├── .github
    └── pull_request_template.md
├── .gitignore
├── Dockerfile
├── LICENSE.md
├── Makefile
├── README.rst
├── a11y
    ├── Dockerfile
    ├── Makefile
    └── README.rst
├── aws
    ├── Dockerfile
    ├── Makefile
    └── README.rst
├── conf.py
├── container-hardening.md
├── cookiecutter
    ├── Dockerfile
    ├── LICENSE
    ├── Makefile
    └── container-entrypoint.sh
├── default-sdp
    ├── Dockerfile
    ├── Makefile
    └── README.rst
├── docs
    ├── .nojekyll
    ├── _static
    │   ├── style.css
    │   └── theme_overrides.css
    ├── html
    │   ├── .buildinfo
    │   ├── .doctrees
    │   │   ├── LICENSE.doctree
    │   │   ├── README.doctree
    │   │   ├── environment.pickle
    │   │   ├── jenkins-agent
    │   │   │   └── README.doctree
    │   │   ├── jenkins
    │   │   │   ├── README.doctree
    │   │   │   ├── base
    │   │   │   │   └── README.doctree
    │   │   │   ├── kubernetes
    │   │   │   │   └── README.doctree
    │   │   │   └── openshift
    │   │   │   │   └── README.doctree
    │   │   └── sonarqube
    │   │   │   └── README.doctree
    │   ├── .nojekyll
    │   ├── LICENSE.html
    │   ├── README.html
    │   ├── _sources
    │   │   ├── LICENSE.md.txt
    │   │   ├── README.rst.txt
    │   │   ├── jenkins-agent
    │   │   │   └── README.rst.txt
    │   │   ├── jenkins
    │   │   │   ├── README.rst.txt
    │   │   │   ├── base
    │   │   │   │   └── README.rst.txt
    │   │   │   ├── kubernetes
    │   │   │   │   └── README.rst.txt
    │   │   │   └── openshift
    │   │   │   │   └── README.rst.txt
    │   │   └── sonarqube
    │   │   │   └── README.rst.txt
    │   ├── _static
    │   │   ├── ajax-loader.gif
    │   │   ├── basic.css
    │   │   ├── comment-bright.png
    │   │   ├── comment-close.png
    │   │   ├── comment.png
    │   │   ├── css
    │   │   │   ├── badge_only.css
    │   │   │   └── theme.css
    │   │   ├── doctools.js
    │   │   ├── down-pressed.png
    │   │   ├── down.png
    │   │   ├── file.png
    │   │   ├── fonts
    │   │   │   ├── Inconsolata-Bold.ttf
    │   │   │   ├── Inconsolata-Regular.ttf
    │   │   │   ├── Inconsolata.ttf
    │   │   │   ├── Lato-Bold.ttf
    │   │   │   ├── Lato-Regular.ttf
    │   │   │   ├── Lato
    │   │   │   │   ├── lato-bold.eot
    │   │   │   │   ├── lato-bold.ttf
    │   │   │   │   ├── lato-bold.woff
    │   │   │   │   ├── lato-bold.woff2
    │   │   │   │   ├── lato-bolditalic.eot
    │   │   │   │   ├── lato-bolditalic.ttf
    │   │   │   │   ├── lato-bolditalic.woff
    │   │   │   │   ├── lato-bolditalic.woff2
    │   │   │   │   ├── lato-italic.eot
    │   │   │   │   ├── lato-italic.ttf
    │   │   │   │   ├── lato-italic.woff
    │   │   │   │   ├── lato-italic.woff2
    │   │   │   │   ├── lato-regular.eot
    │   │   │   │   ├── lato-regular.ttf
    │   │   │   │   ├── lato-regular.woff
    │   │   │   │   └── lato-regular.woff2
    │   │   │   ├── RobotoSlab-Bold.ttf
    │   │   │   ├── RobotoSlab-Regular.ttf
    │   │   │   ├── RobotoSlab
    │   │   │   │   ├── roboto-slab-v7-bold.eot
    │   │   │   │   ├── roboto-slab-v7-bold.ttf
    │   │   │   │   ├── roboto-slab-v7-bold.woff
    │   │   │   │   ├── roboto-slab-v7-bold.woff2
    │   │   │   │   ├── roboto-slab-v7-regular.eot
    │   │   │   │   ├── roboto-slab-v7-regular.ttf
    │   │   │   │   ├── roboto-slab-v7-regular.woff
    │   │   │   │   └── roboto-slab-v7-regular.woff2
    │   │   │   ├── fontawesome-webfont.eot
    │   │   │   ├── fontawesome-webfont.svg
    │   │   │   ├── fontawesome-webfont.ttf
    │   │   │   ├── fontawesome-webfont.woff
    │   │   │   └── fontawesome-webfont.woff2
    │   │   ├── jquery-3.2.1.js
    │   │   ├── jquery.js
    │   │   ├── js
    │   │   │   ├── modernizr.min.js
    │   │   │   └── theme.js
    │   │   ├── minus.png
    │   │   ├── plus.png
    │   │   ├── pygments.css
    │   │   ├── searchtools.js
    │   │   ├── style.css
    │   │   ├── theme_overrides.css
    │   │   ├── underscore-1.3.1.js
    │   │   ├── underscore.js
    │   │   ├── up-pressed.png
    │   │   ├── up.png
    │   │   └── websupport.js
    │   ├── genindex.html
    │   ├── jenkins-agent
    │   │   └── README.html
    │   ├── jenkins
    │   │   ├── README.html
    │   │   ├── base
    │   │   │   └── README.html
    │   │   ├── kubernetes
    │   │   │   └── README.html
    │   │   └── openshift
    │   │   │   └── README.html
    │   ├── objects.inv
    │   ├── search.html
    │   ├── searchindex.js
    │   └── sonarqube
    │   │   └── README.html
    ├── index.html
    └── templates
    │   └── layout.html
├── dotnet-sonar-scanner
    ├── Dockerfile
    ├── LICENSE
    ├── Makefile
    └── README.rst
├── dotnet
    ├── Dockerfile
    ├── LICENSE
    ├── Makefile
    └── container-entrypoint.sh
├── google-lighthouse
    ├── Dockerfile
    └── Makefile
├── grype
    ├── Dockerfile
    ├── LICENSE
    ├── Makefile
    ├── container-entrypoint.sh
    └── docker-ce.repo
├── helm
    ├── Dockerfile
    ├── Makefile
    └── README.rst
├── jenkins-agent-v3.40
    ├── Dockerfile
    ├── LICENSE
    ├── Makefile
    └── README.rst
├── jenkins-agent
    ├── Dockerfile
    ├── LICENSE
    ├── Makefile
    ├── README.rst
    ├── jenkins-agent.sh
    ├── prebuild
    │   ├── BAH-public.key
    │   ├── build-dep.sh
    │   ├── dependency-handling.sh
    │   ├── jenkins-agent-dependencies-dcar-2.1.sha256
    │   ├── jenkins-agent-dependencies-dcar-2.1.sig
    │   ├── pull-from-centos.sh
    │   └── pull-from-ubi.sh
    └── supervisord.conf
├── jenkins
    ├── README.rst
    ├── base
    │   ├── Dockerfile
    │   ├── Makefile
    │   ├── README.rst
    │   └── resources
    │   │   ├── plugins
    │   │       └── plugins.txt
    │   │   └── scripts
    │   │       ├── configure.groovy
    │   │       └── jenkins.sh
    ├── ecs
    │   ├── Dockerfile
    │   ├── Makefile
    │   ├── README.rst
    │   └── resources
    │   │   ├── jenkins-configuration
    │   │       └── jenkins-casc.yml
    │   │   ├── plugins
    │   │       └── plugins.txt
    │   │   └── scripts
    │   │       ├── container_entrypoint.sh
    │   │       └── jenkins_preboot.sh
    ├── kubernetes
    │   ├── Dockerfile
    │   ├── LICENSE
    │   ├── Makefile
    │   ├── README.rst
    │   ├── prebuild
    │   │   ├── BAH-public.key
    │   │   ├── build-dep.sh
    │   │   ├── jenkins-dependencies-dcar-2.1.sha256
    │   │   ├── jenkins-dependencies-dcar-2.1.sig
    │   │   ├── plugins.txt
    │   │   ├── pull-from-centos.sh
    │   │   ├── pull-plugins.sh
    │   │   └── tini_pub.gpg
    │   └── resources
    │   │   ├── jenkins-support
    │   │   └── scripts
    │   │       ├── jenkins.sh
    │   │       └── tini-shim.sh
    └── openshift
    │   ├── Dockerfile
    │   ├── Makefile
    │   ├── README.md
    │   ├── README.rst
    │   └── resources
    │       ├── plugins
    │           └── plugins.txt
    │       └── scripts
    │           ├── configure.groovy
    │           ├── jenkins-preboot.sh
    │           ├── jenkins.sh
    │           └── sdp_entrypoint.groovy
├── jenkinsfile-runner
    ├── Dockerfile
    ├── LICENSE
    ├── Makefile
    ├── README.rst
    ├── prebuild
    │   ├── BAH-public.key
    │   ├── build-dep.sh
    │   ├── jenkinsfile-runner-dependencies-dcar-2.1.sha256
    │   ├── jenkinsfile-runner-dependencies-dcar-2.1.sig
    │   ├── plugins.txt
    │   ├── pull-war.sh
    │   └── transfer.sh
    └── resources
    │   ├── Dockerfile
    │   └── pom.xml
├── k8s-helm
    ├── Dockerfile
    ├── Makefile
    └── README.rst
├── mvn
    ├── Dockerfile
    ├── Makefile
    └── README.rst
├── nvm-backstage
    ├── Dockerfile
    ├── Makefile
    └── README.rst
├── nvm-cypress
    ├── Dockerfile
    ├── Makefile
    ├── README.rst
    └── centos.repo
├── nvm
    ├── Dockerfile
    ├── Makefile
    └── README.rst
├── openshift_helm
    ├── Dockerfile
    ├── Makefile
    ├── README.rst
    └── prebuild
    │   ├── BAH-public.key
    │   ├── build-dep.sh
    │   ├── helm-dependencies-dcar-2.1.sha256
    │   └── helm-dependencies-dcar-2.1.sig
├── owasp-dep-check
    ├── Dockerfile
    ├── LICENSE
    ├── Makefile
    ├── README.md
    └── container-entrypoint.sh
├── pytest
    ├── Dockerfile
    └── Makefile
├── sonar-scanner
    ├── Dockerfile
    ├── LICENSE
    ├── Makefile
    ├── README.rst
    ├── prebuild
    │   ├── BAH-public.key
    │   ├── build-dep.sh
    │   ├── pull-from-ubi.sh
    │   ├── sonar-scanner-dependencies-dcar-2.1.sha256
    │   └── sonar-scanner-dependencies-dcar-2.1.sig
    └── sonar-runner.properties
├── sonarqube
    ├── Dockerfile
    ├── Makefile
    ├── README.rst
    └── sonar.properties
├── syft
    ├── Dockerfile
    ├── LICENSE
    ├── Makefile
    ├── container-entrypoint.sh
    └── docker-ce.repo
├── terraform
    ├── Dockerfile
    ├── Makefile
    ├── README.rst
    └── docker-entrypoint.sh
├── webhint
    ├── Dockerfile
    └── Makefile
└── zap
    ├── Dockerfile
    ├── Makefile
    └── README.rst


/.github/pull_request_template.md:
--------------------------------------------------------------------------------
 1 | # PR Details
 2 | 
 3 | <!--- Provide a general summary of your changes in the Title above -->
 4 | 
 5 | ## Description
 6 | 
 7 | <!--- Describe your changes in detail -->
 8 | 
 9 | ## How Has This Been Tested
10 | 
11 | <!--- Please describe in detail how you tested your changes. -->
12 | <!--- Include details of your testing environment, and the tests you ran to -->
13 | <!--- see how your change affects other areas of the code, etc. -->
14 | 
15 | ## Types of Changes
16 | 
17 | <!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
18 | 
19 | - [ ] Docs change / refactoring / dependency upgrade
20 | - [ ] Bug fix (non-breaking change which fixes an issue)
21 | - [ ] New feature (non-breaking change which adds functionality)
22 | - [ ] Breaking change (fix or feature that would cause existing functionality to change)
23 | 
24 | ## Checklist
25 | 
26 | <!--- Go over all the following points, and put an `x` in all the boxes that apply. -->
27 | <!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->
28 | 
29 | - [ ] My change requires a change to the documentation.
30 | - [ ] I have updated the documentation accordingly.


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | .DS_Store
 2 | # JFR
 3 | jenkinsfile-runner/resources/target
 4 | jenkinsfile-runner/prebuild/dependencies
 5 | jenkinsfile-runner/prebuild/*.tar.gz
 6 | jenkinsfile-runner/.jfr
 7 | 
 8 | # Sonar-Scanner
 9 | sonar-scanner/prebuild/dependencies
10 | sonar-scanner/prebuild/*.tar.gz
11 | 
12 | # Jenkins agent
13 | jenkins-agent/prebuild/dependencies
14 | jenkins-agent/prebuild/*.tar.gz
15 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:2.7
 2 | 
 3 | # install documentation dependencies
 4 | RUN pip install sphinx==1.6.7               \
 5 |                 sphinx-autobuild==0.7.1     \
 6 |                 sphinx-rtd-theme==0.4.2     \
 7 |                 recommonmark==0.4.0      && \
 8 |     pip install -U git+https://github.com/sizmailov/sphinxcontrib-versioning@conditionally_run_setup_py
 9 | 
10 | RUN git config --global user.email "fake" && \
11 |     git config --global user.name "Docs Deployer"
12 |         
13 | # expectation is the container gets run with 
14 | # docker run -v $(path to repo):/app
15 | WORKDIR /app
16 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | # Minimal makefile for Sphinx documentation
 2 | #
 3 | 
 4 | # You can set these variables from the command line.
 5 | SPHINXOPTS    =
 6 | SPHINXBUILD   = sphinx-build
 7 | SPHINXPROJ    = SolutionsDeliveryPlatform
 8 | SOURCEDIR     = .
 9 | BUILDDIR      = docs
10 | 
11 | 
12 | .PHONY: help Makefile
13 | .SILENT: info 
14 | 
15 | # Put it first so that "make" without argument is like "make help".
16 | help: ## Show target options
17 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
18 | 
19 | clean: ## removes remote documentation and compiled documentation
20 | 	rm -rf docs/doctrees docs/html 	
21 | 
22 | # build docs 
23 | html: ## builds documentation in _build/html 
24 |       ## run make html live for hot reloading of edits during development
25 | 	make clean 
26 | 	docker build . -t sdp-docs
27 | 	$(eval goal := $(filter-out $@,$(MAKECMDGOALS)))
28 | 	@if [ "$(goal)" = "live" ]; then\
29 | 		docker run -p 8000:8000 -v $(shell pwd):/app sdp-docs sphinx-autobuild -b html $(ALLSPHINXOPTS) . $(BUILDDIR)/html -H 0.0.0.0;\
30 | 	elif [ "$(goal)" = "deploy" ]; then\
31 | 		docker run -v $(shell pwd):/app sdp-docs $(SPHINXBUILD) -M html "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O);\
32 | 		git add docs/*;\
33 | 		git commit -m "updating documentation";\
34 | 		git push;\
35 | 	else\
36 | 		docker run -v $(shell pwd):/app sdp-docs $(SPHINXBUILD) -M html "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O);\
37 | 	fi
38 | 
39 | deploy: ;
40 | live: ; 
41 | 
42 | info:
43 | 	@: 
44 | 
45 | list: ## lists container images in the repository and where they are built
46 | 	@echo "Listing container images and where they're built: "
47 | 	@find . -type f -name Makefile -execdir make info \;
48 | 
49 | # Catch-all target: route all unknown targets to Sphinx using the new
50 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
51 | %: Makefile
52 | 	echo "Make command $@ not found" 
53 | 
54 | 


--------------------------------------------------------------------------------
/README.rst:
--------------------------------------------------------------------------------
 1 | .. home: 
 2 | 
 3 | --------------------
 4 | SDP Container Images
 5 | --------------------
 6 | 
 7 | ==================
 8 | Listing the Images
 9 | ==================
10 | 
11 | Run ``make list`` to see all of the images built by this repository 
12 | and the base directory where you can find their resources. 
13 | 
14 | =================
15 | Building an Image
16 | =================
17 | 
18 | Within the images directory, run ``make build`` to build the image. 
19 | 
20 | ================
21 | Pushing an Image
22 | ================
23 | 
24 | Within the images directory, run ``make push`` to build and push the image. 
25 | 
26 | You will be prompted for your GitHub Username and Password.
27 | 
28 | You must have ``read:packages`` and ``write:packages`` permissions to push to 
29 | the github container registry
30 | 
31 | =================
32 | Versioning Images
33 | =================
34 | 
35 | Each ``Makefile`` has a ``VERSION`` variable at the top which contains the 
36 | tag that will be used when building and pushing the container image.  
37 | 
38 | When making changes, the Pull Request should include an incremented container 
39 | image version change. 
40 | 
41 | ==========================
42 | Building the Documentation
43 | ==========================
44 | 
45 | The documentation is built using `Sphinx <http://www.sphinx-doc.org/en/master/>`_ and the 
46 | `Read the Docs <https://sphinx-rtd-theme.readthedocs.io/en/stable/>`_ theme. 
47 | 
48 | The documentation is configured via the ``conf.py`` file at the root of this repository. 
49 | 
50 | Building the documentation requires docker and can be done via: 
51 | 
52 |     | ``make html`` 
53 | 
54 | This will compile the documentation and can be viewed at ``docs/index.html``. 
55 | 
56 | *************
57 | Hot Reloading
58 | *************
59 | 
60 | To get view the documentation updated in realtime during local development, run: 
61 | 
62 |     | ``make html live``
63 | 
64 | The documentation will be viewable at ``http://localhost:8000/readme.html``
65 | 
66 | .. toctree::
67 |    :caption: Images 🐳
68 | 
69 |    jenkins/README
70 |    jenkins-agent/README
71 |    sonarqube/README


--------------------------------------------------------------------------------
/a11y/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Copyright © 2018 Booz Allen Hamilton. All Rights Reserved.
 2 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 3 | 
 4 | FROM node:5
 5 | 
 6 | ENV NPM_CONFIG_LOGLEVEL=warn \
 7 |     NPM_CONFIG_PROGRESS=false \
 8 |     NPM_CONFIG_SPIN=false
 9 | 
10 | RUN npm install -g the-a11y-machine
11 | 
12 | CMD /bin/bash


--------------------------------------------------------------------------------
/a11y/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = a11y
 4 | VERSION  = 1.0
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile 
10 | .ONESHELL: push 
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | build: ## build container image 
18 | 	docker build . -t $(TAG)
19 | 
20 | push: ## builds and publishes container image 
21 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
22 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
23 | 	@echo 
24 | 	@docker login $(REGISTRY) -u $(user) -p $(pass); 
25 | 	make build 
26 | 	docker tag $(TAG) $(REGISTRY)/$(IMAGE):latest
27 | 	docker push $(TAG)
28 | 	docker push $(REGISTRY)/$(IMAGE):latest
29 | 
30 | info: 
31 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
32 | 
33 | # Catch-all target: route all unknown targets to Sphinx using the new
34 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
35 | %: Makefile
36 | 	echo "Make command $@ not found" 
37 | 
38 | 


--------------------------------------------------------------------------------
/a11y/README.rst:
--------------------------------------------------------------------------------
1 | --------------
2 | TheA11yMachine
3 | --------------
4 | 
5 | A container image that jenkins uses to execute accessibility compliance scanning


--------------------------------------------------------------------------------
/aws/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:3.8.2-alpine3.11
 2 | 
 3 | # Versions: https://pypi.python.org/pypi/awscli#downloads
 4 | ENV AWS_CLI_VERSION 1.16.140
 5 | ENV AWS_SAM_VERSION 0.43.0
 6 | 
 7 | RUN apk --no-cache update && \
 8 |     apk --no-cache add --virtual builddeps ca-certificates groff less gcc musl-dev && \
 9 |     pip3 --no-cache-dir install awscli==${AWS_CLI_VERSION} && \
10 |     pip3 --no-cache-dir install aws-sam-cli==${AWS_SAM_VERSION} && \
11 |     apk add jq && \
12 |     apk del builddeps && \
13 |     rm -rf /var/cache/apk/*
14 | 
15 | WORKDIR /data


--------------------------------------------------------------------------------
/aws/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = aws
 4 | VERSION  = 1.2
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile 
10 | .ONESHELL: push 
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | build: ## build container image 
18 | 	docker build . -t $(TAG)
19 | 
20 | push: ## builds and publishes container image 
21 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
22 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
23 | 	@echo 
24 | 	@docker login $(REGISTRY) -u $(user) -p $(pass); 
25 | 	make build 
26 | 	docker tag $(TAG) $(REGISTRY)/$(IMAGE):latest
27 | 	docker push $(TAG)
28 | 	docker push $(REGISTRY)/$(IMAGE):latest
29 | 
30 | info: 
31 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
32 | 
33 | # Catch-all target: route all unknown targets to Sphinx using the new
34 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
35 | %: Makefile
36 | 	echo "Make command $@ not found" 
37 | 
38 | 


--------------------------------------------------------------------------------
/aws/README.rst:
--------------------------------------------------------------------------------
1 | ---
2 | AWS 
3 | ---
4 | 
5 | 
6 | a Jenkins pipeline image that has the aws and sam cli . 


--------------------------------------------------------------------------------
/conf.py:
--------------------------------------------------------------------------------
  1 | # -*- coding: utf-8 -*-
  2 | #
  3 | # Configuration file for the Sphinx documentation builder.
  4 | #
  5 | # This file does only contain a selection of the most common options. For a
  6 | # full list see the documentation:
  7 | # http://www.sphinx-doc.org/en/master/config
  8 | 
  9 | # -- Path setup --------------------------------------------------------------
 10 | 
 11 | # If extensions (or modules to document with autodoc) are in another directory,
 12 | # add these directories to sys.path here. If the directory is relative to the
 13 | # documentation root, use os.path.abspath to make it absolute, like shown here.
 14 | #
 15 | # import os
 16 | # import sys
 17 | # sys.path.insert(0, os.path.abspath('.'))
 18 | 
 19 | # -- Get Remote Docs ---------------------------------------------------------
 20 | 
 21 | import os
 22 | 
 23 | os.system("make get-remote-docs")
 24 | 
 25 | # -- Project information -----------------------------------------------------
 26 | 
 27 | project = u'SDP Container Images'
 28 | copyright = u'2018, Booz Allen Hamilton'
 29 | author = u'Steven Terrana'
 30 | 
 31 | # The short X.Y version
 32 | version = u''
 33 | # The full version, including alpha/beta/rc tags
 34 | release = u''
 35 | 
 36 | 
 37 | # -- General configuration ---------------------------------------------------
 38 | 
 39 | # If your documentation needs a minimal Sphinx version, state it here.
 40 | #
 41 | # needs_sphinx = '1.0'
 42 | 
 43 | # Add any Sphinx extension module names here, as strings. They can be
 44 | # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
 45 | # ones.
 46 | extensions = [
 47 |     'sphinx.ext.githubpages',
 48 | ]
 49 | 
 50 | # Add any paths that contain templates here, relative to this directory.
 51 | templates_path = ['docs/templates']
 52 | 
 53 | # The suffix(es) of source filenames.
 54 | # You can specify multiple suffix as a list of string:
 55 | #
 56 | source_parsers = {
 57 |    '.md': 'recommonmark.parser.CommonMarkParser',
 58 | }
 59 | source_suffix = ['.rst', '.md']
 60 | 
 61 | 
 62 | 
 63 | # The master toctree document.
 64 | master_doc = 'README'
 65 | 
 66 | # The language for content autogenerated by Sphinx. Refer to documentation
 67 | # for a list of supported languages.
 68 | #
 69 | # This is also used if you do content translation via gettext catalogs.
 70 | # Usually you set "language" from the command line for these cases.
 71 | language = None
 72 | 
 73 | # List of patterns, relative to source directory, that match files and
 74 | # directories to ignore when looking for source files.
 75 | # This pattern also affects html_static_path and html_extra_path .
 76 | exclude_patterns = [u'_build', 'Thumbs.db', '.DS_Store', '.github']
 77 | 
 78 | # The name of the Pygments (syntax highlighting) style to use.
 79 | pygments_style = 'sphinx'
 80 | 
 81 | 
 82 | # -- Options for HTML output -------------------------------------------------
 83 | 
 84 | # The theme to use for HTML and HTML Help pages.  See the documentation for
 85 | # a list of builtin themes.
 86 | #
 87 | html_theme = 'sphinx_rtd_theme'
 88 | 
 89 | # Theme options are theme-specific and customize the look and feel of a theme
 90 | # further.  For a list of options available for each theme, see the
 91 | # documentation.
 92 | #
 93 | html_theme_options = {
 94 |     'canonical_url': '',
 95 |     'analytics_id': '',
 96 |     'logo_only': False,
 97 |     'display_version': True,
 98 |     'prev_next_buttons_location': 'bottom',
 99 |     'style_external_links': False,
100 |     # Toc options
101 |     'collapse_navigation': True,
102 |     'sticky_navigation': True,
103 |     'navigation_depth': 4,
104 |     'includehidden': True,
105 |     'titles_only': False
106 | }
107 | 
108 | # Add any paths that contain custom static files (such as style sheets) here,
109 | # relative to this directory. They are copied after the builtin static files,
110 | # so a file named "default.css" will overwrite the builtin "default.css".
111 | html_static_path = ['docs/_static']
112 | 
113 | html_context = {
114 |     'css_files': [
115 |         '_static/theme_overrides.css',  # override wide tables in RTD theme
116 |         '_static/style.css'
117 |     ]
118 | }


--------------------------------------------------------------------------------
/cookiecutter/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Copyright © 2022 Booz Allen Hamilton. All Rights Reserved.
 2 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 3 | 
 4 | ARG BASE_REGISTRY=registry.access.redhat.com
 5 | ARG BASE_IMAGE=ubi8/ubi
 6 | ARG BASE_TAG=8.6-754
 7 | FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 8 | 
 9 | ### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels
10 | LABEL name="Solutions Delivery Platform: Cookiecutter" \
11 |       maintainer="uip@bah.com" \
12 |       vendor="Booz Allen Hamilton" \
13 |       version="2.1.1" \
14 |       release="2.1.1" \
15 |       summary="Python3 Cookiecutter Library" \
16 |       description="The Python3 Cookiecutter container image for the Solutions Delivery Platform"
17 | 
18 | ### add licenses to this directory
19 | COPY LICENSE /licenses
20 | 
21 | ### Use yum as root user
22 | USER root
23 | 
24 | ENV PROGRAM_NAME cookiecutter
25 | ENV PROGRAM_VERSION 2.1.1
26 | 
27 | ARG user=${PROGRAM_NAME}
28 | 
29 | # Add user, create required directories  and cleanup
30 | RUN useradd -ms /bin/bash ${user}                                                                              && \
31 |     yum --nogpgcheck --disableplugin=subscription-manager clean all
32 | 
33 | ### Add necessary Red Hat repos and packages here. cookiecutter 2.1.1 needs more recent python version.
34 | RUN INSTALL_PKGS="coreutils python39 python39-pip git"                                                              && \
35 |     yum clean all                                                                                                && \
36 |     yum --disableplugin=subscription-manager -y update-minimal --setopt=tsflags=nodocs --security                && \
37 |     yum --disableplugin=subscription-manager -y install --allowerasing --setopt=tsflags=nodocs ${INSTALL_PKGS}
38 | 
39 | WORKDIR /home/cookiecutter
40 | 
41 | ### Insert Container Entry Point Script
42 | COPY container-entrypoint.sh /usr/local/bin/container-entrypoint.sh
43 | 
44 | ### Set script as executable
45 | RUN chmod +x /usr/local/bin/container-entrypoint.sh
46 | 
47 | USER ${user}
48 | 
49 | RUN python3 -m pip install --user ${PROGRAM_NAME}==${PROGRAM_VERSION}
50 | 
51 | ENTRYPOINT [ "/bin/sh", "/usr/local/bin/container-entrypoint.sh" ]
52 | 


--------------------------------------------------------------------------------
/cookiecutter/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = cookiecutter
 4 | VERSION  = 2.1.1
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile
10 | .ONESHELL: push
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | build: ## build container image
18 | 	docker build . -t $(TAG)
19 | 
20 | push: ## builds and publishes container image
21 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
22 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
23 | 	@echo
24 | 	@docker login $(REGISTRY) -u $(user) -p $(pass);
25 | 	make build
26 | 	docker tag $(TAG) $(REGISTRY)/$(IMAGE):$(VERSION)
27 | 	docker push $(TAG)
28 | 	docker push $(REGISTRY)/$(IMAGE):$(VERSION)
29 | 
30 | build-dep: ## build container dependencies
31 | 	$(eval dir := $(shell pwd))
32 | 	docker run -u root -it -v $(dir)/prebuild:/root/prebuild:z registry.access.redhat.com/ubi8/ubi:8.6-754 /root/prebuild/pull-from-ubi.sh
33 | 	docker run -u root -it -v $(dir)/prebuild:/root/prebuild:z registry.access.redhat.com/ubi8/ubi:8.6-754 /root/prebuild/build-dep.sh
34 | 
35 | info:
36 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
37 | 
38 | # Catch-all target: route all unknown targets to Sphinx using the new
39 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
40 | %: Makefile
41 | 	echo "Make command $@ not found"
42 | 


--------------------------------------------------------------------------------
/cookiecutter/container-entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -e
3 | 
4 | exec "$@"
5 | 


--------------------------------------------------------------------------------
/default-sdp/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Copyright © 2018 Booz Allen Hamilton. All Rights Reserved.
 2 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 3 | 
 4 | FROM registry.access.redhat.com/ubi8/ubi:8.2
 5 | 
 6 | LABEL name="Solutions Delivery Platform: Default Basic SDP Image" \
 7 |       maintainer="terrana_steven@bah.com" \
 8 |       vendor="Booz Allen Hamilton" \
 9 |       summary="Default SDP container" \
10 |       description="This container is the default container for SDP pipeline library containing some common utilities"
11 | 
12 | RUN INSTALL_PKGS="git wget make " && \
13 |     yum -y update  && \
14 |     yum -y install --setopt=tsflags=nodocs ${INSTALL_PKGS}
15 | 
16 | ARG user=sdpuser
17 | ARG group=sdpuser
18 | ARG uid=1000
19 | ARG gid=1000
20 | ARG SDP_HOME=/var/sdp
21 | 
22 | RUN mkdir -p $SDP_HOME \
23 |   && chown ${uid}:${gid} $SDP_HOME \
24 |   && groupadd -g ${gid} ${group} \
25 |   && useradd -d "$SDP_HOME" -u ${uid} -g ${gid} -m -s /bin/bash ${user}
26 | 
27 | USER ${user}
28 | WORKDIR $SDP_HOME
29 | CMD ["/bin/bash"]
30 | 


--------------------------------------------------------------------------------
/default-sdp/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = default-sdp
 4 | VERSION  = 1.0
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile 
10 | .ONESHELL: push 
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | build: ## build container image 
18 | 	docker build . -t $(TAG)
19 | 
20 | push: ## builds and publishes container image 
21 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
22 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
23 | 	@echo 
24 | 	@docker login $(REGISTRY) -u $(user) -p $(pass); 
25 | 	make build 
26 | 	docker tag $(TAG) $(REGISTRY)/$(IMAGE):latest
27 | 	docker push $(TAG)
28 | 	docker push $(REGISTRY)/$(IMAGE):latest
29 | 
30 | info: 
31 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
32 | 
33 | # Catch-all target: route all unknown targets to Sphinx using the new
34 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
35 | %: Makefile
36 | 	echo "Make command $@ not found" 
37 | 
38 | 


