├── .gitignore
├── .dockerignore
├── Jenkinsfile_k8s
├── CODEOWNERS
├── .github
├── release-drafter.yml
├── dependabot.yml
└── workflows
│ └── release-drafter.yml
├── conf.d
├── rpm_macros
└── devscripts.conf
├── updatecli
├── values.yaml
└── updatecli.d
│ ├── jenkins-version.yaml
│ ├── maven.yaml
│ ├── jenkins-agent-version.yml
│ ├── azcopy.yaml
│ └── jdk-build.yml
├── Jenkinsfile_updatecli
├── README.adoc
├── Makefile
├── LICENSE
├── macros.d
├── macros.javapackages-filesystem
└── macros.systemd
├── cst.yml
└── Dockerfile
/.gitignore:
--------------------------------------------------------------------------------
1 | hadolint.json
2 | *.tar
3 | *.zip
4 |
--------------------------------------------------------------------------------
/.dockerignore:
--------------------------------------------------------------------------------
1 | hadolint.json
2 | *.tar
3 | .git
4 | .github
5 |
--------------------------------------------------------------------------------
/Jenkinsfile_k8s:
--------------------------------------------------------------------------------
1 | buildDockerAndPublishImage('packaging', [
2 | targetplatforms: 'linux/amd64',
3 | ])
4 |
--------------------------------------------------------------------------------
/CODEOWNERS:
--------------------------------------------------------------------------------
1 | # Order is important. The last matching pattern has the most precedence.
2 |
3 | * @jenkins-infra/docker
4 |
--------------------------------------------------------------------------------
/.github/release-drafter.yml:
--------------------------------------------------------------------------------
1 | _extends: .github
2 |
3 | name-template: 'next'
4 | tag-template: 'next'
5 | no-changes-template: '* "non-pinned" packages update'
6 |
--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
1 | ---
2 | version: 2
3 | updates:
4 | - package-ecosystem: "github-actions"
5 | directory: "/"
6 | schedule:
7 | interval: "daily"
8 |
--------------------------------------------------------------------------------
/conf.d/rpm_macros:
--------------------------------------------------------------------------------
1 | %_signature gpg
2 | %_gpg_name %{getenv:GPG_KEYNAME}
3 | %_gpg_sign_cmd_extra_args --passphrase-file=%{getenv:GPG_PASSPHRASE_FILE} --batch --pinentry-mode loopback
4 |
--------------------------------------------------------------------------------
/conf.d/devscripts.conf:
--------------------------------------------------------------------------------
1 | # Cfr /usr/share/doc/devscripts/
2 | DEBUILD_PRESERVE_ENVVARS=GPG_PASSPHRASE_FILE,GPG_FILE,GPG_KEYNAME
3 | DEBSIGN_KEYID=$GPG_KEYNAME
4 | DEBSIGN_PROGRAM="gpg --passphrase-file=$GPG_PASSPHRASE_FILE --batch --pinentry-mode loopback"
5 | DEBSIGN_ALWAYS_RESIGN=yes
6 | DEBSIGN_SIGNLIKE=gpg
7 |
--------------------------------------------------------------------------------
/updatecli/values.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | github:
3 | user: "Jenkins Infra Bot (updatecli)"
4 | email: "60776566+jenkins-infra-bot@users.noreply.github.com"
5 | username: "jenkins-infra-bot"
6 | token: "UPDATECLI_GITHUB_TOKEN"
7 | branch: "main"
8 | owner: "jenkins-infra"
9 | repository: "docker-packaging"
10 |
11 | jdk:
12 | majorVersion: 21
13 | agentMajorVersion: 21
14 |
--------------------------------------------------------------------------------
/Jenkinsfile_updatecli:
--------------------------------------------------------------------------------
1 | final String cronExpr = env.BRANCH_IS_PRIMARY ? '@daily' : ''
2 |
3 | properties([
4 | buildDiscarder(logRotator(numToKeepStr: '10')),
5 | disableConcurrentBuilds(abortPrevious: true),
6 | pipelineTriggers([cron(cronExpr)]),
7 | ])
8 |
9 | timeout(time: 10, unit: 'MINUTES') {
10 | final String updatecliAction = env.BRANCH_IS_PRIMARY ? 'apply' : 'diff'
11 | stage("Run updatecli action: ${updatecliAction}") {
12 | updatecli(
13 | action: updatecliAction,
14 | )
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/.github/workflows/release-drafter.yml:
--------------------------------------------------------------------------------
1 | name: Release Drafter
2 | on:
3 | workflow_dispatch:
4 | push:
5 | release:
6 | # Only allow 1 release-drafter build at a time to avoid creating multiple "next" releases
7 | concurrency: "release-drafter"
8 | jobs:
9 | update_release_draft:
10 | runs-on: ubuntu-latest
11 | steps:
12 | - uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 # v5
13 | env:
14 | # This token is generated automatically by default in GitHub Actions: no need to create it manually
15 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
16 |
--------------------------------------------------------------------------------
/README.adoc:
--------------------------------------------------------------------------------
1 | = docker-packaging
2 |
3 | image:https://img.shields.io/docker/pulls/jenkinsciinfra/packaging?label=jenkinsciinfra%2Fpackaging&logo=docker&logoColor=white[link="https://hub.docker.com/r/jenkinsciinfra/packaging"]
4 |
5 | This repository contains everything needed to build a docker image which can be used to build debian, redhat, suse package for Jenkins core.
