feat: use ods as base-image

- remove limitation with openshift certifications and aqua scanner cli - remove APP_DNS and AQUASEC_SCANNERCLI_URL parameter from templates - remove centos8 repo from base image as bugfix - delete Limitation section from README - update Introduction and Usage section from README BREAKING CHANGE: replace base-image and remove parameter APP_DNS and AQUASEC_SCANNERCLI_URL
SimonGolms · Mar 17, 2022 · dae9a72 · dae9a72
1 parent 81a54d2
commit dae9a72
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 78 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
-FROM opendevstackorg/ods-jenkins-agent-base-ubi8:4.x
+FROM image-registry.openshift-image-registry.svc:5000/ods/jenkins-agent-base:4.x
 
 # Labels consumed by Red Hat build service
-LABEL base.name="opendevstackorg/ods-jenkins-agent-base-ubi8:4.x" \
+LABEL base.name="ods/jenkins-agent-base:4.x" \
     description="The Jenkins Agent Node.js image has the Node.js and npm tools on top of the ODS Jenkins Agent Base Image." \
     io.k8s.display-name="Jenkins Agent Node.js" \
     io.openshift.tags="openshift,jenkins,agent,nodejs" \
@@ -11,8 +11,6 @@ LABEL base.name="opendevstackorg/ods-jenkins-agent-base-ubi8:4.x" \
     summary="Provides the latest release of Jenkins Agent Node.js Universal Base Image 8." \
     version="1.0.2"
 
-ARG APP_DNS
-ARG AQUASEC_SCANNERCLI_URL
 ARG NEXUS_AUTH
 ARG NEXUS_URL
 ARG NODEJS_VERSION
@@ -23,18 +21,10 @@ ENV LANG=en_US.UTF-8 \
     NPM_CONFIG_PREFIX=$HOME/.npm-global \
     PATH=$HOME/node_modules/.bin/:$HOME/.npm-global/bin/:$PATH
 
-# Optional: Import OpenShift Certificates
-RUN if [ ! -z $APP_DNS ] ; then \
-    # https://github.com/opendevstack/ods-core/blob/c90b0d73d1e49666f80c2278df47e7b070d693d2/jenkins/agent-base/Dockerfile.ubi8#L27
-    import_certs.sh; \
-    fi
-
-# Optional: Install Aqua Scanner CLI
-RUN if [ ! -z $AQUASEC_SCANNERCLI_URL ] ; then \
-    curl --create-dirs --silent --show-error --location $AQUASEC_SCANNERCLI_URL --output /usr/local/bin/aquasec \
-    && chmod +rwx /usr/local/bin/aquasec \
-    && echo aquasec version: $(aquasec version); \
-    fi
+# The BaseImage in my ODS instance is still delivered with the CentOS 8 repository
+# This leads to failures when installing additional packages.
+# As a bugfix it is enough to remove it. https://github.com/opendevstack/ods-core/pull/1106
+RUN rm -f /etc/yum.repos.d/centos8.repo
 
 # Build image with the latest (security) updates
 RUN dnf -y update

diff --git a/README.md b/README.md
@@ -11,54 +11,44 @@
 
 ## Introduction
 
-This Jenkins agent is used to build Node.js based projects, thru `npm` and `npx`. It use [opendevstackorg/ods-jenkins-agent-base-ubi8:4.x](https://hub.docker.com/r/opendevstackorg/ods-jenkins-agent-base-ubi8) as base image in an OpenShift 4 Instance.
+This Jenkins agent is used to build Node.js based projects, thru `npm` and `npx`. It use `ods/jenkins-agent-base:4.x` as base image in an OpenShift 4 Instance with OpenDevStack 4.x.
 
 ### Features
 
 1. Node.js v16.x | lts | current
 2. npm v8.x | latest
 3. (optional) Nexus configuration
 
-### Limitations
-
-Due to a bug ([#1093](https://github.com/opendevstack/ods-core/issues/1093)) with the `image-registry.openshift-image-registry.svc:5000/ods/jenkins-agent-base:4.x` image, which has not yet been fixed in my OpenShift instance, the `opendevstackorg/ods-jenkins-agent-base-ubi8:4.x` image from DockerHub is used in the meantime. Unfortunately, this comes with the following limitations, which will be handled during the initial setup in the OpenShift instance.
-
-1. **Scan with SonarQube**: To use the [`odsComponentStageScanWithSonar`](https://www.opendevstack.org/ods-documentation/opendevstack/4.x/jenkins-shared-library/component-pipeline.html#_odscomponentstagescanwithsonar) the certificates of the OpenShift cluster instance would have to be imported into the Jenkins agent. Therefore the parameter `APP_DNS` must be set to specify the OpenShift URL `docker-registry-default.apps.COMPANY.com`.
-2. **Scan with Aqua Sec**: To use the [`odsComponentStageScanWithAqua`](https://www.opendevstack.org/ods-documentation/opendevstack/4.x/jenkins-shared-library/component-pipeline.html#_odscomponentstagescanwithaqua) the necessary AquaSec CLI must be downloaded ([Aqua Support: Aqua Scanner Executable Binary](https://support.aquasec.com/support/solutions/articles/16000120205-aqua-scanner-executable-binary)), which is only available for registered AquaSec users. Therefore the parameter `AQUASEC_SCANNERCLI_URL` must be set to specify the download URL `https://USERNAME:PASSWORD@download.aquasec.com/scanner/VERSION/scannercli`.
-
 ### Usage
 
 The image is built in your active OpenShift Project and is named `jenkins-agent-nodejs-<VERSION>`.
 It can be referenced in a `Jenkinsfile` with `<PROJECT>/jenkins-agent-nodejs-<VERSION>`.
 