--------------------------------------------------------------------------------
/default-sdp/README.rst:
--------------------------------------------------------------------------------
1 | -------------
2 | default-sdp
3 | -------------
4 | 
5 | An UBI based  container image that contains commonly used utilities and is the default container image used by sdp library 
6 | 


--------------------------------------------------------------------------------
/docs/.nojekyll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/.nojekyll


--------------------------------------------------------------------------------
/docs/_static/style.css:
--------------------------------------------------------------------------------
1 | .wy-nav-content {
2 |     max-width: none;
3 | }
4 | 
5 | span.caption-text{
6 |     color: #2980B9; 
7 | }


--------------------------------------------------------------------------------
/docs/_static/theme_overrides.css:
--------------------------------------------------------------------------------
 1 | /* override table width restrictions */
 2 | @media screen{
 3 | 
 4 |     .wy-nav-content {
 5 |         max-width: none;
 6 |     }
 7 | 
 8 |     .wy-table-responsive table td {
 9 |        /* !important prevents the common CSS stylesheets from overriding
10 |           this as on RTD they are loaded after this stylesheet */
11 |        white-space: normal !important;
12 |     }
13 |  
14 |     .wy-table-responsive {
15 |        overflow: visible !important;
16 |     }
17 |  }


--------------------------------------------------------------------------------
/docs/html/.buildinfo:
--------------------------------------------------------------------------------
1 | # Sphinx build info version 1
2 | # This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done.
3 | config: 6fa319134c4e4f7b5e38bd92cb602806
4 | tags: 645f666f9bcd5a90fca523b33c5a78b7
5 | 


--------------------------------------------------------------------------------
/docs/html/.doctrees/LICENSE.doctree:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/.doctrees/LICENSE.doctree


--------------------------------------------------------------------------------
/docs/html/.doctrees/README.doctree:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/.doctrees/README.doctree


--------------------------------------------------------------------------------
/docs/html/.doctrees/environment.pickle:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/.doctrees/environment.pickle


--------------------------------------------------------------------------------
/docs/html/.doctrees/jenkins-agent/README.doctree:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/.doctrees/jenkins-agent/README.doctree


--------------------------------------------------------------------------------
/docs/html/.doctrees/jenkins/README.doctree:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/.doctrees/jenkins/README.doctree


--------------------------------------------------------------------------------
/docs/html/.doctrees/jenkins/base/README.doctree:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/.doctrees/jenkins/base/README.doctree


--------------------------------------------------------------------------------
/docs/html/.doctrees/jenkins/kubernetes/README.doctree:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/.doctrees/jenkins/kubernetes/README.doctree


--------------------------------------------------------------------------------
/docs/html/.doctrees/jenkins/openshift/README.doctree:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/.doctrees/jenkins/openshift/README.doctree


--------------------------------------------------------------------------------
/docs/html/.doctrees/sonarqube/README.doctree:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/.doctrees/sonarqube/README.doctree


--------------------------------------------------------------------------------
/docs/html/.nojekyll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/.nojekyll


--------------------------------------------------------------------------------
/docs/html/_sources/README.rst.txt:
--------------------------------------------------------------------------------
 1 | .. home: 
 2 | 
 3 | --------------------
 4 | SDP Container Images
 5 | --------------------
 6 | 
 7 | ==================
 8 | Listing the Images
 9 | ==================
10 | 
11 | Run ``make list`` to see all of the images built by this repository 
12 | and the base directory where you can find their resources. 
13 | 
14 | =================
15 | Building an Image
16 | =================
17 | 
18 | Within the images directory, run ``make build`` to build the image. 
19 | 
20 | ================
21 | Pushing an Image
22 | ================
23 | 
24 | Within the images directory, run ``make push`` to build and push the image. 
25 | 
26 | You will be prompted for your GitHub Username and Password.
27 | 
28 | You must have ``read:packages`` and ``write:packages`` permissions to push to 
29 | the github container registry
30 | 
31 | =================
32 | Versioning Images
33 | =================
34 | 
35 | Each ``Makefile`` has a ``VERSION`` variable at the top which contains the 
36 | tag that will be used when building and pushing the container image.  
37 | 
38 | When making changes, the Pull Request should include an incremented container 
39 | image version change. 
40 | 
41 | ==========================
42 | Building the Documentation
43 | ==========================
44 | 
45 | The documentation is built using `Sphinx <http://www.sphinx-doc.org/en/master/>`_ and the 
46 | `Read the Docs <https://sphinx-rtd-theme.readthedocs.io/en/stable/>`_ theme. 
47 | 
48 | The documentation is configured via the ``conf.py`` file at the root of this repository. 
49 | 
50 | Building the documentation requires docker and can be done via: 
51 | 
52 |     | ``make html`` 
53 | 
54 | This will compile the documentation and can be viewed at ``docs/index.html``. 
55 | 
56 | *************
57 | Hot Reloading
58 | *************
59 | 
60 | To get view the documentation updated in realtime during local development, run: 
61 | 
62 |     | ``make html live``
63 | 
64 | The documentation will be viewable at ``http://localhost:8000/readme.html``
65 | 
66 | .. toctree::
67 |    :caption: Images 🐳
68 | 
69 |    jenkins/README
70 |    jenkins-agent/README
71 |    sonarqube/README


--------------------------------------------------------------------------------
/docs/html/_sources/jenkins-agent/README.rst.txt:
--------------------------------------------------------------------------------
1 | -------------
2 | Jenkins Agent
3 | -------------


--------------------------------------------------------------------------------
/docs/html/_sources/jenkins/README.rst.txt:
--------------------------------------------------------------------------------
 1 | .. jenkins: 
 2 | 
 3 | --------------
 4 | Jenkins Master
 5 | --------------
 6 | 
 7 | 
 8 | This page will have docs for the jenkins image 
 9 | 
10 | 
11 | .. toctree::
12 |    :hidden:
13 | 
14 |    base/README
15 |    kubernetes/README
16 |    openshift/README


--------------------------------------------------------------------------------
/docs/html/_sources/jenkins/base/README.rst.txt:
--------------------------------------------------------------------------------
1 | ----------
2 | Base Image
3 | ----------
4 | 
5 | .. csv-table:: Environment Variables
6 |    :header: "Name", "Description", "Default" 
7 | 
8 |    "MASTER_EXECUTORS", "The number of executors for the Jenkins Master", "0" 


--------------------------------------------------------------------------------
/docs/html/_sources/jenkins/kubernetes/README.rst.txt:
--------------------------------------------------------------------------------
1 | -------------
2 | On Kubernetes
3 | -------------


--------------------------------------------------------------------------------
/docs/html/_sources/jenkins/openshift/README.rst.txt:
--------------------------------------------------------------------------------
1 | ------------
2 | On OpenShift
3 | ------------


--------------------------------------------------------------------------------
/docs/html/_sources/sonarqube/README.rst.txt:
--------------------------------------------------------------------------------
 1 | ---------
 2 | SonarQube
 3 | ---------
 4 | 
 5 | extends `sonarqube:6.7 <https://hub.docker.com/_/sonarqube/>`_ image and adds some 
 6 | environment variable configurations. 
 7 | 
 8 | 
 9 | .. csv-table:: Environment Variables
10 |    :header: "Name", "Description", "Default" 
11 | 
12 |     "WEB_CONTEXT", "the root path to access sonarqube, for when hosting behind an ALB with path based routing.", "" 


--------------------------------------------------------------------------------
/docs/html/_static/ajax-loader.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/ajax-loader.gif


--------------------------------------------------------------------------------
/docs/html/_static/comment-bright.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/comment-bright.png


--------------------------------------------------------------------------------
/docs/html/_static/comment-close.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/comment-close.png


--------------------------------------------------------------------------------
/docs/html/_static/comment.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/comment.png


--------------------------------------------------------------------------------
/docs/html/_static/css/badge_only.css:
--------------------------------------------------------------------------------
1 | .fa:before{-webkit-font-smoothing:antialiased}.clearfix{*zoom:1}.clearfix:before,.clearfix:after{display:table;content:""}.clearfix:after{clear:both}@font-face{font-family:FontAwesome;font-weight:normal;font-style:normal;src:url("../fonts/fontawesome-webfont.eot");src:url("../fonts/fontawesome-webfont.eot?#iefix") format("embedded-opentype"),url("../fonts/fontawesome-webfont.woff") format("woff"),url("../fonts/fontawesome-webfont.ttf") format("truetype"),url("../fonts/fontawesome-webfont.svg#FontAwesome") format("svg")}.fa:before{display:inline-block;font-family:FontAwesome;font-style:normal;font-weight:normal;line-height:1;text-decoration:inherit}a .fa{display:inline-block;text-decoration:inherit}li .fa{display:inline-block}li .fa-large:before,li .fa-large:before{width:1.875em}ul.fas{list-style-type:none;margin-left:2em;text-indent:-0.8em}ul.fas li .fa{width:.8em}ul.fas li .fa-large:before,ul.fas li .fa-large:before{vertical-align:baseline}.fa-book:before{content:""}.icon-book:before{content:""}.fa-caret-down:before{content:""}.icon-caret-down:before{content:""}.fa-caret-up:before{content:""}.icon-caret-up:before{content:""}.fa-caret-left:before{content:""}.icon-caret-left:before{content:""}.fa-caret-right:before{content:""}.icon-caret-right:before{content:""}.rst-versions{position:fixed;bottom:0;left:0;width:300px;color:#fcfcfc;background:#1f1d1d;font-family:"Lato","proxima-nova","Helvetica Neue",Arial,sans-serif;z-index:400}.rst-versions a{color:#2980B9;text-decoration:none}.rst-versions .rst-badge-small{display:none}.rst-versions .rst-current-version{padding:12px;background-color:#272525;display:block;text-align:right;font-size:90%;cursor:pointer;color:#27AE60;*zoom:1}.rst-versions .rst-current-version:before,.rst-versions .rst-current-version:after{display:table;content:""}.rst-versions .rst-current-version:after{clear:both}.rst-versions .rst-current-version .fa{color:#fcfcfc}.rst-versions .rst-current-version .fa-book{float:left}.rst-versions .rst-current-version .icon-book{float:left}.rst-versions .rst-current-version.rst-out-of-date{background-color:#E74C3C;color:#fff}.rst-versions .rst-current-version.rst-active-old-version{background-color:#F1C40F;color:#000}.rst-versions.shift-up{height:auto;max-height:100%}.rst-versions.shift-up .rst-other-versions{display:block}.rst-versions .rst-other-versions{font-size:90%;padding:12px;color:gray;display:none}.rst-versions .rst-other-versions hr{display:block;height:1px;border:0;margin:20px 0;padding:0;border-top:solid 1px #413d3d}.rst-versions .rst-other-versions dd{display:inline-block;margin:0}.rst-versions .rst-other-versions dd a{display:inline-block;padding:6px;color:#fcfcfc}.rst-versions.rst-badge{width:auto;bottom:20px;right:20px;left:auto;border:none;max-width:300px}.rst-versions.rst-badge .icon-book{float:none}.rst-versions.rst-badge .fa-book{float:none}.rst-versions.rst-badge.shift-up .rst-current-version{text-align:right}.rst-versions.rst-badge.shift-up .rst-current-version .fa-book{float:left}.rst-versions.rst-badge.shift-up .rst-current-version .icon-book{float:left}.rst-versions.rst-badge .rst-current-version{width:auto;height:30px;line-height:30px;padding:0 6px;display:block;text-align:center}@media screen and (max-width: 768px){.rst-versions{width:85%;display:none}.rst-versions.shift{display:block}}
2 | 


--------------------------------------------------------------------------------
/docs/html/_static/down-pressed.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/down-pressed.png


--------------------------------------------------------------------------------
/docs/html/_static/down.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/down.png


--------------------------------------------------------------------------------
/docs/html/_static/file.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/file.png


--------------------------------------------------------------------------------
/docs/html/_static/fonts/Inconsolata-Bold.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/Inconsolata-Bold.ttf


--------------------------------------------------------------------------------
/docs/html/_static/fonts/Inconsolata-Regular.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/Inconsolata-Regular.ttf


--------------------------------------------------------------------------------
/docs/html/_static/fonts/Inconsolata.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/Inconsolata.ttf


--------------------------------------------------------------------------------
/docs/html/_static/fonts/Lato-Bold.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/Lato-Bold.ttf


--------------------------------------------------------------------------------
/docs/html/_static/fonts/Lato-Regular.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/Lato-Regular.ttf


--------------------------------------------------------------------------------
/docs/html/_static/fonts/Lato/lato-bold.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/Lato/lato-bold.eot


--------------------------------------------------------------------------------
/docs/html/_static/fonts/Lato/lato-bold.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/Lato/lato-bold.ttf


--------------------------------------------------------------------------------
/docs/html/_static/fonts/Lato/lato-bold.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/Lato/lato-bold.woff


--------------------------------------------------------------------------------
/docs/html/_static/fonts/Lato/lato-bold.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/Lato/lato-bold.woff2


--------------------------------------------------------------------------------
/docs/html/_static/fonts/Lato/lato-bolditalic.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/Lato/lato-bolditalic.eot


--------------------------------------------------------------------------------
/docs/html/_static/fonts/Lato/lato-bolditalic.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/Lato/lato-bolditalic.ttf


--------------------------------------------------------------------------------
/docs/html/_static/fonts/Lato/lato-bolditalic.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/Lato/lato-bolditalic.woff


--------------------------------------------------------------------------------
/docs/html/_static/fonts/Lato/lato-bolditalic.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/Lato/lato-bolditalic.woff2


--------------------------------------------------------------------------------
/docs/html/_static/fonts/Lato/lato-italic.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/Lato/lato-italic.eot


--------------------------------------------------------------------------------
/docs/html/_static/fonts/Lato/lato-italic.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/Lato/lato-italic.ttf


--------------------------------------------------------------------------------
/docs/html/_static/fonts/Lato/lato-italic.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/Lato/lato-italic.woff


--------------------------------------------------------------------------------
/docs/html/_static/fonts/Lato/lato-italic.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/Lato/lato-italic.woff2


--------------------------------------------------------------------------------
/docs/html/_static/fonts/Lato/lato-regular.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/Lato/lato-regular.eot


--------------------------------------------------------------------------------
/docs/html/_static/fonts/Lato/lato-regular.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/Lato/lato-regular.ttf


--------------------------------------------------------------------------------
/docs/html/_static/fonts/Lato/lato-regular.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/Lato/lato-regular.woff


--------------------------------------------------------------------------------
/docs/html/_static/fonts/Lato/lato-regular.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/Lato/lato-regular.woff2


--------------------------------------------------------------------------------
/docs/html/_static/fonts/RobotoSlab-Bold.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/RobotoSlab-Bold.ttf


--------------------------------------------------------------------------------
/docs/html/_static/fonts/RobotoSlab-Regular.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/RobotoSlab-Regular.ttf


--------------------------------------------------------------------------------
/docs/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.eot


--------------------------------------------------------------------------------
/docs/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.ttf


--------------------------------------------------------------------------------
/docs/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff


--------------------------------------------------------------------------------
/docs/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff2


--------------------------------------------------------------------------------
/docs/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.eot


--------------------------------------------------------------------------------
/docs/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.ttf


--------------------------------------------------------------------------------
/docs/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff


--------------------------------------------------------------------------------
/docs/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff2


--------------------------------------------------------------------------------
/docs/html/_static/fonts/fontawesome-webfont.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/fontawesome-webfont.eot


--------------------------------------------------------------------------------
/docs/html/_static/fonts/fontawesome-webfont.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/fontawesome-webfont.ttf


--------------------------------------------------------------------------------
/docs/html/_static/fonts/fontawesome-webfont.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/fontawesome-webfont.woff


--------------------------------------------------------------------------------
/docs/html/_static/fonts/fontawesome-webfont.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/fonts/fontawesome-webfont.woff2


--------------------------------------------------------------------------------
/docs/html/_static/js/theme.js:
--------------------------------------------------------------------------------
1 | /* sphinx_rtd_theme version 0.4.2 | MIT license */
2 | /* Built 20181005 13:10 */
3 | require=function r(s,a,l){function c(e,n){if(!a[e]){if(!s[e]){var i="function"==typeof require&&require;if(!n&&i)return i(e,!0);if(u)return u(e,!0);var t=new Error("Cannot find module '"+e+"'");throw t.code="MODULE_NOT_FOUND",t}var o=a[e]={exports:{}};s[e][0].call(o.exports,function(n){return c(s[e][1][n]||n)},o,o.exports,r,s,a,l)}return a[e].exports}for(var u="function"==typeof require&&require,n=0;n<l.length;n++)c(l[n]);return c}({"sphinx-rtd-theme":[function(n,e,i){var jQuery="undefined"!=typeof window?window.jQuery:n("jquery");e.exports.ThemeNav={navBar:null,win:null,winScroll:!1,winResize:!1,linkScroll:!1,winPosition:0,winHeight:null,docHeight:null,isRunning:!1,enable:function(e){var i=this;void 0===e&&(e=!0),i.isRunning||(i.isRunning=!0,jQuery(function(n){i.init(n),i.reset(),i.win.on("hashchange",i.reset),e&&i.win.on("scroll",function(){i.linkScroll||i.winScroll||(i.winScroll=!0,requestAnimationFrame(function(){i.onScroll()}))}),i.win.on("resize",function(){i.winResize||(i.winResize=!0,requestAnimationFrame(function(){i.onResize()}))}),i.onResize()}))},enableSticky:function(){this.enable(!0)},init:function(i){i(document);var t=this;this.navBar=i("div.wy-side-scroll:first"),this.win=i(window),i(document).on("click","[data-toggle='wy-nav-top']",function(){i("[data-toggle='wy-nav-shift']").toggleClass("shift"),i("[data-toggle='rst-versions']").toggleClass("shift")}).on("click",".wy-menu-vertical .current ul li a",function(){var n=i(this);i("[data-toggle='wy-nav-shift']").removeClass("shift"),i("[data-toggle='rst-versions']").toggleClass("shift"),t.toggleCurrent(n),t.hashChange()}).on("click","[data-toggle='rst-current-version']",function(){i("[data-toggle='rst-versions']").toggleClass("shift-up")}),i("table.docutils:not(.field-list,.footnote,.citation)").wrap("<div class='wy-table-responsive'></div>"),i("table.docutils.footnote").wrap("<div class='wy-table-responsive footnote'></div>"),i("table.docutils.citation").wrap("<div class='wy-table-responsive citation'></div>"),i(".wy-menu-vertical ul").not(".simple").siblings("a").each(function(){var e=i(this);expand=i('<span class="toctree-expand"></span>'),expand.on("click",function(n){return t.toggleCurrent(e),n.stopPropagation(),!1}),e.prepend(expand)})},reset:function(){var n=encodeURI(window.location.hash)||"#";try{var e=$(".wy-menu-vertical"),i=e.find('[href="'+n+'"]');if(0===i.length){var t=$('.document [id="'+n.substring(1)+'"]').closest("div.section");0===(i=e.find('[href="#'+t.attr("id")+'"]')).length&&(i=e.find('[href="#"]'))}0<i.length&&($(".wy-menu-vertical .current").removeClass("current"),i.addClass("current"),i.closest("li.toctree-l1").addClass("current"),i.closest("li.toctree-l1").parent().addClass("current"),i.closest("li.toctree-l1").addClass("current"),i.closest("li.toctree-l2").addClass("current"),i.closest("li.toctree-l3").addClass("current"),i.closest("li.toctree-l4").addClass("current"))}catch(o){console.log("Error expanding nav for anchor",o)}},onScroll:function(){this.winScroll=!1;var n=this.win.scrollTop(),e=n+this.winHeight,i=this.navBar.scrollTop()+(n-this.winPosition);n<0||e>this.docHeight||(this.navBar.scrollTop(i),this.winPosition=n)},onResize:function(){this.winResize=!1,this.winHeight=this.win.height(),this.docHeight=$(document).height()},hashChange:function(){this.linkScroll=!0,this.win.one("hashchange",function(){this.linkScroll=!1})},toggleCurrent:function(n){var e=n.closest("li");e.siblings("li.current").removeClass("current"),e.siblings().find("li.current").removeClass("current"),e.find("> ul li.current").removeClass("current"),e.toggleClass("current")}},"undefined"!=typeof window&&(window.SphinxRtdTheme={Navigation:e.exports.ThemeNav,StickyNav:e.exports.ThemeNav}),function(){for(var r=0,n=["ms","moz","webkit","o"],e=0;e<n.length&&!window.requestAnimationFrame;++e)window.requestAnimationFrame=window[n[e]+"RequestAnimationFrame"],window.cancelAnimationFrame=window[n[e]+"CancelAnimationFrame"]||window[n[e]+"CancelRequestAnimationFrame"];window.requestAnimationFrame||(window.requestAnimationFrame=function(n,e){var i=(new Date).getTime(),t=Math.max(0,16-(i-r)),o=window.setTimeout(function(){n(i+t)},t);return r=i+t,o}),window.cancelAnimationFrame||(window.cancelAnimationFrame=function(n){clearTimeout(n)})}()},{jquery:"jquery"}]},{},["sphinx-rtd-theme"]);


--------------------------------------------------------------------------------
/docs/html/_static/minus.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/minus.png


--------------------------------------------------------------------------------
/docs/html/_static/plus.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/plus.png


--------------------------------------------------------------------------------
/docs/html/_static/style.css:
--------------------------------------------------------------------------------
1 | .wy-nav-content {
2 |     max-width: none;
3 | }
4 | 
5 | span.caption-text{
6 |     color: #2980B9; 
7 | }


--------------------------------------------------------------------------------
/docs/html/_static/theme_overrides.css:
--------------------------------------------------------------------------------
 1 | /* override table width restrictions */
 2 | @media screen{
 3 | 
 4 |     .wy-nav-content {
 5 |         max-width: none;
 6 |     }
 7 | 
 8 |     .wy-table-responsive table td {
 9 |        /* !important prevents the common CSS stylesheets from overriding
10 |           this as on RTD they are loaded after this stylesheet */
11 |        white-space: normal !important;
12 |     }
13 |  
14 |     .wy-table-responsive {
15 |        overflow: visible !important;
16 |     }
17 |  }


--------------------------------------------------------------------------------
/docs/html/_static/up-pressed.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/up-pressed.png


--------------------------------------------------------------------------------
/docs/html/_static/up.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/_static/up.png


--------------------------------------------------------------------------------
/docs/html/objects.inv:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/docs/html/objects.inv


--------------------------------------------------------------------------------
/docs/html/searchindex.js:
--------------------------------------------------------------------------------
1 | Search.setIndex({docnames:["LICENSE","README","jenkins-agent/README","jenkins/README","jenkins/base/README","jenkins/kubernetes/README","jenkins/openshift/README","sonarqube/README"],envversion:52,filenames:["LICENSE.md","README.rst","jenkins-agent/README.rst","jenkins/README.rst","jenkins/base/README.rst","jenkins/kubernetes/README.rst","jenkins/openshift/README.rst","sonarqube/README.rst"],objects:{},objnames:{},objtypes:{},terms:{"default":[4,7],"import":0,The:[0,1,4],abov:0,academ:0,access:[0,7],accord:0,accur:0,acknowledg:0,add:7,addit:0,affect:0,agent:1,agre:0,alb:7,all:[0,1],allow:0,ani:0,anyon:0,appli:0,applic:0,aris:0,assum:0,authorship:0,avail:0,bah:0,base:[1,7],basi:0,been:0,behalf:0,behind:7,below:0,built:1,busi:0,can:[0,1],caus:0,chang:[0,1],charact:0,charg:0,choic:0,circumst:0,claim:0,clear:0,code:0,collect:0,com:0,combin:0,commerci:0,commun:0,compil:[0,1],complianc:0,comput:0,condit:0,conf:1,configur:[1,7],consequenti:0,conspicu:0,contact:0,contain:0,contract:0,contribut:0,copi:0,copyright:0,correct:0,cours:0,creat:0,creation:0,damag:0,deal:0,delet:0,deriv:0,descript:[4,7],develop:1,direct:0,directori:1,disclaim:0,displai:0,disrupt:0,distinct:0,distribut:0,doc:[1,3],docker:1,doe:0,done:1,dure:1,each:[0,1],either:0,empow:0,enforc:0,entiti:0,error:0,even:0,exclus:0,executor:4,exercis:0,express:0,extend:7,extent:0,fact:0,failur:0,fee:0,file:1,find:1,first:0,fit:0,forego:0,form:0,found:0,free:0,from:0,get:1,github:1,goal:0,good:0,goodwil:0,govern:0,grant:0,guarante:0,hamilton:0,has:[0,1],have:[0,1,3],held:0,herebi:0,holder:0,host:7,how:0,html:1,http:1,human:0,iii:0,imag:[3,7],impact:0,impair:0,impli:0,incident:0,includ:[0,1],increment:1,index:1,indirect:0,individu:0,inform:0,infring:0,ingenu:0,initi:0,intellectu:0,interfer:0,intern:0,invalid:0,jenkin:[1,4],largest:0,law:0,legal:0,liabil:0,liabl:0,limit:0,live:1,local:1,localhost:1,loss:0,lost:0,machin:0,made:0,mai:0,make:[0,1],makefil:1,malfunct:0,mark:0,master:[1,4],master_executor:4,maximum:0,mean:0,meet:0,merchant:0,modif:0,modifi:0,must:[0,1],name:[0,4,7],need:0,neglig:0,non:0,notic:0,number:4,object:0,obtain:0,offer:0,opensourc:0,oral:0,order:0,origin:0,other:0,otherwis:0,own:0,packag:[0,1],page:3,parti:0,particular:0,password:1,patent:0,path:7,peopl:0,perform:0,permiss:[0,1],permit:0,perpetu:0,place:0,pleas:0,portion:0,possibl:0,prepar:0,privaci:0,product:0,profit:0,prompt:1,properti:0,proprietari:0,provid:0,provis:0,pull:1,purpos:0,read:1,readabl:0,readm:1,realtim:1,recipi:0,refer:0,regard:0,regardless:0,registri:1,regul:0,reliabl:0,remov:0,repositori:1,represent:0,reproduc:0,request:1,requir:[0,1],reserv:0,resourc:1,respons:0,result:0,right:0,robust:0,root:[1,7],rout:7,royalti:0,run:1,sale:0,section:0,see:1,sell:0,servic:0,sever:0,shall:0,should:1,softwar:0,sold:0,sole:0,some:7,sonarqub:1,sourc:0,special:0,sphinx:1,statutori:0,stoppag:0,subject:0,support:0,tag:1,take:0,than:0,thei:0,theme:1,theori:0,therebi:0,thereof:0,thi:[0,1,3],third:0,time:0,titl:0,top:1,tort:0,trade:0,transform:0,translat:0,under:0,understand:0,unenforc:0,unless:0,unmodifi:0,updat:1,upon:0,usag:0,use:0,used:1,usernam:1,using:[0,1],valid:0,variabl:1,via:1,view:1,viewabl:1,violat:0,wai:0,warrant:0,warranti:0,web_context:7,when:[1,7],where:1,whether:0,which:[0,1],who:0,within:[0,1],without:0,work:0,world:0,worldwid:0,would:0,write:1,written:0,you:[0,1],your:[0,1]},titles:["Booz Allen Public License v1.0","SDP Container Images","Jenkins Agent","Jenkins Master","Base Image","On Kubernetes","On OpenShift","SonarQube"],titleterms:{"public":0,agent:2,allen:0,base:4,booz:0,build:1,contain:1,definit:0,document:1,environ:[4,7],gener:0,hot:1,imag:[1,4],introduct:0,jenkin:[2,3],kubernet:5,licens:0,list:1,master:3,openshift:6,push:1,reload:1,sdp:1,sonarqub:7,term:0,variabl:[4,7],version:1}})


--------------------------------------------------------------------------------
/docs/index.html:
--------------------------------------------------------------------------------
1 | <meta http-equiv="refresh" content="0; url=./html/readme.html" />


--------------------------------------------------------------------------------
/docs/templates/layout.html:
--------------------------------------------------------------------------------
1 | {% extends "!layout.html" %}
2 | {% block extrahead %}
3 |     <link href="{{ pathto("_static/style.css", True) }}" rel="stylesheet" type="text/css">
4 | {% endblock %}


--------------------------------------------------------------------------------
/dotnet-sonar-scanner/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Copyright © 2021 Booz Allen Hamilton. All Rights Reserved.
 2 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 3 | ARG BASE_REGISTRY=mcr.microsoft.com
 4 | ARG BASE_IMAGE=dotnet/sdk
 5 | ARG BASE_TAG=5.0-focal
 6 | FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 7 | 
 8 | ### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels
 9 | LABEL name="Solutions Delivery Platform: Dotnet Sonar Scanner" \
10 |       maintainer="burns_ian@bah.com" \
11 |       vendor="Booz Allen Hamilton" \
12 |       version="5.2.2" \
13 |       release="5.2.2" \
14 |       summary="A dotnet sonar-scanner container used by the SonarQube library of the Solutions Delivery Platform" \
15 |       description="A dotnet sonar-scanner container used by the SonarQube library of the Solutions Delivery Platform. Includes Coverlet for code coverage reporting."
16 | 
17 | ### add licenses to this directory
18 | COPY LICENSE /licenses
19 | 
20 | ### Version Args
21 | ARG JAVA_JDK_VERSION=openjdk-11-jdk
22 | ARG SONAR_SCANNER_VERSION=5.2.2
23 | ARG COVERLET_VERSION=3.1.0
24 | ARG DOTNET_TOOLS_PATH="/root/.dotnet/tools"
25 | 
26 | # Install Sonar Scanner, Coverlet and Java (required for Sonar Scanner)
27 | RUN apt-get update && apt-get install -y ${JAVA_JDK_VERSION}
28 | RUN dotnet tool install --global dotnet-sonarscanner --version ${SONAR_SCANNER_VERSION}
29 | RUN dotnet tool install --global coverlet.console --version ${COVERLET_VERSION}
30 | ENV PATH="$PATH:${DOTNET_TOOLS_PATH}"
31 | 
32 | # Switch to non-root user
33 | USER ${user}
34 | # Use a health check to determine status of container once operational
35 | HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD which dotnet-sonar-scanner
36 | # Use bash if you want to run the environment from inside the shell, otherwise use the command that actually runs the underlying stuff
37 | #CMD /bin/bash
38 | CMD dotnet sonarscanner /h
39 | 


--------------------------------------------------------------------------------
/dotnet-sonar-scanner/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = dotnet-sonar-scanner
 4 | VERSION  = 5.2.2
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile 
10 | .ONESHELL: push 
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | build: ## build container image 
18 | 	docker build . -t $(TAG)
19 | 
20 | push: ## builds and publishes container image 
21 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
22 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
23 | 	@echo 
24 | 	@docker login $(REGISTRY) -u $(user) -p $(pass); 
25 | 	make build 
26 | 	docker tag $(TAG) $(REGISTRY)/$(IMAGE):latest
27 | 	docker push $(TAG)
28 | 	docker push $(REGISTRY)/$(IMAGE):latest
29 | 
30 | info: 
31 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
32 | 
33 | # Catch-all target: route all unknown targets to Sphinx using the new
34 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
35 | %: Makefile
36 | 	echo "Make command $@ not found" 
37 | 


--------------------------------------------------------------------------------
/dotnet-sonar-scanner/README.rst:
--------------------------------------------------------------------------------
 1 | -------------
 2 | dotnet-sonar-scanner
 3 | -------------
 4 | 
 5 | A container image that jenkins uses to run SonarQube analysis for .NET solutions.
 6 | 
 7 | JAVA_JDK_VERSION      - Version of Java JDK to install (required for sonar-scanner)
 8 | SONAR_SCANNER_VERSION - Version of .NET Sonar Scanner to install
 9 | COVERLET_VERSION      - Version of Coverlet to install
10 | 
11 | Synopsis
12 | --------
13 | 
14 |   To implement this repo locally, copy the repo to your machine.
15 |   From there open a command line, change your working directory to your copy of the repo, and use ``make build`` or ``docker build .`` to build the container image in the CLI.
16 |   Once the image is built, create a container using ``docker run image``.
17 | 
18 |   The following sections are an explaination of the contents of repo.
19 | 
20 | Prereqs
21 | -------
22 | 
23 |   This repo makes use of .NET 5 SDK as the base image for the container derived from `Microsoft <https://github.com/microsoft/containerregistry>`_.
24 |   Additionally, this repo makes use of Docker for containers. If you do not wish to use Docker, please make edits to adapt to your implementation of container technology.
25 |   Lastly, you should ensure all files from the repo are present in your local copy.
26 | 
27 | Makefile
28 | --------
29 | 
30 |   The Makefile comes with the following commands: help, build, push, info.
31 |   ``make help`` will list available commands from the Makefile.
32 |   ``make build`` will build a container image using the Dockerfile in the repo with the tag comprised of the application and version (application:version).
33 |   ``make push`` will build the container image and then publish the image to Github.
34 |   ``make info`` will list the container registry and repo the image can be published to.
35 |   .. note:: using ``make push`` provides no benefit by default to those outside of Booz Allen.
36 | 
37 | Dockerfile
38 | ----------
39 | 
40 |   This file is setup to generate a container image using ``docker build -t <TAG> .`` with the option to name the image as you wish.
41 |   The build process will consist of using a base image, copying the Booz Allen Public License, applying OpenShift labels, installing required packages and applications, establishing the user the container will run as, and setting a health check.
42 | 
43 | LICENSE
44 | -------
45 | 
46 |   This text file contains the Booz Allen Public License. Please read before using or distibuting this repo.