6 |
7 | == Configuration
8 | In order to sign packages with a gpg key, the following env variable must be defined
9 |
10 | * `GPG_KEYNAME`: Define the gpg key used to sign packages
11 | * `GPG_PASSPHRASE_FILE`: Define the gpg key passphrase
12 |
13 | == LINKS
14 | * https://github.com/jenkinsci/packaging[jenkinsci/packaging]
15 | * https://github.com/jenkins-infra/charts[jenkins-infra/charts]
16 | * https://github.com/jenkins-infra/release[jenkins-infra/release]
17 |
--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
1 | # This line specifies that the 'build' target is a phony target, meaning it doesn't represent a file.
2 | .PHONY: .build
3 |
4 | # Define variables for the Docker image name and tag.
5 | IMAGE = 'jenkinsciinfra/packaging'
6 | TAG = $(shell git rev-parse HEAD | cut -c1-6)
7 |
8 | # 'build' target builds a Docker image using the Dockerfile in the current directory.
9 | build:
10 | docker build --no-cache -t $(IMAGE):$(TAG) -t $(IMAGE):latest -f Dockerfile .
11 |
12 | # 'publish' target pushes the Docker image to a container registry.
13 | publish:
14 | # Push the image with the specific TAG
15 | docker push $(IMAGE):$(TAG)
16 | # Push the image with the 'latest' tag for the most recent version.
17 |
18 | # 'run' target runs a Docker container based on the specified image and tag, providing an interactive shell.
19 | run:
20 | docker run -i -t --rm --entrypoint /bin/bash $(IMAGE):$(TAG)
21 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2019 Olblak
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/updatecli/updatecli.d/jenkins-version.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | name: Bump `jv` CLI (jenkins-version)
3 |
4 | scms:
5 | default:
6 | kind: github
7 | spec:
8 | user: "{{ .github.user }}"
9 | email: "{{ .github.email }}"
10 | owner: "{{ .github.owner }}"
11 | repository: "{{ .github.repository }}"
12 | token: "{{ requiredEnv .github.token }}"
13 | username: "{{ .github.username }}"
14 | branch: "{{ .github.branch }}"
15 |
16 | sources:
17 | lastVersion:
18 | kind: githubrelease
19 | spec:
20 | owner: jenkins-infra
21 | repository: jenkins-version
22 | token: "{{ requiredEnv .github.token }}"
23 | username: "{{ .github.username }}"
24 |
25 | targets:
26 | updateDockerfile:
27 | name: Bump JV_VERSION value
28 | kind: dockerfile
29 | spec:
30 | file: ./Dockerfile
31 | instruction:
32 | keyword: ARG
33 | matcher: JV_VERSION
34 | scmid: default
35 |
36 | actions:
37 | default:
38 | kind: github/pullrequest
39 | scmid: default
40 | title: Bump `jv` CLI (jenkins-version) to {{ source "lastVersion" }}
41 | spec:
42 | labels:
43 | - dependencies
44 | - jv
45 |
--------------------------------------------------------------------------------
/updatecli/updatecli.d/maven.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | name: Bump Maven version
3 |
4 | scms:
5 | default:
6 | kind: github
7 | spec:
8 | user: "{{ .github.user }}"
9 | email: "{{ .github.email }}"
10 | owner: "{{ .github.owner }}"
11 | repository: "{{ .github.repository }}"
12 | token: "{{ requiredEnv .github.token }}"
13 | username: "{{ .github.username }}"
14 | branch: "{{ .github.branch }}"
15 |
16 | sources:
17 | mavenVersion:
18 | kind: githubrelease
19 | name: Get the latest Maven version
20 | spec:
21 | owner: apache
22 | repository: maven
23 | token: "{{ requiredEnv .github.token }}"
24 | username: "{{ .github.username }}"
25 | versionfilter:
26 | kind: regex
27 | # Only full releases (semver with "maven-" prefix")
28 | pattern: "^maven-(\\d*).(\\d*).(\\d*)$"
29 | transformers:
30 | - trimprefix: "maven-"
31 |
32 | conditions:
33 | checkIfReleaseIsAvailable:
34 | kind: shell
35 | disablesourceinput: true
36 | spec:
37 | command: curl --connect-timeout 5 --location --head --fail --silent --show-error https://archive.apache.org/dist/maven/maven-3/{{ source `mavenVersion` }}/binaries/apache-maven-{{ source `mavenVersion` }}-bin.tar.gz
38 |
39 | targets:
40 | updateDockerfileVersion:
41 | name: Update the value of ARG MAVEN_VERSION in the Dockerfile
42 | sourceid: mavenVersion
43 | kind: dockerfile
44 | spec:
45 | file: ./Dockerfile
46 | instruction:
47 | keyword: ARG
48 | matcher: MAVEN_VERSION
49 | scmid: default
50 | updateCstVersion:
51 | name: Update test harness with new Maven version
52 | sourceid: mavenVersion
53 | kind: yaml
54 | spec:
55 | file: ./cst.yml
56 | key: $.commandTests[1].expectedOutput[1]
57 | scmid: default
58 |
59 | actions:
60 | default:
61 | kind: github/pullrequest
62 | scmid: default
63 | title: Bump Maven version to {{ source "mavenVersion" }}
64 | spec:
65 | labels:
66 | - dependencies
67 | - maven
68 |
--------------------------------------------------------------------------------
/updatecli/updatecli.d/jenkins-agent-version.yml:
--------------------------------------------------------------------------------
1 | ---
2 | name: Bump Jenkins inbound-agent version
3 |
4 | scms:
5 | default:
6 | kind: github
7 | spec:
8 | user: "{{ .github.user }}"
9 | email: "{{ .github.email }}"
10 | owner: "{{ .github.owner }}"
11 | repository: "{{ .github.repository }}"
12 | token: "{{ requiredEnv .github.token }}"
13 | username: "{{ .github.username }}"
14 | branch: "{{ .github.branch }}"
15 |
16 | sources:
17 | agentMajorJdkVersion:
18 | kind: shell
19 | name: Get the agent major JDK version
20 | spec:
21 | command: echo "{{ .jdk.agentMajorVersion }}"
22 | lastVersion:
23 | kind: githubrelease
24 | name: Get the latest version of the Jenkins Inbound agent image
25 | spec:
26 | owner: jenkinsci
27 | repository: docker-agent
28 | token: "{{ requiredEnv .github.token }}"
29 | username: "{{ .github.username }}"
30 | versionfilter:
31 | kind: latest
32 |
33 | conditions:
34 | checkDockerImagePublished:
35 | name: "Is latest docker-inbound-agent image published?"
