From 350499f5ad7f7a9f66bac18c1e5f34df0531c252 Mon Sep 17 00:00:00 2001 From: Adam Kaplan Date: Mon, 23 Sep 2024 16:33:50 -0400 Subject: [PATCH] [JENKINS-73703] Remove UBI 8 + Review Feedback With the upcoming EOL of Java 11, the UBI 8 image for Jenkins server will no longer be supported. Creating a UBI 8 image therefore does not make any sense. The tag for the base UBI 9 image was converted to a build arg, to facilitate automatic updates via updatecli. Other minor fixes to documentation and image metadata also included. Signed-off-by: Adam Kaplan Co-authored-by: Mark Waite Co-authored-by: lemeurherveCB <137290663+lemeurherveCB@users.noreply.github.com> --- README_agent.md | 7 +-- docker-bake.hcl | 43 +++-------------- rhel/ubi8/Dockerfile | 112 ------------------------------------------- rhel/ubi9/Dockerfile | 17 +++---- 4 files changed, 17 insertions(+), 162 deletions(-) delete mode 100644 rhel/ubi8/Dockerfile diff --git a/README_agent.md b/README_agent.md index 30cc137cb..4700fbca9 100644 --- a/README_agent.md +++ b/README_agent.md @@ -68,7 +68,7 @@ The image has several supported configurations, which can be accessed via the fo * `jenkins/agent:rhel-ubi9` * `jenkins/agent:rhel-ubi9-jdk17` * `jenkins/agent:latest-rhel-ubi9` - * `jenkins/agent:latest-rhel-ubi8-jdk17` + * `jenkins/agent:latest-rhel-ubi9-jdk17` * Java 21: * bookworm (Based on `debian:bookworm-${builddate}`): * `jenkins/agent:bookworm` @@ -99,11 +99,6 @@ The image has several supported configurations, which can be accessed via the fo * `jenkins/agent:archlinux-jdk11` * `jenkins/agent:latest-archlinux` * `jenkins/agent:latest-archlinux-jdk11` - * rhel-ubi8 (Based on Red Hat Universal Base Image 8) - * `jenkins/agent:rhel-ubi8` - * `jenkins/agent:rhel-ubi8-jdk11` - * `jenkins/agent:latest-rhel-ubi8` - * `jenkins/agent:latest-rhel-ubi8-jdk11` * Windows Images: * Java 17 (default): diff --git a/docker-bake.hcl b/docker-bake.hcl index f96f02232..e5285ac9e 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -96,6 +96,10 @@ variable "DEBIAN_RELEASE" { default = "bookworm-20240904" } +variable "UBI9_TAG" { + default = "9.4-1214.1726694543" +} + variable "JAVA11_VERSION" { default = "11.0.24_8" } @@ -151,15 +155,8 @@ function "debian_platforms" { : ["linux/amd64", "linux/arm64", "linux/ppc64le", "linux/s390x"])) } -# Return an array of RHEL UBI 8 platforms to use depending on the jdk passed as parameter -# Note: Jenkins Docker controller only supports jdk-11 for ubi8 -function "rhel_ubi8_platforms" { - params = [jdk] - result = ["linux/amd64", "linux/arm64"] -} - -# Return an array of RHEL UBI 8 platforms to use depending on the jdk passed as parameter -# Note: Jenkins Docker controller only supports jdk-17 and jdk-21 for ubi9 +# Return an array of RHEL UBI 9 platforms to use depending on the jdk passed as parameter +# Note: Jenkins controller container image only supports jdk17 and jdk21 for ubi9 function "rhel_ubi9_platforms" { params = [jdk] result = ["linux/amd64", "linux/arm64", "linux/ppc64le"] @@ -248,33 +245,6 @@ target "agent_archlinux_jdk11" { platforms = ["linux/amd64"] } -target "rhel_ubi8" { - matrix = { - type = ["agent", "inbound-agent"] - jdk = [11] - } - name = "${type}_rhel_ubi8_jdk${jdk}" - target = type - dockerfile = "rhel/ubi8/Dockerfile" - context = "." - args = { - VERSION = REMOTING_VERSION - JAVA_VERSION = "${javaversion(jdk)}" - } - tags = [ - # If there is a tag, add versioned tag suffixed by the jdk - equal(ON_TAG, "true") ? "${REGISTRY}/${orgrepo(type)}:${REMOTING_VERSION}-${BUILD_NUMBER}-rhel-ubi8-jdk${jdk}" : "", - # If