Merge branch 'master' into master

jenkinsci · Apr 30, 2023 · 30782fa · 30782fa
2 parents 8db476e + 482f614
commit 30782fa
Show file tree

Hide file tree

Showing 12 changed files with 35 additions and 93 deletions.
diff --git a/.github/workflows/updatecli.yaml b/.github/workflows/updatecli.yaml
@@ -15,7 +15,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Install Updatecli in the runner
-        uses: updatecli/updatecli-action@v2.26.0
+        uses: updatecli/updatecli-action@v2.28.2
 
       - name: Run Updatecli in Dry Run mode
         run: updatecli diff --config ./updatecli/updatecli.d --values ./updatecli/values.github-action.yaml

diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile
@@ -21,10 +21,10 @@
 #  THE SOFTWARE.
 
 #TODO(oleg_nenashev): Does it also need an update?
-ARG version=3107.v665000b_51092-5
+ARG version=3107.v665000b_51092-8
 FROM jenkins/agent:${version}-alpine-jdk11
 
-ARG version=3107.v665000b_51092-5
+ARG version=3107.v665000b_51092-8
 LABEL Description="This is a base image, which allows connecting Jenkins agents via JNLP protocols" Vendor="Jenkins project" Version="$version"
 
 ARG user=jenkins

diff --git a/11/debian/Dockerfile b/11/debian/Dockerfile
@@ -20,10 +20,10 @@
 #  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 #  THE SOFTWARE.
 
-ARG version=3107.v665000b_51092-5
+ARG version=3107.v665000b_51092-8
 FROM jenkins/agent:${version}-jdk11
 
-ARG version=3107.v665000b_51092-5
+ARG version=3107.v665000b_51092-8
 LABEL Description="This is a base image, which allows connecting Jenkins agents via JNLP protocols" Vendor="Jenkins project" Version="$version"
 
 ARG user=jenkins

diff --git a/11/windows/nanoserver-1809/Dockerfile b/11/windows/nanoserver-1809/Dockerfile
@@ -21,21 +21,11 @@
 #  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 #  THE SOFTWARE.
 
-ARG version=3107.v665000b_51092-5
+ARG version=3107.v665000b_51092-8
 FROM jenkins/agent:${version}-jdk11-nanoserver-1809
 
-ARG version=3107.v665000b_51092-5
+ARG version=3107.v665000b_51092-8
 LABEL Description="This is a base image, which allows connecting Jenkins agents via JNLP protocols on Windows" Vendor="Jenkins Project" Version="$version"
 
-ARG user=jenkins
-
-RUN $output = net users ; `
-    if(-not ($output -match $env:user)) { `
-        net accounts /maxpwage:unlimited ; `
-        net user $env:user /add /expire:never /passwordreq:no ; `
-        net localgroup Administrators /add $env:user `
-    }
-
 COPY jenkins-agent.ps1 C:/ProgramData/Jenkins
-USER ${user}
 ENTRYPOINT ["pwsh.exe", "-f", "C:/ProgramData/Jenkins/jenkins-agent.ps1"]
diff --git a/11/windows/windowsservercore-ltsc2019/Dockerfile b/11/windows/windowsservercore-ltsc2019/Dockerfile
@@ -21,21 +21,11 @@
 #  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 #  THE SOFTWARE.
 
-ARG version=3107.v665000b_51092-5
+ARG version=3107.v665000b_51092-8
 FROM jenkins/agent:${version}-jdk11-windowsservercore-ltsc2019
 
+ARG version=3107.v665000b_51092-8
 LABEL Description="This is a base image, which allows connecting Jenkins agents via JNLP protocols on Windows" Vendor="Jenkins Project" Version="$version"
 
-ARG user=jenkins
-
-RUN $output = net users ; `
-    if(-not ($output -match $env:user)) { `
-        net accounts /maxpwage:unlimited ; `
-        net user "$env:user" /add /expire:never /passwordreq:no ; `
-        net localgroup Administrators /add $env:user ; `
-        Set-LocalUser -Name $env:user -PasswordNeverExpires 1 `
-    }
-
 COPY jenkins-agent.ps1 C:/ProgramData/Jenkins
-USER ${user}
 ENTRYPOINT ["powershell.exe", "-f", "C:/ProgramData/Jenkins/jenkins-agent.ps1"]
diff --git a/17/alpine/Dockerfile b/17/alpine/Dockerfile
@@ -21,10 +21,10 @@
 #  THE SOFTWARE.
 
