nhyatt/build-containers
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Distroless image?

Browse Source
This commit is contained in:
Hyatt 2021-12-09 09:32:27 -06:00
parent d3289ffff3
commit 275a618b8d
Signed by: nhyatt
GPG Key ID: C50D0BBB5BC40BEA
1 changed files with 69 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
build-minecraft.jenkins
View File

@ -7,21 +7,20 @@ def kanikoImage = "${repository}/library/kaniko:latest"
def repositoryCreds = "harbor-repository-creds"
// Container Variables
def baseImage = "${repository}/library/alpine"
def baseImageTag = "latest"
def alpineJavaPackage = "openjdk17"
def buildImage = "${repository}/library/alpine"
def buildImageTag = "latest"
// PaperMC URL
def paperVersion = "1.17.1"
def paperVersion = "1.18"
// Minecraft Configuration
def memoryMin = "1g"
def memoryMax = "48g"
podTemplate(
name: "pipelineContainer",
label: nodeLabel,
yaml: """---
name: "pipelineContainer",
label: nodeLabel,
yaml: """---
apiVersion: v1
kind: Pod
metadata:
@ -41,76 +40,86 @@ spec:
command:
- /bin/sh
""") {
node (nodeLabel) {
// Set working directory
def workspace = pwd()
node (nodeLabel) {
// Set working directory
def workspace = pwd()
stage ("Prepare Kaniko") {
container ("kaniko") {
withCredentials([usernameColonPassword(
credentialsId: repositoryCreds,
variable: "dCreds",
)]) {
def dockerJSON = """{
"auths": {
"${repository}": {
"auth": "${dcreds.bytes.encodeBase64().toString()}"
}
}
}"""
sh """
set +x
echo '${dockerJSON}' > /kaniko/.docker/config.json
"""
}
}
}
// Set dockerfile
def dockerFile = """
stage ("Pre-Build") {
def dockerFile = """
FROM ${baseImage}:${baseImageTag}
FROM ${buildImage}:${buildImageTag} as builder
ARG paperDownload
MAINTAINER The_Spider <spider@smoothnet.org>
RUN sed -i -r -e 's/v3.14\\/community/edge\\/community/' /etc/apk/repositories && \\
apk add --no-cache ${alpineJavaPackage} curl jq && \\
addgroup -S -g 1000 minecraft && \\
adduser -S minecraft -G minecraft -h /minecraft -u 1000 && \\
curl --location --fail --silent \${paperDownload} -o /minecraft/paper-mc.jar && \\
RUN addgroup -S -g 1000 minecraft && \\
adduser --disabled-password -G minecraft --gecos "application account" --home "/minecraft" --shell "/sbin/nologin" --uid 1000 minecraft && \\
apk add --no-cache curl && \\
mkdir /minecraft && \\
mkdir /minecraft/data && \\
mkdir /minecraft/html && \\
chown -R minecraft:minecraft /minecraft
curl --location --fail --silent \${paperDownload} -o /minecraft/paper-mc.jar
FROM gcr.io/distroless/java17:latest
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
COPY --from=builder /etc/passwd /etc/group /etc/
COPY --from=builder --chown=minecraft:minecraft /minecraft/ /minecraft/
USER minecraft
WORKDIR /minecraft
WORKDIR /minecraft/data
CMD cd data; java -Xms${memoryMin} -Xmx${memoryMax} -jar ../paper-mc.jar
CMD ["java", "-Xms${memoryMin}", "-Xmx${memoryMax}", "-jar ../paper-mc.jar"]
"""
writeFile(file: workspace + '/Dockerfile', text: dockerFile)
}
stage ("Prepare Kaniko") {
container ("kaniko") {
withCredentials([usernameColonPassword(
credentialsId: repositoryCreds,
variable: "dCreds",
)]) {
def dockerJSON = """{
"auths": {
"${repository}": {
"auth": "${dcreds.bytes.encodeBase64().toString()}"
}
}
}"""
sh """
set +x
echo '${dockerJSON}' > /kaniko/.docker/config.json
"""
}
}
}
stage ("Build & Push") {
stage ("Create Dockerfile") {
writeFile(file: workspace + '/Dockerfile', text: dockerFile)
}
stage ("Get Paper-MC Version") {
container ("alpine") {
sh "apk add --no-cache curl jq"
paperDownload = sh (
script: """
paperBuild=\$(curl --silent --location --fail https://papermc.io/api/v2/projects/paper/versions/${paperVersion} | jq '.builds | max')
paperFile=\$(curl --silent --location --fail https://papermc.io/api/v2/projects/paper/versions/${paperVersion}/builds/\${paperBuild} | jq '.downloads.application.name')
echo https://papermc.io/api/v2/projects/paper/versions/${paperVersion}/builds/\${paperBuild}/downloads/\${paperFile}
paperBuild=\$(curl --silent --location --fail https://papermc.io/api/v2/projects/paper/versions/${paperVersion} | jq '.builds | max')
paperFile=\$(curl --silent --location --fail https://papermc.io/api/v2/projects/paper/versions/${paperVersion}/builds/\${paperBuild} | jq '.downloads.application.name')
echo https://papermc.io/api/v2/projects/paper/versions/${paperVersion}/builds/\${paperBuild}/downloads/\${paperFile}
""",
returnStdout: true
).trim()
returnStdout: true
).trim()
}
}
container ("kaniko") {
sh """
/kaniko/executor --cleanup --context "${workspace}" -f "${workspace}/Dockerfile" --destination "${repository}/library/minecraft:latest" --build-arg "paperDownload=${paperDownload}"
"""
}
}
}
stage ("Build & Push") {
container ("kaniko") {
sh """
/kaniko/executor \\
--cleanup \\
--context "${workspace}" \\
-f "${workspace}/Dockerfile" \\
--destination "${repository}/library/minecraft:latest" \\
--build-arg "paperDownload=${paperDownload}"
"""
}
}
}
}