--------------------------------------------------------------------------------
/dotnet/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Copyright © 2022 Booz Allen Hamilton. All Rights Reserved.
 2 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 3 | 
 4 | ARG BASE_REGISTRY=registry.access.redhat.com
 5 | ARG BASE_IMAGE=ubi8/ubi
 6 | ARG BASE_TAG=8.6-754
 7 | FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 8 | 
 9 | ### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels
10 | LABEL name="Solutions Delivery Platform: DotNet SDK" \
11 |       maintainer="uip@bah.com" \
12 |       vendor="Booz Allen Hamilton" \
13 |       version="7.0.14" \
14 |       release="3.2.0" \
15 |       summary="DotNet SDK container" \
16 |       description="The DotNet SDK container image for the Solutions Delivery Platform"
17 | 
18 | ### add licenses to this directory
19 | COPY LICENSE /licenses
20 | 
21 | ### Use yum as root user
22 | USER root
23 | 
24 | ### Install packages
25 | RUN INSTALL_PKGS="dotnet-sdk-7.0" && \
26 |   yum clean all &&\
27 |   yum --disableplugin=subscription-manager -y update-minimal --setopt=tsflags=nodocs \
28 |   --security && \
29 |   yum --disableplugin=subscription-manager -y install --allowerasing --setopt=tsflags=nodocs ${INSTALL_PKGS}
30 | 
31 | ENV PROGRAM_NAME dotnet
32 | ENV HOME /root
33 | 
34 | ARG user=${PROGRAM_NAME}
35 | 
36 | WORKDIR /scanner
37 | 
38 | # Add user, create required directories and cleanup
39 | RUN useradd -ms /bin/bash ${user}                                                                              && \
40 |   yum --nogpgcheck --disableplugin=subscription-manager clean all
41 | 
42 | ### Insert container entrypoint script
43 | COPY container-entrypoint.sh /usr/local/bin/container-entrypoint.sh
44 | 
45 | ### Set script as executable
46 | RUN chmod +x /usr/local/bin/container-entrypoint.sh
47 | 
48 | USER ${user}
49 | 
50 | CMD []
51 | ENTRYPOINT [ "/bin/sh", "/usr/local/bin/container-entrypoint.sh" ]
52 | 


--------------------------------------------------------------------------------
/dotnet/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = dotnet-sdk
 4 | VERSION  = 7.0.14
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile 
10 | .ONESHELL: push 
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | build: ## build container image 
18 | 	docker build . -t $(TAG)
19 | 
20 | push: ## builds and publishes container image 
21 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
22 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
23 | 	@echo 
24 | 	@docker login $(REGISTRY) -u $(user) -p $(pass); 
25 | 	make build 
26 | 	docker tag $(TAG) $(REGISTRY)/$(IMAGE):latest
27 | 	docker push $(TAG)
28 | 	docker push $(REGISTRY)/$(IMAGE):latest
29 | 
30 | info: 
31 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
32 | 
33 | # Catch-all target: route all unknown targets to Sphinx using the new
34 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
35 | %: Makefile
36 | 	echo "Make command $@ not found" 
37 | 


--------------------------------------------------------------------------------
/dotnet/container-entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -e
3 | 
4 | exec "$@"
5 | 


--------------------------------------------------------------------------------
/google-lighthouse/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright © 2018 Booz Allen Hamilton. All Rights Reserved.
2 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
3 | 
4 | FROM femtopixel/google-lighthouse
5 | 
6 | LABEL description="Image used by the google_lighthouse sdp library"


--------------------------------------------------------------------------------
/google-lighthouse/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = google-lighthouse
 4 | VERSION  = 1.0
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile 
10 | .ONESHELL: push 
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | build: ## build container image 
18 | 	docker build . -t $(TAG)
19 | 
20 | push: ## builds and publishes container image 
21 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
22 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
23 | 	@echo 
24 | 	@docker login $(REGISTRY) -u $(user) -p $(pass); 
25 | 	make build 
26 | 	docker tag $(TAG) $(REGISTRY)/$(IMAGE):latest
27 | 	docker push $(TAG)
28 | 	docker push $(REGISTRY)/$(IMAGE):latest
29 | 
30 | info: 
31 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
32 | 
33 | # Catch-all target: route all unknown targets to Sphinx using the new
34 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
35 | %: Makefile
36 | 	echo "Make command $@ not found" 
37 | 
38 | 


--------------------------------------------------------------------------------
/grype/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Copyright © 2022 Booz Allen Hamilton. All Rights Reserved.
 2 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 3 | 
 4 | ARG BASE_REGISTRY=registry.access.redhat.com
 5 | ARG BASE_IMAGE=ubi8/ubi
 6 | ARG BASE_TAG=8.6-754
 7 | FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 8 | 
 9 | ### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels
10 | LABEL name="Solutions Delivery Platform: Grype" \
11 |       maintainer="uip@bah.com" \
12 |       vendor="Booz Allen Hamilton" \
13 |       version="0.38.0" \
14 |       release="0.38.0" \
15 |       summary="Anchore Grype container" \
16 |       description="The Anchore Grype container image for the Solutions Delivery Platform"
17 | 
18 | ### add licenses to this directory
19 | COPY LICENSE /licenses
20 | 
21 | ### Use yum as root user
22 | USER root
23 | 
24 | COPY docker-ce.repo /etc/yum.repos.d/docker-cd.repo
25 | 
26 | ### Install packages
27 | RUN INSTALL_PKGS="coreutils python3-pip jq docker-ce docker-ce-cli containerd.io" && \
28 |   yum clean all &&\
29 |   yum --disableplugin=subscription-manager -y update-minimal --setopt=tsflags=nodocs \
30 |   --security && \
31 |   yum --disableplugin=subscription-manager -y install --allowerasing --setopt=tsflags=nodocs ${INSTALL_PKGS} && \
32 |   systemctl enable docker
33 | 
34 | 
35 | ### Install yq
36 | RUN python3 -m pip install --user yq
37 | 
38 | ENV PROGRAM_NAME grype
39 | ENV PROGRAM_VERSION v0.38.0
40 | ENV HOME /root
41 | ENV PROGRAM_DESTINATION_DIR /usr/local/bin
42 | 
43 | ARG user=${PROGRAM_NAME}
44 | 
45 | WORKDIR /scanner
46 | 
47 | # Install Grype
48 | RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b ${PROGRAM_DESTINATION_DIR} ${PROGRAM_VERSION}
49 | 
50 | # Add user, create required directories and cleanup
51 | RUN useradd -ms /bin/bash ${user}                                                                              && \
52 |   chown -R ${user}:${user} ${PROGRAM_DESTINATION_DIR}/${PROGRAM_NAME}                                         && \
53 |   mkdir /report                                                                                              && \
54 |   chown -R ${user}:${user} /report                                                                           && \
55 |   yum --nogpgcheck --disableplugin=subscription-manager clean all
56 | 
57 | ### Insert container entrypoint script
58 | COPY container-entrypoint.sh /usr/local/bin/container-entrypoint.sh
59 | 
60 | ### Set script as executable
61 | RUN chmod +x /usr/local/bin/container-entrypoint.sh
62 | 
63 | USER ${user}
64 | 
65 | CMD []
66 | ENTRYPOINT [ "/bin/sh", "/usr/local/bin/container-entrypoint.sh" ]
67 | 


--------------------------------------------------------------------------------
/grype/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = grype
 4 | VERSION  = 0.38.0
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile
10 | .ONESHELL: push
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | 
18 | build: ## build container image
19 | 	docker build . -t $(TAG) --no-cache
20 | 
21 | push: ## builds and publishes container image
22 | 	$(eval user := $(shell read -p "Username: " username; echo $$username))
23 | 	$(eval pass := $(shell read -s -r -p "Password: " password; echo $$password))
24 | 	@echo
25 | 	@docker login $(REGISTRY) -u $(user) -p $(pass);
26 | 	make build
27 | 	docker tag $(TAG) $(REGISTRY)/$(IMAGE):latest
28 | 	docker push $(TAG)
29 | 	docker push $(REGISTRY)/$(IMAGE):latest
30 | 
31 | build-dep: ## build container dependencies
32 | 	$(eval dir := $(shell pwd))
33 | 	docker run -u root -it -v $(dir)/prebuild:/root/prebuild:z registry.access.redhat.com/ubi8/ubi:8.4 /root/prebuild/pull-from-ubi.sh
34 | 	docker run -u root -it -v $(dir)/prebuild:/root/prebuild:z registry.access.redhat.com/ubi8/ubi:8.4 /root/prebuild/build-dep.sh
35 | 
36 | info:
37 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
38 | 
39 | # Catch-all target: route all unknown targets to Sphinx using the new
40 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
41 | %: Makefile
42 | 	echo "Make command $@ not found"
43 | 


--------------------------------------------------------------------------------
/grype/container-entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -e
3 | 
4 | exec "$@"
5 | 


--------------------------------------------------------------------------------
/grype/docker-ce.repo:
--------------------------------------------------------------------------------
 1 | [docker-ce-stable]
 2 | name=Docker CE Stable - $basearch
 3 | baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/stable
 4 | enabled=1
 5 | gpgcheck=1
 6 | gpgkey=https://download.docker.com/linux/centos/gpg
 7 | 
 8 | [docker-ce-stable-debuginfo]
 9 | name=Docker CE Stable - Debuginfo $basearch
10 | baseurl=https://download.docker.com/linux/centos/$releasever/debug-$basearch/stable
11 | enabled=0
12 | gpgcheck=1
13 | gpgkey=https://download.docker.com/linux/centos/gpg
14 | 
15 | [docker-ce-stable-source]
16 | name=Docker CE Stable - Sources
17 | baseurl=https://download.docker.com/linux/centos/$releasever/source/stable
18 | enabled=0
19 | gpgcheck=1
20 | gpgkey=https://download.docker.com/linux/centos/gpg
21 | 
22 | [docker-ce-test]
23 | name=Docker CE Test - $basearch
24 | baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/test
25 | enabled=0
26 | gpgcheck=1
27 | gpgkey=https://download.docker.com/linux/centos/gpg
28 | 
29 | [docker-ce-test-debuginfo]
30 | name=Docker CE Test - Debuginfo $basearch
31 | baseurl=https://download.docker.com/linux/centos/$releasever/debug-$basearch/test
32 | enabled=0
33 | gpgcheck=1
34 | gpgkey=https://download.docker.com/linux/centos/gpg
35 | 
36 | [docker-ce-test-source]
37 | name=Docker CE Test - Sources
38 | baseurl=https://download.docker.com/linux/centos/$releasever/source/test
39 | enabled=0
40 | gpgcheck=1
41 | gpgkey=https://download.docker.com/linux/centos/gpg
42 | 
43 | [docker-ce-nightly]
44 | name=Docker CE Nightly - $basearch
45 | baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/nightly
46 | enabled=0
47 | gpgcheck=1
48 | gpgkey=https://download.docker.com/linux/centos/gpg
49 | 
50 | [docker-ce-nightly-debuginfo]
51 | name=Docker CE Nightly - Debuginfo $basearch
52 | baseurl=https://download.docker.com/linux/centos/$releasever/debug-$basearch/nightly
53 | enabled=0
54 | gpgcheck=1
55 | gpgkey=https://download.docker.com/linux/centos/gpg
56 | 
57 | [docker-ce-nightly-source]
58 | name=Docker CE Nightly - Sources
59 | baseurl=https://download.docker.com/linux/centos/$releasever/source/nightly
60 | enabled=0
61 | gpgcheck=1
62 | gpgkey=https://download.docker.com/linux/centos/gpg
63 | 


--------------------------------------------------------------------------------
/helm/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Copyright © 2018 Booz Allen Hamilton. All Rights Reserved.
 2 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 3 | 
 4 | FROM centos:7
 5 | ARG HELMVERSION="v3.1.2" 
 6 | ARG KUBECTLVERSION="v1.15.3" 
 7 | 
 8 | RUN yum install -y wget git
 9 | RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/${KUBECTLVERSION}/bin/linux/amd64/kubectl
10 | RUN chmod +x ./kubectl && \
11 |     mv ./kubectl /usr/local/bin/kubectl && mkdir /root/.kube
12 | 
13 | RUN wget https://get.helm.sh/helm-${HELMVERSION}-linux-amd64.tar.gz && \
14 |     tar -zxvf helm-${HELMVERSION}-linux-amd64.tar.gz && \
15 |     chmod +x linux-amd64/helm && \
16 |     mv linux-amd64/helm /usr/local/bin/helm && \
17 |     rm helm-${HELMVERSION}-linux-amd64.tar.gz && \
18 |     rm -rf linux-amd64
19 | 


--------------------------------------------------------------------------------
/helm/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = helm
 4 | VERSION  = 3.1.2
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile 
10 | .ONESHELL: push 
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | build: ## build container image 
18 | 	docker build . -t $(TAG)
19 | 
20 | push: ## builds and publishes container image 
21 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
22 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
23 | 	@echo 
24 | 	@docker login $(REGISTRY) -u $(user) -p $(pass); 
25 | 	make build 
26 | 	docker tag $(TAG) $(REGISTRY)/$(IMAGE):latest
27 | 	docker push $(TAG)
28 | 	docker push $(REGISTRY)/$(IMAGE):latest
29 | 
30 | info: 
31 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
32 | 
33 | # Catch-all target: route all unknown targets to Sphinx using the new
34 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
35 | %: Makefile
36 | 	echo "Make command $@ not found" 
37 | 
38 | 


--------------------------------------------------------------------------------
/helm/README.rst:
--------------------------------------------------------------------------------
1 | --------------
2 | k8s_helm
3 | --------------
4 | 
5 | A container image that jenkins uses to authenticate to any generic kubernetes cluster through kubectl and perform a deployment through `Helm`_
6 | 
7 | KUBECTLVERSION - Version of kubectl to intstall
8 | HELMVERSION    - Version of Helm to install
9 | 


--------------------------------------------------------------------------------
/jenkins-agent-v3.40/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM ghcr.io/boozallen/sdp-images/jenkins-agent:3.23@sha256:c8f181b597cce25bada5c65e54e066dd1d02acaddb25d6583edb5e8358f884e3
 2 | 
 3 | ENV JENKINS_SWARM_VERSION 3.40
 4 | ENV JNLP_SLAVE_VERSION 4.14
 5 | 
 6 | # install JDK 11
 7 | RUN yum clean all && \
 8 |   yum -y remove java-1.8.0-openjdk && \
 9 |   yum -y install --setopt=tsflags=nodocs java-11-openjdk
10 | 
11 | ENV JAVA_HOME /usr/lib/jvm/jre-11-openjdk
12 | RUN rm /usr/bin/java && ln -s $JAVA_HOME/bin/java /usr/bin/java
13 | 
14 | # download newer Jenkins Agent JARs
15 | RUN curl -Lk http://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/swarm-client/${JENKINS_SWARM_VERSION}/swarm-client-${JENKINS_SWARM_VERSION}.jar > /opt/jenkins-agent/bin/swarm-client-$JENKINS_SWARM_VERSION.jar
16 | RUN curl -Lk http://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${JNLP_SLAVE_VERSION}/remoting-${JNLP_SLAVE_VERSION}.jar > /opt/jenkins-agent/bin/agent.jar
17 | 
18 | ENTRYPOINT []
19 | CMD supervisord --configuration /etc/supervisor/conf.d/supervisord.conf
20 | 


--------------------------------------------------------------------------------
/jenkins-agent-v3.40/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = jenkins-agent
 4 | VERSION  = 3.40
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile
10 | .ONESHELL: push
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | 
18 | build: ## build container image
19 | 	docker build . -t $(TAG) --progress=plain --no-cache
20 | 
21 | push: ## builds and publishes container image
22 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
23 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
24 | 	@echo
25 | 	@docker login $(REGISTRY) -u $(user) -p $(pass);
26 | 	make build
27 | 	docker push $(TAG)
28 | 
29 | info:
30 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
31 | 
32 | # Catch-all target: route all unknown targets to Sphinx using the new
33 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
34 | %: Makefile
35 | 	echo "Make command $@ not found"
36 | 


--------------------------------------------------------------------------------
/jenkins-agent-v3.40/README.rst:
--------------------------------------------------------------------------------
 1 | -------------
 2 | Jenkins Agent (``v.340``)
 3 | -------------
 4 | 
 5 | An updated Jenkins Agent container image based on the ``boozallen/sdp-images/jenkins-agent:3.23`` image using Jenkins Swarm Client ``v3.40`` and JNLP Slave ``v4.14``.
 6 | Due to recent changes to the RHEL and CentOS repositories, the original Jenkins Agent image is no longer able to be built using its Dockerfile.
 7 | This image is a temporary solution until the original Jenkins Agent image can be rebuilt.
 8 | 
 9 | Makefile
10 | --------
11 | 
12 |   The Makefile comes with the following commands: help, build, push, build-dep, info.
13 |   ``make help`` will list available commands from the Makefile.
14 |   ``make build`` will build a container image using the Dockerfile in the repo with the tag comprised of the application and version (application:version).
15 |   ``make publish`` will build the container image and then publish the image to Github.
16 |   ``make info`` will list the container registry and repo the image can be published to.
17 |   .. note:: using ``make publish`` provides no benefit by default to those outside of Booz Allen.
18 | 
19 | Dockerfile
20 | ----------
21 | 
22 |   This file is setup to generate a container image using ``docker build -t <TAG> .`` with the option to name the image as you wish.
23 | 
24 | LICENSE
25 | -------
26 | 
27 |   This text file contains the Booz Allen Public License. Please read before using or distibuting this repo.
28 | 


--------------------------------------------------------------------------------
/jenkins-agent/Dockerfile:
--------------------------------------------------------------------------------
 1 | ARG BASE_REGISTRY=registry.access.redhat.com
 2 | ARG BASE_IMAGE=ubi8/ubi
 3 | ARG BASE_TAG=8.4
 4 | FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 5 | 
 6 | # this container must run as privileged
 7 | USER root
 8 | ### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels
 9 | LABEL name="Solutions Delivery Platform: Jenkins Agent" \
10 |       maintainer="terrana_steven@bah.com" \
11 |       vendor="Booz Allen Hamilton" \
12 |       version="${JENKINS_AGENT_VERSION}" \
13 |       release="${JENKINS_AGENT_VERSION}" \
14 |       summary="A Jenkins Build Agent container" \
15 |       description="The Jenkins Build Agent container image for the Solutions Delivery Platform"
16 | 
17 | ### add licenses to this directory
18 | COPY LICENSE /licenses
19 | 
20 | ### Add necessary Red Hat repos and packages here
21 | RUN INSTALL_PKGS="tar hostname device-mapper-persistent-data lvm2 java-1.8.0-openjdk glibc glibc-common glibc-all-langpacks git openssl scl-utils python3 python38 python38-devel iptables xz libcgroup diffutils" && yum clean all &&\
22 |     yum --disableplugin=subscription-manager -y update-minimal --setopt=tsflags=nodocs \
23 |         --security && \
24 |     yum --disableplugin=subscription-manager -y install --setopt=tsflags=nodocs ${INSTALL_PKGS}
25 | 
26 | ### Install your application here -- add all other necessary items to build your image
27 | ENV JENKINS_AGENT_VERSION dcar-2.1
28 | ENV JENKINS_SWARM_VERSION 3.27
29 | ENV JNLP_SLAVE_VERSION 4.10
30 | ENV HOME /root
31 | ENV JAVA_HOME /usr/lib/jvm/java
32 | 
33 | # install docker
34 | RUN mkdir /root/tmp
35 | #RUN curl -sSLo /root/tmp/jenkins-agent-dependencies-$JENKINS_AGENT_VERSION.tar.gz https://github.com/boozallen/sdp-images/releases/download/${JENKINS_AGENT_VERSION}/jenkins-agent-dependencies-${JENKINS_AGENT_VERSION}.tar.gz
36 | COPY prebuild/jenkins-agent-dependencies-$JENKINS_AGENT_VERSION.tar.gz /root/tmp/jenkins-agent-dependencies-$JENKINS_AGENT_VERSION.tar.gz
37 | 
38 | COPY prebuild/BAH-public.key /root/tmp/.
39 | COPY prebuild/jenkins-agent-dependencies-$JENKINS_AGENT_VERSION.sig /root/tmp/.
40 | COPY prebuild/jenkins-agent-dependencies-$JENKINS_AGENT_VERSION.sha256 /root/tmp/.
41 | 
42 | RUN cd /root/tmp/ && gpg --import BAH-public.key
43 | RUN cd /root/tmp/ && gpg --verify jenkins-agent-dependencies-$JENKINS_AGENT_VERSION.sig jenkins-agent-dependencies-$JENKINS_AGENT_VERSION.tar.gz
44 | RUN cd /root/tmp/  && echo "$(cat jenkins-agent-dependencies-$JENKINS_AGENT_VERSION.sha256) jenkins-agent-dependencies-$JENKINS_AGENT_VERSION.tar.gz" | sha256sum --check --status
45 | RUN cd /root/tmp && tar -xzf jenkins-agent-dependencies-$JENKINS_AGENT_VERSION.tar.gz && \
46 |     rpm -ivh --replacepkgs --replacefiles --force /root/tmp/dependencies/docker-ce/*.rpm
47 | 
48 | RUN ls /root/tmp/dependencies/docker-compose/
49 | RUN pip3 install --upgrade pip -f /root/tmp/dependencies/pip3/. --no-index
50 | RUN pip3 install supervisor -f /root/tmp/dependencies/supervisor/. --no-index
51 | RUN pip3 install docker-compose -f /root/tmp/dependencies/docker-compose/. --no-index
52 | 
53 | RUN mkdir -p /opt/jenkins-agent/bin ${HOME}
54 | 
55 | # Copy script
56 | COPY jenkins-agent.sh /opt/jenkins-agent/bin/jenkins-agent
57 | RUN chmod 777 /opt/jenkins-agent/bin/jenkins-agent
58 | RUN chmod +x /opt/jenkins-agent/bin/jenkins-agent
59 | 
60 | # Download plugin and modify permissions
61 | RUN cp /root/tmp/dependencies/swarm-client/swarm-client-$JENKINS_SWARM_VERSION.jar /opt/jenkins-agent/bin/swarm-client-$JENKINS_SWARM_VERSION.jar && cp /root/tmp/dependencies/agent/remoting-$JNLP_SLAVE_VERSION.jar /opt/jenkins-agent/bin/agent.jar
62 | 
63 | COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
64 | 
65 | ENTRYPOINT []
66 | CMD supervisord --configuration /etc/supervisor/conf.d/supervisord.conf
67 | 


--------------------------------------------------------------------------------
/jenkins-agent/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = jenkins-agent
 4 | VERSION  = dcar-2.1
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile
10 | .ONESHELL: push
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | 
18 | build: ## build container image
19 | 	docker build . -t $(TAG) --no-cache
20 | 
21 | push: ## builds and publishes container image
22 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
23 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
24 | 	@echo
25 | 	@docker login $(REGISTRY) -u $(user) -p $(pass);
26 | 	make build
27 | 	docker push $(TAG)
28 | 
29 | build-dep: ## build container dependencies
30 | 	$(eval dir := $(shell pwd))
31 | 	docker run -it -v $(dir)/prebuild:/root/prebuild:z centos:8 /root/prebuild/pull-from-centos.sh
32 | 	docker run -u root -it -v $(dir)/prebuild:/root/prebuild:z registry.access.redhat.com/ubi8/ubi:8.3 /root/prebuild/dependency-handling.sh
33 | 	docker run -u root -it -v $(dir)/prebuild:/root/prebuild:z registry.access.redhat.com/ubi8/ubi:8.3 /root/prebuild/pull-from-ubi.sh
34 | 	docker run -u root -it -v $(dir)/prebuild:/root/prebuild:z registry.access.redhat.com/ubi8/ubi:8.3 /root/prebuild/build-dep.sh
35 | 
36 | info:
37 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
38 | 
39 | # Catch-all target: route all unknown targets to Sphinx using the new
40 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
41 | %: Makefile
42 | 	echo "Make command $@ not found"
43 | 


--------------------------------------------------------------------------------
/jenkins-agent/README.rst:
--------------------------------------------------------------------------------
 1 | -------------
 2 | Jenkins Agent
 3 | -------------
 4 | 
 5 | 
 6 | A container image that jenkins uses to authenticate to OpenShift and perform a
 7 | deployment through `Helm <https://helm.sh>`_
 8 | 
 9 | Synopsis
10 | --------
11 | 
12 |   To implement this repo locally, copy the repo to your machine.
13 |   From there open a command line, change your working directory to your copy of the repo, and use ``make build`` or ``docker build .`` to build the container image in the CLI.
14 |   Once the image is built, create a container using ``docker run image``.
15 | 
16 |   The following sections are an explaination of the contents of repo.
17 | 
18 | Prereqs
19 | -------
20 | 
21 |   This repo makes use of UBI8 as the base image for the container derived from `RedHat <https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/ubi>`_.
22 |   Additionally, this repo makes use of Docker for containers. If you do not wish to use Docker, please make edits to adapt to your implementation of container technology.
23 |   Lastly, you should ensure all files from the repo are present in your local copy.
24 | 
25 | Makefile
26 | --------
27 | 
28 |   The Makefile comes with the following commands: help, build, push, build-dep, info.
29 |   ``make help`` will list available commands from the Makefile.
30 |   ``make build`` will build a container image using the Dockerfile in the repo with the tag comprised of the application and version (application:version).
31 |   ``make publish`` will build the container image and then publish the image to Github.
32 |   ``make build-dep`` will generate a tarball containing the dependencies used by the image.
33 |   ``make info`` will list the container registry and repo the image can be published to.
34 |   .. note:: using ``make publish`` provides no benefit by default to those outside of Booz Allen. Additionally, using ``make build-dep`` is unnecessary since the Dockerfile will obtain the needed tarball from Github.
35 | 
36 | Dockerfile
37 | ----------
38 | 
39 |   This file is setup to generate a container image using ``docker build -t <TAG> .`` with the option to name the image as you wish.
40 |   The build process will consist of using a base image, copying the Booz Allen Public License, applying OpenShift labels, installing required packages and applications, establishing the user the container will run as, and setting a health check.
41 | 
42 | LICENSE
43 | -------
44 | 
45 |   This text file contains the Booz Allen Public License. Please read before using or distibuting this repo.
46 | 
47 | Prebuild
48 | --------
49 | 
50 |   This folder contains files and artifacts inherent to the creation of the container image.
51 |   These files and artifacts are used either in the ``make build-dep`` command or in authenticating the dependency tarball associated with the image.
52 | 


--------------------------------------------------------------------------------
/jenkins-agent/jenkins-agent.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Copyright © 2018 Booz Allen Hamilton. All Rights Reserved.
 4 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 5 | 
 6 | # Temporary way to login to docker registry
 7 | # oc whoami -t | docker login docker-registry.default.svc:5000 -u $REGISTRY_USERNAME --password-stdin
 8 | 
 9 | # jenkins swarm slave
10 | JAR=`ls -1 /opt/jenkins-agent/bin/swarm-client-*.jar | tail -n 1`
11 | PARAMS="-master $JENKINS_URL -tunnel $JENKINS_TUNNEL -username ${JENKINS_USERNAME} -password ${JENKINS_PASSWORD} -executors ${EXECUTORS}"
12 | exec java $JAVA_OPTS -jar $JAR -fsroot $HOME $PARAMS "$@"