 #TODO(oleg_nenashev): Does it also need an update?
-ARG version=3107.v665000b_51092-5
+ARG version=3107.v665000b_51092-8
 FROM jenkins/agent:${version}-alpine-jdk17
 
-ARG version=3107.v665000b_51092-5
+ARG version=3107.v665000b_51092-8
 LABEL Description="This is a base image, which allows connecting Jenkins agents via JNLP protocols" Vendor="Jenkins project" Version="$version"
 
 ARG user=jenkins

diff --git a/17/debian/Dockerfile b/17/debian/Dockerfile
@@ -1,7 +1,7 @@
-ARG version=3107.v665000b_51092-5
+ARG version=3107.v665000b_51092-8
 FROM jenkins/agent:${version}-jdk17
 
-ARG version=3107.v665000b_51092-5
+ARG version=3107.v665000b_51092-8
 LABEL Description="This is a base image, which allows connecting Jenkins agents via JNLP protocols" Vendor="Jenkins project" Version="$version"
 
 ARG user=jenkins

diff --git a/17/windows/nanoserver-1809/Dockerfile b/17/windows/nanoserver-1809/Dockerfile
@@ -21,21 +21,11 @@
 #  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 #  THE SOFTWARE.
 
-ARG version=3107.v665000b_51092-5
+ARG version=3107.v665000b_51092-8
 FROM jenkins/agent:${version}-jdk17-nanoserver-1809
 
-ARG version=3107.v665000b_51092-5
+ARG version=3107.v665000b_51092-8
 LABEL Description="This is a base image, which allows connecting Jenkins agents via JNLP protocols on Windows" Vendor="Jenkins Project" Version="$version"
 
-ARG user=jenkins
-
-RUN $output = net users ; `
-    if(-not ($output -match $env:user)) { `
-        net accounts /maxpwage:unlimited ; `
-        net user $env:user /add /expire:never /passwordreq:no ; `
-        net localgroup Administrators /add $env:user `
-    }
-
 COPY jenkins-agent.ps1 C:/ProgramData/Jenkins
-USER ${user}
 ENTRYPOINT ["pwsh.exe", "-f", "C:/ProgramData/Jenkins/jenkins-agent.ps1"]
diff --git a/17/windows/windowsservercore-ltsc2019/Dockerfile b/17/windows/windowsservercore-ltsc2019/Dockerfile
@@ -21,21 +21,11 @@
 #  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 #  THE SOFTWARE.
 
-ARG version=3107.v665000b_51092-5
+ARG version=3107.v665000b_51092-8
 FROM jenkins/agent:${version}-jdk17-windowsservercore-ltsc2019
 
+ARG version=3107.v665000b_51092-8
 LABEL Description="This is a base image, which allows connecting Jenkins agents via JNLP protocols on Windows" Vendor="Jenkins Project" Version="$version"
 
-ARG user=jenkins
-
-RUN $output = net users ; `
-    if(-not ($output -match $env:user)) { `
-        net accounts /maxpwage:unlimited ; `
-        net user "$env:user" /add /expire:never /passwordreq:no ; `
-        net localgroup Administrators /add $env:user ; `
-        Set-LocalUser -Name $env:user -PasswordNeverExpires 1 `
-    }
-
 COPY jenkins-agent.ps1 C:/ProgramData/Jenkins
-USER ${user}
 ENTRYPOINT ["powershell.exe", "-f", "C:/ProgramData/Jenkins/jenkins-agent.ps1"]
diff --git a/docker-bake.hcl b/docker-bake.hcl
@@ -32,7 +32,7 @@ variable "IMAGE_TAG" {
 
 #### This is for the "parent" image version to use (jenkins/agent:<PARENT_IMAGE_AGENT_VERSION>-<base-os>)
 variable "PARENT_IMAGE_VERSION" {
-  default = "3107.v665000b_51092-5"
+  default = "3107.v665000b_51092-8"
 }
 
 variable "REGISTRY" {

diff --git a/make.ps1 b/make.ps1
@@ -5,7 +5,7 @@ Param(
     [String] $AdditionalArgs = '',
     [String] $Build = '',
     [String] $VersionTag = '3071.v7e9b_0dc08466-1',
-    [String] $DockerAgentVersion = '3107.v665000b_51092-5',
+    [String] $DockerAgentVersion = '3107.v665000b_51092-8',
     [switch] $PushVersions = $false
 )
 

diff --git a/tests/inboundAgent.Tests.ps1 b/tests/inboundAgent.Tests.ps1
@@ -5,7 +5,6 @@ $global:AGENT_CONTAINER='pester-jenkins-inbound-agent'
 $global:SHELL="powershell.exe"
 