36 | kind: dockerimage
37 | sourceid: lastVersion
38 | transformers:
39 | - addsuffix: -jdk{{ source "agentMajorJdkVersion" }}
40 | spec:
41 | image: "jenkins/inbound-agent"
42 | architecture: "amd64"
43 | ## tag comes from the source
44 |
45 | targets:
46 | updateDockerfileAgentVersion:
47 | name: Update the value of ARG JENKINS_AGENT_VERSION in the Dockerfile
48 | sourceid: lastVersion
49 | kind: dockerfile
50 | spec:
51 | file: ./Dockerfile
52 | instruction:
53 | keyword: ARG
54 | matcher: JENKINS_AGENT_VERSION
55 | scmid: default
56 | updateDockerfileAgentJDKVersion:
57 | name: Update the value of ARG JENKINS_AGENT_JDK_MAJOR in the Dockerfile
58 | sourceid: agentMajorJdkVersion
59 | kind: dockerfile
60 | spec:
61 | file: ./Dockerfile
62 | instruction:
63 | keyword: ARG
64 | matcher: JENKINS_AGENT_JDK_MAJOR
65 | scmid: default
66 |
67 | actions:
68 | default:
69 | kind: github/pullrequest
70 | scmid: default
71 | title: Bump Jenkins inbound-agent version to {{ source "lastVersion" }}
72 | spec:
73 | labels:
74 | - dependencies
75 | - inbound-agent
76 |
--------------------------------------------------------------------------------
/macros.d/macros.javapackages-filesystem:
--------------------------------------------------------------------------------
1 | #
2 | # RPM macros for Java filesystem layout.
3 | #
4 | # Copied from https://github.com/fedora-java/javapackages/blob/6.0.0/macros.d/macros.javapackages-filesystem
5 | #
6 | # JPackage Project
7 | # David Walluck
8 | # Ville Skyttä
9 | # Nicolas Mailhot
10 | #
11 |
12 | #==============================================================================
13 | # ---- default Java directories
14 |
15 | #
16 | # Root directory where all Java VMs/SDK/JREs are installed.
17 | #
18 | %_jvmdir %{_prefix}/lib/jvm
19 |
20 | #
21 | # Root directory for all Java VM/SDK/JRE's private things.
22 | #
23 | %_jvmprivdir %{_prefix}/lib/jvm-private
24 |
25 | #
26 | # Root directory for all architecture dependent parts of Java VM/SDK/JRE's
27 | #
28 | %_jvmlibdir %{_prefix}/lib/jvm
29 |
30 | #
31 | # Root directory for all architecture independent parts of Java VM/SDK/JRE's
32 | #
33 | %_jvmdatadir %{_datadir}/jvm
34 |
35 | #
36 | # Root directory for all configurations parts of Java VM/SDK/JRE's
37 | #
38 | %_jvmsysconfdir %{_sysconfdir}/jvm
39 |
40 | #
41 | # Root directory for all common architecture dependent parts of Java VM/SDK/JRE's
42 | #
43 | %_jvmcommonlibdir %{_prefix}/lib/jvm-common
44 |
45 | #
46 | # Root directory for all common architecture independent parts of Java VM/SDK/JRE's
47 | #
48 | %_jvmcommondatadir %{_datadir}/jvm-common
49 |
50 | #
51 | # Root directory for all common configurations parts of Java VM/SDK/JRE's
52 | #
53 | %_jvmcommonsysconfdir %{_sysconfdir}/jvm-common
54 |
55 | #
56 | # Directory containing Java configuration file (java.conf)
57 | #
58 | %_javaconfdir %{_sysconfdir}/java
59 |
60 | #
61 | # Directory where arch and version independent jars are installed.
62 | # This has already been integrated in RH macros following our request.
63 | #
64 | %_javadir %{_datadir}/java
65 |
66 | #
67 | # Directory where arch-specific (JNI) version-independent jars are installed.
68 | #
69 | %_jnidir %{_prefix}/lib/java
70 |
71 | #
72 | # Root directory where all javadoc is installed. Also already in RH macros.
