp-config/bc.yml +++ b/common/jenkins-agents/terraform-2408/ocp-config/bc.yml @@ -6,7 +6,7 @@ parameters: - name: ODS_BITBUCKET_PROJECT description: Bitbucket project name. value: opendevstack -- name: NEXUS_URL +- name: NEXUS_HOST required: true - name: NEXUS_AUTH required: true @@ -18,7 +18,7 @@ parameters: - name: ODS_GIT_REF required: true - name: JENKINS_AGENT_DOCKERFILE_PATH - value: Dockerfile.ubi8 + value: Dockerfile.ubi9 description: Dockerfile variant to use objects: - apiVersion: build.openshift.io/v1 @@ -39,11 +39,11 @@ objects: limits: cpu: "2" memory: "8Gi" - ephemeral-storage: "30Gi" + ephemeral-storage: "50Gi" requests: cpu: "500m" memory: "5Gi" - ephemeral-storage: "20Gi" + ephemeral-storage: "30Gi" runPolicy: Serial source: contextDir: common/jenkins-agents/terraform-2408/docker @@ -56,8 +56,8 @@ objects: strategy: dockerStrategy: buildArgs: - - name: nexusUrl - value: ${NEXUS_URL} + - name: nexusHost + value: ${NEXUS_HOST} - name: nexusAuth value: ${NEXUS_AUTH} - name: nexusAuth