--------------------------------------------------------------------------------
/jenkins-agent/prebuild/BAH-public.key:
--------------------------------------------------------------------------------
 1 | -----BEGIN PGP PUBLIC KEY BLOCK-----
 2 | Version: GnuPG v2.0.22 (GNU/Linux)
 3 | 
 4 | mQINBF4worQBEACsIaK9upBTpLrZUKQdGsYMwFs62iFQ2LFpe20X+cWDzHyjAs6C
 5 | c0b+QJK/WFEh61rWkSu74IUfAgLrbAzZV6dYwcNYaa/FNR9NLFBpn/7HK4lE2M7A
 6 | MqdujCKAELS74JHpJ8+bjLbgV59MkPfQSTHn0BOo02JiWuqxpFKSlVTTtdiymhXQ
 7 | USiqZ8FSgrVH9GiibRdCBloT1HFrrxs2LMnRsgCN6FXtyPF7jQSipklBfASCe0lS
 8 | i4UNyx+d5G1lpXqZiwYxVYMw79Z5b9l/ZcYAar10o5EQpnr76rxMCIf2vlEZp/Yj
 9 | aZVIHpTTtA4g9lsrIhDoJ8hABnOsNfz5M1zLMXbZaIrwQi+1ZhHlKSGxYlXgy2ay
10 | +zOWzjz4ub5t7yxI3MPLlEIcJTrJwC9LMUzGhqLDnOi0m5vdrXksUvIQ9JQHqHOd
11 | iQdtTqJErVQl7rBMepLUBdNSJ1PqjR5AZRljGOCdZPedb5/U+5n/pxv23xbWWs2/
12 | pad31FISlY8y3eEhaA1Y2GcP+Y4LAtNm4LyM4Uk/nvniG+rI0TBzxERn1Y6Pax8x
13 | JhTUcgcBLGHbwFAQ/gTDRkg+9DnR0m8ZCKuJ8bPx1qmM1iR39Ks44AbtZsgrkZF+
14 | DrHXaiaIxtEHyRw7JLQ4auNhZb3FQfy7YrENqnF3eEhyg4cx0LEJJcl+wwARAQAB
15 | tDBiYWxhbi1rYXJwYWdhbSA8YmFsYW4ta2FycGFnYW1AdXNlcnMuZ2l0aHViLmNv
16 | bT6JAj8EEwECACkFAl4worQCGwMFCRLMAwAHCwkIBwMCAQYVCAIJCgsEFgIDAQIe
17 | AQIXgAAKCRCRo0uHmCFZ3ECvD/9Ix0fSV4zOwnJ5KQZEp5tEnOGPJBPcBZ6hBJQc
18 | 9/R7DcmcN2LsOm6weMvax12/7Jo7Dbpl2rH11vwqrMrPmnm4BO6YcdmxmfE5ikyu
19 | 2EU4pzYgAFOGrahNaaSzEXFnMvDAKHLPT6xOJ35Re/RYxQOoiW+dmxPaceZv+lf4
20 | Jpfm8AtreMqpWLwl1+EN6zJzMF0yJjxUNxsZzaf4G6IxqZ+xwh9Auh2R6ga7UUz5
21 | 0sNDIMdFUNE0aQNsd8UX5pJQApwd63xE9MrnqnCPs3y39b1V+gSwYWv3sMTGDpyE
22 | rlDazVIJgSdBytpjAqoC0+wlm/fSgMI5YL6sJnhAfKUKp5u+5Dsr3xPFfq8s62cs
23 | TD14tQ0ees62I3yysStfo2w8lRUE+7fXLhgPaeYoN56/XsIheO0cXIbiNgLdS6kl
24 | MH+RtdyvwOBLdUgH1N5V/ctqeXbs38w4i4jPeyt/z6XYRli7Xkh7g3m1JpL4Hn6Q
25 | tqvuvx0FwdfXjcbuHIAHrY4kAkvKNi+dDsJ3tP8CYotmI/RlNCKjweMcOKN7qXAz
26 | /3qOUNXP546eObg3obOn0g0npyfQ9hojwFCl2KqNzHcr45y1Jw4peFXjthBq8B7Z
27 | cn6mKauJ+0K3H+fjlKR3W2TUD/p3FKqILbbw10J3sFulRppTDqzhRetUs0dQgtuK
28 | DpivCLkCDQReMKK0ARAA0sOzOfKuinhmzybri25NkXvyp9SbNcg8pZAmOkXsJ0Hy
29 | S5VK4a6aHoRs1pGsikaBYNdxJ2gwA3CeiaAJW54od8gA1RVzETfyKWjYsO7AB4I0
30 | LRmZSEYisnVjfTxzfpbTqjem3yyq2KG2pv4FEsv6jF9dGrdQ9EgZHf/ZebI55JS/
31 | TPVVau/EW3urVPFLlz+2TOzks5ysHtdCZl5A7+it70lPnaqg2LO5Kp9OnmUpIpLF
32 | piorHnNYXv6kUoCYblj65djCmvnRoN1rKfrh12vhIupXfRfyO/hovIMnEHFhXhBY
33 | yJAdusapk6A+mkbjS3g0E2igV5g0lW1XR/vN6ElGs3JfCLLmFYJCWyIg5ykrHj3I
34 | S8cf1uaMfSQcArIBewc8RZdN1YZUc6WCH3BImBKI1di8QdNACfUnZSkNdMrN4Dmn
35 | MLD38ACsSTe/D68MHxr5ee5tH7iFxTWBn8l5bZQot5qsL9glDxTT4bNiK9HzZJZN
36 | ks4r3kg8mUcNb8LTi4Fn9ITEv0COzPMOs7ibIMeFv+r5LGK2DHo/o+oLgSzNcx2W
37 | PAzhFscXtCRFZHWjN1wLAjT1mPjkF8WRKfNwp3azU1VdZ4V7uR2FlsjwaL8QZs5g
38 | ZpyeyZLMEsN47LoIaMvmTCc6HzsZoJAtz9GNwBlFmQoxodIkGYiwNRGWD/eNPEEA
39 | EQEAAYkCJQQYAQIADwUCXjCitAIbDAUJEswDAAAKCRCRo0uHmCFZ3CyYEACN5wsX
40 | vH+jNxYxQ+2FvObZyHT/LjD1DgFGCxE+dMqtaR84OgVgpHxhka8fbSaNlwey0J9h
41 | jo7dgcx9pc4TpxmIiRFqKRUbMMEVfeksy1wC4T5UZHaL3QNy6I/vnpGmPkUmEK1F
42 | RKERbpK/lCj4LDZpZr5hBnQ+5IcuSGR5JJ28vm58UMuiwwbE84hgbu0XcBqNkEcM
43 | sg9jVVJJ7ZgV6TKjEa/335LwT8gQRBKBuef/ENWps8XOxY7tYD6XvHI4Hgxk5W3g
44 | XuaaXs5SXR/bTgUgIYSqfSnjwbKVQJh8fXivs2N1kgFzZBA80O6oecB3+5sTmEMJ
45 | SzBpX01+B0WQZ+AY/FAYTZhqG0eD0pn8MHdVr4emoZYAgkW9iCjrnN9+TS8Lpb0I
46 | L3SxTyU07NCJKXZajCaSFuSm2OAM4E979HIZUargYKmA06v6bFXh/TdQKaONN+Eh
47 | qR9E5AM1N12ekN0ORxSARRQuOXUMFZ+beco+MMGhkbtu4Q4dSJviF26gxgvdPDq9
48 | 5uMF/MKyo4Th6g1Yf3Y+UNaP9i+XHqvmExoDf6VN08Pto7sYIPHS1yqcEqJxPIw0
49 | Q3R1n6FGi9YcfTSVpgLQa97FSzmzh5qT3Ef0puJsCzB916Itmwax1aeduZjURp3H
50 | TWKZU0fI5Q5MLqyVTV3podyo7oDD4WySM3BYlQ==
51 | =MD6X
52 | -----END PGP PUBLIC KEY BLOCK-----
53 | 


--------------------------------------------------------------------------------
/jenkins-agent/prebuild/build-dep.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -xe
 4 | 
 5 | JENKINS_AGENT_VERSION=dcar-2.1
 6 | 
 7 | cd /root/prebuild
 8 | rm -f dependencies/docker-ce/coreutils-8.30-8.el8.x86_64.rpm
 9 | rm -f dependencies/docker-ce/coreutils-common-8.30-8.el8.x86_64.rpm
10 | tar czvf jenkins-agent-dependencies-$JENKINS_AGENT_VERSION.tar.gz dependencies
11 | gpg --import /root/prebuild/BAH-public.key
12 | gpg --import --allow-secret-key-import  /root/prebuild/BAH-private.key
13 | gpg --output /root/prebuild/jenkins-agent-dependencies-$JENKINS_AGENT_VERSION.sig --detach-sig /root/prebuild/jenkins-agent-dependencies-$JENKINS_AGENT_VERSION.tar.gz
14 | sha256sum /root/prebuild/jenkins-agent-dependencies-$JENKINS_AGENT_VERSION.tar.gz | awk '{print $1}' > /root/prebuild/jenkins-agent-dependencies-$JENKINS_AGENT_VERSION.sha256
15 | rm -rf /root/prebuild/dependencies
16 | 


--------------------------------------------------------------------------------
/jenkins-agent/prebuild/dependency-handling.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #move to dependency directory
 4 | #TARGET = directory to perform script in
 5 | TARGET="docker-ce"
 6 | cd /root/prebuild/dependencies/$TARGET
 7 | 
 8 | #create list of dependencies
 9 | ls | grep ".rpm" > manifest.txt
10 | yum update -y
11 | 
12 | while read -r line; do
13 |   #Grabbing name of package
14 |   echo ${line%%-[0-9]*} > tmp.txt
15 |   STR=$(cat tmp.txt)
16 |   yum list $STR > list.txt
17 |   echo $STR
18 | #check if yum contains dependency
19 |   if cat list.txt <<< "$STR"; then
20 |     #check version of packages
21 |     if [[ "$STR" == "python36" ]];then
22 |       #python36 has a unique file name, requiring special configuration
23 |       echo ${line%%.x86*} > tmp.txt
24 |       PWR=$(cat tmp.txt)
25 |       echo ${PWR#*+} > tmp.txt
26 |       VRSN=$(cat tmp.txt)
27 |       tail -n 1 list.txt | awk '{print $2}' > tmp2.txt
28 |       PWR=$(cat tmp2.txt)
29 |       echo ${PWR#*el8.1.0+} > tmp2.txt
30 |       PWR=$(cat tmp2.txt)
31 |     else
32 |       echo ${line%%.el8*} > tmp.txt
33 |       PWR=$(cat tmp.txt)
34 |       echo ${PWR##$STR-} > tmp.txt
35 |       VRSN=$(cat tmp.txt)
36 |       tail -n 1 list.txt | awk '{print $2}' > tmp2.txt
37 |       PWR=$(cat tmp2.txt)
38 |       echo ${PWR%.el8*} > tmp2.txt
39 |       PWR=$(cat tmp2.txt)
40 |     fi
41 |     if [[ "$PWR" == "$VRSN" ]]; then
42 |       #Checked if what is available is the same as what is in the dependency bundle
43 |       echo "Moving to next dependency"
44 |     elif [[ "$PWR" < "$VRSN" ]]; then
45 |       #Checked if dependency bundle is better
46 |       echo "Manual inspection of dependency suggested"
47 |     elif [[ "$PWR" == "metadata" ]]; then
48 |       echo "File not found in YUM list: $line"
49 |     else
50 |       echo "Update Found for $STR"
51 |       rm /root/prebuild/dependencies/$TARGET/$line
52 |       dnf download $STR  -y --resolve --destdir /root/prebuild/dependencies/$TARGET/
53 |       echo "$STR has been downloaded"
54 |     fi
55 |   fi
56 | done < manifest.txt
57 | #cleanup temporary files
58 | rm tmp.txt
59 | rm tmp2.txt
60 | rm manifest.txt
61 | rm list.txt
62 | 


--------------------------------------------------------------------------------
/jenkins-agent/prebuild/jenkins-agent-dependencies-dcar-2.1.sha256:
--------------------------------------------------------------------------------
1 | ee98da7a546cbbb6424ff63ddfd83187733be73058ce902ae9367ebba6f788a1
2 | 


--------------------------------------------------------------------------------
/jenkins-agent/prebuild/jenkins-agent-dependencies-dcar-2.1.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/jenkins-agent/prebuild/jenkins-agent-dependencies-dcar-2.1.sig


--------------------------------------------------------------------------------
/jenkins-agent/prebuild/pull-from-centos.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -xe
 4 | 
 5 | JENKINS_AGENT_VERSION=dcar-2.1
 6 | JENKINS_SWARM_VERSION=3.27
 7 | JNLP_SLAVE_VERSION=4.10
 8 | 
 9 | rm -rf /root/prebuild/dependencies
10 | mkdir -p /root/prebuild/dependencies/swarm-client /root/prebuild/dependencies/agent /root/prebuild/dependencies/docker-ce /root/prebuild/dependencies/pip3 /root/prebuild/dependencies/docker-compose /root/prebuild/dependencies/supervisor /root/prebuild/dependencies/hostname
11 | 
12 | yum --assumeyes update
13 | dnf --assumeyes install 'dnf-command(config-manager)'
14 | yum --assumeyes install yum-utils
15 | dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
16 | yumdownloader docker-ce-3:19.03.13-3.el8 --resolve --alldeps --destdir /root/prebuild/dependencies/docker-ce
17 | yumdownloader docker-ce-cli --resolve --destdir /root/prebuild/dependencies/docker-ce
18 | 


--------------------------------------------------------------------------------
/jenkins-agent/prebuild/pull-from-ubi.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -xe
 4 | 
 5 | JENKINS_AGENT_VERSION=dcar-2.1
 6 | JENKINS_SWARM_VERSION=3.27
 7 | JNLP_SLAVE_VERSION=4.10
 8 | 
 9 | curl --create-dirs -sSLo /root/prebuild/dependencies/swarm-client/swarm-client-${JENKINS_SWARM_VERSION}.jar http://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/swarm-client/${JENKINS_SWARM_VERSION}/swarm-client-${JENKINS_SWARM_VERSION}.jar
10 | curl --create-dirs -sSLo /root/prebuild/dependencies/agent/remoting-${JNLP_SLAVE_VERSION}.jar http://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${JNLP_SLAVE_VERSION}/remoting-${JNLP_SLAVE_VERSION}.jar
11 | 
12 | INSTALL_PKGS="tar hostname device-mapper-persistent-data lvm2 java-1.8.0-openjdk git openssl scl-utils python3 python38 python38-devel" && yum clean all &&\
13 |     yum --disableplugin=subscription-manager -y update-minimal --setopt=tsflags=nodocs \
14 |         --security && \
15 |     yum --disableplugin=subscription-manager -y install --setopt=tsflags=nodocs ${INSTALL_PKGS}
16 | 
17 | python3 -m pip install
18 | python3 -m pip install --upgrade pip
19 | curl https://files.pythonhosted.org/packages/fe/ef/60d7ba03b5c442309ef42e7d69959f73aacccd0d86008362a681c4698e83/pip-21.0.1-py3-none-any.whl -o /root/prebuild/dependencies/pip3/pip-21.0.1-py3-none-any.whl
20 | pip3 download supervisor -d /root/prebuild/dependencies/supervisor/
21 | pip3 download docker-compose -d /root/prebuild/dependencies/docker-compose/
22 | rm -f /root/prebuild/dependencies/docker-ce/glibc-common-2.28-127.el8.x86_64.rpm && \
23 | rm -f /root/prebuild/dependencies/docker-ce/glibc-2.28-127.el8.x86_64.rpm && \
24 | rm -f /root/prebuild/dependencies/docker-ce/glibc-2.28-127.el8.i686.rpm && \
25 | rm -f /root/prebuild/dependencies/docker-ce/glibc-langpack-en-2.28-127.el8.x86_64.rpm && \
26 | rm -f /root/prebuild/dependencies/docker-ce/glibc-all-langpacks-2.28-127.el8.x86_64.rpm && \
27 | rm -f /root/prebuild/dependencies/docker-ce/kmod-25-16.el8.x86_64.rpm && \
28 | rm -f /root/prebuild/dependencies/docker-ce/kmod-libs-25-16.el8.x86_64.rpm
29 | rm -f /root/prebuild/dependencies/docker-ce/filesystem-3.8-3.el8.x86_64.rpm
30 | 


--------------------------------------------------------------------------------
/jenkins-agent/supervisord.conf:
--------------------------------------------------------------------------------
 1 | # Copyright © 2018 Booz Allen Hamilton. All Rights Reserved.
 2 | # This software package is licensed under the Booz Allen Public License. The license can be found here: http://boozallen.github.io/licenses/bapl
 3 | 
 4 | [supervisord]
 5 | nodaemon=true
 6 | 
 7 | [program:docker]
 8 | command=dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --insecure-registry docker-registry.default.svc:5000
 9 | stdout_logfile=/dev/stdout
10 | stdout_logfile_maxbytes=0
11 | stderr_logfile=/dev/stderr
12 | stderr_logfile_maxbytes=0
13 | 
14 | [program:jenkins-agent]
15 | command=sh /opt/jenkins-agent/bin/jenkins-agent
16 | stdout_logfile=/dev/stdout
17 | stdout_logfile_maxbytes=0
18 | stderr_logfile=/dev/stderr
19 | stderr_logfile_maxbytes=0
20 | 


--------------------------------------------------------------------------------
/jenkins/README.rst:
--------------------------------------------------------------------------------
 1 | .. jenkins: 
 2 | 
 3 | --------------
 4 | Jenkins Master
 5 | --------------
 6 | 
 7 | 
 8 | This page will have docs for the jenkins image 
 9 | 
10 | 
11 | .. toctree::
12 |    :hidden:
13 | 
14 |    base/README
15 |    kubernetes/README
16 |    openshift/README


--------------------------------------------------------------------------------
/jenkins/base/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Copyright © 2018 Booz Allen Hamilton. All Rights Reserved.
 2 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 3 | 
 4 | FROM jenkins/jenkins:2.176.2
 5 | 
 6 | ENV JAVA_OPTS "-Djenkins.install.runSetupWizard=false"
 7 | 
 8 | EXPOSE 8080
 9 | EXPOSE 50000
10 | 
11 | USER root
12 | 
13 | # install plugins
14 | COPY resources/plugins/plugins.txt /usr/share/jenkins/ref/plugins.txt
15 | RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt
16 | 
17 | # insert configuration script
18 | COPY resources/scripts/configure.groovy /var/jenkins_home/init.groovy.d/configure.groovy
19 | RUN chmod 777 /var/jenkins_home/init.groovy.d/*
20 | 
21 | # copy in entry point scripts
22 | COPY resources/scripts/jenkins.sh /usr/local/bin/jenkins.sh
23 | RUN chmod 777 /usr/local/bin/jenkins.sh


--------------------------------------------------------------------------------
/jenkins/base/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = jenkins
 4 | VERSION  = 1.0
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile 
10 | .ONESHELL: push 
11 | 
12 | # Put it first so that "make" without argument is like "make help".
13 | help: ## Show target options
14 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
15 | 
16 | build: ## build container image 
17 | 	docker build . -t $(TAG)
18 | 
19 | push: ## builds and publishes container image 
20 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
21 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
22 | 	@echo 
23 | 	@docker login $(REGISTRY) -u $(user) -p $(pass); 
24 | 	make build 
25 | 	docker push $(TAG)
26 | 
27 | info: 
28 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
29 | 
30 | # Catch-all target: route all unknown targets to Sphinx using the new
31 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
32 | %: Makefile
33 | 	echo "Make command $@ not found" 
34 | 
35 | 


--------------------------------------------------------------------------------
/jenkins/base/README.rst:
--------------------------------------------------------------------------------
1 | ----------
2 | Base Image
3 | ----------
4 | 
5 | .. csv-table:: Environment Variables
6 |    :header: "Name", "Description", "Default" 
7 | 
8 |    "MASTER_EXECUTORS", "The number of executors for the Jenkins Master", "0" 


--------------------------------------------------------------------------------
/jenkins/base/resources/plugins/plugins.txt:
--------------------------------------------------------------------------------
  1 | ace-editor:1.1
  2 | analysis-core:1.96
  3 | ant:1.9
  4 | antisamy-markup-formatter:1.5
  5 | apache-httpcomponents-client-4-api:4.5.5-3.0
  6 | artifactory:3.3.2
  7 | authentication-tokens:1.3
  8 | blueocean:1.18.1
  9 | blueocean-autofavorite:1.2.4
 10 | blueocean-bitbucket-pipeline:1.18.1
 11 | blueocean-commons:1.18.1
 12 | blueocean-config:1.18.1
 13 | blueocean-core-js:1.18.1
 14 | blueocean-dashboard:1.18.1
 15 | blueocean-display-url:2.3.0
 16 | blueocean-events:1.18.1
 17 | blueocean-executor-info:1.18.1
 18 | blueocean-git-pipeline:1.18.1
 19 | blueocean-github-pipeline:1.18.1
 20 | blueocean-i18n:1.18.1
 21 | blueocean-jira:1.18.1
 22 | blueocean-jwt:1.18.1
 23 | blueocean-personalization:1.18.1
 24 | blueocean-pipeline-api-impl:1.18.1
 25 | blueocean-pipeline-editor:1.18.1
 26 | blueocean-pipeline-scm-api:1.18.1
 27 | blueocean-rest:1.18.1
 28 | blueocean-rest-impl:1.18.1
 29 | blueocean-web:1.18.1
 30 | bouncycastle-api:2.17
 31 | branch-api:2.5.4
 32 | build-timeout:1.19
 33 | cloudbees-bitbucket-branch-source:2.4.5
 34 | cloudbees-folder:6.9
 35 | command-launcher:1.3
 36 | config-file-provider:3.6.2
 37 | configuration-as-code:1.27
 38 | configuration-as-code-groovy:1.1
 39 | credentials:2.2.1
 40 | credentials-binding:1.20
 41 | dependency-check-jenkins-plugin:5.0.2
 42 | dependency-track:2.1.0
 43 | display-url-api:2.3.2
 44 | docker-commons:1.15
 45 | docker-workflow:1.19
 46 | durable-task:1.30
 47 | email-ext:2.66
 48 | favorite:2.3.2
 49 | filesystem_scm:2.1
 50 | git:3.12.0
 51 | git-client:2.8.0
 52 | git-server:1.8
 53 | github:1.29.4
 54 | github-api:1.95
 55 | github-branch-source:2.5.6
 56 | google-kubernetes-engine:0.6.3
 57 | google-metadata-plugin:0.2
 58 | google-oauth-plugin:0.8
 59 | google-source-plugin:0.3
 60 | gradle:1.33
 61 | handlebars:1.1.1
 62 | handy-uri-templates-2-api:2.1.7-1.0
 63 | htmlpublisher:1.18
 64 | ivy:2.1
 65 | jackson2-api:2.9.9.1
 66 | javadoc:1.5
 67 | jdk-tool:1.3
 68 | jenkins-design-language:1.18.1
 69 | jira:3.0.9
 70 | job-dsl:1.75
 71 | jquery:1.12.4-1
 72 | jquery-detached:1.2.1
 73 | jsch:0.1.55.1
 74 | junit:1.28
 75 | kubernetes-credentials:0.4.1
 76 | ldap:1.20
 77 | lockable-resources:2.5
 78 | mailer:1.24
 79 | mapdb-api:1.0.9.0
 80 | matrix-auth:2.4.2
 81 | matrix-project:1.14
 82 | maven-plugin:3.4
 83 | mercurial:2.8
 84 | momentjs:1.1.1
 85 | oauth-credentials:0.3
 86 | openshift-client:1.0.32
 87 | openshift-login:1.0.19
 88 | pam-auth:1.5.1
 89 | pipeline-build-step:2.9
 90 | pipeline-github-lib:1.0
 91 | pipeline-graph-analysis:1.10
 92 | pipeline-input-step:2.10
 93 | pipeline-milestone-step:1.3.1
 94 | pipeline-model-api:1.3.9
 95 | pipeline-model-declarative-agent:1.1.1
 96 | pipeline-model-definition:1.3.9
 97 | pipeline-model-extensions:1.3.9
 98 | pipeline-rest-api:2.12
 99 | pipeline-stage-step:2.3
100 | pipeline-stage-tags-metadata:1.3.9
101 | pipeline-stage-view:2.12
102 | pipeline-utility-steps:2.3.0
103 | plain-credentials:1.5
104 | pubsub-light:1.13
105 | resource-disposer:0.13
106 | scm-api:2.6.3
107 | script-security:1.62
108 | sonar:2.9
109 | sse-gateway:1.19
110 | ssh-credentials:1.17.1
111 | ssh-slaves:1.30.1
112 | structs:1.20
113 | subversion:2.12.2
114 | swarm:3.17
115 | templating-engine:1.3
116 | timestamper:1.10
117 | token-macro:2.8
118 | variant:1.3
119 | windows-slaves:1.4
120 | workflow-aggregator:2.6
121 | workflow-api:2.36
122 | workflow-basic-steps:2.18
123 | workflow-cps:2.73
124 | workflow-cps-global-lib:2.15
125 | workflow-durable-task-step:2.33
126 | workflow-job:2.33
127 | workflow-multibranch:2.21
128 | workflow-remote-loader:1.5
129 | workflow-scm-step:2.9
130 | workflow-step-api:2.20
131 | workflow-support:3.3
132 | ws-cleanup:0.37


--------------------------------------------------------------------------------
/jenkins/base/resources/scripts/jenkins.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash -e
 2 | 
 3 | # Copyright © 2018 Booz Allen Hamilton. All Rights Reserved.
 4 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 5 | 
 6 | : "${JENKINS_WAR:="/usr/share/jenkins/jenkins.war"}"
 7 | : "${JENKINS_HOME:="/var/jenkins_home"}"
 8 | touch "${COPY_REFERENCE_FILE_LOG}" || { echo "Can not write to ${COPY_REFERENCE_FILE_LOG}. Wrong volume permissions?"; exit 1; }
 9 | echo "--- Copying files at $(date)" >> "$COPY_REFERENCE_FILE_LOG"
10 | find /usr/share/jenkins/ref/ \( -type f -o -type l \) -exec bash -c '. /usr/local/bin/jenkins-support; for arg; do copy_reference_file "$arg"; done' _ {} +
11 | 
12 | # Jenkins Performance Tuning ##############################
13 | CONTAINER_MEMORY_IN_BYTES=$(cat /sys/fs/cgroup/memory/memory.limit_in_bytes)
14 | CONTAINER_MEMORY_IN_MB=$((CONTAINER_MEMORY_IN_BYTES/2**20))
15 | 
16 | # initialize java performance opts
17 | JAVA_PERFORMANCE_OPTS="-Dsun.zip.disableMemoryMapping=true -XX:+UnlockExperimentalVMOptions"
18 | 
19 | # set heap settings
20 | CONTAINER_HEAP_PERCENT=0.50
21 | CONTAINER_HEAP_MAX=$(echo "${CONTAINER_MEMORY_IN_MB} ${CONTAINER_HEAP_PERCENT}" | awk '{ printf "%d", $1 * $2 }')
22 | JAVA_PERFORMANCE_OPTS="$JAVA_PERFORMANCE_OPTS -Xmx${CONTAINER_HEAP_MAX}m"
23 | 
24 | # set gc settings
25 | JAVA_GC_OPTS="-server -XX:+AlwaysPreTouch -XX:+UseG1GC -XX:+ExplicitGCInvokesConcurrent -XX:+ParallelRefProcEnabled -XX:+UseStringDeduplication -XX:+UnlockDiagnosticVMOptions -XX:G1SummarizeRSetStatsPeriod=1"
26 | JAVA_PERFORMANCE_OPTS="$JAVA_PERFORMANCE_OPTS $JAVA_GC_OPTS"
27 | 
28 | # allow for multiple Jenkins Opts
29 | jenkins_opts_array=( )
30 | while IFS= read -r -d '' item; do
31 |   jenkins_opts_array+=( "$item" )
32 | done < <([[ $JENKINS_OPTS ]] && xargs printf '%s\0' <<<"$JENKINS_OPTS")
33 | 
34 | # allow for multiple Java Opts
35 | java_opts_array=()
36 | while IFS= read -r -d '' item; do
37 |   java_opts_array+=( "$item" )
38 | done < <([[ $JAVA_OPTS ]] && xargs printf '%s\0' <<<"$JAVA_OPTS")
39 | 
40 | ##########################################################
41 | echo java -Duser.home="$JENKINS_HOME" "${java_opts_array[@]}" "$JAVA_PERFORMANCE_OPTS" -jar ${JENKINS_WAR} "${jenkins_opts_array[@]}" "$@"
42 | exec java -Duser.home="$JENKINS_HOME" "${java_opts_array[@]}" "$JAVA_PERFORMANCE_OPTS" -jar ${JENKINS_WAR} "${jenkins_opts_array[@]}" "$@"
43 | 


--------------------------------------------------------------------------------
/jenkins/ecs/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Copyright © 2018 Booz Allen Hamilton. All Rights Reserved.
 2 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 3 | 
 4 | FROM jenkins/jenkins:2.176.3
 5 | 
 6 | ENV JAVA_OPTS "-Djenkins.install.runSetupWizard=false"
 7 | ENV CASC_JENKINS_CONFIG "/var/jenkins_home/casc_configs"
 8 | 
 9 | EXPOSE 8080
10 | EXPOSE 50000
11 | 
12 | USER root
13 | 
14 | RUN apt-get update && apt-get -y install jq
15 | 
16 | # copy in init files
17 | COPY resources/scripts/jenkins_preboot.sh /usr/local/bin/jenkins_preboot.sh
18 | RUN chmod +x /usr/local/bin/jenkins_preboot.sh
19 | 
20 | 
21 | COPY resources/scripts/container_entrypoint.sh /usr/local/bin/container_entrypoint.sh
22 | RUN chmod +x /usr/local/bin/container_entrypoint.sh
23 | 
24 | # install plugins
25 | COPY resources/plugins/plugins.txt /usr/share/jenkins/ref/plugins.txt
26 | RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt
27 | 
28 | # copy in JCASC file
29 | RUN mkdir -p /var/jenkins_home/casc_configs 
30 | COPY resources/jenkins-configuration/jenkins-casc.yml /var/jenkins_home/casc_configs/config.yml
31 | 
32 | ENTRYPOINT /usr/local/bin/container_entrypoint.sh
33 | 


--------------------------------------------------------------------------------
/jenkins/ecs/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = jenkins
 4 | VERSION  = ecs-1.0
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile 
10 | .ONESHELL: push 
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | build: ## build container image 
18 | 	docker build . -t $(TAG)
19 | 
20 | push: ## builds and publishes container image 
21 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
22 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
23 | 	@echo 
24 | 	@docker login $(REGISTRY) -u $(user) -p $(pass); 
25 | 	make build 
26 | 	docker push $(TAG)
27 | 
28 | info: 
29 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
30 | 
31 | # Catch-all target: route all unknown targets to Sphinx using the new
32 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
33 | %: Makefile
34 | 	echo "Make command $@ not found" 
35 | 
36 | 


--------------------------------------------------------------------------------
/jenkins/ecs/README.rst:
--------------------------------------------------------------------------------
 1 | -------
 2 | On ECS
 3 | -------
 4 | 
 5 | 
 6 | 
 7 | .. csv-table:: Environment Variables
 8 |    :header: "Name", "Description", "Default" 
 9 | 
10 |     "ADMIN_USER", "admin user name", ""
11 |     "ADMIN_PASSWORD", "admin user password", ""
12 |     "CODEBUILD_PROJECT_NAME", "AWS CodeBuild Project Name", "" 
13 |     "CODEBUILD_PROJECT_REGION", "AWS CodeBuild Project Region", ""
14 |     "MULTIBRANCH_JOBS", "comma separated list of repositories to create multibranch jobs for, i.e. boozallen/sample-repository", "" 
15 |     "JENKINS_PUBLIC_URL", "public url to configure for the jenkins instance", ""