73 | #
74 | %_javadocdir %{_datadir}/javadoc
75 |
76 | #
77 | # Directory for Maven POM files
78 | #
79 | %_mavenpomdir %{_datadir}/maven-poms
80 |
81 | #
82 | # Directory for Ivy XML files
83 | #
84 | %_ivyxmldir %{_datadir}/ivy-xmls
85 |
--------------------------------------------------------------------------------
/cst.yml:
--------------------------------------------------------------------------------
1 | schemaVersion: 2.0.0
2 | metadataTest:
3 | envVars:
4 | - key: DEBIAN_FRONTEND
5 | value: noninteractive
6 | - key: TZ
7 | value: UTC
8 | labels:
9 | - key: 'project'
10 | value: 'https://github.com/jenkins-infra/docker-packaging'
11 | - key: io.jenkins-infra.tools.azcopy.version
12 | value: 10.31.0
13 | user: jenkins
14 | fileExistenceTests:
15 | - name: 'RPM Macros'
16 | path: '/etc/rpm/macros'
17 | shouldExist: true
18 | - name: 'Debian devscript manifest'
19 | path: '/etc/devscripts.conf'
20 | shouldExist: true
21 | - name: "Default user's home"
22 | path: '/home/jenkins'
23 | shouldExist: true
24 | - name: "SSH known hosts"
25 | path: '/home/jenkins/.ssh/known_hosts'
26 | shouldExist: true
27 | # CLI binaries
28 | - name: 'Bash'
29 | path: '/bin/bash'
30 | shouldExist: true
31 | isExecutableBy: 'any'
32 | - name: 'Git'
33 | path: '/usr/bin/git'
34 | shouldExist: true
35 | isExecutableBy: 'any'
36 | - name: 'Fakeroot'
37 | path: '/usr/bin/fakeroot'
38 | shouldExist: true
39 | isExecutableBy: 'any'
40 | - name: 'GPG'
41 | path: '/usr/bin/gpg'
42 | shouldExist: true
43 | isExecutableBy: 'any'
44 | - name: 'GPG Agent'
45 | path: '/usr/bin/gpg-agent'
46 | shouldExist: true
47 | isExecutableBy: 'any'
48 | - name: 'Make'
49 | path: '/usr/bin/make'
50 | shouldExist: true
51 | isExecutableBy: 'any'
52 | - name: 'Curl'
53 | path: '/usr/bin/curl'
54 | shouldExist: true
55 | isExecutableBy: 'any'
56 | - name: 'JV'
57 | path: '/usr/local/bin/jv'
58 | shouldExist: true
59 | isExecutableBy: 'any'
60 | - name: 'G++ from build-essential'
61 | path: '/usr/bin/g++'
62 | shouldExist: true
63 | isExecutableBy: 'any'
64 | - name: "azcopy"
65 | path: "/usr/bin/azcopy"
66 | shouldExist: true
67 | isExecutableBy: "any"
68 | - name: createrepo_c # Installed from package createrepo-c
69 | path: "/usr/bin/createrepo_c"
70 | shouldExist: true
71 | isExecutableBy: "any"
72 | - name: createrepo # We expect a symlink
73 | path: "/usr/bin/createrepo"
74 | shouldExist: true
75 | isExecutableBy: "any"
76 | commandTests:
77 | - name: Check that `java` 21 binary for agent processes is present
78 | command: /opt/jdk-21/bin/java
79 | args: ["--version"]
80 | expectedOutput: [Temurin-21]
81 | - name: Check that `maven` and `java` are present in the PATH and default to JDK 21 and 3.9.12
82 | command: "mvn"
83 | args: ["-v"]
84 | expectedOutput: ["Java version: 21.", 3.9.12]
85 |
--------------------------------------------------------------------------------
/updatecli/updatecli.d/azcopy.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | name: Bump `azcopy` version
3 |
4 | scms:
5 | default:
6 | kind: github
7 | spec:
8 | user: "{{ .github.user }}"
9 | email: "{{ .github.email }}"
10 | owner: "{{ .github.owner }}"
11 | repository: "{{ .github.repository }}"
12 | token: "{{ requiredEnv .github.token }}"
13 | username: "{{ .github.username }}"
14 | branch: "{{ .github.branch }}"
15 |
16 | sources:
17 | lastReleaseVersion:
18 | kind: githubrelease
19 | name: Get the latest `azcopy` version
20 | spec:
21 | owner: Azure
22 | repository: azure-storage-azcopy
23 | token: "{{ requiredEnv .github.token }}"
24 | username: "{{ .github.username }}"
25 | transformers:
26 | - trimprefix: 'v'
27 |
28 | conditions:
29 | testDockerfileArgAzCliVersion:
30 | name: "Does the Dockerfile have an ARG instruction which key is AZCOPY_VERSION?"
31 | kind: dockerfile
32 | disablesourceinput: true
33 | spec:
34 | file: Dockerfile
35 | instruction:
36 | keyword: "ARG"
37 | matcher: "AZCOPY_VERSION"
38 | testCstAzCliVersion:
39 | name: "Does the test harness checks for a label io.jenkins-infra.tools.azcopy.version?"