-```groovy
+```diff
 // Jenkinsfile
 odsComponentPipeline(
-  imageStreamTag: "foo-cd/jenkins-agent-nodejs-16:latest",
+-  imageStreamTag: 'ods/jenkins-agent-nodejs12:4.x',
++  imageStreamTag: "foo-cd/jenkins-agent-nodejs-16:latest",
 )
 ```
-```groovy
-// Jenkinsfile with custom resources
-def dockerRegistry
-
-node {
-  dockerRegistry = env.DOCKER_REGISTRY
-}
 
+```diff
+// Jenkinsfile with custom agent resources
 odsComponentPipeline(
-  podContainers: [
-    containerTemplate(
-      alwaysPullImage: true,
-      args: '${computer.jnlpmac} ${computer.name}',
-      image: "${dockerRegistry}/foo-cd/jenkins-agent-nodejs-16:latest",
-      name: 'jnlp',
-      resourceLimitCpu: '3',
-      resourceLimitMemory: '8Gi',
-      resourceRequestCpu: '10m',
-      resourceRequestMemory: '4Gi',
-      workingDir: '/tmp'
-    )
-  ],
+-  imageStreamTag: 'ods/jenkins-agent-nodejs12:4.x',
++  podContainers: [
++    containerTemplate(
++      alwaysPullImage: true,
++      args: '${computer.jnlpmac} ${computer.name}',
++      image: "image-registry.openshift-image-registry.svc:5000/foo-cd/jenkins-agent-nodejs-16:latest",
++      name: 'jnlp',
++      resourceLimitCpu: '3',
++      resourceLimitMemory: '8Gi',
++      resourceRequestCpu: '10m',
++      resourceRequestMemory: '4Gi',
++      workingDir: '/tmp'
++    )
++  ],
 )
 ```
 
@@ -75,14 +65,6 @@ oc process -f https://raw.githubusercontent.com/SimonGolms/ods-jenkins-agent-nod
 oc process -f https://raw.githubusercontent.com/SimonGolms/ods-jenkins-agent-nodejs/main/jenkins-agent-nodejs-current-template.yaml | oc create -f -
 ```
 
-```sh
-# with limitation fix
-oc process -f https://raw.githubusercontent.com/SimonGolms/ods-jenkins-agent-nodejs/main/jenkins-agent-nodejs-<VERSION>-template.yaml \
-  -p APP_DNS=docker-registry-default.apps.COMPANY.com \
-  -p AQUASEC_SCANNERCLI_URL=https://USERNAME:PASSWORD@download.aquasec.com/scanner/VERSION/scannercli \
-  | oc create -f -
-```
-
 ```sh
 # with nexus configuration
 oc process -f https://raw.githubusercontent.com/SimonGolms/ods-jenkins-agent-nodejs/main/jenkins-agent-nodejs-<VERSION>-template.yaml \

diff --git a/jenkins-agent-nodejs-16-template.yaml b/jenkins-agent-nodejs-16-template.yaml
@@ -18,10 +18,6 @@ labels:
   part-of: jenkins-agent-nodejs
   template: jenkins-agent-nodejs-16
 parameters:
-  - name: APP_DNS
-    value: ""
-  - name: AQUASEC_SCANNERCLI_URL
-    value: ""
   - name: NEXUS_AUTH
     value: ""
   - name: NEXUS_URL
@@ -53,10 +49,6 @@ objects:
       strategy:
         dockerStrategy:
           buildArgs:
-            - name: APP_DNS
-              value: ${APP_DNS}
-            - name: AQUASEC_SCANNERCLI_URL
-              value: ${AQUASEC_SCANNERCLI_URL}
             - name: NEXUS_AUTH
               value: ${NEXUS_AUTH}
             - name: NEXUS_URL

diff --git a/jenkins-agent-nodejs-current-template.yaml b/jenkins-agent-nodejs-current-template.yaml
@@ -18,10 +18,6 @@ labels:
   part-of: jenkins-agent-nodejs
   template: jenkins-agent-nodejs-current
 parameters:
-  - name: APP_DNS
-    value: ""
-  - name: AQUASEC_SCANNERCLI_URL
-    value: ""
   - name: NEXUS_AUTH
     value: ""
   - name: NEXUS_URL
@@ -53,10 +49,6 @@ objects:
       strategy:
         dockerStrategy:
           buildArgs:
-            - name: APP_DNS
-              value: ${APP_DNS}
-            - name: AQUASEC_SCANNERCLI_URL
-              value: ${AQUASEC_SCANNERCLI_URL}
             - name: NEXUS_AUTH
               value: ${NEXUS_AUTH}
             - name: NEXUS_URL

diff --git a/jenkins-agent-nodejs-lts-template.yaml b/jenkins-agent-nodejs-lts-template.yaml
@@ -18,10 +18,6 @@ labels:
   part-of: jenkins-agent-nodejs
   template: jenkins-agent-nodejs-lts
 parameters:
-  - name: APP_DNS
-    value: ""
-  - name: AQUASEC_SCANNERCLI_URL
-    value: ""
   - name: NEXUS_AUTH
     value: ""
   - name: NEXUS_URL
@@ -53,10 +49,6 @@ objects:
       strategy:
         dockerStrategy:
           buildArgs:
-            - name: APP_DNS
-              value: ${APP_DNS}
-            - name: AQUASEC_SCANNERCLI_URL
-              value: ${AQUASEC_SCANNERCLI_URL}
             - name: NEXUS_AUTH
               value: ${NEXUS_AUTH}
             - name: NEXUS_URL