--------------------------------------------------------------------------------
/jenkins/ecs/resources/plugins/plugins.txt:
--------------------------------------------------------------------------------
 1 | ace-editor:1.1
 2 | amazon-ecr:1.6
 3 | ant:1.10
 4 | antisamy-markup-formatter:1.6
 5 | apache-httpcomponents-client-4-api:4.5.5-3.0
 6 | authentication-tokens:1.3
 7 | aws-credentials:1.27
 8 | aws-java-sdk:1.11.594
 9 | bouncycastle-api:2.17
10 | branch-api:2.5.4
11 | build-timeout:1.19
12 | cloudbees-folder:6.9
13 | codebuilder-cloud:1.0.1
14 | command-launcher:1.3
15 | configuration-as-code:1.29
16 | configuration-as-code-groovy:1.1
17 | credentials:2.3.0
18 | credentials-binding:1.20
19 | display-url-api:2.3.2
20 | docker-commons:1.15
21 | docker-workflow:1.19
22 | durable-task:1.30
23 | email-ext:2.66
24 | git:3.12.0
25 | git-client:2.8.2
26 | git-server:1.8
27 | github:1.29.4
28 | github-api:1.95
29 | github-branch-source:2.5.6
30 | gradle:1.33
31 | handlebars:1.1.1
32 | jackson2-api:2.9.9.1
33 | jdk-tool:1.3
34 | jquery-detached:1.2.1
35 | jsch:0.1.55.1
36 | junit:1.28
37 | ldap:1.20
38 | lockable-resources:2.5
39 | mailer:1.25
40 | mapdb-api:1.0.9.0
41 | matrix-auth:2.4.2
42 | matrix-project:1.14
43 | momentjs:1.1.1
44 | pam-auth:1.5.1
45 | pipeline-aws:1.38
46 | pipeline-build-step:2.9
47 | pipeline-github-lib:1.0
48 | pipeline-graph-analysis:1.10
49 | pipeline-input-step:2.11
50 | pipeline-milestone-step:1.3.1
51 | pipeline-model-api:1.3.9
52 | pipeline-model-declarative-agent:1.1.1
53 | pipeline-model-definition:1.3.9
54 | pipeline-model-extensions:1.3.9
55 | pipeline-rest-api:2.12
56 | pipeline-stage-step:2.3
57 | pipeline-stage-tags-metadata:1.3.9
58 | pipeline-stage-view:2.12
59 | pipeline-utility-steps:2.3.0
60 | plain-credentials:1.5
61 | resource-disposer:0.13
62 | scm-api:2.6.3
63 | script-security:1.62
64 | sonar:2.9
65 | ssh-credentials:1.17.1
66 | ssh-slaves:1.30.1
67 | structs:1.20
68 | subversion:2.12.2
69 | templating-engine:1.3
70 | timestamper:1.10
71 | token-macro:2.8
72 | variant:1.3
73 | workflow-aggregator:2.6
74 | workflow-api:2.37
75 | workflow-basic-steps:2.18
76 | workflow-cps:2.74
77 | workflow-cps-global-lib:2.15
78 | workflow-durable-task-step:2.33
79 | workflow-job:2.34
80 | workflow-multibranch:2.21
81 | workflow-scm-step:2.9
82 | workflow-step-api:2.20
83 | workflow-support:3.3
84 | ws-cleanup:0.37


--------------------------------------------------------------------------------
/jenkins/ecs/resources/scripts/container_entrypoint.sh:
--------------------------------------------------------------------------------
1 | #! /bin/bash -e
2 | 
3 | /usr/local/bin/jenkins_preboot.sh
4 | 
5 | /sbin/tini -- /usr/local/bin/jenkins.sh


--------------------------------------------------------------------------------
/jenkins/ecs/resources/scripts/jenkins_preboot.sh:
--------------------------------------------------------------------------------
1 | #! /bin/bash -e
2 | 
3 | # if [[ -n $AWS_CONTAINER_CREDENTIALS_RELATIVE_URI ]]; then
4 | 
5 | # done;
6 | 


--------------------------------------------------------------------------------
/jenkins/kubernetes/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = jenkins
 4 | VERSION  = dcar-2.1
 5 | JENKINS_VERSION=2.289.2
 6 | 
 7 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 8 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 9 | 
10 | .PHONY: help Makefile
11 | .ONESHELL: push
12 | 
13 | 
14 | # Put it first so that "make" without argument is like "make help".
15 | help: ## Show target options
16 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
17 | 
18 | build: ## build container image
19 | 	docker build . -t $(TAG)
20 | 
21 | push: ## builds and publishes container image
22 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
23 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
24 | 	@echo
25 | 	@docker login $(REGISTRY) -u $(user) -p $(pass);
26 | 	make build
27 | 	docker push $(TAG)
28 | 
29 | build-dep: ## build container dependencies
30 | 	$(eval dir := $(shell pwd))
31 | 	docker run --user root -it -v $(dir)/prebuild:/var/jenkins_home/tmp jenkins/jenkins:${JENKINS_VERSION}-lts /var/jenkins_home/tmp/pull-plugins.sh
32 | 	docker run --user root -it -v $(dir)/prebuild:/root/prebuild:z registry.access.redhat.com/ubi8/ubi:8.3 /root/prebuild/pull-from-centos.sh
33 | 	docker run --user root -it -v $(dir)/prebuild:/root/prebuild:z registry.access.redhat.com/ubi8/ubi:8.3 /root/prebuild/build-dep.sh
34 | 
35 | info:
36 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
37 | 
38 | # Catch-all target: route all unknown targets to Sphinx using the new
39 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
40 | %: Makefile
41 | 	echo "Make command $@ not found"
42 | 


--------------------------------------------------------------------------------
/jenkins/kubernetes/README.rst:
--------------------------------------------------------------------------------
1 | -------------
2 | On Kubernetes
3 | -------------


--------------------------------------------------------------------------------
/jenkins/kubernetes/prebuild/BAH-public.key:
--------------------------------------------------------------------------------
 1 | -----BEGIN PGP PUBLIC KEY BLOCK-----
 2 | Version: GnuPG v2.0.22 (GNU/Linux)
 3 | 
 4 | mQINBF4worQBEACsIaK9upBTpLrZUKQdGsYMwFs62iFQ2LFpe20X+cWDzHyjAs6C
 5 | c0b+QJK/WFEh61rWkSu74IUfAgLrbAzZV6dYwcNYaa/FNR9NLFBpn/7HK4lE2M7A
 6 | MqdujCKAELS74JHpJ8+bjLbgV59MkPfQSTHn0BOo02JiWuqxpFKSlVTTtdiymhXQ
 7 | USiqZ8FSgrVH9GiibRdCBloT1HFrrxs2LMnRsgCN6FXtyPF7jQSipklBfASCe0lS
 8 | i4UNyx+d5G1lpXqZiwYxVYMw79Z5b9l/ZcYAar10o5EQpnr76rxMCIf2vlEZp/Yj
 9 | aZVIHpTTtA4g9lsrIhDoJ8hABnOsNfz5M1zLMXbZaIrwQi+1ZhHlKSGxYlXgy2ay
10 | +zOWzjz4ub5t7yxI3MPLlEIcJTrJwC9LMUzGhqLDnOi0m5vdrXksUvIQ9JQHqHOd
11 | iQdtTqJErVQl7rBMepLUBdNSJ1PqjR5AZRljGOCdZPedb5/U+5n/pxv23xbWWs2/
12 | pad31FISlY8y3eEhaA1Y2GcP+Y4LAtNm4LyM4Uk/nvniG+rI0TBzxERn1Y6Pax8x
13 | JhTUcgcBLGHbwFAQ/gTDRkg+9DnR0m8ZCKuJ8bPx1qmM1iR39Ks44AbtZsgrkZF+
14 | DrHXaiaIxtEHyRw7JLQ4auNhZb3FQfy7YrENqnF3eEhyg4cx0LEJJcl+wwARAQAB
15 | tDBiYWxhbi1rYXJwYWdhbSA8YmFsYW4ta2FycGFnYW1AdXNlcnMuZ2l0aHViLmNv
16 | bT6JAj8EEwECACkFAl4worQCGwMFCRLMAwAHCwkIBwMCAQYVCAIJCgsEFgIDAQIe
17 | AQIXgAAKCRCRo0uHmCFZ3ECvD/9Ix0fSV4zOwnJ5KQZEp5tEnOGPJBPcBZ6hBJQc
18 | 9/R7DcmcN2LsOm6weMvax12/7Jo7Dbpl2rH11vwqrMrPmnm4BO6YcdmxmfE5ikyu
19 | 2EU4pzYgAFOGrahNaaSzEXFnMvDAKHLPT6xOJ35Re/RYxQOoiW+dmxPaceZv+lf4
20 | Jpfm8AtreMqpWLwl1+EN6zJzMF0yJjxUNxsZzaf4G6IxqZ+xwh9Auh2R6ga7UUz5
21 | 0sNDIMdFUNE0aQNsd8UX5pJQApwd63xE9MrnqnCPs3y39b1V+gSwYWv3sMTGDpyE
22 | rlDazVIJgSdBytpjAqoC0+wlm/fSgMI5YL6sJnhAfKUKp5u+5Dsr3xPFfq8s62cs
23 | TD14tQ0ees62I3yysStfo2w8lRUE+7fXLhgPaeYoN56/XsIheO0cXIbiNgLdS6kl
24 | MH+RtdyvwOBLdUgH1N5V/ctqeXbs38w4i4jPeyt/z6XYRli7Xkh7g3m1JpL4Hn6Q
25 | tqvuvx0FwdfXjcbuHIAHrY4kAkvKNi+dDsJ3tP8CYotmI/RlNCKjweMcOKN7qXAz
26 | /3qOUNXP546eObg3obOn0g0npyfQ9hojwFCl2KqNzHcr45y1Jw4peFXjthBq8B7Z
27 | cn6mKauJ+0K3H+fjlKR3W2TUD/p3FKqILbbw10J3sFulRppTDqzhRetUs0dQgtuK
28 | DpivCLkCDQReMKK0ARAA0sOzOfKuinhmzybri25NkXvyp9SbNcg8pZAmOkXsJ0Hy
29 | S5VK4a6aHoRs1pGsikaBYNdxJ2gwA3CeiaAJW54od8gA1RVzETfyKWjYsO7AB4I0
30 | LRmZSEYisnVjfTxzfpbTqjem3yyq2KG2pv4FEsv6jF9dGrdQ9EgZHf/ZebI55JS/
31 | TPVVau/EW3urVPFLlz+2TOzks5ysHtdCZl5A7+it70lPnaqg2LO5Kp9OnmUpIpLF
32 | piorHnNYXv6kUoCYblj65djCmvnRoN1rKfrh12vhIupXfRfyO/hovIMnEHFhXhBY
33 | yJAdusapk6A+mkbjS3g0E2igV5g0lW1XR/vN6ElGs3JfCLLmFYJCWyIg5ykrHj3I
34 | S8cf1uaMfSQcArIBewc8RZdN1YZUc6WCH3BImBKI1di8QdNACfUnZSkNdMrN4Dmn
35 | MLD38ACsSTe/D68MHxr5ee5tH7iFxTWBn8l5bZQot5qsL9glDxTT4bNiK9HzZJZN
36 | ks4r3kg8mUcNb8LTi4Fn9ITEv0COzPMOs7ibIMeFv+r5LGK2DHo/o+oLgSzNcx2W
37 | PAzhFscXtCRFZHWjN1wLAjT1mPjkF8WRKfNwp3azU1VdZ4V7uR2FlsjwaL8QZs5g
38 | ZpyeyZLMEsN47LoIaMvmTCc6HzsZoJAtz9GNwBlFmQoxodIkGYiwNRGWD/eNPEEA
39 | EQEAAYkCJQQYAQIADwUCXjCitAIbDAUJEswDAAAKCRCRo0uHmCFZ3CyYEACN5wsX
40 | vH+jNxYxQ+2FvObZyHT/LjD1DgFGCxE+dMqtaR84OgVgpHxhka8fbSaNlwey0J9h
41 | jo7dgcx9pc4TpxmIiRFqKRUbMMEVfeksy1wC4T5UZHaL3QNy6I/vnpGmPkUmEK1F
42 | RKERbpK/lCj4LDZpZr5hBnQ+5IcuSGR5JJ28vm58UMuiwwbE84hgbu0XcBqNkEcM
43 | sg9jVVJJ7ZgV6TKjEa/335LwT8gQRBKBuef/ENWps8XOxY7tYD6XvHI4Hgxk5W3g
44 | XuaaXs5SXR/bTgUgIYSqfSnjwbKVQJh8fXivs2N1kgFzZBA80O6oecB3+5sTmEMJ
45 | SzBpX01+B0WQZ+AY/FAYTZhqG0eD0pn8MHdVr4emoZYAgkW9iCjrnN9+TS8Lpb0I
46 | L3SxTyU07NCJKXZajCaSFuSm2OAM4E979HIZUargYKmA06v6bFXh/TdQKaONN+Eh
47 | qR9E5AM1N12ekN0ORxSARRQuOXUMFZ+beco+MMGhkbtu4Q4dSJviF26gxgvdPDq9
48 | 5uMF/MKyo4Th6g1Yf3Y+UNaP9i+XHqvmExoDf6VN08Pto7sYIPHS1yqcEqJxPIw0
49 | Q3R1n6FGi9YcfTSVpgLQa97FSzmzh5qT3Ef0puJsCzB916Itmwax1aeduZjURp3H
50 | TWKZU0fI5Q5MLqyVTV3podyo7oDD4WySM3BYlQ==
51 | =MD6X
52 | -----END PGP PUBLIC KEY BLOCK-----
53 | 


--------------------------------------------------------------------------------
/jenkins/kubernetes/prebuild/build-dep.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -xe
 4 | 
 5 | SDP_BUILD_DEPENDENCY_VERSION=dcar-2.1
 6 | 
 7 | cd /root/prebuild
 8 | tar czvf jenkins-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz dependencies
 9 | gpg --import /root/prebuild/BAH-public.key
10 | gpg --import --allow-secret-key-import  /root/prebuild/BAH-private.key
11 | gpg --output /root/prebuild/jenkins-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.sig --detach-sig /root/prebuild/jenkins-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz
12 | sha256sum /root/prebuild/jenkins-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz | awk '{print $1}' > /root/prebuild/jenkins-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.sha256
13 | rm -rf /root/prebuild/dependencies
14 | 


--------------------------------------------------------------------------------
/jenkins/kubernetes/prebuild/jenkins-dependencies-dcar-2.1.sha256:
--------------------------------------------------------------------------------
1 | 7fe0d4bcab25e1081c7af03923e942cb167c29054fc3c6b9587023c71deeb80c
2 | 


--------------------------------------------------------------------------------
/jenkins/kubernetes/prebuild/jenkins-dependencies-dcar-2.1.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/jenkins/kubernetes/prebuild/jenkins-dependencies-dcar-2.1.sig


--------------------------------------------------------------------------------
/jenkins/kubernetes/prebuild/plugins.txt:
--------------------------------------------------------------------------------
1 | groovy:2.3
2 | git:4.7.0
3 | templating-engine:2.2.2
4 | 


--------------------------------------------------------------------------------
/jenkins/kubernetes/prebuild/pull-from-centos.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -xe
 4 | 
 5 | 
 6 | TINI_VERSION=v0.19.0
 7 | JENKINS_VERSION=2.289.2
 8 | 
 9 | mkdir /root/prebuild/dependencies/tini/
10 | curl -kfsSL https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-static-amd64 -o /root/prebuild/dependencies/tini/tini-${TINI_VERSION}
11 | 
12 | curl -fsSL https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-static-amd64.asc -o /root/tini.asc
13 | 
14 | gpg --no-tty --import /root/prebuild/tini_pub.gpg
15 | gpg --verify /root/tini.asc  /root/prebuild/dependencies/tini/tini-${TINI_VERSION}
16 | 
17 | 
18 | # jenkins version being bundled in this docker image
19 | 
20 | # Can be used to customize where jenkins.war get downloaded from
21 | JENKINS_URL=https://repo.jenkins-ci.org/public/org/jenkins-ci/main/jenkins-war/${JENKINS_VERSION}/jenkins-war-${JENKINS_VERSION}.war
22 | 
23 | 
24 | mkdir /root/prebuild/dependencies/jenkins/
25 | curl -kfsSL ${JENKINS_URL} -o /root/prebuild/dependencies/jenkins/jenkins-war-${JENKINS_VERSION}.war
26 | 


--------------------------------------------------------------------------------
/jenkins/kubernetes/prebuild/pull-plugins.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | CURL_OPTIONS="-sSfL --insecure"
3 | export CURL_OPTIONS
4 | 
5 | /usr/local/bin/install-plugins.sh < /var/jenkins_home/tmp/plugins.txt
6 | mkdir /var/jenkins_home/tmp/dependencies
7 | mv /usr/share/jenkins/ref/plugins /var/jenkins_home/tmp/dependencies/
8 | 


--------------------------------------------------------------------------------
/jenkins/kubernetes/resources/scripts/jenkins.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash -e
 2 | 
 3 | : "${JENKINS_WAR:="/usr/share/jenkins/jenkins.war"}"
 4 | : "${JENKINS_HOME:="/var/jenkins_home"}"
 5 | : "${COPY_REFERENCE_FILE_LOG:="${JENKINS_HOME}/copy_reference_file.log"}"
 6 | : "${REF:="/usr/share/jenkins/ref"}"
 7 | touch "${COPY_REFERENCE_FILE_LOG}" || { echo "Can not write to ${COPY_REFERENCE_FILE_LOG}. Wrong volume permissions?"; exit 1; }
 8 | echo "--- Copying files at $(date)" >> "$COPY_REFERENCE_FILE_LOG"
 9 | find "${REF}" \( -type f -o -type l \) -exec bash -c '. /usr/local/bin/jenkins-support; for arg; do copy_reference_file "$arg"; done' _ {} +
10 | 
11 | mkdir -p ${JENKINS_HOME}/plugins
12 | cp /tmp/plugins/* ${JENKINS_HOME}/plugins
13 | rm -rf /tmp/plugins
14 | 
15 | 
16 | # if `docker run` first argument start with `--` the user is passing jenkins launcher arguments
17 | if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then
18 | 
19 |   # read JAVA_OPTS and JENKINS_OPTS into arrays to avoid need for eval (and associated vulnerabilities)
20 |   java_opts_array=()
21 |   while IFS= read -r -d '' item; do
22 |     java_opts_array+=( "$item" )
23 |   done < <([[ $JAVA_OPTS ]] && xargs printf '%s\0' <<<"$JAVA_OPTS")
24 | 
25 |   readonly agent_port_property='jenkins.model.Jenkins.slaveAgentPort'
26 |   if [ -n "${JENKINS_SLAVE_AGENT_PORT:-}" ] && [[ "${JAVA_OPTS:-}" != *"${agent_port_property}"* ]]; then
27 |     java_opts_array+=( "-D${agent_port_property}=${JENKINS_SLAVE_AGENT_PORT}" )
28 |   fi
29 | 
30 |   if [[ "$DEBUG" ]] ; then
31 |     java_opts_array+=( \
32 |       '-Xdebug' \
33 |       '-Xrunjdwp:server=y,transport=dt_socket,address=5005,suspend=y' \
34 |     )
35 |   fi
36 | 
37 |   jenkins_opts_array=( )
38 |   while IFS= read -r -d '' item; do
39 |     jenkins_opts_array+=( "$item" )
40 |   done < <([[ $JENKINS_OPTS ]] && xargs printf '%s\0' <<<"$JENKINS_OPTS")
41 | 
42 |   exec java -Duser.home="$JENKINS_HOME" "${java_opts_array[@]}" -jar ${JENKINS_WAR} "${jenkins_opts_array[@]}" "$@"
43 | fi
44 | 
45 | # As argument is not jenkins, assume user want to run his own process, for example a `bash` shell to explore this image
46 | exec "$@"
47 | 


--------------------------------------------------------------------------------
/jenkins/kubernetes/resources/scripts/tini-shim.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash
 2 | set -euo pipefail
 3 | 
 4 | cat <<EOF
 5 | ***************************************************************************
 6 | * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING *
 7 | ***************************************************************************
 8 | Please update your scripts to use /sbin/tini or simply tini going forward.
 9 | Previous path has been preserved for backwards compatibility,
10 | but WILL BE REMOVED in the future. (around Jenkins >= 2.107.2+)
11 | 
12 | Now sleeping 2 minutes...
13 | EOF
14 | 
15 | sleep 120
16 | 
17 | exec tini "$@"
18 | 


--------------------------------------------------------------------------------
/jenkins/openshift/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Copyright © 2018 Booz Allen Hamilton. All Rights Reserved.
 2 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 3 | 
 4 | FROM jenkins/jenkins:2.164.2
 5 | 
 6 | ENV JAVA_OPTS "-Djenkins.install.runSetupWizard=false"
 7 | ENV JTE_RELEASE "v0.1-alpha"
 8 | 
 9 | EXPOSE 8080
10 | EXPOSE 50000
11 | 
12 | USER root
13 | 
14 | # install oc client
15 | RUN mkdir -p /tmp/oc-client && cd /tmp/oc-client && \
16 |     wget -O oc-client.tar.gz https://github.com/openshift/origin/releases/download/v3.6.1/openshift-origin-client-tools-v3.6.1-008f2d5-linux-64bit.tar.gz && \
17 |     tar -xvf oc-client.tar.gz && \
18 |     mv */oc /usr/bin/oc
19 | 
20 | # install plugins
21 | COPY resources/plugins/plugins.txt /usr/share/jenkins/ref/plugins.txt
22 | RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt
23 | 
24 | # insert configuration script
25 | COPY resources/scripts/configure.groovy /var/jenkins_home/init.groovy.d/configure.groovy
26 | RUN chmod 777 /var/jenkins_home/init.groovy.d/*
27 | 
28 | # copy in entry point scripts
29 | COPY resources/scripts/jenkins-preboot.sh /usr/local/bin/jenkins_preboot
30 | COPY resources/scripts/jenkins.sh /usr/local/bin/jenkins.sh
31 | RUN chmod +x /usr/local/bin/jenkins_preboot && chmod 777 /usr/local/bin/jenkins_preboot /usr/local/bin/jenkins.sh
32 | 
33 | # modify permissions for OpenShift
34 | RUN chgrp -R 0 $JENKINS_HOME && \
35 |     chmod -R g=u $JENKINS_HOME /etc/passwd
36 | 


--------------------------------------------------------------------------------
/jenkins/openshift/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = jenkins
 4 | VERSION  = openshift-1.0
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile 
10 | .ONESHELL: push 
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | build: ## build container image 
18 | 	docker build . -t $(TAG)
19 | 
20 | push: ## builds and publishes container image 
21 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
22 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
23 | 	@echo 
24 | 	@docker login $(REGISTRY) -u $(user) -p $(pass); 
25 | 	make build 
26 | 	docker push $(TAG)
27 | 
28 | info: 
29 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
30 | 	
31 | # Catch-all target: route all unknown targets to Sphinx using the new
32 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
33 | %: Makefile
34 | 	echo "Make command $@ not found" 
35 | 
36 | 


--------------------------------------------------------------------------------
/jenkins/openshift/README.md:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/jenkins/openshift/README.rst:
--------------------------------------------------------------------------------
1 | ------------
2 | On OpenShift
3 | ------------


--------------------------------------------------------------------------------
/jenkins/openshift/resources/plugins/plugins.txt:
--------------------------------------------------------------------------------
  1 | ace-editor:1.1
  2 | analysis-core:1.96
  3 | ant:1.9
  4 | antisamy-markup-formatter:1.5
  5 | apache-httpcomponents-client-4-api:4.5.5-3.0
  6 | artifactory:3.2.2
  7 | authentication-tokens:1.3
  8 | blueocean:1.16.0
  9 | blueocean-autofavorite:1.2.4
 10 | blueocean-bitbucket-pipeline:1.16.0
 11 | blueocean-commons:1.16.0
 12 | blueocean-config:1.16.0
 13 | blueocean-core-js:1.16.0
 14 | blueocean-dashboard:1.16.0
 15 | blueocean-display-url:2.3.0
 16 | blueocean-events:1.16.0
 17 | blueocean-executor-info:1.16.0
 18 | blueocean-git-pipeline:1.16.0
 19 | blueocean-github-pipeline:1.16.0
 20 | blueocean-i18n:1.16.0
 21 | blueocean-jira:1.16.0
 22 | blueocean-jwt:1.16.0
 23 | blueocean-personalization:1.16.0
 24 | blueocean-pipeline-api-impl:1.16.0
 25 | blueocean-pipeline-editor:1.16.0
 26 | blueocean-pipeline-scm-api:1.16.0
 27 | blueocean-rest:1.16.0
 28 | blueocean-rest-impl:1.16.0
 29 | blueocean-web:1.16.0
 30 | bouncycastle-api:2.17
 31 | branch-api:2.5.2
 32 | build-timeout:1.19
 33 | cloudbees-bitbucket-branch-source:2.4.4
 34 | cloudbees-folder:6.8
 35 | command-launcher:1.3
 36 | config-file-provider:3.6
 37 | credentials:2.1.19
 38 | credentials-binding:1.18
 39 | dependency-check-jenkins-plugin:4.0.2
 40 | dependency-track:2.1.0
 41 | display-url-api:2.3.1
 42 | docker-commons:1.15
 43 | docker-workflow:1.18
 44 | durable-task:1.29
 45 | email-ext:2.66
 46 | favorite:2.3.2
 47 | filesystem_scm:2.1
 48 | git:3.10.0
 49 | git-client:2.7.7
 50 | git-server:1.7
 51 | github:1.29.4
 52 | github-api:1.95
 53 | github-branch-source:2.5.3
 54 | gradle:1.32
 55 | handlebars:1.1.1
 56 | handy-uri-templates-2-api:2.1.7-1.0
 57 | htmlpublisher:1.18
 58 | ivy:2.1
 59 | jackson2-api:2.9.9
 60 | javadoc:1.5
 61 | jdk-tool:1.2
 62 | jenkins-design-language:1.16.0
 63 | jira:3.0.7
 64 | job-dsl:1.74
 65 | jquery:1.12.4-0
 66 | jquery-detached:1.2.1
 67 | jsch:0.1.55
 68 | junit:1.28
 69 | kubernetes-credentials:0.4.0
 70 | ldap:1.20
 71 | lockable-resources:2.5
 72 | mailer:1.23
 73 | mapdb-api:1.0.9.0
 74 | matrix-auth:2.4.2
 75 | matrix-project:1.14
 76 | maven-plugin:3.2
 77 | mercurial:2.6
 78 | momentjs:1.1.1
 79 | openshift-client:1.0.30
 80 | openshift-login:1.0.17
 81 | pam-auth:1.5.1
 82 | pipeline-build-step:2.9
 83 | pipeline-github-lib:1.0
 84 | pipeline-graph-analysis:1.10
 85 | pipeline-input-step:2.10
 86 | pipeline-milestone-step:1.3.1
 87 | pipeline-model-api:1.3.8
 88 | pipeline-model-declarative-agent:1.1.1
 89 | pipeline-model-definition:1.3.8
 90 | pipeline-model-extensions:1.3.8
 91 | pipeline-rest-api:2.11
 92 | pipeline-stage-step:2.3
 93 | pipeline-stage-tags-metadata:1.3.8
 94 | pipeline-stage-view:2.11
 95 | pipeline-utility-steps:2.3.0
 96 | plain-credentials:1.5
 97 | pubsub-light:1.12
 98 | resource-disposer:0.12
 99 | scm-api:2.4.1
100 | script-security:1.59
101 | sonar:2.9
102 | sse-gateway:1.17
103 | ssh-credentials:1.16
104 | ssh-slaves:1.29.4
105 | structs:1.19
106 | subversion:2.12.1
107 | swarm:3.16
108 | templating-engine:1.1.1
109 | timestamper:1.9
110 | token-macro:2.7
111 | variant:1.2
112 | windows-slaves:1.4
113 | workflow-aggregator:2.6
114 | workflow-api:2.34
115 | workflow-basic-steps:2.16
116 | workflow-cps:2.68
117 | workflow-cps-global-lib:2.13
118 | workflow-durable-task-step:2.30
119 | workflow-job:2.32
120 | workflow-multibranch:2.21
121 | workflow-remote-loader:1.4
122 | workflow-scm-step:2.7
123 | workflow-step-api:2.19
124 | workflow-support:3.3
125 | ws-cleanup:0.37


--------------------------------------------------------------------------------
/jenkins/openshift/resources/scripts/jenkins-preboot.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | # Copyright © 2018 Booz Allen Hamilton. All Rights Reserved.
4 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
5 | 
6 | # Install the JTE Plugin
7 | # cp /usr/share/jenkins/ref/jte.jpi $JENKINS_HOME/plugins
8 | 


--------------------------------------------------------------------------------
/jenkins/openshift/resources/scripts/jenkins.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash -e
 2 | 
 3 | # Copyright © 2018 Booz Allen Hamilton. All Rights Reserved.
 4 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 5 | 
 6 | : "${JENKINS_WAR:="/usr/share/jenkins/jenkins.war"}"
 7 | : "${JENKINS_HOME:="/var/jenkins_home"}"
 8 | touch "${COPY_REFERENCE_FILE_LOG}" || { echo "Can not write to ${COPY_REFERENCE_FILE_LOG}. Wrong volume permissions?"; exit 1; }
 9 | echo "--- Copying files at $(date)" >> "$COPY_REFERENCE_FILE_LOG"
10 | find /usr/share/jenkins/ref/ \( -type f -o -type l \) -exec bash -c '. /usr/local/bin/jenkins-support; for arg; do copy_reference_file "$arg"; done' _ {} +
11 | 
12 | jenkins_preboot
13 | 
14 | 
15 | # Jenkins Performance Tuning ##############################
16 | CONTAINER_MEMORY_IN_BYTES=$(cat /sys/fs/cgroup/memory/memory.limit_in_bytes)
17 | CONTAINER_MEMORY_IN_MB=$((CONTAINER_MEMORY_IN_BYTES/2**20))
18 | 
19 | # initialize java performance opts
20 | JAVA_PERFORMANCE_OPTS="-Dsun.zip.disableMemoryMapping=true -XX:+UnlockExperimentalVMOptions"
21 | 
22 | # set heap settings
23 | CONTAINER_HEAP_PERCENT=0.50
24 | CONTAINER_HEAP_MAX=$(echo "${CONTAINER_MEMORY_IN_MB} ${CONTAINER_HEAP_PERCENT}" | awk '{ printf "%d", $1 * $2 }')
25 | JAVA_PERFORMANCE_OPTS="$JAVA_PERFORMANCE_OPTS -Xmx${CONTAINER_HEAP_MAX}m"
26 | 
27 | # set gc settings
28 | JAVA_GC_OPTS="-server -XX:+AlwaysPreTouch -XX:+UseG1GC -XX:+ExplicitGCInvokesConcurrent -XX:+ParallelRefProcEnabled -XX:+UseStringDeduplication -XX:+UnlockDiagnosticVMOptions -XX:G1SummarizeRSetStatsPeriod=1"
29 | JAVA_PERFORMANCE_OPTS="$JAVA_PERFORMANCE_OPTS $JAVA_GC_OPTS"
30 | 
31 | # allow for multiple Jenkins Opts
32 | jenkins_opts_array=( )
33 | while IFS= read -r -d '' item; do
34 |   jenkins_opts_array+=( "$item" )
35 | done < <([[ $JENKINS_OPTS ]] && xargs printf '%s\0' <<<"$JENKINS_OPTS")
36 | 
37 | # allow for multiple Java Opts
38 | java_opts_array=()
39 | while IFS= read -r -d '' item; do
40 |   java_opts_array+=( "$item" )
41 | done < <([[ $JAVA_OPTS ]] && xargs printf '%s\0' <<<"$JAVA_OPTS")
42 | 
43 | ##########################################################
44 | echo java -Duser.home="$JENKINS_HOME" "${java_opts_array[@]}" "$JAVA_PERFORMANCE_OPTS" -jar ${JENKINS_WAR} "${jenkins_opts_array[@]}" "$@"
45 | exec java -Duser.home="$JENKINS_HOME" "${java_opts_array[@]}" "$JAVA_PERFORMANCE_OPTS" -jar ${JENKINS_WAR} "${jenkins_opts_array[@]}" "$@"
46 | 


