nhyatt/build-containers
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Distroless image?

Browse Source
This commit is contained in:
Hyatt 2021-12-09 09:32:27 -06:00
parent d3289ffff3
commit 275a618b8d
Signed by: nhyatt
GPG Key ID: C50D0BBB5BC40BEA
1 changed files with 69 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
build-minecraft.jenkins
View File

@ -7,21 +7,20 @@ def kanikoImage = "${repository}/library/kaniko:latest"
def repositoryCreds = "harbor-repository-creds" def repositoryCreds = "harbor-repository-creds"
// Container Variables // Container Variables
def baseImage = "${repository}/library/alpine" def buildImage = "${repository}/library/alpine"
def baseImageTag = "latest" def buildImageTag = "latest"
def alpineJavaPackage = "openjdk17"
// PaperMC URL // PaperMC URL
def paperVersion = "1.17.1" def paperVersion = "1.18"
// Minecraft Configuration // Minecraft Configuration
def memoryMin = "1g" def memoryMin = "1g"
def memoryMax = "48g" def memoryMax = "48g"
podTemplate( podTemplate(
name: "pipelineContainer", name: "pipelineContainer",
label: nodeLabel, label: nodeLabel,
yaml: """--- yaml: """---
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
@ -41,76 +40,86 @@ spec:
command: command:
- /bin/sh - /bin/sh
""") { """) {
node (nodeLabel) { node (nodeLabel) {
// Set working directory // Set working directory
def workspace = pwd() def workspace = pwd()
stage ("Prepare Kaniko") { // Set dockerfile
container ("kaniko") { def dockerFile = """
withCredentials([usernameColonPassword(
credentialsId: repositoryCreds,
variable: "dCreds",
)]) {
def dockerJSON = """{
"auths": {
"${repository}": {
"auth": "${dcreds.bytes.encodeBase64().toString()}"
}
}
}"""
sh """
set +x
echo '${dockerJSON}' > /kaniko/.docker/config.json
"""
}
}
}
stage ("Pre-Build") { FROM ${buildImage}:${buildImageTag} as builder
def dockerFile = """
FROM ${baseImage}:${baseImageTag}
ARG paperDownload RUN addgroup -S -g 1000 minecraft && \\
adduser --disabled-password -G minecraft --gecos "application account" --home "/minecraft" --shell "/sbin/nologin" --uid 1000 minecraft && \\
MAINTAINER The_Spider <spider@smoothnet.org> apk add --no-cache curl && \\
mkdir /minecraft && \\
RUN sed -i -r -e 's/v3.14\\/community/edge\\/community/' /etc/apk/repositories && \\
apk add --no-cache ${alpineJavaPackage} curl jq && \\
addgroup -S -g 1000 minecraft && \\
adduser -S minecraft -G minecraft -h /minecraft -u 1000 && \\
curl --location --fail --silent \${paperDownload} -o /minecraft/paper-mc.jar && \\
mkdir /minecraft/data && \\ mkdir /minecraft/data && \\
mkdir /minecraft/html && \\ mkdir /minecraft/html && \\
chown -R minecraft:minecraft /minecraft curl --location --fail --silent \${paperDownload} -o /minecraft/paper-mc.jar
FROM gcr.io/distroless/java17:latest
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
COPY --from=builder /etc/passwd /etc/group /etc/
COPY --from=builder --chown=minecraft:minecraft /minecraft/ /minecraft/
USER minecraft USER minecraft
WORKDIR /minecraft WORKDIR /minecraft/data
CMD cd data; java -Xms${memoryMin} -Xmx${memoryMax} -jar ../paper-mc.jar CMD ["java", "-Xms${memoryMin}", "-Xmx${memoryMax}", "-jar ../paper-mc.jar"]
""" """
writeFile(file: workspace + '/Dockerfile', text: dockerFile) stage ("Prepare Kaniko") {
} container ("kaniko") {
withCredentials([usernameColonPassword(
credentialsId: repositoryCreds,
variable: "dCreds",
)]) {
def dockerJSON = """{
"auths": {
"${repository}": {
"auth": "${dcreds.bytes.encodeBase64().toString()}"
}
}
}"""
sh """
set +x
echo '${dockerJSON}' > /kaniko/.docker/config.json
"""
}
}
}
stage ("Build & Push") { stage ("Create Dockerfile") {
writeFile(file: workspace + '/Dockerfile', text: dockerFile)
}
stage ("Get Paper-MC Version") {
container ("alpine") { container ("alpine") {
sh "apk add --no-cache curl jq" sh "apk add --no-cache curl jq"
paperDownload = sh ( paperDownload = sh (
script: """ script: """
paperBuild=\$(curl --silent --location --fail https://papermc.io/api/v2/projects/paper/versions/${paperVersion} | jq '.builds | max') paperBuild=\$(curl --silent --location --fail https://papermc.io/api/v2/projects/paper/versions/${paperVersion} | jq '.builds | max')
paperFile=\$(curl --silent --location --fail https://papermc.io/api/v2/projects/paper/versions/${paperVersion}/builds/\${paperBuild} | jq '.downloads.application.name') paperFile=\$(curl --silent --location --fail https://papermc.io/api/v2/projects/paper/versions/${paperVersion}/builds/\${paperBuild} | jq '.downloads.application.name')
echo https://papermc.io/api/v2/projects/paper/versions/${paperVersion}/builds/\${paperBuild}/downloads/\${paperFile} echo https://papermc.io/api/v2/projects/paper/versions/${paperVersion}/builds/\${paperBuild}/downloads/\${paperFile}
""", """,
returnStdout: true returnStdout: true
).trim() ).trim()
} }
}
container ("kaniko") { stage ("Build & Push") {
sh """ container ("kaniko") {
/kaniko/executor --cleanup --context "${workspace}" -f "${workspace}/Dockerfile" --destination "${repository}/library/minecraft:latest" --build-arg "paperDownload=${paperDownload}" sh """
""" /kaniko/executor \\
} --cleanup \\
} --context "${workspace}" \\
} -f "${workspace}/Dockerfile" \\
--destination "${repository}/library/minecraft:latest" \\
--build-arg "paperDownload=${paperDownload}"
"""
}
}
}
} }