 $global:FOLDER = Get-EnvOrDefault 'FOLDER' ''
-$global:VERSION = Get-EnvOrDefault 'VERSION' '4.9-1'
 
 $REAL_FOLDER=Resolve-Path -Path "$PSScriptRoot/../${global:FOLDER}"
 
@@ -38,22 +37,22 @@ BuildNcatImage
 
 Describe "[$global:JDK $global:FLAVOR] build image" {
     BeforeAll {
-      Push-Location -StackName 'agent' -Path "$PSScriptRoot/.."
+        Push-Location -StackName 'agent' -Path "$PSScriptRoot/.."
     }
 
     It 'builds image' {
-      $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "build --build-arg VERSION=$global:VERSION -t $global:AGENT_IMAGE $global:FOLDER"
-      $exitCode | Should -Be 0
+        $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "build --tag $global:AGENT_IMAGE --file $global:FOLDER/Dockerfile ./"
+        $exitCode | Should -Be 0
     }
 
     AfterAll {
-      Pop-Location -StackName 'agent'
+        Pop-Location -StackName 'agent'
     }
 }
 
 Describe "[$global:JDK $global:FLAVOR] check default user account" {
     BeforeAll {
-        docker run -d -it --name "$global:AGENT_CONTAINER" -P "$global:AGENT_IMAGE" -Cmd "$global:SHELL"
+        docker run --detach --tty --name "$global:AGENT_CONTAINER" "$global:AGENT_IMAGE" -Cmd "$global:SHELL"
         $LASTEXITCODE | Should -Be 0
         Is-ContainerRunning $global:AGENT_CONTAINER | Should -BeTrue
     }
@@ -75,7 +74,8 @@ Describe "[$global:JDK $global:FLAVOR] check default user account" {
 
 Describe "[$global:JDK $global:FLAVOR] image has jenkins-agent.ps1 in the correct location" {
     BeforeAll {
-        & docker run -dit --name "$global:AGENT_CONTAINER" -P "$global:AGENT_IMAGE" -Cmd $global:SHELL
+        docker run --detach --tty --name "$global:AGENT_CONTAINER" "$global:AGENT_IMAGE" -Cmd "$global:SHELL"
+        $LASTEXITCODE | Should -Be 0
         Is-ContainerRunning $global:AGENT_CONTAINER | Should -BeTrue
     }
 
@@ -95,19 +95,19 @@ Describe "[$global:JDK $global:FLAVOR] image starts jenkins-agent.ps1 correctly
         # Launch the netcat utility, listening at port 5000 for 30 sec
         # bats will capture the output from netcat and compare the first line
         # of the header of the first HTTP request with the expected one
-        $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "run -dit --name nmap --network=jnlp-network nmap:latest ncat.exe -w 30 -l 5000"
+        $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "run --detach --tty --name nmap --network=jnlp-network nmap:latest ncat.exe -w 30 -l 5000"
         $exitCode | Should -Be 0
         Is-ContainerRunning "nmap" | Should -BeTrue
 
         # get the ip address of the nmap container
-        $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "inspect -f `"{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}`" nmap"
+        $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "inspect --format `"{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}`" nmap"
         $exitCode | Should -Be 0
         $nmap_ip = $stdout.Trim()
 
         # run Jenkins agent which tries to connect to the nmap container at port 5000
         $secret = "aaa"
         $name = "bbb"
-        $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "run -dit --network=jnlp-network --name $global:AGENT_CONTAINER $global:AGENT_IMAGE -Url http://${nmap_ip}:5000 $secret $name"
+        $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "run --detach --tty --network=jnlp-network --name $global:AGENT_CONTAINER $global:AGENT_IMAGE -Url http://${nmap_ip}:5000 $secret $name"
         $exitCode | Should -Be 0
         Is-ContainerRunning $global:AGENT_CONTAINER | Should -BeTrue
 