--------------------------------------------------------------------------------
/jenkins/openshift/resources/scripts/sdp_entrypoint.groovy:
--------------------------------------------------------------------------------
 1 | /*
 2 |   Copyright © 2018 Booz Allen Hamilton. All Rights Reserved.
 3 |   This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 4 | */
 5 | 
 6 | @Library("solutions_delivery_platform@master") _
 7 | 
 8 | node{
 9 |   cleanWs()
10 |   checkout scm 
11 |   stash "workspace"
12 |   stash name: "git-info",
13 |         includes: ".git/**",
14 |         useDefaultExcludes: false
15 |   aggregate_pipeline_config()  
16 |   pipeline_template = get_pipeline_template() 
17 | }
18 | 
19 | load_libraries                   this
20 | create_application_environments  this
21 | create_stages                    this
22 | create_jenkinsfile_variables     this
23 | create_default_steps             this
24 | 
25 | // execute pipeline
26 | try{
27 |   evaluate pipeline_template
28 | }
29 | catch(ex){
30 |   currentBuild.result = "Failure"
31 |   println ex
32 | }
33 | 
34 | // notify
35 | pipeline_config().notifiers.each{ notifier ->
36 |   try{
37 |     this.getProperty(notifier)()
38 |   }
39 |   catch(any){
40 |     println "Notifier ${notifier} failed"
41 |     println ex
42 |   }
43 | }
44 | 


--------------------------------------------------------------------------------
/jenkinsfile-runner/Dockerfile:
--------------------------------------------------------------------------------
 1 | ARG BASE_REGISTRY=registry.access.redhat.com
 2 | ARG BASE_IMAGE=ubi8/ubi
 3 | ARG BASE_TAG=8.4
 4 | FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 5 | 
 6 | LABEL name="Solutions Delivery Platform: Jenkins Master" \
 7 |       maintainer="terrana_steven@bah.com" \
 8 |       vendor="Booz Allen Hamilton" \
 9 |       version="1.0-beta-29" \
10 |       release="1.0-beta-29" \
11 |       summary="Jenkins pipeline execution engine packaged as a container" \
12 |       description="The Jenkins Master container image for the Solutions Delivery Platform"
13 | 
14 | COPY LICENSE /licenses
15 | 
16 | USER root
17 | 
18 | RUN INSTALL_PKGS="java-1.8.0-openjdk git" && \
19 |     yum -y update-minimal --setopt=tsflags=nodocs \
20 |         --security  && \
21 |     yum -y install --setopt=tsflags=nodocs ${INSTALL_PKGS}
22 | 
23 | ENV SDP_BUILD_DEPENDENCY_VERSION dcar-2.1
24 | ARG TARBALL=jenkinsfile-runner-dependencies-${SDP_BUILD_DEPENDENCY_VERSION}.tar.gz
25 | ENV JENKINS_UC https://updates.jenkins.io
26 | ENV CASC_JENKINS_CONFIG /usr/share/jenkins/ref/casc
27 | ENV JENKINS_PM_VERSION 2.11.0
28 | ENV JENKINS_PM_URL https://github.com/jenkinsci/plugin-installation-manager-tool/releases/download/${JENKINS_PM_VERSION}/jenkins-plugin-manager-${JENKINS_PM_VERSION}.jar
29 | ENV JENKINSFILE_PATH ""
30 | ARG JENKINS_HOME=/var/jenkins_home
31 | ARG TMP_DIR=/var/groovy-tmpdir
32 | ARG user=jenkins
33 | ARG group=jenkins
34 | ARG uid=1000
35 | ARG gid=1000
36 | 
37 | RUN curl -sSLo /tmp/${TARBALL} https://github.com/boozallen/sdp-images/releases/download/${SDP_BUILD_DEPENDENCY_VERSION}/${TARBALL}
38 | COPY prebuild/${TARBALL} /tmp/${TARBALL}
39 | #RUN cd /tmp && tar -xzf ${TARBALL} \
40 |     && mkdir -p $JENKINS_HOME $TMP_DIR /usr/share/jenkins /build \
41 |     && mv dependencies/ref /usr/share/jenkins/ref \
42 |     && mv dependencies/app /app \
43 |     && rm -rf /tmp/* \
44 |     && chown ${uid}:${gid} $JENKINS_HOME \
45 |     && chown ${uid}:${gid} $TMP_DIR \
46 |     && chown ${uid}:${gid} /app \
47 |     && chown ${uid}:${gid} /usr/share/jenkins \
48 |     && chown ${uid}:${gid} /build \
49 |     && groupadd -g ${gid} ${group} \
50 |     && useradd -d "$JENKINS_HOME" -d "$TMP_DIR" -d /app -d /usr/share/jenkins -u ${uid} -g ${gid} -m -s /bin/bash ${user}
51 | 
52 | VOLUME /build
53 | VOLUME /usr/share/jenkins/ref/casc
54 | VOLUME /usr/share/jenkins/ref/plugins
55 | USER $user
56 | ENTRYPOINT ["/app/bin/jenkinsfile-runner-launcher"]
57 | 


--------------------------------------------------------------------------------
/jenkinsfile-runner/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = jenkinsfile-runner
 4 | VERSION  = dcar-2.1
 5 | JENKINS_VERSION=2.289.1
 6 | 
 7 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 8 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 9 | 
10 | .PHONY: help Makefile demo
11 | .ONESHELL: push demo
12 | 
13 | 
14 | # Put it first so that "make" without argument is like "make help".
15 | help: ## Show target options
16 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
17 | 
18 | build: ## build container image
19 | 	docker build . -t $(TAG)
20 | 
21 | push: ## builds and publishes container image
22 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
23 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
24 | 	@echo
25 | 	@docker login $(REGISTRY) -u $(user) -p $(pass);
26 | 	make build
27 | 	docker push $(TAG)
28 | 
29 | build-dep: clean ## build container dependencies
30 | 	$(eval dir := $(shell pwd))
31 | 	docker build resources -f resources/Dockerfile --no-cache -t jte-jfr:latest
32 | 	docker run -it --rm  -v $(dir)/prebuild:/root/prebuild --entrypoint /bin/bash jte-jfr /root/prebuild/transfer.sh
33 | 	docker run -it --rm -u root -v $(dir)/prebuild:/root/prebuild jenkins/jenkins:${JENKINS_VERSION} /root/prebuild/pull-war.sh
34 | 	docker run -it --rm -u root -v $(dir)/prebuild:/root/prebuild:z registry.access.redhat.com/ubi8:8.4 /root/prebuild/build-dep.sh
35 | 
36 | clean:
37 | 	rm -rf prebuild/dependencies
38 | 	rm -rf resources/target
39 | 
40 | demo: build
41 | 	git clone https://github.com/jenkinsci/jenkinsfile-runner .jfr && \
42 | 	docker run --rm \
43 |   -v $(shell pwd)/.jfr/demo/jenkins-templating-engine:/workspace \
44 |   -v $(shell pwd)/.jfr/:/tmp/libraries \
45 |   -v $(shell pwd)/.jfr/demo/jenkins-templating-engine/config:/usr/share/jenkins/ref/casc \
46 |    $(TAG) \
47 |    -jte -pc /workspace/pipeline_config.groovy && \
48 | 	 cd .. && \
49 | 	 rm -rf .jfr || rm -rf .jfr
50 | 
51 | 
52 | 
53 | info:
54 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
55 | 
56 | # Catch-all target: route all unknown targets to Sphinx using the new
57 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
58 | %: Makefile
59 | 	echo "Make command $@ not found"
60 | 


--------------------------------------------------------------------------------
/jenkinsfile-runner/README.rst:
--------------------------------------------------------------------------------
 1 | -------------
 2 | Jenkinsfile-Runner
 3 | -------------
 4 | 
 5 | A container image packaging the Jenkins pipeline execution engine, found under the `Jenkins open source project <https://github.com/jenkinsci/jenkinsfile-runner>`_
 6 | 
 7 | Synopsis
 8 | --------
 9 | 
10 |   To implement this repo locally, copy the repo to your machine.
11 |   From there open a command line, change your working directory to your copy of the repo, and use ``make build`` or ``docker build .`` to build the container image in the CLI.
12 |   Once the image is built, create a container using ``docker run image``.
13 | 
14 |   The following sections are an explaination of the contents of repo.
15 | 
16 | Prereqs
17 | -------
18 | 
19 |   This repo makes use of UBI8 as the base image for the container derived from `RedHat <https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/ubi>`_.
20 |   Additionally, this repo makes use of Docker for containers. If you do not wish to use Docker, please make edits to adapt to your implementation of container technology.
21 |   Lastly, you should ensure all files from the repo are present in your local copy.
22 | 
23 | Makefile
24 | --------
25 | 
26 |   The Makefile comes with the following commands: help, build, push, build-dep, info.
27 |   ``make help`` will list available commands from the Makefile.
28 |   ``make build`` will build a container image using the Dockerfile in the repo with the tag comprised of the application and version (application:version).
29 |   ``make publish`` will build the container image and then publish the image to Github.
30 |   ``make build-dep`` will generate a tarball containing the dependencies used by the image.
31 |   ``make info`` will list the container registry and repo the image can be published to.
32 |   .. note:: using ``make publish`` provides no benefit by default to those outside of Booz Allen. Additionally, using ``make build-dep`` is unnecessary since the Dockerfile will obtain the needed tarball from Github.
33 | 
34 | Dockerfile
35 | ----------
36 | 
37 |   This file is setup to generate a container image using ``docker build -t <TAG> .`` with the option to name the image as you wish.
38 |   The build process will consist of using a base image, copying the Booz Allen Public License, applying OpenShift labels, installing required packages and applications, establishing the user the container will run as, and setting a health check.
39 | 
40 | LICENSE
41 | -------
42 | 
43 |   This text file contains the Booz Allen Public License. Please read before using or distibuting this repo.
44 | 
45 | Prebuild
46 | --------
47 | 
48 |   This folder contains files and artifacts inherent to the creation of the container image.
49 |   These files and artifacts are used either in the ``make build-dep`` command or in authenticating the dependency tarball associated with the image.
50 | 


--------------------------------------------------------------------------------
/jenkinsfile-runner/prebuild/BAH-public.key:
--------------------------------------------------------------------------------
 1 | -----BEGIN PGP PUBLIC KEY BLOCK-----
 2 | Version: GnuPG v2.0.22 (GNU/Linux)
 3 | 
 4 | mQINBF4worQBEACsIaK9upBTpLrZUKQdGsYMwFs62iFQ2LFpe20X+cWDzHyjAs6C
 5 | c0b+QJK/WFEh61rWkSu74IUfAgLrbAzZV6dYwcNYaa/FNR9NLFBpn/7HK4lE2M7A
 6 | MqdujCKAELS74JHpJ8+bjLbgV59MkPfQSTHn0BOo02JiWuqxpFKSlVTTtdiymhXQ
 7 | USiqZ8FSgrVH9GiibRdCBloT1HFrrxs2LMnRsgCN6FXtyPF7jQSipklBfASCe0lS
 8 | i4UNyx+d5G1lpXqZiwYxVYMw79Z5b9l/ZcYAar10o5EQpnr76rxMCIf2vlEZp/Yj
 9 | aZVIHpTTtA4g9lsrIhDoJ8hABnOsNfz5M1zLMXbZaIrwQi+1ZhHlKSGxYlXgy2ay
10 | +zOWzjz4ub5t7yxI3MPLlEIcJTrJwC9LMUzGhqLDnOi0m5vdrXksUvIQ9JQHqHOd
11 | iQdtTqJErVQl7rBMepLUBdNSJ1PqjR5AZRljGOCdZPedb5/U+5n/pxv23xbWWs2/
12 | pad31FISlY8y3eEhaA1Y2GcP+Y4LAtNm4LyM4Uk/nvniG+rI0TBzxERn1Y6Pax8x
13 | JhTUcgcBLGHbwFAQ/gTDRkg+9DnR0m8ZCKuJ8bPx1qmM1iR39Ks44AbtZsgrkZF+
14 | DrHXaiaIxtEHyRw7JLQ4auNhZb3FQfy7YrENqnF3eEhyg4cx0LEJJcl+wwARAQAB
15 | tDBiYWxhbi1rYXJwYWdhbSA8YmFsYW4ta2FycGFnYW1AdXNlcnMuZ2l0aHViLmNv
16 | bT6JAj8EEwECACkFAl4worQCGwMFCRLMAwAHCwkIBwMCAQYVCAIJCgsEFgIDAQIe
17 | AQIXgAAKCRCRo0uHmCFZ3ECvD/9Ix0fSV4zOwnJ5KQZEp5tEnOGPJBPcBZ6hBJQc
18 | 9/R7DcmcN2LsOm6weMvax12/7Jo7Dbpl2rH11vwqrMrPmnm4BO6YcdmxmfE5ikyu
19 | 2EU4pzYgAFOGrahNaaSzEXFnMvDAKHLPT6xOJ35Re/RYxQOoiW+dmxPaceZv+lf4
20 | Jpfm8AtreMqpWLwl1+EN6zJzMF0yJjxUNxsZzaf4G6IxqZ+xwh9Auh2R6ga7UUz5
21 | 0sNDIMdFUNE0aQNsd8UX5pJQApwd63xE9MrnqnCPs3y39b1V+gSwYWv3sMTGDpyE
22 | rlDazVIJgSdBytpjAqoC0+wlm/fSgMI5YL6sJnhAfKUKp5u+5Dsr3xPFfq8s62cs
23 | TD14tQ0ees62I3yysStfo2w8lRUE+7fXLhgPaeYoN56/XsIheO0cXIbiNgLdS6kl
24 | MH+RtdyvwOBLdUgH1N5V/ctqeXbs38w4i4jPeyt/z6XYRli7Xkh7g3m1JpL4Hn6Q
25 | tqvuvx0FwdfXjcbuHIAHrY4kAkvKNi+dDsJ3tP8CYotmI/RlNCKjweMcOKN7qXAz
26 | /3qOUNXP546eObg3obOn0g0npyfQ9hojwFCl2KqNzHcr45y1Jw4peFXjthBq8B7Z
27 | cn6mKauJ+0K3H+fjlKR3W2TUD/p3FKqILbbw10J3sFulRppTDqzhRetUs0dQgtuK
28 | DpivCLkCDQReMKK0ARAA0sOzOfKuinhmzybri25NkXvyp9SbNcg8pZAmOkXsJ0Hy
29 | S5VK4a6aHoRs1pGsikaBYNdxJ2gwA3CeiaAJW54od8gA1RVzETfyKWjYsO7AB4I0
30 | LRmZSEYisnVjfTxzfpbTqjem3yyq2KG2pv4FEsv6jF9dGrdQ9EgZHf/ZebI55JS/
31 | TPVVau/EW3urVPFLlz+2TOzks5ysHtdCZl5A7+it70lPnaqg2LO5Kp9OnmUpIpLF
32 | piorHnNYXv6kUoCYblj65djCmvnRoN1rKfrh12vhIupXfRfyO/hovIMnEHFhXhBY
33 | yJAdusapk6A+mkbjS3g0E2igV5g0lW1XR/vN6ElGs3JfCLLmFYJCWyIg5ykrHj3I
34 | S8cf1uaMfSQcArIBewc8RZdN1YZUc6WCH3BImBKI1di8QdNACfUnZSkNdMrN4Dmn
35 | MLD38ACsSTe/D68MHxr5ee5tH7iFxTWBn8l5bZQot5qsL9glDxTT4bNiK9HzZJZN
36 | ks4r3kg8mUcNb8LTi4Fn9ITEv0COzPMOs7ibIMeFv+r5LGK2DHo/o+oLgSzNcx2W
37 | PAzhFscXtCRFZHWjN1wLAjT1mPjkF8WRKfNwp3azU1VdZ4V7uR2FlsjwaL8QZs5g
38 | ZpyeyZLMEsN47LoIaMvmTCc6HzsZoJAtz9GNwBlFmQoxodIkGYiwNRGWD/eNPEEA
39 | EQEAAYkCJQQYAQIADwUCXjCitAIbDAUJEswDAAAKCRCRo0uHmCFZ3CyYEACN5wsX
40 | vH+jNxYxQ+2FvObZyHT/LjD1DgFGCxE+dMqtaR84OgVgpHxhka8fbSaNlwey0J9h
41 | jo7dgcx9pc4TpxmIiRFqKRUbMMEVfeksy1wC4T5UZHaL3QNy6I/vnpGmPkUmEK1F
42 | RKERbpK/lCj4LDZpZr5hBnQ+5IcuSGR5JJ28vm58UMuiwwbE84hgbu0XcBqNkEcM
43 | sg9jVVJJ7ZgV6TKjEa/335LwT8gQRBKBuef/ENWps8XOxY7tYD6XvHI4Hgxk5W3g
44 | XuaaXs5SXR/bTgUgIYSqfSnjwbKVQJh8fXivs2N1kgFzZBA80O6oecB3+5sTmEMJ
45 | SzBpX01+B0WQZ+AY/FAYTZhqG0eD0pn8MHdVr4emoZYAgkW9iCjrnN9+TS8Lpb0I
46 | L3SxTyU07NCJKXZajCaSFuSm2OAM4E979HIZUargYKmA06v6bFXh/TdQKaONN+Eh
47 | qR9E5AM1N12ekN0ORxSARRQuOXUMFZ+beco+MMGhkbtu4Q4dSJviF26gxgvdPDq9
48 | 5uMF/MKyo4Th6g1Yf3Y+UNaP9i+XHqvmExoDf6VN08Pto7sYIPHS1yqcEqJxPIw0
49 | Q3R1n6FGi9YcfTSVpgLQa97FSzmzh5qT3Ef0puJsCzB916Itmwax1aeduZjURp3H
50 | TWKZU0fI5Q5MLqyVTV3podyo7oDD4WySM3BYlQ==
51 | =MD6X
52 | -----END PGP PUBLIC KEY BLOCK-----
53 | 


--------------------------------------------------------------------------------
/jenkinsfile-runner/prebuild/build-dep.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -xe
 4 | 
 5 | ## runs inside registry.access.redhat.com/ubi8/ubi:8.4
 6 | echo "+------------+"
 7 | echo "| Bulid Dep  |"
 8 | echo "+------------+"
 9 | 
10 | SDP_BUILD_DEPENDENCY_VERSION=dcar-2.1
11 | 
12 | cd /root/prebuild
13 | tar czvf jenkinsfile-runner-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz dependencies
14 | gpg --import /root/prebuild/BAH-public.key
15 | gpg --import --allow-secret-key-import  /root/prebuild/BAH-private.key
16 | gpg --output /root/prebuild/jenkinsfile-runner-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.sig --detach-sig /root/prebuild/jenkinsfile-runner-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz
17 | sha256sum /root/prebuild/jenkinsfile-runner-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz | awk '{print $1}' > /root/prebuild/jenkinsfile-runner-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.sha256
18 | rm -rf /root/prebuild/dependencies
19 | 


--------------------------------------------------------------------------------
/jenkinsfile-runner/prebuild/jenkinsfile-runner-dependencies-dcar-2.1.sha256:
--------------------------------------------------------------------------------
1 | 70ed938ff0f0ccff29996dd7388ddc44ef69602e45b25f412435479fd7ab27fe
2 | 


--------------------------------------------------------------------------------
/jenkinsfile-runner/prebuild/jenkinsfile-runner-dependencies-dcar-2.1.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/jenkinsfile-runner/prebuild/jenkinsfile-runner-dependencies-dcar-2.1.sig


--------------------------------------------------------------------------------
/jenkinsfile-runner/prebuild/plugins.txt:
--------------------------------------------------------------------------------
1 | templating-engine:2.3
2 | credentials:2.5
3 | 


--------------------------------------------------------------------------------
/jenkinsfile-runner/prebuild/transfer.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -xe
 4 | 
 5 | # runs inside jenkins/jenkinsfile-runner
 6 | echo "+------------+"
 7 | echo "| Transfer   |"
 8 | echo "+------------+"
 9 | 
10 | ## transfer artifacts to dependencies dir
11 | mkdir -p /root/prebuild/dependencies /root/prebuild/dependencies/ref
12 | cp -r /app /root/prebuild/dependencies/
13 | cp -r /jenkinsfile-runner/target/plugins /root/prebuild/dependencies/ref/plugins
14 | 


--------------------------------------------------------------------------------
/jenkinsfile-runner/resources/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM jenkins/jenkinsfile-runner:1.0-beta-29 as jfr
2 | FROM maven:3.8.2 
3 | ADD pom.xml /jenkinsfile-runner/pom.xml
4 | RUN cd /jenkinsfile-runner && mvn clean package && mv /jenkinsfile-runner/target/appassembler /app
5 | COPY --from=jfr /app/jenkins /app/jenkins
6 | COPY --from=jfr /app/bin/jenkinsfile-runner-launcher /app/bin/jenkinsfile-runner-launcher
7 | 


--------------------------------------------------------------------------------
/k8s-helm/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Copyright © 2018 Booz Allen Hamilton. All Rights Reserved.
 2 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 3 | 
 4 | FROM centos:7
 5 | ARG HELMVERSION="v2.14.3" 
 6 | ARG KUBECTLVERSION="v1.15.3" 
 7 | 
 8 | RUN yum install -y wget
 9 | RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/${KUBECTLVERSION}/bin/linux/amd64/kubectl
10 | RUN chmod +x ./kubectl && \
11 |     mv ./kubectl /usr/local/bin/kubectl && mkdir /root/.kube
12 | 
13 | RUN wget https://storage.googleapis.com/kubernetes-helm/helm-${HELMVERSION}-linux-amd64.tar.gz && \
14 |     tar -zxvf helm-${HELMVERSION}-linux-amd64.tar.gz && \
15 |     chmod +x linux-amd64/helm && \
16 |     mv linux-amd64/helm /usr/local/bin/helm && \
17 |     rm helm-${HELMVERSION}-linux-amd64.tar.gz && \
18 |     rm -rf linux-amd64
19 | 


--------------------------------------------------------------------------------
/k8s-helm/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = k8s-helm
 4 | VERSION  = 1.0
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile 
10 | .ONESHELL: push 
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | build: ## build container image 
18 | 	docker build . -t $(TAG)
19 | 
20 | push: ## builds and publishes container image 
21 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
22 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
23 | 	@echo 
24 | 	@docker login $(REGISTRY) -u $(user) -p $(pass); 
25 | 	make build 
26 | 	docker tag $(TAG) $(REGISTRY)/$(IMAGE):latest
27 | 	docker push $(TAG)
28 | 	docker push $(REGISTRY)/$(IMAGE):latest
29 | 
30 | info: 
31 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
32 | 
33 | # Catch-all target: route all unknown targets to Sphinx using the new
34 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
35 | %: Makefile
36 | 	echo "Make command $@ not found" 
37 | 
38 | 


--------------------------------------------------------------------------------
/k8s-helm/README.rst:
--------------------------------------------------------------------------------
1 | --------------
2 | k8s_helm
3 | --------------
4 | 
5 | A container image that jenkins uses to authenticate to any generic kubernetes cluster through kubectl and perform a deployment through `Helm`_
6 | 
7 | KUBECTLVERSION - Version of kubectl to intstall
8 | HELMVERSION    - Version of Helm to install
9 | 


--------------------------------------------------------------------------------
/mvn/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Copyright © 2022 Booz Allen Hamilton. All Rights Reserved.
 2 | # This software package is licensed under the Booz Allen Public License. 
 3 | # The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 4 | 
 5 | ARG BASE_REGISTRY=registry.access.redhat.com
 6 | ARG BASE_IMAGE=ubi8/ubi
 7 | ARG BASE_TAG=8.6-754
 8 | 
 9 | # importing Maven from public image (version available from UBI base package repos is for JDK8)
10 | FROM maven:3.8.6-openjdk-18 as base
11 | 
12 | FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
13 | 
14 | RUN dnf update -y && \
15 |     dnf install -y java-17-openjdk java-17-openjdk-devel && \
16 |     dnf clean all && \
17 |     rm -rf /var/cache/dnf
18 | 
19 | ARG USER=maven \
20 |     GROUP=maven \
21 |     UID=1001 \
22 |     GID=1001
23 | 
24 | ENV LANG=C.UTF-8 \
25 |     HOME=/home/maven \
26 |     MAVEN_HOME=/usr/share/maven \
27 |     MAVEN_CONFIG=/home/maven/.m2 \
28 |     MAVEN_VERSION=3.8.6 \
29 |     JAVA_HOME=/usr/lib/jvm/java \
30 |     JAVA_VENDOR=openjdk \
31 |     JAVA_VERSION=17
32 | ENV PATH=$JAVA_HOME/bin:$PATH
33 | 
34 | RUN mkdir -p ${MAVEN_CONFIG} && \
35 |     groupadd -r -g ${GID} ${GROUP} && \
36 |     useradd -r -s /sbin/nologin -u ${UID} -g ${GID} ${USER} && \
37 |     chown -R ${UID}:${GID} ${HOME} && \
38 |     chmod g=u ${HOME} && \
39 |     ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn
40 | 
41 | COPY --from=base ${MAVEN_HOME} ${MAVEN_HOME}
42 | 
43 | WORKDIR ${HOME}
44 | USER ${USER}
45 | 
46 | CMD ["mvn"]
47 | 


--------------------------------------------------------------------------------
/mvn/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = mvn
 4 | VERSION  = 3.8.6-openjdk-17
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile 
10 | .ONESHELL: push 
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | build: ## build container image 
18 | 	docker build --no-cache . -t $(TAG)
19 | 
20 | push: ## builds and publishes container image 
21 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
22 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
23 | 	@echo 
24 | 	@docker login $(REGISTRY) -u $(user) -p $(pass); 
25 | 	make build 
26 | 	docker tag $(TAG) $(REGISTRY)/$(IMAGE):latest
27 | 	docker push $(TAG)
28 | 	docker push $(REGISTRY)/$(IMAGE):latest
29 | 
30 | info: 
31 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
32 | 
33 | # Catch-all target: route all unknown targets to Sphinx using the new
34 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
35 | %: Makefile
36 | 	echo "Make command $@ not found" 
37 | 
38 | 


--------------------------------------------------------------------------------
/mvn/README.rst:
--------------------------------------------------------------------------------
1 | -------------
2 | Maven
3 | -------------
4 | 
5 | A ubi8 image with OpenJDK 17 and Maven (mvn) 3.8.6 installed. Can be used to run any Maven phases/goals.
6 | 


--------------------------------------------------------------------------------
/nvm-backstage/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Copyright © 2023 Booz Allen Hamilton. All Rights Reserved.
 2 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 3 | 
 4 | FROM ghcr.io/boozallen/sdp-images/nvm:1.0.0
 5 | 
 6 | RUN dnf update -y --nodocs && \
 7 |   dnf install -y --nodocs python3 make gcc gcc-c++ && \
 8 |   dnf clean all && \
 9 |   rm -rf /var/cache/*
10 | 
11 | CMD ["/bin/bash"]


--------------------------------------------------------------------------------
/nvm-backstage/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = nvm-backstage
 4 | VERSION  = 1.0.2-beta
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile 
10 | .ONESHELL: push 
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | build: ## build container image 
18 | 	docker build . -t $(TAG)
19 | 
20 | push: ## builds and publishes container image 
21 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
22 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
23 | 	@echo 
24 | 	@docker login $(REGISTRY) -u $(user) -p $(pass); 
25 | 	make build 
26 | 	docker tag $(TAG) $(REGISTRY)/$(IMAGE):latest
27 | 	docker push $(TAG)
28 | 	docker push $(REGISTRY)/$(IMAGE):latest
29 | 
30 | info: 
31 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
32 | 
33 | # Catch-all target: route all unknown targets to Sphinx using the new
34 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
35 | %: Makefile
36 | 	echo "Make command $@ not found" 


--------------------------------------------------------------------------------
/nvm-backstage/README.rst:
--------------------------------------------------------------------------------
 1 | -------------
 2 | Node Version Manager + Backstage dependencies
 3 | -------------
 4 | 
 5 | A ubi8/ubi image with node version manager (nvm), python3, make, gcc, and gcc-c++ installed. Can be used to easily specify a version of nodeJs to run.
 6 | 
 7 | 
 8 | To use, source nvm and follow `nvm usage <https://github.com/nvm-sh/nvm#usage>` instructions:
 9 | 
10 | To install the lts version of nodejs, for example, run:
11 | ```
12 | source ~/.bashrc
13 | nvm install '*/lts'
14 | ```


--------------------------------------------------------------------------------
/nvm-cypress/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Copyright © 2023 Booz Allen Hamilton. All Rights Reserved.
 2 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 3 | 
 4 | FROM ghcr.io/boozallen/sdp-images/nvm:1.0.0
 5 | 
 6 | SHELL ["/bin/bash", "-c"]
 7 | ARG CHROME_VERSION=102.0.5005.61
 8 | 
 9 | # install unzip, wget
10 | RUN dnf update -y --nodocs && \
11 |   dnf install -y --nodocs unzip wget
12 | 
13 | # install chromedriver
14 | RUN wget https://chromedriver.storage.googleapis.com/${CHROME_VERSION}/chromedriver_linux64.zip && \
15 |   unzip chromedriver_linux64.zip && \
16 |   mv chromedriver /usr/bin
17 | 
18 | # setup repos needed for installing chrome dependencies
19 | COPY centos.repo /etc/yum.repos.d/
20 | 
21 | # import chrome signing key
22 | RUN wget https://dl.google.com/linux/linux_signing_key.pub && \
23 |   rpm --import linux_signing_key.pub
24 | 
25 | # install chrome
26 | RUN wget https://dl.google.com/linux/chrome/rpm/stable/x86_64/google-chrome-stable-${CHROME_VERSION}-1.x86_64.rpm && \
27 |   dnf -y install google-chrome-stable-${CHROME_VERSION}-1.x86_64.rpm
28 | 
29 | # install cypress dependencies (https://docs.cypress.io/guides/continuous-integration/introduction#Dependencies)
30 | RUN dnf install -y xorg-x11-server-Xvfb gtk2-devel gtk3-devel libnotify-devel GConf2 nss libXScrnSaver alsa-lib
31 | 
32 | # cleanup
33 | RUN rm -f /tmp/chromedriver.zip linux_signing_key.pub google-chrome-stable-${CHROME_VERSION}-1.x86_64.rpm && \
34 |   dnf clean all && \
35 |   rm -rf /var/cache/*
36 | 
37 | CMD ["/bin/bash"]
38 | 


--------------------------------------------------------------------------------
/nvm-cypress/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = nvm-cypress
 4 | VERSION  = 1.0.1
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile 
10 | .ONESHELL: push 
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | build: ## build container image 
18 | 	docker build . -t $(TAG)
19 | 
20 | push: ## builds and publishes container image 
21 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
22 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
23 | 	@echo 
24 | 	@docker login $(REGISTRY) -u $(user) -p $(pass); 
25 | 	make build 
26 | 	docker tag $(TAG) $(REGISTRY)/$(IMAGE):latest
27 | 	docker push $(TAG)
28 | 	docker push $(REGISTRY)/$(IMAGE):latest
29 | 
30 | info: 
31 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
32 | 
33 | # Catch-all target: route all unknown targets to Sphinx using the new
34 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
35 | %: Makefile
36 | 	echo "Make command $@ not found" 
37 | 
38 | 