40 | kind: yaml
41 | disablesourceinput: true
42 | spec:
43 | file: "cst.yml"
44 | key: "$.metadataTest.labels[1].key"
45 | value: io.jenkins-infra.tools.azcopy.version
46 | checkx86DebPackage:
47 | kind: file
48 | disablesourceinput: true
49 | spec:
50 | file: https://github.com/Azure/azure-storage-azcopy/releases/download/v{{ source "lastReleaseVersion" }}/azcopy-{{ source "lastReleaseVersion" }}.x86_64.deb
51 | checkArm64DebPackage:
52 | kind: file
53 | disablesourceinput: true
54 | spec:
55 | file: https://github.com/Azure/azure-storage-azcopy/releases/download/v{{ source "lastReleaseVersion" }}/azcopy-{{ source "lastReleaseVersion" }}.arm64.deb
56 |
57 | targets:
58 | updateCstVersion:
59 | name: "Update the label io.jenkins-infra.tools.azcopy.version in the test harness"
60 | sourceid: lastReleaseVersion
61 | kind: yaml
62 | spec:
63 | file: "cst.yml"
64 | key: "$.metadataTest.labels[1].value"
65 | scmid: default
66 | updateDockerfileArgVersion:
67 | name: "Update the value of ARG AZCOPY_VERSION in the Dockerfile"
68 | sourceid: lastReleaseVersion
69 | kind: dockerfile
70 | spec:
71 | file: Dockerfile
72 | instruction:
73 | keyword: "ARG"
74 | matcher: "AZCOPY_VERSION"
75 | scmid: default
76 |
77 | actions:
78 | default:
79 | kind: github/pullrequest
80 | title: Bump azcopy version to {{ source "lastReleaseVersion" }}
81 | scmid: default
82 | spec:
83 | labels:
84 | - enhancement
85 | - azcopy
86 |
--------------------------------------------------------------------------------
/macros.d/macros.systemd:
--------------------------------------------------------------------------------
1 | # -*- Mode: makefile; indent-tabs-mode: t -*- */
2 | #
3 | # This file is part of systemd.
4 | # Copied from https://github.com/systemd/systemd/blob/v219/src/core/macros.systemd.in
5 | #
6 | # Copyright 2012 Lennart Poettering
7 | #
8 | # systemd is free software; you can redistribute it and/or modify it
9 | # under the terms of the GNU Lesser General Public License as published by
10 | # the Free Software Foundation; either version 2.1 of the License, or
11 | # (at your option) any later version.
12 | #
13 | # systemd is distributed in the hope that it will be useful, but
14 | # WITHOUT ANY WARRANTY; without even the implied warranty of
15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 | # Lesser General Public License for more details.
17 | #
18 | # You should have received a copy of the GNU Lesser General Public License
19 | # along with systemd; If not, see .
20 |
21 | # RPM macros for packages installing systemd unit files
22 |
23 | %_unitdir /usr/lib/systemd/system
24 | %_userunitdir /usr/lib/systemd/user
25 | %_presetdir /usr/lib/systemd/system-preset
26 | %_udevhwdbdir /usr/lib/udev/hwdb.d
27 | %_udevrulesdir /usr/lib/udev/rules.d
28 | %_journalcatalogdir /usr/lib/systemd/catalog
29 | %_tmpfilesdir /usr/lib/tmpfiles.d
30 | %_sysusersdir /usr/lib/sysusers.d
31 | %_sysctldir /usr/lib/sysctl.d
32 | %_binfmtdir /usr/lib/binfmt.d
33 |
34 | %systemd_requires \
35 | Requires(post): systemd \
36 | Requires(preun): systemd \
37 | Requires(postun): systemd \
38 | %{nil}
39 |
40 | %systemd_post() \
41 | if [ $1 -eq 1 ] ; then \
42 | # Initial installation \
43 | systemctl preset %{?*} >/dev/null 2>&1 || : \
44 | fi \
45 | %{nil}
46 |
47 | %systemd_user_post() %systemd_post --user --global %{?*}
48 |
49 | %systemd_preun() \
50 | if [ $1 -eq 0 ] ; then \
51 | # Package removal, not upgrade \
52 | systemctl --no-reload disable %{?*} > /dev/null 2>&1 || : \
53 | systemctl stop %{?*} > /dev/null 2>&1 || : \
54 | fi \
55 | %{nil}
56 |
57 | %systemd_user_preun() \
58 | if [ $1 -eq 0 ] ; then \
59 | # Package removal, not upgrade \
60 | systemctl --no-reload --user --global disable %{?*} > /dev/null 2>&1 || : \
61 | fi \
62 | %{nil}
63 |
64 | %systemd_postun() \
65 | systemctl daemon-reload >/dev/null 2>&1 || : \
66 | %{nil}
67 |
68 | %systemd_user_postun() %{nil}
69 |
70 | %systemd_postun_with_restart() \
71 | systemctl daemon-reload >/dev/null 2>&1 || : \
72 | if [ $1 -ge 1 ] ; then \
73 | # Package upgrade, not uninstall \
74 | systemctl try-restart %{?*} >/dev/null 2>&1 || : \
75 | fi \
76 | %{nil}
77 |
78 | %systemd_user_postun_with_restart() %{nil}
79 |
80 | %udev_hwdb_update() \
81 | udevadm hwdb --update >/dev/null 2>&1 || : \
82 | %{nil}
83 |
84 | %udev_rules_update() \
85 | udevadm control --reload >/dev/null 2>&1 || : \
86 | %{nil}
87 |
88 | %journal_catalog_update() \
89 | journalctl --update-catalog >/dev/null 2>&1 || : \
90 | %{nil}
91 |
92 | %tmpfiles_create() \
93 | systemd-tmpfiles --create %{?*} >/dev/null 2>&1 || : \