@@ -131,15 +131,14 @@ Describe "[$global:JDK $global:FLAVOR] build args" {
         # This old version must have the same tag suffixes as the current 4 windows images (`-jdk11-nanoserver` etc.)
         $TEST_VERSION="3046.v38db_38a_b_7a_86"
         $DOCKER_AGENT_VERSION_SUFFIX="1"
-        $TEST_USER="foo"
         $ARG_TEST_VERSION="${TEST_VERSION}-${DOCKER_AGENT_VERSION_SUFFIX}"
     }
 
     It 'builds image with arguments' {
-        $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "build --build-arg version=${ARG_TEST_VERSION} --build-arg user=$TEST_USER -t $global:AGENT_IMAGE $global:FOLDER"
+        $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "build --build-arg version=${ARG_TEST_VERSION} -t $global:AGENT_IMAGE $global:FOLDER"
         $exitCode | Should -Be 0
 
-        $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "run -dit --name $global:AGENT_CONTAINER -P $global:AGENT_IMAGE -Cmd $global:SHELL"
+        $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "run --detach --tty --name $global:AGENT_CONTAINER $global:AGENT_IMAGE -Cmd $global:SHELL"
         $exitCode | Should -Be 0
         Is-ContainerRunning "$global:AGENT_CONTAINER" | Should -BeTrue
     }
@@ -150,48 +149,31 @@ Describe "[$global:JDK $global:FLAVOR] build args" {
         $stdout | Should -Match $TEST_VERSION
     }
 
-    It "has the correct (overridden) user account and the container is running as that user" {
-        # check that the user exists and is the user the container is running as
-        $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "exec $global:AGENT_CONTAINER $global:SHELL -c `"(Get-ChildItem env:\ | Where-Object { `$_.Name -eq 'USERNAME' }).Value`""
-        $exitCode | Should -Be 0
-        $stdout | Should -Match $TEST_USER
-    }
-
-    It "has the correct password policy for overridden user account" {
-        # check that $TEST_USER's password never expires and that password is NOT required to login
-        $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "exec $global:AGENT_CONTAINER $global:SHELL -C `"if((net user $TEST_USER | Select-String -Pattern 'Password expires') -match 'Never') { exit 0 } else { net user $TEST_USER ; exit -1 }`""
-        $exitCode | Should -Be 0
-
-        $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "exec $global:AGENT_CONTAINER $global:SHELL -C `"if((net user $TEST_USER | Select-String -Pattern 'Password required') -match 'No') { exit 0 } else { net user $TEST_USER ; exit -1 }`""
-        $exitCode | Should -Be 0
-    }
-
     AfterAll {
         Cleanup($global:AGENT_CONTAINER)
         Pop-Location -StackName 'agent'
     }
 }
 
-
 Describe "[$global:JDK $global:FLAVOR] passing JVM options (slow test)" {
     It "shows the java version with --show-version" {
         $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "network create --driver nat jnlp-network"
         # Launch the netcat utility, listening at port 5000 for 30 sec
         # bats will capture the output from netcat and compare the first line
         # of the header of the first HTTP request with the expected one
-        $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "run -dit --name nmap --network=jnlp-network nmap:latest ncat.exe -w 30 -l 5000"
+        $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "run --detach --tty --name nmap --network=jnlp-network nmap:latest ncat.exe -w 30 -l 5000"
         $exitCode | Should -Be 0
         Is-ContainerRunning "nmap" | Should -BeTrue
 
         # get the ip address of the nmap container
-        $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "inspect -f `"{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}`" nmap"
+        $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "inspect --format `"{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}`" nmap"
         $exitCode | Should -Be 0
         $nmap_ip = $stdout.Trim()
 
         # run Jenkins agent which tries to connect to the nmap container at port 5000
         $secret = "aaa"
         $name = "bbb"
-        $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "run -dit --network=jnlp-network --name $global:AGENT_CONTAINER $global:AGENT_IMAGE -Url http://${nmap_ip}:5000 -JenkinsJavaOpts `"--show-version`" $secret $name"
+        $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "run --detach --tty --network=jnlp-network --name $global:AGENT_CONTAINER $global:AGENT_IMAGE -Url http://${nmap_ip}:5000 -JenkinsJavaOpts `"--show-version`" $secret $name"
         $exitCode | Should -Be 0
         Is-ContainerRunning $global:AGENT_CONTAINER | Should -BeTrue
         $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "logs $global:AGENT_CONTAINER"
@@ -204,4 +186,4 @@ Describe "[$global:JDK $global:FLAVOR] passing JVM options (slow test)" {
         Cleanup("nmap")
         CleanupNetwork("jnlp-network")
     }
-}
+}