--------------------------------------------------------------------------------
/nvm-cypress/README.rst:
--------------------------------------------------------------------------------
 1 | -------------
 2 | Node Version Manager + Cypress dependencies
 3 | -------------
 4 | 
 5 | A ubi8/ubi image with Node Version Manager (NVM) & Google Chrome + Chrome WebDriver installed.
 6 | Can be used to easily specify a version of NodeJS to run Cypress End-to-End (E2E) tests with.
 7 | 
 8 | To use, source NVM and follow `nvm usage <https://github.com/nvm-sh/nvm#usage>` instructions:
 9 | 
10 | To install the lts version of NodeJS, for example, run:
11 | ```
12 | source ~/.bashrc
13 | nvm install '*/lts'
14 | ```
15 | 


--------------------------------------------------------------------------------
/nvm-cypress/centos.repo:
--------------------------------------------------------------------------------
 1 | [appstream]
 2 | name=CentOS-$releasever - AppStream
 3 | baseurl=http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os/
 4 | gpgcheck=0
 5 | enabled=1
 6 | 
 7 | [baseos]
 8 | name=CentOS-$releasever - BaseOS
 9 | baseurl=http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/
10 | gpgcheck=0
11 | enabled=1
12 | 


--------------------------------------------------------------------------------
/nvm/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Copyright © 2018 Booz Allen Hamilton. All Rights Reserved.
 2 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 3 | 
 4 | ARG BASE_REGISTRY=registry.access.redhat.com
 5 | ARG BASE_IMAGE=ubi8/ubi
 6 | ARG BASE_TAG=8.3
 7 | FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 8 | 
 9 | SHELL ["/bin/bash", "-c"]
10 | ARG NVM_VERSION=v0.38.0
11 | 
12 | RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/${NVM_VERSION}/install.sh | bash
13 | 
14 | RUN source ~/.bashrc && nvm install 'lts/*'
15 | 
16 | CMD ["/bin/bash"]


--------------------------------------------------------------------------------
/nvm/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = nvm
 4 | VERSION  = 1.0.0
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile 
10 | .ONESHELL: push 
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | build: ## build container image 
18 | 	docker build . -t $(TAG)
19 | 
20 | push: ## builds and publishes container image 
21 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
22 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
23 | 	@echo 
24 | 	@docker login $(REGISTRY) -u $(user) -p $(pass); 
25 | 	make build 
26 | 	docker tag $(TAG) $(REGISTRY)/$(IMAGE):latest
27 | 	docker push $(TAG)
28 | 	docker push $(REGISTRY)/$(IMAGE):latest
29 | 
30 | info: 
31 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
32 | 
33 | # Catch-all target: route all unknown targets to Sphinx using the new
34 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
35 | %: Makefile
36 | 	echo "Make command $@ not found" 
37 | 
38 | 


--------------------------------------------------------------------------------
/nvm/README.rst:
--------------------------------------------------------------------------------
 1 | -------------
 2 | Node Version Manager
 3 | -------------
 4 | 
 5 | A ubi8/ubi image with node version manager (nvm) installed. Can be used to easily specify a version of nodeJs to run.
 6 | 
 7 | 
 8 | To use, source nvm and follow `nvm usage <https://github.com/nvm-sh/nvm#usage>` instructions:
 9 | 
10 | To install the lts version of nodejs, for example, run:
11 | ```
12 | source ~/.bashrc
13 | nvm install '*/lts'
14 | ```


--------------------------------------------------------------------------------
/openshift_helm/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Copyright © 2018 Booz Allen Hamilton. All Rights Reserved.
 2 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 3 | ARG BASE_REGISTRY=registry.access.redhat.com
 4 | ARG BASE_IMAGE=ubi8/ubi
 5 | ARG BASE_TAG=8.4
 6 | FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 7 | MAINTAINER terrana_steven@bah.com
 8 | 
 9 | ### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels
10 | LABEL name="Solutions Delivery Platform: Helm" \
11 |       maintainer="terrana_steven@bah.com" \
12 |       vendor="Booz Allen Hamilton" \
13 |       version="1.0" \
14 |       release="1.0" \
15 |       summary="A container used by the openshift and kubernetes libraries within the Solutions Delivery Platform" \
16 |       description="A container used by the openshift and kubernetes libraries within the Solutions Delivery Platform"
17 | 
18 | ARG SDP_BUILD_DEPENDENCY_VERSION=dcar-2.1
19 | ARG user=sdp
20 | ARG group=sdp
21 | ARG uid=1000
22 | ARG gid=1000
23 | ARG SDP_HOME=/home/sdp_home
24 | RUN mkdir -p $SDP_HOME \
25 |   && chown ${uid}:${gid} $SDP_HOME \
26 |   && groupadd -g ${gid} ${group} \
27 |   && useradd -d "$SDP_HOME" -u ${uid} -g ${gid} -m -s /bin/bash ${user}
28 | 
29 | ### Download dependency tarball and authenticate
30 | ARG TARBALL=helm-dependencies-${SDP_BUILD_DEPENDENCY_VERSION}
31 | RUN mkdir /root/tmp
32 | RUN curl -sSLo /root/tmp/${TARBALL}.tar.gz https://github.com/boozallen/sdp-images/releases/download/${SDP_BUILD_DEPENDENCY_VERSION}/${TARBALL}.tar.gz
33 | #COPY prebuild/${TARBALL}.tar.gz root/tmp/${TARBALL}.tar.gz
34 | COPY prebuild/BAH-public.key /root/tmp/.
35 | COPY prebuild/${TARBALL}.sig /root/tmp/.
36 | COPY prebuild/${TARBALL}.sha256 /root/tmp/.
37 | RUN cd /root/tmp/ && gpg --import BAH-public.key
38 | RUN cd /root/tmp/ && gpg --verify ${TARBALL}.sig ${TARBALL}.tar.gz
39 | RUN cd /root/tmp/ && echo "$(cat ${TARBALL}.sha256) ${TARBALL}.tar.gz" | sha256sum --check --status
40 | 
41 | ###Unpack tarball containing dependencies && place files into needed locations
42 | RUN cd /root/tmp && tar -zxf ./${TARBALL}.tar.gz && rm -fv ./${TARBALL}.tar.gz && \
43 |     mv dependencies/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit/oc /usr/local/bin/oc && \
44 |     mv dependencies/linux-amd64/helm /usr/local/bin/helm && \
45 |     mv dependencies/kubectl /usr/local/bin/kubectl && \
46 |     chmod +x /usr/local/bin/oc && \
47 |     chmod +x /usr/local/bin/helm && \
48 |     chmod +x /usr/local/bin/kubectl && \
49 |     cd - && rm -rf /root/tmp/*
50 | 
51 | USER ${user}
52 | 


--------------------------------------------------------------------------------
/openshift_helm/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = openshift_helm
 4 | VERSION  = 1.0
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile
10 | .ONESHELL: push
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | build: ## build container image
18 | 	docker build . -t $(TAG)
19 | 
20 | push: ## builds and publishes container image
21 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
22 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
23 | 	@echo
24 | 	@docker login $(REGISTRY) -u $(user) -p $(pass);
25 | 	make build
26 | 	docker tag $(TAG) $(REGISTRY)/$(IMAGE):latest
27 | 	docker push $(TAG)
28 | 	docker push $(REGISTRY)/$(IMAGE):latest
29 | 
30 | build-dep: ## build container dependencies
31 | 	$(eval dir := $(shell pwd))
32 | 	docker run -it -v $(dir)/prebuild:/root/prebuild:z registry.access.redhat.com/ubi8/ubi:8.3 /root/prebuild/build-dep.sh
33 | 
34 | info:
35 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
36 | 
37 | # Catch-all target: route all unknown targets to Sphinx using the new
38 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
39 | %: Makefile
40 | 	echo "Make command $@ not found"
41 | 


--------------------------------------------------------------------------------
/openshift_helm/README.rst:
--------------------------------------------------------------------------------
 1 | --------------
 2 | openshift_helm
 3 | --------------
 4 | 
 5 | A container image that jenkins uses to authenticate to OpenShift and perform a
 6 | deployment through `Helm <https://helm.sh>`_
 7 | 
 8 | Synopsis
 9 | --------
10 | 
11 |   To implement this repo locally, copy the repo to your machine.
12 |   From there open a command line, change your working directory to your copy of the repo, and use ``make build`` or ``docker build .`` to build the container image in the CLI.
13 |   Once the image is built, create a container using ``docker run image``.
14 | 
15 |   The following sections are an explaination of the contents of repo.
16 | 
17 | Prereqs
18 | -------
19 | 
20 |   This repo makes use of UBI8 as the base image for the container derived from `RedHat <https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/ubi>`_.
21 |   Additionally, this repo makes use of Docker for containers. If you do not wish to use Docker, please make edits to adapt to your implementation of container technology.
22 |   Lastly, you should ensure all files from the repo are present in your local copy.
23 | 
24 | Makefile
25 | --------
26 | 
27 |   The Makefile comes with the following commands: help, build, push, build-dep, info.
28 |   ``make help`` will list available commands from the Makefile.
29 |   ``make build`` will build a container image using the Dockerfile in the repo with the tag comprised of the application and version (application:version).
30 |   ``make publish`` will build the container image and then publish the image to Github.
31 |   ``make build-dep`` will generate a tarball containing the dependencies used by the image.
32 |   ``make info`` will list the container registry and repo the image can be published to.
33 |   .. note:: using ``make publish`` provides no benefit by default to those outside of Booz Allen. Additionally, using ``make build-dep`` is unnecessary since the Dockerfile will obtain the needed tarball from Github.
34 | 
35 | Dockerfile
36 | ----------
37 | 
38 |   This file is setup to generate a container image using ``docker build -t <TAG> .`` with the option to name the image as you wish.
39 |   The build process will consist of using a base image, copying the Booz Allen Public License, applying OpenShift labels, installing required packages and applications, establishing the user the container will run as, and setting a health check.
40 | 
41 | LICENSE
42 | -------
43 | 
44 |   This text file contains the Booz Allen Public License. Please read before using or distibuting this repo.
45 | 
46 | Prebuild
47 | --------
48 | 
49 |   This folder contains files and artifacts inherent to the creation of the container image.
50 |   These files and artifacts are used either in the ``make build-dep`` command or in authenticating the dependency tarball associated with the image.
51 | 


--------------------------------------------------------------------------------
/openshift_helm/prebuild/BAH-public.key:
--------------------------------------------------------------------------------
 1 | -----BEGIN PGP PUBLIC KEY BLOCK-----
 2 | Version: GnuPG v2.0.22 (GNU/Linux)
 3 | 
 4 | mQINBF4worQBEACsIaK9upBTpLrZUKQdGsYMwFs62iFQ2LFpe20X+cWDzHyjAs6C
 5 | c0b+QJK/WFEh61rWkSu74IUfAgLrbAzZV6dYwcNYaa/FNR9NLFBpn/7HK4lE2M7A
 6 | MqdujCKAELS74JHpJ8+bjLbgV59MkPfQSTHn0BOo02JiWuqxpFKSlVTTtdiymhXQ
 7 | USiqZ8FSgrVH9GiibRdCBloT1HFrrxs2LMnRsgCN6FXtyPF7jQSipklBfASCe0lS
 8 | i4UNyx+d5G1lpXqZiwYxVYMw79Z5b9l/ZcYAar10o5EQpnr76rxMCIf2vlEZp/Yj
 9 | aZVIHpTTtA4g9lsrIhDoJ8hABnOsNfz5M1zLMXbZaIrwQi+1ZhHlKSGxYlXgy2ay
10 | +zOWzjz4ub5t7yxI3MPLlEIcJTrJwC9LMUzGhqLDnOi0m5vdrXksUvIQ9JQHqHOd
11 | iQdtTqJErVQl7rBMepLUBdNSJ1PqjR5AZRljGOCdZPedb5/U+5n/pxv23xbWWs2/
12 | pad31FISlY8y3eEhaA1Y2GcP+Y4LAtNm4LyM4Uk/nvniG+rI0TBzxERn1Y6Pax8x
13 | JhTUcgcBLGHbwFAQ/gTDRkg+9DnR0m8ZCKuJ8bPx1qmM1iR39Ks44AbtZsgrkZF+
14 | DrHXaiaIxtEHyRw7JLQ4auNhZb3FQfy7YrENqnF3eEhyg4cx0LEJJcl+wwARAQAB
15 | tDBiYWxhbi1rYXJwYWdhbSA8YmFsYW4ta2FycGFnYW1AdXNlcnMuZ2l0aHViLmNv
16 | bT6JAj8EEwECACkFAl4worQCGwMFCRLMAwAHCwkIBwMCAQYVCAIJCgsEFgIDAQIe
17 | AQIXgAAKCRCRo0uHmCFZ3ECvD/9Ix0fSV4zOwnJ5KQZEp5tEnOGPJBPcBZ6hBJQc
18 | 9/R7DcmcN2LsOm6weMvax12/7Jo7Dbpl2rH11vwqrMrPmnm4BO6YcdmxmfE5ikyu
19 | 2EU4pzYgAFOGrahNaaSzEXFnMvDAKHLPT6xOJ35Re/RYxQOoiW+dmxPaceZv+lf4
20 | Jpfm8AtreMqpWLwl1+EN6zJzMF0yJjxUNxsZzaf4G6IxqZ+xwh9Auh2R6ga7UUz5
21 | 0sNDIMdFUNE0aQNsd8UX5pJQApwd63xE9MrnqnCPs3y39b1V+gSwYWv3sMTGDpyE
22 | rlDazVIJgSdBytpjAqoC0+wlm/fSgMI5YL6sJnhAfKUKp5u+5Dsr3xPFfq8s62cs
23 | TD14tQ0ees62I3yysStfo2w8lRUE+7fXLhgPaeYoN56/XsIheO0cXIbiNgLdS6kl
24 | MH+RtdyvwOBLdUgH1N5V/ctqeXbs38w4i4jPeyt/z6XYRli7Xkh7g3m1JpL4Hn6Q
25 | tqvuvx0FwdfXjcbuHIAHrY4kAkvKNi+dDsJ3tP8CYotmI/RlNCKjweMcOKN7qXAz
26 | /3qOUNXP546eObg3obOn0g0npyfQ9hojwFCl2KqNzHcr45y1Jw4peFXjthBq8B7Z
27 | cn6mKauJ+0K3H+fjlKR3W2TUD/p3FKqILbbw10J3sFulRppTDqzhRetUs0dQgtuK
28 | DpivCLkCDQReMKK0ARAA0sOzOfKuinhmzybri25NkXvyp9SbNcg8pZAmOkXsJ0Hy
29 | S5VK4a6aHoRs1pGsikaBYNdxJ2gwA3CeiaAJW54od8gA1RVzETfyKWjYsO7AB4I0
30 | LRmZSEYisnVjfTxzfpbTqjem3yyq2KG2pv4FEsv6jF9dGrdQ9EgZHf/ZebI55JS/
31 | TPVVau/EW3urVPFLlz+2TOzks5ysHtdCZl5A7+it70lPnaqg2LO5Kp9OnmUpIpLF
32 | piorHnNYXv6kUoCYblj65djCmvnRoN1rKfrh12vhIupXfRfyO/hovIMnEHFhXhBY
33 | yJAdusapk6A+mkbjS3g0E2igV5g0lW1XR/vN6ElGs3JfCLLmFYJCWyIg5ykrHj3I
34 | S8cf1uaMfSQcArIBewc8RZdN1YZUc6WCH3BImBKI1di8QdNACfUnZSkNdMrN4Dmn
35 | MLD38ACsSTe/D68MHxr5ee5tH7iFxTWBn8l5bZQot5qsL9glDxTT4bNiK9HzZJZN
36 | ks4r3kg8mUcNb8LTi4Fn9ITEv0COzPMOs7ibIMeFv+r5LGK2DHo/o+oLgSzNcx2W
37 | PAzhFscXtCRFZHWjN1wLAjT1mPjkF8WRKfNwp3azU1VdZ4V7uR2FlsjwaL8QZs5g
38 | ZpyeyZLMEsN47LoIaMvmTCc6HzsZoJAtz9GNwBlFmQoxodIkGYiwNRGWD/eNPEEA
39 | EQEAAYkCJQQYAQIADwUCXjCitAIbDAUJEswDAAAKCRCRo0uHmCFZ3CyYEACN5wsX
40 | vH+jNxYxQ+2FvObZyHT/LjD1DgFGCxE+dMqtaR84OgVgpHxhka8fbSaNlwey0J9h
41 | jo7dgcx9pc4TpxmIiRFqKRUbMMEVfeksy1wC4T5UZHaL3QNy6I/vnpGmPkUmEK1F
42 | RKERbpK/lCj4LDZpZr5hBnQ+5IcuSGR5JJ28vm58UMuiwwbE84hgbu0XcBqNkEcM
43 | sg9jVVJJ7ZgV6TKjEa/335LwT8gQRBKBuef/ENWps8XOxY7tYD6XvHI4Hgxk5W3g
44 | XuaaXs5SXR/bTgUgIYSqfSnjwbKVQJh8fXivs2N1kgFzZBA80O6oecB3+5sTmEMJ
45 | SzBpX01+B0WQZ+AY/FAYTZhqG0eD0pn8MHdVr4emoZYAgkW9iCjrnN9+TS8Lpb0I
46 | L3SxTyU07NCJKXZajCaSFuSm2OAM4E979HIZUargYKmA06v6bFXh/TdQKaONN+Eh
47 | qR9E5AM1N12ekN0ORxSARRQuOXUMFZ+beco+MMGhkbtu4Q4dSJviF26gxgvdPDq9
48 | 5uMF/MKyo4Th6g1Yf3Y+UNaP9i+XHqvmExoDf6VN08Pto7sYIPHS1yqcEqJxPIw0
49 | Q3R1n6FGi9YcfTSVpgLQa97FSzmzh5qT3Ef0puJsCzB916Itmwax1aeduZjURp3H
50 | TWKZU0fI5Q5MLqyVTV3podyo7oDD4WySM3BYlQ==
51 | =MD6X
52 | -----END PGP PUBLIC KEY BLOCK-----
53 | 


--------------------------------------------------------------------------------
/openshift_helm/prebuild/build-dep.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -xe
 4 | 
 5 | SDP_BUILD_DEPENDENCY_VERSION=dcar-2.1
 6 | OC_VERSION=v3.11.0
 7 | HELM_VERSION=v3.6.3
 8 | KUBECTL_VERSION=v1.21.3
 9 | 
10 | rm -rf /root/prebuild/dependencies
11 | mkdir -p /root/prebuild/dependencies
12 | cd /root/prebuild/dependencies
13 | 
14 | file1=openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit
15 | file2=linux-amd64
16 | file3=kubectl
17 | 
18 | #oc ${file1}
19 | curl -kLo /root/prebuild/dependencies/${file1}.tar.gz https://github.com/openshift/origin/releases/download/${OC_VERSION}/${file1}.tar.gz
20 | tar -zxf ${file1}.tar.gz
21 | rm -rf ${file1}.tar.gz
22 | 
23 | #helm ${file2}
24 | curl -ko /root/prebuild/dependencies/${file2}.tar.gz https://get.helm.sh/helm-${HELM_VERSION}-${file2}.tar.gz
25 | tar -zxf ${file2}.tar.gz
26 | rm -rf ${file2}.tar.gz
27 | 
28 | #kubectl ${file3}
29 | curl -ko /root/prebuild/dependencies/${file3} https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl
30 | 
31 | cd /root/prebuild
32 | tar czvf helm-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz dependencies
33 | gpg --import /root/prebuild/BAH-public.key
34 | gpg --import --allow-secret-key-import  /root/prebuild/BAH-private.key
35 | gpg --output /root/prebuild/helm-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.sig --detach-sig /root/prebuild/helm-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz
36 | sha256sum /root/prebuild/helm-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz | awk '{print $1}' > /root/prebuild/helm-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.sha256
37 | rm -rf /root/prebuild/dependencies
38 | 


--------------------------------------------------------------------------------
/openshift_helm/prebuild/helm-dependencies-dcar-2.1.sha256:
--------------------------------------------------------------------------------
1 | 41ee50933bbe081b4716972fa13aba3754ec45e4b87e4f7097df795d8f9ca41f
2 | 


--------------------------------------------------------------------------------
/openshift_helm/prebuild/helm-dependencies-dcar-2.1.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/openshift_helm/prebuild/helm-dependencies-dcar-2.1.sig


--------------------------------------------------------------------------------
/owasp-dep-check/Dockerfile:
--------------------------------------------------------------------------------
 1 | ARG BASE_REGISTRY=registry.access.redhat.com
 2 | ARG BASE_IMAGE=ubi8/ubi
 3 | ARG BASE_TAG=8.6
 4 | FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 5 | 
 6 | ### Add license file
 7 | COPY LICENSE /licenses
 8 | 
 9 | ### Update and install required packages
10 | RUN dnf update -y --nodocs && \
11 |     dnf install -y java-17-openjdk-devel unzip dotnet-sdk-6.0.x86_64 && \
12 |     dnf module install -y nodejs:16 && \
13 |     dnf clean all && \
14 |     npm install --global yarn && \
15 |     rm -rf /var/cache/dnf
16 | 
17 | ENV OWASP_DEP_CHK_VERSION 7.3.0
18 | 
19 | ### Download and install OWASP Dependency Check CLI tool
20 | RUN curl -sSLo /tmp/dependency-check.zip https://github.com/jeremylong/DependencyCheck/releases/download/v$OWASP_DEP_CHK_VERSION/dependency-check-$OWASP_DEP_CHK_VERSION-release.zip && \
21 |     cd /usr/share && \
22 |     unzip /tmp/dependency-check.zip && \
23 |     rm /tmp/dependency-check.zip
24 | 
25 | ### Add user, create required directories and cleanup
26 | ARG USER=depcheck
27 | ARG GROUP=depcheck
28 | ARG UID=1001
29 | ARG GID=1001
30 | 
31 | RUN groupadd -r -g ${GID} ${GROUP} && \
32 |     useradd -ms /bin/bash -u ${UID} -g ${GID} ${USER} && \
33 |     chown -R ${UID}:${GID} /usr/share/dependency-check && \
34 |     mkdir /report && \
35 |     chown -R ${UID}:${GID} /report
36 | 
37 | ### Insert Container Entry Point Script
38 | COPY container-entrypoint.sh /usr/share/dependency-check/bin/container-entrypoint.sh
39 | 
40 | ### Set script as executable
41 | RUN chmod +x /usr/share/dependency-check/bin/container-entrypoint.sh
42 | 
43 | USER ${UID}
44 | 
45 | ### Pull latest NVD data
46 | RUN /usr/share/dependency-check/bin/dependency-check.sh --enableExperimental --updateonly
47 | 
48 | VOLUME ["/src", "/report"]
49 | WORKDIR /src
50 | 
51 | CMD []
52 | ENTRYPOINT [ "/bin/sh", "/usr/share/dependency-check/bin/container-entrypoint.sh" ]
53 | 


--------------------------------------------------------------------------------
/owasp-dep-check/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = owasp-dep-check
 4 | VERSION  = 7.3.0-8.6
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile
10 | .ONESHELL: push
11 | 
12 | # Put it first so that "make" without argument is like "make help".
13 | help: ## Show target options
14 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
15 | 
16 | build: ## build container image
17 | 	docker build . -t $(TAG)
18 | 
19 | push: ## builds and publishes container image
20 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
21 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
22 | 	@echo
23 | 	@docker login $(REGISTRY) -u $(user) -p $(pass);
24 | 	make build
25 | 	docker tag $(TAG) $(REGISTRY)/$(IMAGE):latest
26 | 	docker push $(TAG)
27 | 	docker push $(REGISTRY)/$(IMAGE):latest
28 | 
29 | info:
30 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
31 | 
32 | # Catch-all target: route all unknown targets to Sphinx using the new
33 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
34 | %: Makefile
35 | 	echo "Make command $@ not found"
36 | 


--------------------------------------------------------------------------------
/owasp-dep-check/README.md:
--------------------------------------------------------------------------------
 1 | # OWASP Dependency Check
 2 | 
 3 | A container image that Jenkins uses to scan a project's source code to identify components with known vulnerabilities.
 4 | 
 5 | ## Synopsis
 6 | 
 7 | To implement this repo locally:
 8 | 1. Copy the repo to your machine
 9 | 2. Open a command line in the directory of your copy of the repo
10 | 3. Use `make build` or `docker build .` to build the container image
11 | 4. Once the image is built, start a container using `docker run [image-tag]`
12 | 
13 | ## Prerequisites
14 | 
15 | * [Red Hat Universal Base Image (UBI)](https://catalog.redhat.com/#/registry.access.redhat.com/ubi8/ubi) as the base image for the container
16 | * [Docker](https://www.docker.com/) installed locally (if you do not wish to use Docker, please make edits to adapt to your preferred containerization technology)
17 | * All files from the [owasp-dep-check subdirectory of the SDP-Images repo](https://github.com/boozallen/sdp-images/tree/master/owasp-dep-check)
18 | 
19 | ## Makefile
20 | 
21 | The Makefile comes with the following commands: `help`, `build`, `push`, and `info`
22 | * `make help` lists available commands from the Makefile
23 | * `make build` builds a container image using the Dockerfile in the repo with the tag comprised of the registry, application, and version (registry/application:version)
24 | * `make publish` builds the container image and then publish the image to GitHub
25 | * `make info` lists the container registry and repo the image will be published to
26 | 
27 | *note: using `make publish` will require updating the OWNER, REPO, and REGISTRY values in the Makefile*
28 | 
29 | ## Dockerfile
30 | 
31 | This file is setup to generate a container image using `docker build -t [TAG] .` with the option to name the image as you wish.
32 | The build process consists of:
33 | 1. Starting from a base image
34 | 2. Copying the Booz Allen Public License
35 | 3. Installing required packages and applications
36 | 4. Creating and configuring the user the container will run as, and
37 | 5. Setting default directory, command, and entrypoint
38 | 
39 | ## LICENSE
40 | 
41 | This text file contains the Booz Allen Public License. Please read before using or distributing this repo.


--------------------------------------------------------------------------------
/owasp-dep-check/container-entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -e
3 | 
4 | exec "$@"


--------------------------------------------------------------------------------
/pytest/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright © 2018 Booz Allen Hamilton. All Rights Reserved.
2 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
3 | 
4 | FROM python:slim
5 | 
6 | RUN pip install coverage pytest pytest-html


--------------------------------------------------------------------------------
/pytest/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = pytest
 4 | VERSION  = 1.0
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile 
10 | .ONESHELL: push 
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | build: ## build container image 
18 | 	docker build . -t $(TAG)
19 | 
20 | push: ## builds and publishes container image 
21 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
22 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
23 | 	@echo 
24 | 	@docker login $(REGISTRY) -u $(user) -p $(pass); 
25 | 	make build 
26 | 	docker tag $(TAG) $(REGISTRY)/$(IMAGE):latest
27 | 	docker push $(TAG)
28 | 	docker push $(REGISTRY)/$(IMAGE):latest
29 | 
30 | info: 
31 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
32 | 
33 | # Catch-all target: route all unknown targets to Sphinx using the new
34 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
35 | %: Makefile
36 | 	echo "Make command $@ not found" 
37 | 
38 | 


--------------------------------------------------------------------------------
/sonar-scanner/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Copyright © 2018 Booz Allen Hamilton. All Rights Reserved.
 2 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 3 | 
 4 | ARG BASE_REGISTRY=registry.access.redhat.com
 5 | ARG BASE_IMAGE=ubi8/ubi
 6 | ARG BASE_TAG=8.5
 7 | FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 8 | ARG SONAR_SCANNER_VERSION=4.7.0.2747
 9 | ARG NODEJS_VERSION=16
10 | 
11 | 
12 | ### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels
13 | LABEL name="Solutions Delivery Platform: Sonar Scanner" \
14 |       maintainer="terrana_steven@bah.com" \
15 |       vendor="Booz Allen Hamilton" \
16 |       version="$SONAR_SCANNER_VERSION" \
17 |       release="$SONAR_SCANNER_VERSION" \
18 |       summary="A sonar-scanner container used by the SonarQube library of the Solutions Delivery Platform" \
19 |       description="A sonar-scanner container used by the SonarQube library of the Solutions Delivery Platform"
20 | 
21 | ### Add licenses to this directory
22 | COPY LICENSE /licenses
23 | 
24 | ### Using yum as root user
25 | USER root
26 | 
27 | ### Install packages
28 | RUN INSTALL_PKGS="java-11-openjdk nodejs curl grep sed which" && \
29 |     yum -y module enable nodejs:$NODEJS_VERSION && \
30 |     yum clean all && \
31 |     yum --disableplugin=subscription-manager -y update-minimal --setopt=tsflags=nodocs \
32 |         --security && \
33 |     yum --disableplugin=subscription-manager -y install --setopt=tsflags=nodocs ${INSTALL_PKGS}
34 | 
35 | ### Define necessary variables like PATH to application
36 | ARG SDP_BUILD_DEPENDENCY_VERSION=dcar-2.1
37 | ENV SONAR_SCANNER_FILE=sonar-scanner-${SONAR_SCANNER_VERSION}-linux
38 | ENV TARBALL=sonar-scanner-dependencies-${SDP_BUILD_DEPENDENCY_VERSION}
39 | ENV user=sonarscanner
40 | ENV SONAR_RUNNER_HOME=/usr/share/${SONAR_SCANNER_FILE}
41 | ENV PATH $PATH:/usr/share/${SONAR_SCANNER_FILE}/bin
42 | 
43 | ### Install Sonar Scanner
44 | ### NOTE: FOR BUILDING LOCALLY WITHOUT A TARBALL, DETERMINE WHERE FILES WILL BE LOCATED AND POINT THE COPY AND RUN COMMANDS TO THE NEW LOCATION ACCORDINGLY
45 | RUN mkdir /root/tmp
46 | RUN curl -sSLo /root/tmp/${TARBALL}.tar.gz https://github.com/boozallen/sdp-images/releases/download/${SDP_BUILD_DEPENDENCY_VERSION}/${TARBALL}.tar.gz
47 | #COPY prebuild/${TARBALL}.tar.gz /root/tmp/${TARBALL}.tar.gz
48 | 
49 | COPY prebuild/BAH-public.key /root/tmp/.
50 | COPY prebuild/${TARBALL}.sig /root/tmp/.
51 | COPY prebuild/${TARBALL}.sha256 /root/tmp/.
52 | 
53 | # Check authenticity of tarball using gpg and unpack tarball
54 | RUN cd /root/tmp/ && gpg --import BAH-public.key
55 | RUN cd /root/tmp/ && gpg --verify ${TARBALL}.sig ${TARBALL}.tar.gz
56 | RUN cd /root/tmp/ && echo "$(cat ${TARBALL}.sha256) ${TARBALL}.tar.gz" | sha256sum --check --status
57 | RUN cd /root/tmp && tar -xzf ${TARBALL}.tar.gz
58 | 
59 | # Move Sonar Scanner to a permenant folder and copy the properties file into the necessary location
60 | RUN cd /root/tmp/dependencies/sonar-scanner/ && mv ${SONAR_SCANNER_FILE} /usr/share/
61 | COPY sonar-runner.properties /usr/share/${SONAR_SCANNER_FILE}/conf/sonar-scanner.properties
62 | 
63 | # Ensure Sonar uses the provided Java for must instead of a borked glibc one
64 | RUN sed -i 's/use_embedded_jre=true/use_embedded_jre=false/g' /usr/share/${SONAR_SCANNER_FILE}/bin/sonar-scanner && \
65 |     useradd -ms /bin/bash ${user}                                           && \
66 |     chown -R ${user}:${user} /usr/share/sonar-scanner-${SONAR_SCANNER_VERSION}-linux
67 | 
68 | # Switch to non-root user
69 | USER ${user}
70 | 
71 | # Use a health check to determine status of container once operational
72 | HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD which sonar-scanner
73 | 
74 | # Use bash if you want to run the environment from inside the shell, otherwise use the command that actually runs the underlying stuff
75 | #CMD /bin/bash
76 | CMD sonar-scanner
77 | 


