diff --git a/11/windows/nanoserver-1809/Dockerfile b/11/windows/nanoserver-1809/Dockerfile index 1f7876122..aa6fbcdd9 100644 --- a/11/windows/nanoserver-1809/Dockerfile +++ b/11/windows/nanoserver-1809/Dockerfile @@ -33,16 +33,24 @@ ARG JAVA_HOME=C:\jdk-${JAVA_VERSION} SHELL ["pwsh.exe", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] -USER ContainerAdministrator +ENV JAVA_VERSION jdk-11.0.7+10 -RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; ` - $javaRoot = 'OpenJDK11U-jdk_x64_windows_hotspot_{0}' -f $env:JAVA_VERSION.Replace('+', '_') ; ` - $url = 'https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-{0}/{1}.zip' -f [System.Uri]::EscapeDataString($env:JAVA_VERSION), $javaRoot ; ` - Write-Host "Retrieving $url..." ; ` - Invoke-WebRequest $url -OutFile 'openjdk.zip' -UseBasicParsing ; ` - if ((Get-FileHash openjdk.zip -Algorithm sha256).Hash -ne $env:JAVA_SHA256) { Write-Error 'Java SHA256 mismatch' ; exit 1} ; ` - Expand-Archive openjdk.zip -DestinationPath C:/ ; ` - Remove-Item -Path openjdk.zip +USER ContainerAdministrator +RUN Write-Host ('Downloading https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.7%2B10.2/OpenJDK11U-jdk_x64_windows_hotspot_11.0.7_10.zip ...'); ` + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; ` + Invoke-WebRequest -Uri https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.7%2B10.2/OpenJDK11U-jdk_x64_windows_hotspot_11.0.7_10.zip -O 'openjdk.zip'; ` + Write-Host ('Verifying sha256 (61e99ff902e02c83b6c48172968593ee05ae183a39e5ef13a44bd4bf7eb2ce8b) ...'); ` + if ((Get-FileHash openjdk.zip -Algorithm sha256).Hash -ne '61e99ff902e02c83b6c48172968593ee05ae183a39e5ef13a44bd4bf7eb2ce8b') { ` + Write-Host 'FAILED!'; ` + exit 1; ` + }; ` + ` + Write-Host 'Expanding Zip ...'; ` + Expand-Archive -Path openjdk.zip -DestinationPath C:\ ; ` + $jdkDirectory=(Get-ChildItem -Directory | ForEach-Object { $_.FullName } | Select-String 'jdk'); ` + Move-Item -Path $jdkDirectory C:\openjdk-11; ` + Write-Host 'Removing openjdk.zip ...'; ` + Remove-Item openjdk.zip -Force ARG VERSION=4.3 LABEL Description="This is a base image, which provides the Jenkins agent executable (agent.jar)" Vendor="Jenkins project" Version="${VERSION}" @@ -62,10 +70,12 @@ RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tl Write-Host "Retrieving $url..." ; ` Invoke-WebRequest $url -OutFile 'GitLfs.zip' -UseBasicParsing ; ` Expand-Archive GitLfs.zip -DestinationPath c:\mingit\mingw64\bin ; ` - Remove-Item GitLfs.zip -Force + Remove-Item GitLfs.zip -Force ; ` + & C:\mingit\cmd\git.exe lfs install -ENV ProgramFiles="C:\Program Files" -ENV WindowsPATH="C:\Windows\system32;C:\Windows" +ENV ProgramFiles="C:\Program Files" ` + WindowsPATH="C:\Windows\system32;C:\Windows" ` + JAVA_HOME="C:\openjdk-11" ENV PATH="${WindowsPATH};${ProgramFiles}\PowerShell;${JAVA_HOME}\bin;C:\mingit\cmd" ARG user=jenkins @@ -76,7 +86,6 @@ ARG AGENT_HASH_FILENAME=$AGENT_FILENAME.sha1 RUN net accounts /maxpwage:unlimited ; ` net user "$env:user" /add /expire:never /passwordreq:no ; ` net localgroup Administrators /add $env:user ; ` - setx /M PATH '%PATH%;%JAVA_HOME%\bin' ; ` New-Item -ItemType Directory -Path C:/ProgramData/Jenkins | Out-Null ARG AGENT_ROOT=C:/Users/$user diff --git a/11/windows/windowsservercore-1809/Dockerfile b/11/windows/windowsservercore-1809/Dockerfile index 36970c043..cbac18ccf 100644 --- a/11/windows/windowsservercore-1809/Dockerfile +++ b/11/windows/windowsservercore-1809/Dockerfile @@ -55,7 +55,7 @@ ARG AGENT_HASH_FILENAME=$AGENT_FILENAME.sha1 RUN net user "$env:user" /add /expire:never /passwordreq:no ; ` net localgroup Administrators /add $env:user ; ` - wmic useraccount WHERE Name=$env:user set PasswordExpires=false; ` + Set-LocalUser -Name $env:user -PasswordNeverExpires 1; ` New-Item -ItemType Directory -Path C:/ProgramData/Jenkins | Out-Null ARG AGENT_ROOT=C:/Users/$user diff --git a/8/windows/nanoserver-1809/Dockerfile b/8/windows/nanoserver-1809/Dockerfile index e2d9c5d8f..192aabebe 100644 --- a/8/windows/nanoserver-1809/Dockerfile +++ b/8/windows/nanoserver-1809/Dockerfile @@ -27,22 +27,26 @@ ARG POWERSHELL_VERSION= FROM mcr.microsoft.com/powershell:${POWERSHELL_VERSION}nanoserver-1809 -ARG JAVA_VERSION=8u242-b08 -ARG JAVA_SHA256=8288e4d0983019706db89c153d18bfce28d033f646be65c8ae1c33c6c65b943e -ARG JAVA_HOME=C:\jdk${JAVA_VERSION} - SHELL ["pwsh.exe", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] -USER ContainerAdministrator +ENV JAVA_VERSION jdk8u252-b09 -RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; ` - $javaRoot = 'OpenJDK8U-jdk_x64_windows_hotspot_{0}' -f $env:JAVA_VERSION.Replace('-', '') ; ` - $url = $('https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk{0}/{1}.zip' -f $env:JAVA_VERSION, $javaRoot) ; ` - Write-Host "Retrieving $url..." ; ` - Invoke-WebRequest $url -OutFile 'openjdk.zip' -UseBasicParsing ; ` - if ((Get-FileHash openjdk.zip -Algorithm sha256).Hash -ne $env:JAVA_SHA256) { Write-Error 'Java SHA256 mismatch' ; exit 1} ; ` - Expand-Archive openjdk.zip -DestinationPath C:/ ; ` - Remove-Item -Path openjdk.zip +USER ContainerAdministrator +RUN Write-Host ('Downloading https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u252-b09.1/OpenJDK8U-jdk_x64_windows_hotspot_8u252b09.zip ...'); ` + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; ` + Invoke-WebRequest -Uri https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u252-b09.1/OpenJDK8U-jdk_x64_windows_hotspot_8u252b09.zip -O 'openjdk.zip'; ` + Write-Host ('Verifying sha256 (4e2c92ba17481321eaeb1769e85eec99a774102eb80b700a201b54b130ab2768) ...'); ` + if ((Get-FileHash openjdk.zip -Algorithm sha256).Hash -ne '4e2c92ba17481321eaeb1769e85eec99a774102eb80b700a201b54b130ab2768') { ` + Write-Host 'FAILED!'; ` + exit 1; ` + }; ` + ` + Write-Host 'Expanding Zip ...'; ` + Expand-Archive -Path openjdk.zip -DestinationPath C:\ ; ` + $jdkDirectory=(Get-ChildItem -Directory | ForEach-Object { $_.FullName } | Select-String 'jdk'); ` + Move-Item -Path $jdkDirectory C:\openjdk-8; ` + Write-Host 'Removing openjdk.zip ...'; ` + Remove-Item openjdk.zip -Force ARG VERSION=4.3 LABEL Description="This is a base image, which provides the Jenkins agent executable (agent.jar)" Vendor="Jenkins project" Version="${VERSION}" @@ -65,9 +69,9 @@ RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tl Remove-Item GitLfs.zip -Force ; ` & C:\mingit\cmd\git.exe lfs install - -ENV ProgramFiles="C:\Program Files" -ENV WindowsPATH="C:\Windows\system32;C:\Windows" +ENV ProgramFiles="C:\Program Files" ` + WindowsPATH="C:\Windows\system32;C:\Windows" ` + JAVA_HOME="C:\openjdk-8" ENV PATH="${WindowsPATH};${ProgramFiles}\PowerShell;${JAVA_HOME}\bin;C:\mingit\cmd" ARG user=jenkins diff --git a/8/windows/windowsservercore-1809/Dockerfile b/8/windows/windowsservercore-1809/Dockerfile index ab404ccae..620b8a7ef 100644 --- a/8/windows/windowsservercore-1809/Dockerfile +++ b/8/windows/windowsservercore-1809/Dockerfile @@ -55,7 +55,7 @@ ARG AGENT_HASH_FILENAME=$AGENT_FILENAME.sha1 RUN net user "$env:user" /add /expire:never /passwordreq:no ; ` net localgroup Administrators /add $env:user ; ` - wmic useraccount WHERE Name=$env:user set PasswordExpires=false; ` + Set-LocalUser -Name $env:user -PasswordNeverExpires 1; ` New-Item -ItemType Directory -Path C:/ProgramData/Jenkins | Out-Null ARG AGENT_ROOT=C:/Users/$user diff --git a/make.ps1 b/make.ps1 index 1a8b3bb89..03f1f27e8 100644 --- a/make.ps1 +++ b/make.ps1 @@ -20,23 +20,27 @@ if(![String]::IsNullOrWhiteSpace($env:DOCKERHUB_ORGANISATION)) { $Organization = $env:DOCKERHUB_ORGANISATION } -$builds = @{ - 'jdk8' = @{ - 'Folder' = '8\windows\windowsservercore-1809'; - 'Tags' = @( "windowsservercore-1809", "jdk8-windowsservercore-1809" ) - }; - 'jdk11' = @{ - 'Folder' = '11\windows\windowsservercore-1809'; - 'Tags' = @( "jdk11-windowsservercore-1809" ) - }; - 'nanoserver' = @{ - 'Folder' = '8\windows\nanoserver-1809'; - 'Tags' = @( "nanoserver-1809", "jdk8-nanoserver-1809" ) - }; - 'nanoserver-jdk11' = @{ - 'Folder' = '11\windows\nanoserver-1809'; - 'Tags' = @( "jdk11-nanoserver-1809" ) - }; +# this is the jdk version that will be used for the 'bare tag' images, e.g., jdk8-windowsservercore-1809 -> windowsserver-1809 +$defaultBuild = '8' +$builds = @{} + +Get-ChildItem -Recurse -Include windows -Directory | ForEach-Object { + Get-ChildItem -Directory -Path $_ | Where-Object { Test-Path (Join-Path $_.FullName "Dockerfile") } | ForEach-Object { + $dir = $_.FullName.Replace((Get-Location), "").TrimStart("\") + $items = $dir.Split("\") + $jdkVersion = $items[0] + $baseImage = $items[2] + $basicTag = "jdk${jdkVersion}-${baseImage}" + $tags = @( $basicTag ) + if($jdkVersion -eq $defaultBuild) { + $tags += $baseImage + } + + $builds[$basicTag] = @{ + 'Folder' = $dir; + 'Tags' = $tags; + } + } } if(![System.String]::IsNullOrWhiteSpace($Build) -and $builds.ContainsKey($Build)) { diff --git a/tests/agent.Tests.ps1 b/tests/agent.Tests.ps1 index bf11beaf0..7e3ee5fb9 100644 --- a/tests/agent.Tests.ps1 +++ b/tests/agent.Tests.ps1 @@ -17,9 +17,9 @@ if(($FOLDER -match '^(?[0-9]+)[\\/](?.+)$') -and (Test-Path $REAL_F exit 1 } -if($FLAVOR -match "nanoserver") { +if($FLAVOR -match "nanoserver-(\d*)") { $AGENT_IMAGE += "-nanoserver" - $AGENT_CONTAINER += "-nanoserver-1809" + $AGENT_CONTAINER += "-nanoserver-$($Matches[1])" $SHELL = "pwsh.exe" } @@ -91,6 +91,27 @@ Describe "[$JDK $FLAVOR] image has correct applications in the PATH" { } } +Describe "[$JDK $FLAVOR] check user account" { + BeforeAll { + docker run -d -it --name "$AGENT_CONTAINER" -P "$AGENT_IMAGE" "$SHELL" + Is-AgentContainerRunning $AGENT_CONTAINER + } + + It 'Password never expires' { + $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "exec $AGENT_CONTAINER $SHELL -C `"if((net user jenkins | Select-String -Pattern 'Password expires') -match 'Never') { exit 0 } else { exit -1 }`"" + $exitCode | Should -Be 0 + } + + It 'Password not required' { + $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "exec $AGENT_CONTAINER $SHELL -C `"if((net user jenkins | Select-String -Pattern 'Password required') -match 'No') { exit 0 } else { exit -1 }`"" + $exitCode | Should -Be 0 + } + + AfterAll { + Cleanup($AGENT_CONTAINER) + } +} + Describe "[$JDK $FLAVOR] check user access to directories" { BeforeAll { docker run -d -it --name "$AGENT_CONTAINER" -P "$AGENT_IMAGE" "$SHELL"