94 | %{nil}
95 |
96 | %sysusers_create() \
97 | systemd-sysusers %{?*} >/dev/null 2>&1 || : \
98 | %{nil}
99 |
100 | %sysusers_create_inline() \
101 | echo %{?*} | systemd-sysusers - >/dev/null 2>&1 || : \
102 | %{nil}
103 |
104 | %sysctl_apply() \
105 | /usr/lib/systemd/systemd-sysctl %{?*} >/dev/null 2>&1 || : \
106 | %{nil}
107 |
108 | %binfmt_apply() \
109 | /usr/lib/systemd/systemd-binfmt %{?*} >/dev/null 2>&1 || : \
110 | %{nil}
111 |
--------------------------------------------------------------------------------
/updatecli/updatecli.d/jdk-build.yml:
--------------------------------------------------------------------------------
1 | ---
2 | name: Bump JDK version
3 |
4 | scms:
5 | default:
6 | kind: github
7 | spec:
8 | user: "{{ .github.user }}"
9 | email: "{{ .github.email }}"
10 | owner: "{{ .github.owner }}"
11 | repository: "{{ .github.repository }}"
12 | token: "{{ requiredEnv .github.token }}"
13 | username: "{{ .github.username }}"
14 | branch: "{{ .github.branch }}"
15 |
16 | sources:
17 | majorJdkVersion:
18 | kind: shell
19 | name: Get the major JDK version
20 | spec:
21 | command: echo "{{ .jdk.majorVersion }}"
22 | lastVersion:
23 | kind: githubrelease
24 | name: Get the latest Adoptium JDK{{ .jdk.majorVersion }} version
25 | spec:
26 | owner: adoptium
27 | repository: "temurin{{ .jdk.majorVersion }}-binaries"
28 | token: "{{ requiredEnv .github.token }}"
29 | username: "{{ .github.username }}"
30 | versionfilter:
31 | kind: regex
32 | pattern: "^jdk-{{ .jdk.majorVersion }}.(\\d*).(\\d*).(\\d*)(.(\\d*))+(\\d*)$"
33 | transformers:
34 | - trimprefix: "jdk-"
35 | - replacer:
36 | from: "+"
37 | to: "_"
38 | jdkTemurinSuffix:
39 | kind: file
40 | name: Get the (eventual) suffix of the Eclipse Temurin base image
41 | spec:
42 | file: ./Dockerfile
43 | matchpattern: 'FROM eclipse-temurin.*'
44 | transformers:
45 | - findsubmatch:
46 | pattern: 'FROM eclipse-temurin:(.[^-]*)-(.*) AS(.*)'
47 | captureindex: 2
48 | mavenCurrentCstVersion:
49 | kind: yaml
50 | name: Get the current maven version for cst update
51 | spec:
52 | file: ./cst.yml
53 | key: $.commandTests[1].expectedOutput[1]
54 |
55 | conditions:
56 | checkDockerImagePublished:
57 | name: Check if the Docker image is published
58 | kind: dockerimage
59 | disablesourceinput: true
60 | spec:
61 | image: eclipse-temurin
62 | architecture: amd64
63 | tag: '{{ source `lastVersion` }}-{{ source `jdkTemurinSuffix` }}'
64 |
65 | targets:
66 | updateDockerfileVersion:
67 | name: "Update the value of ARG JAVA_VERSION in the Dockerfile"
68 | sourceid: lastVersion
69 | kind: dockerfile
70 | spec:
71 | file: ./Dockerfile
72 | instruction:
73 | keyword: ARG
74 | matcher: JAVA_VERSION
75 | scmid: default
76 | updateDockerfileMajorVersion:
77 | name: Update the value of ARG BUILD_JDK_MAJOR in the Dockerfile
78 | sourceid: majorJdkVersion
79 | kind: dockerfile
80 | spec:
81 | file: ./Dockerfile
82 | instruction:
83 | keyword: ARG
84 | matcher: BUILD_JDK_MAJOR
85 | scmid: default
86 | updateTestHarnessCommandTests0-name:
87 | name: Update Test Harnes file CommandTest 0 Name
88 | sourceid: majorJdkVersion
89 | kind: yaml
90 | spec:
91 | file: ./cst.yml
92 | key: $.commandTests[0].name
93 | value: "Check that `java` {{ .jdk.majorVersion }} binary for agent processes is present"
94 | scmid: default
95 | updateTestHarnessCommandTests0-command:
96 | name: Update Test Harnes file CommandTest 0 Command
97 | sourceid: majorJdkVersion
98 | kind: yaml
99 | spec:
100 | file: ./cst.yml
101 | key: $.commandTests[0].command
102 | value: "/opt/jdk-{{ .jdk.majorVersion }}/bin/java"
103 | scmid: default
104 | updateTestHarnessCommandTests0-expectedOutput:
105 | name: Update Test Harnes file CommandTest 0 expectedOutput
106 | sourceid: majorJdkVersion
107 | kind: yaml
108 | spec:
109 | file: ./cst.yml
110 | key: $.commandTests[0].expectedOutput[0]
111 | value: "Temurin-{{ .jdk.majorVersion }}"
112 | scmid: default
113 | updateTestHarnessCommandTests1-name:
114 | name: Update Test Harnes file CommandTest 1 name
115 | sourceid: majorJdkVersion
116 | kind: yaml
117 | spec:
118 | file: ./cst.yml
119 | key: $.commandTests[1].name
120 | value: Check that `maven` and `java` are present in the PATH and default to JDK {{ .jdk.majorVersion }} and {{ source "mavenCurrentCstVersion" }}
121 | scmid: default
122 | updateTestHarnessCommandTests1-expectedOutput:
123 | name: Update Test Harnes file CommandTest 1 expectedOutput
124 | sourceid: majorJdkVersion
125 | kind: yaml
126 | spec:
127 | file: ./cst.yml
128 | key: $.commandTests[1].expectedOutput[0]
129 | value: "Java version: {{ .jdk.majorVersion }}."
