ECLOUD-2134 switch jenkins agent image (#12)

* [ECLOUD-2134] added jenkins inbound agent image * [ECLOUD-2134] adapted GHA to run a matrix build
gdisdevops · Apr 5, 2022 · 7597b72 · 7597b72
1 parent c55e663
commit 7597b72
Show file tree

Hide file tree

Showing 2 changed files with 89 additions and 5 deletions.
diff --git a/.github/workflows/jenkins-jnlp-slave-docker-publish.yml b/.github/workflows/jenkins-jnlp-slave-docker-publish.yml
@@ -12,21 +12,26 @@ on:
     tags: [ 'v*.*.*' ]
     paths: 
     - 'jenkins-jnlp-slave/**'
+    - 'jenkins-inbound-agent/**'
   pull_request:
     branches: [ master ]
     paths: 
     - 'jenkins-jnlp-slave/**'
+    - 'jenkins-inbound-agent/**'
 
 env:
   # Use docker.io for Docker Hub if empty
   REGISTRY: ghcr.io
-  IMAGE_PATH: jenkins-jnlp-slave
+  # IMAGE_PATH: jenkins-jnlp-slave
   # github.repository as <account>/<repo>
-  IMAGE_NAME: ${{ github.repository }}/jenkins-jnlp-slave
+  # IMAGE_NAME: ${{ github.repository }}/jenkins-jnlp-slave
 
 
 jobs:
   build:
+    strategy:
+      matrix:
+        image: [jenkins-jnlp-slave, jenkins-inbound-agent]
 
     runs-on: ubuntu-latest
     permissions:
@@ -69,7 +74,7 @@ jobs:
         id: meta
         uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
         with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          images: ${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.image }}
           tags: |
             type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
             type=ref,event=tag
@@ -82,7 +87,7 @@ jobs:
         id: build-and-push
         uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
         with:
-          context: ${{ env.IMAGE_PATH }}
+          context: ${{ matrix.image }}
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
@@ -98,4 +103,4 @@ jobs:
           COSIGN_EXPERIMENTAL: "true"
         # This step uses the identity token to provision an ephemeral certificate
         # against the sigstore community Fulcio instance.
-        run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
+        run: cosign sign ${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.image }}@${{ steps.build-and-push.outputs.digest }}
diff --git a/jenkins-inbound-agent/Dockerfile b/jenkins-inbound-agent/Dockerfile
@@ -0,0 +1,79 @@
+FROM jenkins/inbound-agent:4.10-3
+
+USER root
+
+ARG VAULT_VERSION=1.5.3
+ARG PACKER_VERSION=1.6.2
+ARG TERRAFORM_1_VERSION=1.0.5
+ARG TERRAFORM_1_1_VERSION=1.1.6
+ARG KUBECTL_VERSION=1.21.9
+ARG HELM_VERSION=3.8.1
+ARG ANSIBLE_VERSION=2.10.3
+ARG TERRAFORM_DOCS_VERSION=0.10.1
+ARG CONFTEST_VERSION=0.23.0
+
+RUN apt-get update && apt-get dist-upgrade -y \
+      && apt-get install -y \
+        git \
+        apt-transport-https \
+        curl \
+        init \
+        openssh-server openssh-client \
+        software-properties-common \
+        unzip \
+        libffi-dev \
+        jq \
+        python3-pip \
+      && rm -rf /var/lib/apt/lists/* \
+
+    #### install aws cli
+    && curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \
+      && unzip awscliv2.zip && ./aws/install && rm awscliv2.zip && rm -rf aws \
+
+    #### install boto3
+    && pip3 install --no-cache-dir -U boto3 checkov pre-commit \
+
+    #### install ansible
+    && pip3 install --no-cache-dir ansible==${ANSIBLE_VERSION} \
+
+    #### install vault
+    && curl "https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip" -o "vault.zip" \
+      && unzip vault.zip && mv vault /usr/bin && rm vault.zip \
+
+    #### install packer
+    && curl "https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_linux_amd64.zip" -o "packer.zip" \
+      && unzip packer.zip && mv packer /usr/bin && rm packer.zip \
+
+    #### install kubectl
+    && curl "https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl" -o "kubectl" \
+      && chmod +x kubectl && mv kubectl /usr/bin \
+
+    #### install helm
+    && curl -L "https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz" -o "helm.tar.gz" \
+      && tar -xvzf helm.tar.gz && chmod +x linux-amd64/helm && mv linux-amd64/helm /usr/bin \
+      && rm -rf linux-amd64 helm.tar.gz \
+
+    #### install terraform-docs
+    && curl -L "https://github.com/terraform-docs/terraform-docs/releases/download/v${TERRAFORM_DOCS_VERSION}/terraform-docs-v${TERRAFORM_DOCS_VERSION}-linux-amd64" -o "terraform-docs-v${TERRAFORM_DOCS_VERSION}-linux-amd64" \
+    && mv terraform-docs-v${TERRAFORM_DOCS_VERSION}-linux-amd64 /usr/local/bin/terraform-docs \
+    && chmod a+x /usr/local/bin/terraform-docs \
+
+    #### install conftest (aka opa)
+    && curl -L "https://github.com/open-policy-agent/conftest/releases/download/v${CONFTEST_VERSION}/conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz" -o "conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz" \
+    && tar xzf "conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz" \
+    && mv conftest /usr/local/bin \
+    && chmod +x /usr/local/bin/conftest \
+    && rm "conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz"
+
+
+RUN mkdir -p /etc/tfenv \
+  && git clone --depth 1 https://github.com/tfutils/tfenv.git /etc/tfenv \
+  && chown -R jenkins /etc/tfenv
+
+USER jenkins
+    #### install terraform with tfenv
+ENV PATH "$PATH:/etc/tfenv/bin"
+RUN tfenv install ${TERRAFORM_1_VERSION} \
+      && tfenv install ${TERRAFORM_1_1_VERSION} \
+      && tfenv use ${TERRAFORM_1_VERSION}
+