--------------------------------------------------------------------------------
/sonar-scanner/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = sonar-scanner
 4 | VERSION  = 4.7.0.2747
 5 | 
 6 | REGISTRY = ghcr.io/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile
10 | .ONESHELL: push
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | 
18 | build: ## build container image
19 | 	docker build . -t $(TAG) --no-cache
20 | 
21 | push: ## builds and publishes container image
22 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
23 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
24 | 	@echo
25 | 	@docker login $(REGISTRY) -u $(user) -p $(pass);
26 | 	make build
27 | 	docker push $(TAG)
28 | 
29 | build-dep: ## build container dependencies and bundle them into a tarball
30 | 	$(eval dir := $(shell pwd))
31 | 	docker run -u root -it -v $(dir)/prebuild:/root/prebuild:z registry.access.redhat.com/ubi8/ubi:8.5 /root/prebuild/pull-from-ubi.sh
32 | 	docker run -u root -it -v $(dir)/prebuild:/root/prebuild:z registry.access.redhat.com/ubi8/ubi:8.5 /root/prebuild/build-dep.sh
33 | 
34 | # Separate dependency make step to avoid bundling a tarball - not using the tarball requires 
35 | # making a change to the Dockerfile to locate the dependencies
36 | build-local: ## build container dependencies and place at ./prebuild/dependencies/
37 | 	$(eval dir := $(shell pwd))
38 | 	docker run -u root -it -v $(dir)/prebuild:/root/prebuild:z registry.access.redhat.com/ubi8/ubi:8.5 /root/prebuild/pull-from-ubi.sh
39 | 
40 | info:
41 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
42 | 
43 | # Catch-all target: route all unknown targets to Sphinx using the new
44 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
45 | %: Makefile
46 | 	echo "Make command $@ not found"
47 | 


--------------------------------------------------------------------------------
/sonar-scanner/README.rst:
--------------------------------------------------------------------------------
 1 | -------------
 2 | sonar-scanner
 3 | -------------
 4 | 
 5 | A container image that jenkins uses to run SonarQube analysis.
 6 | 
 7 | Synopsis
 8 | --------
 9 | 
10 |   To implement this repo locally, copy the repo to your machine.
11 |   From there open a command line, change your working directory to your copy of the repo, and use ``make build`` or ``docker build .`` to build the container image in the CLI.
12 |   Once the image is built, create a container using ``docker run image``.
13 | 
14 |   The following sections are an explaination of the contents of repo.
15 | 
16 | Prereqs
17 | -------
18 | 
19 |   This repo makes use of UBI8 as the base image for the container derived from `RedHat <https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/ubi>`_.
20 |   Additionally, this repo makes use of Docker for containers. If you do not wish to use Docker, please make edits to adapt to your implementation of container technology.
21 |   Lastly, you should ensure all files from the repo are present in your local copy.
22 | 
23 | Makefile
24 | --------
25 | 
26 |   The Makefile comes with the following commands: help, build, push, build-dep, info.
27 |   ``make help`` will list available commands from the Makefile.
28 |   ``make build`` will build a container image using the Dockerfile in the repo with the tag comprised of the application and version (application:version).
29 |   ``make publish`` will build the container image and then publish the image to Github.
30 |   ``make build-dep`` will generate a tarball containing the dependencies used by the image.
31 |   ``make info`` will list the container registry and repo the image can be published to.
32 |   .. note:: using ``make publish`` provides no benefit by default to those outside of Booz Allen. Additionally, using ``make build-dep`` is unnecessary since the Dockerfile will obtain the needed tarball from Github.
33 | 
34 | Dockerfile
35 | ----------
36 | 
37 |   This file is setup to generate a container image using ``docker build -t <TAG> .`` with the option to name the image as you wish.
38 |   The build process will consist of using a base image, copying the Booz Allen Public License, applying OpenShift labels, installing required packages and applications, establishing the user the container will run as, and setting a health check.
39 | 
40 | LICENSE
41 | -------
42 | 
43 |   This text file contains the Booz Allen Public License. Please read before using or distibuting this repo.
44 | 
45 | Prebuild
46 | --------
47 | 
48 |   This folder contains files and artifacts inherent to the creation of the container image.
49 |   These files and artifacts are used either in the ``make build-dep`` command or in authenticating the dependency tarball associated with the image.
50 | 


--------------------------------------------------------------------------------
/sonar-scanner/prebuild/BAH-public.key:
--------------------------------------------------------------------------------
 1 | -----BEGIN PGP PUBLIC KEY BLOCK-----
 2 | Version: GnuPG v2.0.22 (GNU/Linux)
 3 | 
 4 | mQINBF4worQBEACsIaK9upBTpLrZUKQdGsYMwFs62iFQ2LFpe20X+cWDzHyjAs6C
 5 | c0b+QJK/WFEh61rWkSu74IUfAgLrbAzZV6dYwcNYaa/FNR9NLFBpn/7HK4lE2M7A
 6 | MqdujCKAELS74JHpJ8+bjLbgV59MkPfQSTHn0BOo02JiWuqxpFKSlVTTtdiymhXQ
 7 | USiqZ8FSgrVH9GiibRdCBloT1HFrrxs2LMnRsgCN6FXtyPF7jQSipklBfASCe0lS
 8 | i4UNyx+d5G1lpXqZiwYxVYMw79Z5b9l/ZcYAar10o5EQpnr76rxMCIf2vlEZp/Yj
 9 | aZVIHpTTtA4g9lsrIhDoJ8hABnOsNfz5M1zLMXbZaIrwQi+1ZhHlKSGxYlXgy2ay
10 | +zOWzjz4ub5t7yxI3MPLlEIcJTrJwC9LMUzGhqLDnOi0m5vdrXksUvIQ9JQHqHOd
11 | iQdtTqJErVQl7rBMepLUBdNSJ1PqjR5AZRljGOCdZPedb5/U+5n/pxv23xbWWs2/
12 | pad31FISlY8y3eEhaA1Y2GcP+Y4LAtNm4LyM4Uk/nvniG+rI0TBzxERn1Y6Pax8x
13 | JhTUcgcBLGHbwFAQ/gTDRkg+9DnR0m8ZCKuJ8bPx1qmM1iR39Ks44AbtZsgrkZF+
14 | DrHXaiaIxtEHyRw7JLQ4auNhZb3FQfy7YrENqnF3eEhyg4cx0LEJJcl+wwARAQAB
15 | tDBiYWxhbi1rYXJwYWdhbSA8YmFsYW4ta2FycGFnYW1AdXNlcnMuZ2l0aHViLmNv
16 | bT6JAj8EEwECACkFAl4worQCGwMFCRLMAwAHCwkIBwMCAQYVCAIJCgsEFgIDAQIe
17 | AQIXgAAKCRCRo0uHmCFZ3ECvD/9Ix0fSV4zOwnJ5KQZEp5tEnOGPJBPcBZ6hBJQc
18 | 9/R7DcmcN2LsOm6weMvax12/7Jo7Dbpl2rH11vwqrMrPmnm4BO6YcdmxmfE5ikyu
19 | 2EU4pzYgAFOGrahNaaSzEXFnMvDAKHLPT6xOJ35Re/RYxQOoiW+dmxPaceZv+lf4
20 | Jpfm8AtreMqpWLwl1+EN6zJzMF0yJjxUNxsZzaf4G6IxqZ+xwh9Auh2R6ga7UUz5
21 | 0sNDIMdFUNE0aQNsd8UX5pJQApwd63xE9MrnqnCPs3y39b1V+gSwYWv3sMTGDpyE
22 | rlDazVIJgSdBytpjAqoC0+wlm/fSgMI5YL6sJnhAfKUKp5u+5Dsr3xPFfq8s62cs
23 | TD14tQ0ees62I3yysStfo2w8lRUE+7fXLhgPaeYoN56/XsIheO0cXIbiNgLdS6kl
24 | MH+RtdyvwOBLdUgH1N5V/ctqeXbs38w4i4jPeyt/z6XYRli7Xkh7g3m1JpL4Hn6Q
25 | tqvuvx0FwdfXjcbuHIAHrY4kAkvKNi+dDsJ3tP8CYotmI/RlNCKjweMcOKN7qXAz
26 | /3qOUNXP546eObg3obOn0g0npyfQ9hojwFCl2KqNzHcr45y1Jw4peFXjthBq8B7Z
27 | cn6mKauJ+0K3H+fjlKR3W2TUD/p3FKqILbbw10J3sFulRppTDqzhRetUs0dQgtuK
28 | DpivCLkCDQReMKK0ARAA0sOzOfKuinhmzybri25NkXvyp9SbNcg8pZAmOkXsJ0Hy
29 | S5VK4a6aHoRs1pGsikaBYNdxJ2gwA3CeiaAJW54od8gA1RVzETfyKWjYsO7AB4I0
30 | LRmZSEYisnVjfTxzfpbTqjem3yyq2KG2pv4FEsv6jF9dGrdQ9EgZHf/ZebI55JS/
31 | TPVVau/EW3urVPFLlz+2TOzks5ysHtdCZl5A7+it70lPnaqg2LO5Kp9OnmUpIpLF
32 | piorHnNYXv6kUoCYblj65djCmvnRoN1rKfrh12vhIupXfRfyO/hovIMnEHFhXhBY
33 | yJAdusapk6A+mkbjS3g0E2igV5g0lW1XR/vN6ElGs3JfCLLmFYJCWyIg5ykrHj3I
34 | S8cf1uaMfSQcArIBewc8RZdN1YZUc6WCH3BImBKI1di8QdNACfUnZSkNdMrN4Dmn
35 | MLD38ACsSTe/D68MHxr5ee5tH7iFxTWBn8l5bZQot5qsL9glDxTT4bNiK9HzZJZN
36 | ks4r3kg8mUcNb8LTi4Fn9ITEv0COzPMOs7ibIMeFv+r5LGK2DHo/o+oLgSzNcx2W
37 | PAzhFscXtCRFZHWjN1wLAjT1mPjkF8WRKfNwp3azU1VdZ4V7uR2FlsjwaL8QZs5g
38 | ZpyeyZLMEsN47LoIaMvmTCc6HzsZoJAtz9GNwBlFmQoxodIkGYiwNRGWD/eNPEEA
39 | EQEAAYkCJQQYAQIADwUCXjCitAIbDAUJEswDAAAKCRCRo0uHmCFZ3CyYEACN5wsX
40 | vH+jNxYxQ+2FvObZyHT/LjD1DgFGCxE+dMqtaR84OgVgpHxhka8fbSaNlwey0J9h
41 | jo7dgcx9pc4TpxmIiRFqKRUbMMEVfeksy1wC4T5UZHaL3QNy6I/vnpGmPkUmEK1F
42 | RKERbpK/lCj4LDZpZr5hBnQ+5IcuSGR5JJ28vm58UMuiwwbE84hgbu0XcBqNkEcM
43 | sg9jVVJJ7ZgV6TKjEa/335LwT8gQRBKBuef/ENWps8XOxY7tYD6XvHI4Hgxk5W3g
44 | XuaaXs5SXR/bTgUgIYSqfSnjwbKVQJh8fXivs2N1kgFzZBA80O6oecB3+5sTmEMJ
45 | SzBpX01+B0WQZ+AY/FAYTZhqG0eD0pn8MHdVr4emoZYAgkW9iCjrnN9+TS8Lpb0I
46 | L3SxTyU07NCJKXZajCaSFuSm2OAM4E979HIZUargYKmA06v6bFXh/TdQKaONN+Eh
47 | qR9E5AM1N12ekN0ORxSARRQuOXUMFZ+beco+MMGhkbtu4Q4dSJviF26gxgvdPDq9
48 | 5uMF/MKyo4Th6g1Yf3Y+UNaP9i+XHqvmExoDf6VN08Pto7sYIPHS1yqcEqJxPIw0
49 | Q3R1n6FGi9YcfTSVpgLQa97FSzmzh5qT3Ef0puJsCzB916Itmwax1aeduZjURp3H
50 | TWKZU0fI5Q5MLqyVTV3podyo7oDD4WySM3BYlQ==
51 | =MD6X
52 | -----END PGP PUBLIC KEY BLOCK-----
53 | 


--------------------------------------------------------------------------------
/sonar-scanner/prebuild/build-dep.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -xe
 4 | 
 5 | SDP_BUILD_DEPENDENCY_VERSION=dcar-2.1
 6 | 
 7 | cd /root/prebuild
 8 | tar czvf sonar-scanner-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz dependencies
 9 | gpg --import /root/prebuild/BAH-public.key
10 | gpg --import --allow-secret-key-import  /root/prebuild/BAH-private.key
11 | gpg --output /root/prebuild/sonar-scanner-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.sig --detach-sig /root/prebuild/sonar-scanner-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz
12 | sha256sum /root/prebuild/sonar-scanner-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz | awk '{print $1}' > /root/prebuild/sonar-scanner-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.sha256
13 | rm -rf /root/prebuild/dependencies
14 | 


--------------------------------------------------------------------------------
/sonar-scanner/prebuild/pull-from-ubi.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -xe
 4 | 
 5 | SONAR_SCANNER_VERSION=4.7.0.2747
 6 | 
 7 | rm -rf /root/prebuild/dependencies
 8 | mkdir -p /root/prebuild/dependencies/sonar-scanner
 9 | 
10 | file=sonar-scanner-${SONAR_SCANNER_VERSION}-linux.zip
11 | curl --create-dirs --insecure -sSLo /root/prebuild/dependencies/sonar-scanner/${file} https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux.zip
12 | 
13 | INSTALL_PKGS="java-11-openjdk-devel curl grep unzip sed which" && \
14 |     yum clean all && \
15 |     yum --disablerepo unified_platform_ubi8_appstream --disablerepo unified_platform_ubi8_os --disableplugin=subscription-manager -y update-minimal --setopt=tsflags=nodocs \
16 |         --security --sec-severity=Important --sec-severity=Critical && \
17 |     yum --disablerepo unified_platform_ubi8_appstream --disablerepo unified_platform_ubi8_os --disableplugin=subscription-manager -y install --setopt=tsflags=nodocs ${INSTALL_PKGS}
18 | 
19 | cd /root/prebuild/dependencies/sonar-scanner && unzip ${file} && rm ${file}
20 | 


--------------------------------------------------------------------------------
/sonar-scanner/prebuild/sonar-scanner-dependencies-dcar-2.1.sha256:
--------------------------------------------------------------------------------
1 | cbc1eb28f3d48b3673608f49c8af0b2fa95d56944f20136b6a8492ca33171ede
2 | 


--------------------------------------------------------------------------------
/sonar-scanner/prebuild/sonar-scanner-dependencies-dcar-2.1.sig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/boozallen/sdp-images/fad6cef45673f4a2f623b0594b9efa5dca234d43/sonar-scanner/prebuild/sonar-scanner-dependencies-dcar-2.1.sig


--------------------------------------------------------------------------------
/sonar-scanner/sonar-runner.properties:
--------------------------------------------------------------------------------
 1 | #Configure here general information about the environment, such as SonarQube DB details for example
 2 | #No information about specific project should appear here
 3 | 
 4 | #----- Default SonarQube server
 5 | #sonar.host.url=http://sonarqube:9000
 6 | 
 7 | #----- Default source code encoding
 8 | #sonar.sourceEncoding=UTF-8
 9 | 
10 | #----- Global database settings (not used for SonarQube 5.2+)
11 | #sonar.jdbc.username=sonar
12 | #sonar.jdbc.password=sonar
13 | 
14 | #----- PostgreSQL
15 | #sonar.jdbc.url=jdbc:postgresql://localhost/sonar
16 | 
17 | #----- MySQL
18 | #sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&amp;characterEncoding=utf8
19 | 
20 | #----- Oracle
21 | #sonar.jdbc.url=jdbc:oracle:thin:@localhost/XE
22 | 
23 | #----- Microsoft SQLServer
24 | #sonar.jdbc.url=jdbc:jtds:sqlserver://localhost/sonar;SelectMethod=Cursor
25 | 
26 | # H2 database from Docker Sonar container
27 | #sonar.jdbc.url=jdbc:h2:tcp://sonarqube/sonar
28 | #sonar.projectKey=MyProjectKey
29 | #sonar.projectName=My Project Name
30 | #sonar.projectVersion=1
31 | #sonar.projectBaseDir=/root/src
32 | #sonar.sources=./


--------------------------------------------------------------------------------
/sonarqube/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM sonarqube:6.7
2 | 
3 | env FORCE_AUTHENTICATION true 
4 | 
5 | COPY sonar.properties /opt/sonarqube/conf/sonar.properties
6 | 


--------------------------------------------------------------------------------
/sonarqube/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = sonarqube
 4 | VERSION  = 1.0
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile 
10 | .ONESHELL: push 
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | build: ## build container image 
18 | 	docker build . -t $(TAG)
19 | 
20 | push: ## builds and publishes container image 
21 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
22 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
23 | 	@echo 
24 | 	@docker login $(REGISTRY) -u $(user) -p $(pass); 
25 | 	make build 
26 | 	docker push $(TAG)
27 | 
28 | info: 
29 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
30 | 
31 | # Catch-all target: route all unknown targets to Sphinx using the new
32 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
33 | %: Makefile
34 | 	echo "Make command $@ not found" 
35 | 
36 | 


--------------------------------------------------------------------------------
/sonarqube/README.rst:
--------------------------------------------------------------------------------
 1 | ---------
 2 | SonarQube
 3 | ---------
 4 | 
 5 | extends `sonarqube:6.7 <https://hub.docker.com/_/sonarqube/>`_ image and adds some 
 6 | environment variable configurations. 
 7 | 
 8 | 
 9 | .. csv-table:: Environment Variables
10 |    :header: "Name", "Description", "Default" 
11 | 
12 |     "WEB_CONTEXT", "the root path to access sonarqube, for when hosting behind an ALB with path based routing.", "" 
13 |     "FORCE_AUTHENTICATION", "whether or not to allow anonymous read", "true" 


--------------------------------------------------------------------------------
/syft/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Copyright © 2022 Booz Allen Hamilton. All Rights Reserved.
 2 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 3 | 
 4 | ARG BASE_REGISTRY=registry.access.redhat.com
 5 | ARG BASE_IMAGE=ubi8/ubi
 6 | ARG BASE_TAG=8.6-754
 7 | FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 8 | 
 9 | ### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels
10 | LABEL name="Solutions Delivery Platform: Syft" \
11 |       maintainer="uip@bah.com" \
12 |       vendor="Booz Allen Hamilton" \
13 |       version="0.47.0" \
14 |       release="0.47.0" \
15 |       summary="Anchore Syft container" \
16 |       description="The Anchore Syft container image for the Solutions Delivery Platform"
17 | 
18 | ### add licenses to this directory
19 | COPY LICENSE /licenses
20 | 
21 | ### Use yum as root user
22 | USER root
23 | 
24 | COPY docker-ce.repo /etc/yum.repos.d/docker-cd.repo
25 | 
26 | ### Add necessary Red Hat repos and packages here
27 | RUN INSTALL_PKGS="coreutils python3-pip jq docker-ce docker-ce-cli containerd.io" && \
28 |     yum clean all && \
29 |     yum --disableplugin=subscription-manager -y update-minimal --setopt=tsflags=nodocs --security  && \
30 |     yum --disableplugin=subscription-manager -y install --allowerasing --setopt=tsflags=nodocs ${INSTALL_PKGS} && \
31 |     systemctl enable docker
32 | 
33 | ENV PROGRAM_NAME syft
34 | ENV HOME /root
35 | ENV PROGRAM_DESTINATION_DIR /usr/local/bin
36 | ENV PROGRAM_VERSION v0.47.0
37 | 
38 | ARG user=${PROGRAM_NAME}
39 | 
40 | WORKDIR /scanner
41 | 
42 | # Install Syft
43 | RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b ${PROGRAM_DESTINATION_DIR} ${PROGRAM_VERSION}
44 | 
45 | 
46 | # Add user, create required directories  and cleanup
47 | RUN useradd -ms /bin/bash ${user}                                                                              && \
48 |     chown -R ${user}:${user} ${PROGRAM_DESTINATION_DIR}/${PROGRAM_NAME}                                        && \
49 |     mkdir /report                                                                                              && \
50 |     chown -R ${user}:${user} /report                                                                           && \
51 |     yum --nogpgcheck --disableplugin=subscription-manager clean all
52 | 
53 | ### Insert Container Entry Point Script
54 | COPY container-entrypoint.sh /usr/local/bin/container-entrypoint.sh
55 | 
56 | ### Set script as executable
57 | RUN chmod +x /usr/local/bin/container-entrypoint.sh
58 | 
59 | USER ${user}
60 | 
61 | CMD []
62 | ENTRYPOINT [ "/bin/sh", "/usr/local/bin/container-entrypoint.sh" ]
63 | 


--------------------------------------------------------------------------------
/syft/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = syft
 4 | VERSION  = 0.47.0
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile
10 | .ONESHELL: push
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | build: ## build container image
18 | 	docker build . -t $(TAG)
19 | 
20 | push: ## builds and publishes container image
21 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
22 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
23 | 	@echo
24 | 	@docker login $(REGISTRY) -u $(user) -p $(pass);
25 | 	make build
26 | 	docker tag $(TAG) $(REGISTRY)/$(IMAGE):latest
27 | 	docker push $(TAG)
28 | 	docker push $(REGISTRY)/$(IMAGE):latest
29 | 
30 | build-dep: ## build container dependencies
31 | 	$(eval dir := $(shell pwd))
32 | 	docker run -u root -it -v $(dir)/prebuild:/root/prebuild:z registry.access.redhat.com/ubi8/ubi:8.6-754 /root/prebuild/pull-from-ubi.sh
33 | 	docker run -u root -it -v $(dir)/prebuild:/root/prebuild:z registry.access.redhat.com/ubi8/ubi:8.6-754 /root/prebuild/build-dep.sh
34 | 
35 | info:
36 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
37 | 
38 | # Catch-all target: route all unknown targets to Sphinx using the new
39 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
40 | %: Makefile
41 | 	echo "Make command $@ not found"
42 | 


--------------------------------------------------------------------------------
/syft/container-entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -e
3 | 
4 | exec "$@"
5 | 


--------------------------------------------------------------------------------
/syft/docker-ce.repo:
--------------------------------------------------------------------------------
 1 | [docker-ce-stable]
 2 | name=Docker CE Stable - $basearch
 3 | baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/stable
 4 | enabled=1
 5 | gpgcheck=1
 6 | gpgkey=https://download.docker.com/linux/centos/gpg
 7 | 
 8 | [docker-ce-stable-debuginfo]
 9 | name=Docker CE Stable - Debuginfo $basearch
10 | baseurl=https://download.docker.com/linux/centos/$releasever/debug-$basearch/stable
11 | enabled=0
12 | gpgcheck=1
13 | gpgkey=https://download.docker.com/linux/centos/gpg
14 | 
15 | [docker-ce-stable-source]
16 | name=Docker CE Stable - Sources
17 | baseurl=https://download.docker.com/linux/centos/$releasever/source/stable
18 | enabled=0
19 | gpgcheck=1
20 | gpgkey=https://download.docker.com/linux/centos/gpg
21 | 
22 | [docker-ce-test]
23 | name=Docker CE Test - $basearch
24 | baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/test
25 | enabled=0
26 | gpgcheck=1
27 | gpgkey=https://download.docker.com/linux/centos/gpg
28 | 
29 | [docker-ce-test-debuginfo]
30 | name=Docker CE Test - Debuginfo $basearch
31 | baseurl=https://download.docker.com/linux/centos/$releasever/debug-$basearch/test
32 | enabled=0
33 | gpgcheck=1
34 | gpgkey=https://download.docker.com/linux/centos/gpg
35 | 
36 | [docker-ce-test-source]
37 | name=Docker CE Test - Sources
38 | baseurl=https://download.docker.com/linux/centos/$releasever/source/test
39 | enabled=0
40 | gpgcheck=1
41 | gpgkey=https://download.docker.com/linux/centos/gpg
42 | 
43 | [docker-ce-nightly]
44 | name=Docker CE Nightly - $basearch
45 | baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/nightly
46 | enabled=0
47 | gpgcheck=1
48 | gpgkey=https://download.docker.com/linux/centos/gpg
49 | 
50 | [docker-ce-nightly-debuginfo]
51 | name=Docker CE Nightly - Debuginfo $basearch
52 | baseurl=https://download.docker.com/linux/centos/$releasever/debug-$basearch/nightly
53 | enabled=0
54 | gpgcheck=1
55 | gpgkey=https://download.docker.com/linux/centos/gpg
56 | 
57 | [docker-ce-nightly-source]
58 | name=Docker CE Nightly - Sources
59 | baseurl=https://download.docker.com/linux/centos/$releasever/source/nightly
60 | enabled=0
61 | gpgcheck=1
62 | gpgkey=https://download.docker.com/linux/centos/gpg
63 | 


--------------------------------------------------------------------------------
/terraform/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Copyright © 2018 Booz Allen Hamilton. All Rights Reserved.
 2 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 3 | 
 4 | FROM hashicorp/terraform:light
 5 | 
 6 | COPY docker-entrypoint.sh docker-entrypoint.sh
 7 | RUN chmod +x docker-entrypoint.sh 
 8 | 
 9 | ENV SYSDIG_PROVIDER_VERSION=v0.2.0
10 | RUN mkdir -p /plugins && \
11 |     wget -O /plugins/terraform-provider-sysdig_$SYSDIG_PROVIDER_VERSION https://github.com/draios/terraform-provider-sysdig/releases/download/$SYSDIG_PROVIDER_VERSION/terraform-provider-sysdig-linux-amd64 && \
12 |     chmod 777 /plugins/*
13 | 
14 | ENTRYPOINT ["/bin/sh", "/docker-entrypoint.sh"]
15 | CMD []


--------------------------------------------------------------------------------
/terraform/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = terraform
 4 | VERSION  = 1.0
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile 
10 | .ONESHELL: push 
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | build: ## build container image 
18 | 	docker build . -t $(TAG)
19 | 
20 | push: ## builds and publishes container image 
21 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
22 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
23 | 	@echo 
24 | 	@docker login $(REGISTRY) -u $(user) -p $(pass); 
25 | 	make build 
26 | 	docker tag $(TAG) $(REGISTRY)/$(IMAGE):latest
27 | 	docker push $(TAG)
28 | 	docker push $(REGISTRY)/$(IMAGE):latest
29 | 
30 | info: 
31 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
32 | 
33 | # Catch-all target: route all unknown targets to Sphinx using the new
34 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
35 | %: Makefile
36 | 	echo "Make command $@ not found" 
37 | 
38 | 


--------------------------------------------------------------------------------
/terraform/README.rst:
--------------------------------------------------------------------------------
1 | ---
2 | Terraform
3 | ---
4 | 
5 | Container Image with the Terraform executable installed. 
6 | 
7 | Terraform Providers:
8 | * Sysdig


--------------------------------------------------------------------------------
/terraform/docker-entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | set -e
3 | 
4 | exec "$@"


--------------------------------------------------------------------------------
/webhint/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Copyright © 2018 Booz Allen Hamilton. All Rights Reserved.
 2 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
 3 | 
 4 | FROM alpine:edge
 5 | 
 6 | # Installs latest Chromium (77) package.
 7 | RUN apk add --no-cache \
 8 |     chromium \
 9 |     nss \
10 |     freetype \
11 |     freetype-dev \
12 |     harfbuzz \
13 |     ca-certificates \
14 |     ttf-freefont \
15 |     nodejs \
16 |     npm
17 |    
18 | # Tell Puppeteer to skip installing Chrome
19 | # Set execution path
20 | # Browser cli configuration for root usage
21 | # Hint feedback off to avoid erroring out no input from confirmation question
22 | ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true \
23 |     PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium-browser \
24 |     CHROMIUM_FLAGS="--no-sandbox --headless" \
25 |     HINT_TELEMETRY=off
26 | 
27 | RUN npm i -g puppeteer@5.2.1 hint --silent --no-warnings
28 | 
29 | # Sanity checking - also crashes build if something didn't install correctly which we want
30 | RUN set -x \
31 |     && node -v \
32 |     && npm -v \
33 |     && npx -v \
34 |     && hint -v
35 | 


--------------------------------------------------------------------------------
/webhint/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = webhint
 4 | VERSION  = 1.9
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile 
10 | .ONESHELL: push 
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | build: ## build container image 
18 | 	docker build . -t $(TAG)
19 | 
20 | push: ## builds and publishes container image 
21 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
22 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
23 | 	@echo 
24 | 	@docker login $(REGISTRY) -u $(user) -p $(pass); 
25 | 	make build 
26 | 	docker tag $(TAG) $(REGISTRY)/$(IMAGE):latest
27 | 	docker push $(TAG)
28 | 	docker push $(REGISTRY)/$(IMAGE):latest
29 | 
30 | info: 
31 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
32 | 
33 | # Catch-all target: route all unknown targets to Sphinx using the new
34 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
35 | %: Makefile
36 | 	echo "Make command $@ not found" 
37 | 


--------------------------------------------------------------------------------
/zap/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright © 2018 Booz Allen Hamilton. All Rights Reserved.
2 | # This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
3 | 
4 | FROM owasp/zap2docker-stable
5 | LABEL description="sdp version of zap"


--------------------------------------------------------------------------------
/zap/Makefile:
--------------------------------------------------------------------------------
 1 | OWNER    = boozallen
 2 | REPO     = sdp-images
 3 | IMAGE    = zap
 4 | VERSION  = 1.0
 5 | 
 6 | REGISTRY = docker.pkg.github.com/$(OWNER)/$(REPO)
 7 | TAG      = $(REGISTRY)/$(IMAGE):$(VERSION)
 8 | 
 9 | .PHONY: help Makefile 
10 | .ONESHELL: push 
11 | 
12 | 
13 | # Put it first so that "make" without argument is like "make help".
14 | help: ## Show target options
15 | 	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//'
16 | 
17 | build: ## build container image 
18 | 	docker build . -t $(TAG)
19 | 
20 | push: ## builds and publishes container image 
21 | 	$(eval user := $(shell read -p "GitHub Username: " username; echo $$username))
22 | 	$(eval pass := $(shell read -s -r -p "GitHub Token: " token; echo $$token))
23 | 	@echo 
24 | 	@docker login $(REGISTRY) -u $(user) -p $(pass); 
25 | 	make build 
26 | 	docker tag $(TAG) $(REGISTRY)/$(IMAGE):latest
27 | 	docker push $(TAG)
28 | 	docker push $(REGISTRY)/$(IMAGE):latest
29 | 
30 | info: 
31 | 	@echo "$(TAG) -> $$(dirname $$(git ls-files --full-name Makefile))"
32 | 
33 | # Catch-all target: route all unknown targets to Sphinx using the new
34 | # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
35 | %: Makefile
36 | 	echo "Make command $@ not found" 
37 | 
38 | 


--------------------------------------------------------------------------------
/zap/README.rst:
--------------------------------------------------------------------------------
1 | ---
2 | zap
3 | ---
4 | 
5 | A container image that jenkins uses to run OWASP ZAP penetration testing. 


--------------------------------------------------------------------------------