there is a tag and if the jdk is the default one, add versioned short tag - equal(ON_TAG, "true") ? (is_default_jdk(jdk) ? "${REGISTRY}/${orgrepo(type)}:${REMOTING_VERSION}-${BUILD_NUMBER}-rhel-ubi8" : "") : "", - # If the jdk is the default one, add rhel and latest short tags - is_default_jdk(jdk) ? "${REGISTRY}/${orgrepo(type)}:rhel-ubi8" : "", - is_default_jdk(jdk) ? "${REGISTRY}/${orgrepo(type)}:latest-rhel-ubi8" : "", - "${REGISTRY}/${orgrepo(type)}:rhel-ubi8-jdk${jdk}", - "${REGISTRY}/${orgrepo(type)}:latest-rhel-ubi8-jdk${jdk}", - ] - platforms = rhel_ubi8_platforms(jdk) -} - target "rhel_ubi9" { matrix = { type = ["agent", "inbound-agent"] @@ -285,6 +255,7 @@ target "rhel_ubi9" { dockerfile = "rhel/ubi9/Dockerfile" context = "." args = { + UBI9_TAG = UBI9_TAG VERSION = REMOTING_VERSION JAVA_VERSION = "${javaversion(jdk)}" } diff --git a/rhel/ubi8/Dockerfile b/rhel/ubi8/Dockerfile deleted file mode 100644 index 80b859fd0..000000000 --- a/rhel/ubi8/Dockerfile +++ /dev/null @@ -1,112 +0,0 @@ -FROM registry.access.redhat.com/ubi8/ubi:8.10-1054 as jre-build -SHELL ["/bin/bash", "-e", "-u", "-o", "pipefail", "-c"] - -# This Build ARG is populated by Docker -# Ref. https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope -ARG TARGETPLATFORM - -COPY adoptium-get-jdk-link.sh /usr/bin/local/adoptium-get-jdk-link.sh -COPY adoptium-install-jdk.sh /usr/bin/local/adoptium-install-jdk.sh - -ARG JAVA_VERSION=17.0.12_7 - -RUN dnf install --disableplugin=subscription-manager --setopt=install_weak_deps=0 --setopt=tsflags=nodocs --allowerasing -y \ - ca-certificates \ - curl \ - jq \ - && dnf clean --disableplugin=subscription-manager all \ - && /usr/bin/local/adoptium-install-jdk.sh - -ENV PATH="/opt/jdk-${JAVA_VERSION}/bin:${PATH}" - -# Generate smaller java runtime without unneeded files -# for now we include the full module path to maintain compatibility -# while still saving space (approx 200mb from the full distribution) -RUN case "$(jlink --version 2>&1)" in \ - # jlink version 11 has less features than JDK17+ - "11."*) set -- "--strip-debug" "--compress=2" ;; \ - "17."*) set -- "--strip-java-debug-attributes" "--compress=2" ;; \ - # the compression argument is different for JDK21 - "21."*) set -- "--strip-java-debug-attributes" "--compress=zip-6" ;; \ - *) echo "ERROR: unmanaged jlink version pattern" && exit 1 ;; \ - esac; \ - jlink \ - "$1" \ - "$2" \ - --add-modules ALL-MODULE-PATH \ - --no-man-pages \ - --no-header-files \ - --output /javaruntime - -FROM registry.access.redhat.com/ubi8/ubi:8.10-1054 AS agent - -ARG user=jenkins -ARG group=jenkins -ARG uid=1000 -ARG gid=1000 - -RUN groupadd -g "${gid}" "${group}" \ - && useradd -l -c "Jenkins user" -d /home/"${user}" -u "${uid}" -g "${gid}" -m "${user}" || echo "user ${user} already exists." - -ARG AGENT_WORKDIR=/home/"${user}"/agent -ENV TZ=Etc/UTC - -RUN dnf install --disableplugin=subscription-manager --setopt=install_weak_deps=0 --setopt=tsflags=nodocs -y \ - ca-certificates \ - fontconfig \ - git \ - git-lfs \ - less \ - patch \ - tzdata \ - && dnf clean --disableplugin=subscription-manager all - -ARG VERSION=3261.v9c670a_4748a_9 -ADD --chown="${user}":"${group}" "https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar" /usr/share/jenkins/agent.jar -RUN chmod 0644 /usr/share/jenkins/agent.jar \ - && ln -sf /usr/share/jenkins/agent.jar /usr/share/jenkins/slave.jar - -ENV LANG C.UTF-8 - -ENV JAVA_HOME=/opt/java/openjdk -COPY --from=jre-build /javaruntime "$JAVA_HOME" -ENV PATH="${JAVA_HOME}/bin:${PATH}" - -USER "${user}" -ENV AGENT_WORKDIR=${AGENT_WORKDIR} -RUN mkdir -p /home/"${user}"/.jenkins && mkdir -p "${AGENT_WORKDIR}" - -VOLUME /home/"${user}"/.jenkins -VOLUME "${AGENT_WORKDIR}" -WORKDIR /home/"${user}" -ENV USER=${user} -LABEL \ - org.opencontainers.image.vendor="Jenkins project" \ - org.opencontainers.image.title="Official Jenkins Agent Base container image for UBI 8" \ - org.opencontainers.image.description="This is a base image, which provides the Jenkins agent executable (agent.jar)" \ - org.opencontainers.image.version="${VERSION}" \ - org.opencontainers.image.url="https://www.jenkins.io/" \ - org.opencontainers.image.source="https://github.com/jenkinsci/docker-agent" \ - org.opencontainers.image.licenses="MIT" - -## Inbound Agent image target -FROM agent AS inbound-agent - -ARG user=jenkins - -USER root -COPY ../../jenkins-agent /usr/local/bin/jenkins-agent -RUN chmod +x /usr/local/bin/jenkins-agent &&\ - ln -s /usr/local/bin/jenkins-agent /usr/local/bin/jenkins-slave -USER ${user} - -LABEL \ - org.opencontainers.image.vendor="Jenkins project" \ - org.opencontainers.image.title="Official Jenkins Inbound Agent Base container image for UBI 8" \ - org.opencontainers.image.description="This is an image for Jenkins agents using TCP or WebSockets to establish inbound connection to the Jenkins controller" \ - org.opencontainers.image.version="${VERSION}" \ - org.opencontainers.image.url="https://www.jenkins.io/" \ - org.opencontainers.image.source="https://github.com/jenkinsci/docker-agent" \ - org.opencontainers.image.licenses="MIT" - -ENTRYPOINT ["/usr/local/bin/jenkins-agent"] diff --git a/rhel/ubi9/Dockerfile b/rhel/ubi9/Dockerfile index 26c151670..744113f28 100644 --- a/rhel/ubi9/Dockerfile +++ b/rhel/ubi9/Dockerfile @@ -1,4 +1,5 @@ -FROM registry.access.redhat.com/ubi9/ubi:9.4-1214 as jre-build +ARG UBI9_TAG="9.4-1214.1726694543" +FROM registry.access.redhat.com/ubi9/ubi:"${UBI9_TAG}" AS jre-build SHELL ["/bin/bash", "-e", "-u", "-o", "pipefail", "-c"] # This Build ARG is populated by Docker @@ -38,7 +39,7 @@ RUN case "$(jlink --version 2>&1)" in \ --no-header-files \ --output /javaruntime -FROM registry.access.redhat.com/ubi9/ubi:9.4-1214 AS agent +FROM registry.access.redhat.com/ubi9/ubi:"${UBI9_TAG}" AS agent ARG user=jenkins ARG group=jenkins @@ -52,7 +53,7 @@ ARG AGENT_WORKDIR=/home/"${user}"/agent ENV TZ=Etc/UTC RUN dnf install --disableplugin=subscription-manager --setopt=install_weak_deps=0 --setopt=tsflags=nodocs -y \ - ca-certificates \ + ca-certificates \ fontconfig \ git \ git-lfs \ @@ -65,17 +66,17 @@ ARG VERSION=3261.v9c670a_4748a_9 ADD --chown="${user}":"${group}" "https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar" /usr/share/jenkins/agent.jar RUN chmod 0644 /usr/share/jenkins/agent.jar \ && ln -sf /usr/share/jenkins/agent.jar /usr/share/jenkins/slave.jar - + ENV LANG C.UTF-8 - + ENV JAVA_HOME=/opt/java/openjdk COPY --from=jre-build /javaruntime "$JAVA_HOME" ENV PATH="${JAVA_HOME}/bin:${PATH}" - + USER "${user}" ENV AGENT_WORKDIR=${AGENT_WORKDIR} RUN mkdir -p /home/"${user}"/.jenkins && mkdir -p "${AGENT_WORKDIR}" - + VOLUME /home/"${user}"/.jenkins VOLUME "${AGENT_WORKDIR}" WORKDIR /home/"${user}" @@ -88,7 +89,7 @@ LABEL \ org.opencontainers.image.url="https://www.jenkins.io/" \ org.opencontainers.image.source="https://github.com/jenkinsci/docker-agent" \ org.opencontainers.image.licenses="MIT" - + ## Inbound Agent image target FROM agent AS inbound-agent