jenkins-podman/Dockerfile

# https://github.com/containers/podman/blob/main/contrib/podmanimage/stable/Containerfile
# https://hub.docker.com/r/jenkins/inbound-agent/tags


FROM jenkins/inbound-agent:alpine-jdk17@sha256:17871822cee8a77b6a46e5f293f19c16bcd93074520b7789c7057bfbbb7423c1

ARG BUILDUSER=jenkins

USER root
RUN echo "@edge-testing http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
    apk upgrade -U --available --no-cache && \
    apk add --no-cache \
      tini \
      make \
      jq \
      yq \
      strace \
      fuse-overlayfs \
      podman \
      buildah \
      py-boto3 \
      aws-cli \
      trivy@edge-testing

# Trivy html template
ADD --chown=$BUILDUSER:$BUILDUSER html.tpl /home/$BUILDUSER

# Rootless podman
RUN mkdir -p /home/$BUILDUSER/.config/containers

ADD entrypoint.sh /usr/local/bin/entrypoint.sh
# conf/registries.conf will be mounted RO at runtime to inherit worker settings incl. caching proxies
ADD --chown=$BUILDUSER:$BUILDUSER conf/containers.conf conf/storage.conf /home/$BUILDUSER/.config/containers

RUN echo -e "$BUILDUSER:100000:65535" > /etc/subuid && \
    echo -e "$BUILDUSER:100000:65535" > /etc/subgid && \
    cd /usr/bin && ln -s podman docker && \
    chown $BUILDUSER:$BUILDUSER -R /home/$BUILDUSER

# Patch jenkins-agent to launch podman service
RUN sed -i -e 's/exec \$JAVA_BIN/podman system service -t0\&\n        exec \$JAVA_BIN/' /usr/local/bin/jenkins-agent

ENV XDG_RUNTIME_DIR=/home/$BUILDUSER/agent/xdg-run
ENV BUILDAH_ISOLATION=chroot
ENV _CONTAINERS_USERNS_CONFIGURED=""
ENV HOME=/home/$BUILDUSER

USER $BUILDUSER

ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/entrypoint.sh"]
feat: update to latest jenkins-agent base 2022-06-27 18:20:50 +00:00			`# https://github.com/containers/podman/blob/main/contrib/podmanimage/stable/Containerfile`
feat: latest agent and Alpine, add detect-secrets 2022-10-13 11:28:01 +00:00			`# https://hub.docker.com/r/jenkins/inbound-agent/tags`
feat: update to latest jenkins-agent base 2022-06-27 18:20:50 +00:00
feat: initial commit 2022-01-13 11:41:17 +00:00
chore(deps): update jenkins/inbound-agent:alpine-jdk17 docker digest to 1787182 2024-03-12 03:19:02 +00:00			`FROM jenkins/inbound-agent:alpine-jdk17@sha256:17871822cee8a77b6a46e5f293f19c16bcd93074520b7789c7057bfbbb7423c1`
feat: initial commit 2022-01-13 11:41:17 +00:00
feat: latest agent and Alpine, add detect-secrets 2022-10-13 11:28:01 +00:00			`ARG BUILDUSER=jenkins`
fix: Improve rootless podman config 2022-06-27 17:16:02 +00:00
feat: initial commit 2022-01-13 11:41:17 +00:00			`USER root`
feat: latest agent and Alpine, add detect-secrets 2022-10-13 11:28:01 +00:00			`RUN echo "@edge-testing http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \`
			`apk upgrade -U --available --no-cache && \`
			`apk add --no-cache \`
			`tini \`
			`make \`
Add jq 2023-08-08 11:06:05 +00:00			`jq \`
feat: latest agent and Alpine, add detect-secrets 2022-10-13 11:28:01 +00:00			`yq \`
			`strace \`
Add fuse-overlayfs 2023-10-02 11:20:48 +00:00			`fuse-overlayfs \`
feat: latest agent and Alpine, add detect-secrets 2022-10-13 11:28:01 +00:00			`podman \`
			`buildah \`
Add py-boto3 for advanced build tools 2023-08-11 12:31:24 +00:00			`py-boto3 \`
feat: latest agent and Alpine, add detect-secrets 2022-10-13 11:28:01 +00:00			`aws-cli \`
			`trivy@edge-testing`
feat: initial commit 2022-01-13 11:41:17 +00:00
feat: more Jenkins tuning for trivy 2022-01-14 00:23:18 +00:00			`# Trivy html template`
feat: latest agent and Alpine, add detect-secrets 2022-10-13 11:28:01 +00:00			`ADD --chown=$BUILDUSER:$BUILDUSER html.tpl /home/$BUILDUSER`
feat: more Jenkins tuning for trivy 2022-01-14 00:23:18 +00:00
			`# Rootless podman`
feat: latest agent and Alpine, add detect-secrets 2022-10-13 11:28:01 +00:00			`RUN mkdir -p /home/$BUILDUSER/.config/containers`
fix: Improve rootless podman config 2022-06-27 17:16:02 +00:00
fix: create XDG_RUNTIME if workspace is mounted 2022-07-11 12:56:04 +00:00			`ADD entrypoint.sh /usr/local/bin/entrypoint.sh`
feat: latest agent and Alpine, add detect-secrets 2022-10-13 11:28:01 +00:00			`# conf/registries.conf will be mounted RO at runtime to inherit worker settings incl. caching proxies`
			`ADD --chown=$BUILDUSER:$BUILDUSER conf/containers.conf conf/storage.conf /home/$BUILDUSER/.config/containers`
feat: initial commit 2022-01-13 11:41:17 +00:00
fix: subuid cleanup 2024-03-12 15:58:11 +00:00			`RUN echo -e "$BUILDUSER:100000:65535" > /etc/subuid && \`
			`echo -e "$BUILDUSER:100000:65535" > /etc/subgid && \`
feat: switch to kernel overlay >5.13 2022-07-11 11:47:24 +00:00			`cd /usr/bin && ln -s podman docker && \`
feat: latest agent and Alpine, add detect-secrets 2022-10-13 11:28:01 +00:00			`chown $BUILDUSER:$BUILDUSER -R /home/$BUILDUSER`
feat: initial commit 2022-01-13 11:41:17 +00:00
feat: add tini, start system podman, remove image.tar for scan 2022-01-13 23:47:45 +00:00			`# Patch jenkins-agent to launch podman service`
			`RUN sed -i -e 's/exec \$JAVA_BIN/podman system service -t0\&\n exec \$JAVA_BIN/' /usr/local/bin/jenkins-agent`

feat: latest agent and Alpine, add detect-secrets 2022-10-13 11:28:01 +00:00			`ENV XDG_RUNTIME_DIR=/home/$BUILDUSER/agent/xdg-run`
fix: re-add env 2022-07-11 13:31:03 +00:00			`ENV BUILDAH_ISOLATION=chroot`
fix: Improve rootless podman config 2022-06-27 17:16:02 +00:00			`ENV _CONTAINERS_USERNS_CONFIGURED=""`
fix: set HOME to actual jenkins home 2022-11-18 13:15:08 +00:00			`ENV HOME=/home/$BUILDUSER`
feat: more Jenkins tuning for trivy 2022-01-14 00:23:18 +00:00
feat: latest agent and Alpine, add detect-secrets 2022-10-13 11:28:01 +00:00			`USER $BUILDUSER`

fix: create XDG_RUNTIME if workspace is mounted 2022-07-11 12:56:04 +00:00			`ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/entrypoint.sh"]`