130 | scmid: default
131 | actions:
132 | default:
133 | kind: github/pullrequest
134 | scmid: default
135 | title: Bump JDK{{ .jdk.majorVersion }} version to {{ source "lastVersion" }}
136 | spec:
137 | labels:
138 | - dependencies
139 | - "jdk{{ .jdk.majorVersion }}"
140 |
--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | ARG JENKINS_AGENT_VERSION=3355.v388858a_47b_33-4
2 | ARG JAVA_VERSION=21.0.9_10
3 | ARG JENKINS_AGENT_JDK_MAJOR=21
4 | ARG BUILD_JDK_MAJOR=21
5 |
6 | FROM eclipse-temurin:${JAVA_VERSION}-jdk-jammy AS jdk
7 | FROM jenkins/inbound-agent:${JENKINS_AGENT_VERSION}-jdk${JENKINS_AGENT_JDK_MAJOR} AS jenkins-agent
8 |
9 | FROM ubuntu:24.04
10 | SHELL ["/bin/bash", "-eo", "pipefail", "-c"]
11 | LABEL project="https://github.com/jenkins-infra/docker-packaging"
12 |
13 | ENV DEBIAN_FRONTEND=noninteractive
14 | ENV TZ=UTC
15 | ENV LANG=C.UTF-8
16 |
17 | ## Always install the latest package versions
18 | # hadolint ignore=DL3008,DL3013
19 | RUN apt-get update \
20 | && apt-get install --yes --no-install-recommends \
21 | apt-utils \
22 | curl \
23 | build-essential \
24 | debhelper \
25 | devscripts \
26 | expect \
27 | fakeroot \
28 | git \
29 | gpg \
30 | gpg-agent \
31 | gnupg2 \
32 | make \
33 | openssh-server \
34 | openssl \
35 | python3-jinja2 \
36 | python3-pytest \
37 | python3-venv \
38 | rpm `# Required to build RPMs` \
39 | createrepo-c `# Required to build RPMs` \
40 | rsync \
41 | tzdata \
42 | unzip \
43 | && apt-get clean \
44 | && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
45 | && ln -s /usr/bin/createrepo_c /usr/bin/createrepo
46 |
47 | ARG JV_VERSION=0.11.4
48 | RUN curl -o "jenkins-version-linux-$(dpkg --print-architecture).tar.gz" -L "https://github.com/jenkins-infra/jenkins-version/releases/download/${JV_VERSION}/jenkins-version-linux-$(dpkg --print-architecture).tar.gz" && \
49 | tar xvfz "jenkins-version-linux-$(dpkg --print-architecture).tar.gz" && \
50 | mv jv /usr/local/bin && \
51 | rm "jenkins-version-linux-$(dpkg --print-architecture).tar.gz" && \
52 | jv --version
53 |
54 | ARG GH_VERSION=2.11.3
55 | RUN curl --silent --show-error --location --output /tmp/gh.tar.gz \
56 | "https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_linux_$(dpkg --print-architecture).tar.gz" \
57 | && tar xvfz /tmp/gh.tar.gz -C /tmp \
58 | && mv "/tmp/gh_${GH_VERSION}_linux_$(dpkg --print-architecture)/bin/gh" /usr/local/bin/gh \
59 | && chmod a+x /usr/local/bin/gh \
60 | && gh --help
61 |
62 | ARG JX_RELEASE_VERSION=2.5.2
63 | RUN curl --silent --show-error --location --output /tmp/jx-release-version.tar.gz \
64 | "https://github.com/jenkins-x-plugins/jx-release-version/releases/download/v${JX_RELEASE_VERSION}/jx-release-version-linux-$(dpkg --print-architecture).tar.gz" \
65 | && tar xvfz /tmp/jx-release-version.tar.gz -C /tmp \
66 | && mv "/tmp/jx-release-version" /usr/bin/ \
67 | && chmod a+x /usr/bin/jx-release-version \
68 | && jx-release-version --help
69 |
70 | ARG AZURE_CLI_VERSION=2.62.0
71 | ## Always install the latest package versions
72 | # hadolint ignore=DL3008,DL3013
73 | RUN apt-get update \
74 | && apt-get install --yes --no-install-recommends \
75 | apt-transport-https \
76 | ca-certificates \
77 | curl \
78 | gnupg \
79 | lsb-release \
80 | && curl --silent --show-error --location https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null \
81 | && echo "deb [arch=$(dpkg --print-architecture)] https://packages.microsoft.com/repos/azure-cli/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/azure-cli.list \
82 | && apt-get update \
83 | && apt-get install --yes --no-install-recommends azure-cli="${AZURE_CLI_VERSION}-1~$(lsb_release -cs)" \
84 | && az --version \
85 | && apt-get clean \
86 | && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
87 |
88 | ## Install azcopy
89 | ARG AZCOPY_VERSION=10.31.0
90 | RUN ARCH="$(uname -m)"; \
91 | case "${ARCH}" in \
92 | aarch64|arm64) \
93 | azcopy_arch="arm64"; \
94 | ;; \
95 | amd64|x86_64) \
96 | azcopy_arch="x86_64"; \
97 | ;; \
98 | *) \
99 | echo "Unsupported arch: ${ARCH}"; \
100 | exit 1; \
101 | ;; \
102 | esac; \
103 | azcopy_pkg="$(mktemp)" \
104 | && curl --silent --show-error --location --output "${azcopy_pkg}" "https://github.com/Azure/azure-storage-azcopy/releases/download/v${AZCOPY_VERSION}/azcopy-${AZCOPY_VERSION}.${azcopy_arch}.deb" \
105 | && dpkg --install "${azcopy_pkg}" \
106 | # Sanity check
107 | && azcopy --version \
108 | # Cleanup
109 | && rm -f "${azcopy_pkg}"
110 |
111 | ## Always install the latest packages
112 | # hadolint ignore=DL3008
113 | RUN apt-get update \
114 | ## Prevent Java null pointer exception due to missing fontconfig
115 | && apt-get install --yes --no-install-recommends fontconfig \
116 | && apt-get clean \
117 | && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
118 |
119 | # Repeat ARG to scope it in this stage
120 | ARG BUILD_JDK_MAJOR=21
121 | ENV JAVA_HOME=/opt/jdk-"${BUILD_JDK_MAJOR}"
122 | ENV PATH="${JAVA_HOME}/bin:${PATH}"
123 |
124 | ## Note: when using the same major versions, the temurin JDK overrides the agent JDK.
125 | ## We need to keep this behavior as both JDK can differ. The long term solution is to switch this image to the "all in one".
126 | # Repeat ARG to scope it in this stage
127 | ARG JENKINS_AGENT_JDK_MAJOR=21
128 | COPY --from=jenkins-agent /opt/java/openjdk /opt/jdk-"${JENKINS_AGENT_JDK_MAJOR}"
129 | COPY --from=jdk /opt/java/openjdk ${JAVA_HOME}
130 |
131 | ## Use 1000 to be sure weight is always the bigger
132 | RUN update-alternatives --install /usr/bin/java java "${JAVA_HOME}"/bin/java 1000 \
133 | # Ensure JAVA_HOME variable is availabel to all shells
134 | && echo "JAVA_HOME=${JAVA_HOME}" >> /etc/environment \
135 | && echo "PATH=${JAVA_HOME}/bin:$PATH" >> /etc/environment \
136 | && java -version
137 |
138 | ## Maven is required for Debian packaging step (at least)
139 | ARG MAVEN_VERSION=3.9.12
140 | RUN curl --fail --silent --location --show-error --output "/tmp/apache-maven-${MAVEN_VERSION}-bin.tar.gz" \
141 | "https://archive.apache.org/dist/maven/maven-3/${MAVEN_VERSION}/binaries/apache-maven-${MAVEN_VERSION}-bin.tar.gz" \
142 | && tar zxf "/tmp/apache-maven-${MAVEN_VERSION}-bin.tar.gz" -C /usr/share/ \
143 | && ln -s "/usr/share/apache-maven-${MAVEN_VERSION}/bin/mvn" /usr/local/bin/mvn \
144 | && rm -f "/tmp/apache-maven-${MAVEN_VERSION}-bin.tar.gz" \
145 | && mvn -version
146 |
147 | ## We need some files from the official jenkins-agent image
148 | COPY --from=jenkins-agent /usr/share/jenkins/agent.jar /usr/share/jenkins/agent.jar
149 | COPY --from=jenkins-agent /usr/local/bin/jenkins-agent /usr/local/bin/jenkins-agent
150 |
151 | ## Copy packaging-specific RPM macros
152 | COPY ./conf.d/rpm_macros /etc/rpm/macros
153 | COPY ./conf.d/devscripts.conf /etc/devscripts.conf
154 | COPY ./macros.d /usr/lib/rpm/macros.d
155 |
156 | # Create default user (must be the same as the official jenkins-agent image)
157 | ARG JENKINS_USERNAME=jenkins
158 | ENV USER=${JENKINS_USERNAME}
159 | ENV HOME=/home/"${JENKINS_USERNAME}"
160 | RUN deluser ubuntu && useradd -m -u 1000 "${JENKINS_USERNAME}"
161 |
162 | USER $JENKINS_USERNAME
163 |
164 | RUN mkdir "${HOME}"/.ssh \
165 | && ssh-keyscan -t rsa pkg.origin.jenkins.io >> "${HOME}"/.ssh/known_hosts
166 |
167 | RUN git config --global pull.rebase false
168 |
169 | ARG JENKINS_AGENT_VERSION=3355.v388858a_47b_33-4
170 | LABEL io.jenkins-infra.tools="bash,debhelper,fakeroot,git,gpg,gh,jx-release-version,java,jv,jenkins-agent,make"
171 | LABEL io.jenkins-infra.tools.gh.version="${GH_VERSION}"
172 | LABEL io.jenkins-infra.tools.jx-release-version.version="${JX_RELEASE_VERSION}"
173 | LABEL io.jenkins-infra.tools.jenkins-agent.version="${JENKINS_AGENT_VERSION}"
174 | LABEL io.jenkins-infra.tools.jv.version="${JV_VERSION}"
175 | LABEL io.jenkins-infra.tools.azcopy.version="${AZCOPY_VERSION}"
176 |
177 | ENTRYPOINT ["/usr/local/bin/jenkins-agent"]
178 |
--------------------------------------------------------------------------------