feat(alpine): Pin Alpine version to 3.17.3

[gounthar]

This is a follow-up/prequel to #251 in the hope of solving #243 in the end.

We used to get whatever Alpine version was used by Eclipse Temurin's image.
This PR proposes to separate the openJDK build from the Alpine version, by creating another stage.
The first stage takes Temurin's openJDK build (and compresses its size whenever it's possible through the use of jlink).
The second stage starts from a fixed Alpine version and copies the pre-built openJDK binaries into it.

I've also created two variables (taken from docker-agent docker-bake example):

• ALPINE_FULL_TAG: this will be passed as a parameter to the Dockerfile
• ALPINE_SHORT_TAG: this will be used to create additional tags

Testing done

docker buildx bake alpine_jdk17 --load
[+] Building 5.6s (18/18) FINISHED
 => [internal] booting buildkit                                                                                                                                               1.5s
 => => starting container buildx_buildkit_exciting_williams0                                                                                                                  1.5s
 => [internal] load .dockerignore                                                                                                                                             0.2s
 => => transferring context: 97B                                                                                                                                              0.1s
 => [internal] load build definition from Dockerfile                                                                                                                          0.1s
 => => transferring dockerfile: 4.40kB                                                                                                                                        0.0s
 => [internal] load metadata for docker.io/library/alpine:3.17.3                                                                                                              2.0s
 => [internal] load metadata for docker.io/library/eclipse-temurin:17.0.7_7-jdk-alpine                                                                                        1.8s
 => [build 1/8] FROM docker.io/library/alpine:3.17.3@sha256:124c7d2707904eea7431fffe91522a01e5a861a624ee31d03372cc1d138a3126                                                  0.1s
 => => resolve docker.io/library/alpine:3.17.3@sha256:124c7d2707904eea7431fffe91522a01e5a861a624ee31d03372cc1d138a3126                                                        0.0s
 => [internal] load build context                                                                                                                                             0.1s
 => => transferring context: 2.80kB                                                                                                                                           0.1s
 => [jre-build 1/2] FROM docker.io/library/eclipse-temurin:17.0.7_7-jdk-alpine@sha256:ad135147f78ddb330275438075a7177aaf9408f62d6b97ad2ecb6e66c1adc7b9                        0.1s
 => => resolve docker.io/library/eclipse-temurin:17.0.7_7-jdk-alpine@sha256:ad135147f78ddb330275438075a7177aaf9408f62d6b97ad2ecb6e66c1adc7b9                                  0.1s
 => CACHED [build 2/8] RUN addgroup -g "1000" "jenkins"     && adduser -h "/home/jenkins" -u "1000" -G "jenkins" -s /bin/bash -D "jenkins"     && passwd -u "jenkins"     &&  0.0s
 => CACHED [build 3/8] RUN apk add --no-cache     bash     git-lfs     less     netcat-openbsd     openssh     patch                                                          0.0s
 => CACHED [build 4/8] RUN sed -i /etc/ssh/sshd_config         -e 's/#PermitRootLogin.*/PermitRootLogin no/'         -e 's/#PasswordAuthentication.*/PasswordAuthentication   0.0s
 => CACHED [jre-build 2/2] RUN if [ "$TARGETPLATFORM" != 'linux/arm/v7' ]; then     case "$(jlink --version 2>&1)" in       "11."*) strip_java_debug_flags="--strip-debug" ;  0.0s
 => CACHED [build 5/8] COPY --from=jre-build /javaruntime /opt/java/openjdk                                                                                                   0.0s
 => CACHED [build 6/8] WORKDIR /home/jenkins                                                                                                                                  0.0s
 => CACHED [build 7/8] RUN echo "PATH=/opt/java/openjdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" >> /home/jenkins/.ssh/environment                   0.0s
 => CACHED [build 8/8] COPY setup-sshd /usr/local/bin/setup-sshd                                                                                                              0.0s
 => exporting to docker image format                                                                                                                                          0.9s
 => => exporting layers                                                                                                                                                       0.0s
 => => exporting manifest sha256:5c53f103ba7a78dce526d6397d593e929985a673f352e3b2f98b7f44598f48d2                                                                             0.0s
 => => exporting config sha256:716c275a2fb76583c82a432641dd12c8b0da08773febfa214a4d933735def8d7                                                                               0.0s
 => => sending tarball                                                                                                                                                        0.9s
 => importing to docker

Submitter checklist

• Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
• Ensure that the pull request title represents the desired changelog entry
• Please describe what you did
• Link to relevant issues in GitHub or Jira
• Link to relevant pull requests, esp. upstream and downstream changes
• Ensure you have provided tests - that demonstrates feature works or fixes the issue

[dduportal]

It looks really good work!

About the CI checks:

• The build passes: your local test matches with what the Ci does ✅
• The tests are failing for both alpine and alpine_jdk17 images with the error below ❌

[docker.io/jenkins/ssh-agent:alpine] has utf-8 locale

[docker.io/jenkins/ssh-agent:alpine_jdk17] has utf-8 locale

which measn there was some setup in the former eclipse-temuringwe should cherry-pick (or maybe from toher jenkinsci/docker-* Alpine images). Almost there!

[dduportal]

I believe you should be able to "test" locally with make test-alpine or make test-alpine_jdk17 as per

docker-ssh-agent/Makefile

Line 75 in 8616460

test-%: prepare-test

(but not 100% sure of the syntax: my mind betrays me)

[gounthar]

You were right Damien, the command that launched the test was make test-alpine_jdk17.

The local error message is:

not ok 11 [docker.io/jenkins/ssh-agent:alpine-jdk17] has utf-8 locale
# (from function `assert_equal' in file tests/test_helper/bats-assert/src/assert_equal.bash, line 40,
#  in test file tests/tests.bats, line 188)
#   `assert_equal "${output}" "UTF-8"' failed
#
# -- values do not equal --
# expected : UTF-8
# actual   : sh: locale: not found
# --
#

I'll try to find a workaround (or the solution) in Temurin's Dockerfile or docker-agent's Dockerfile.

Thanks.

[gounthar]

I added the musl-locales that was missing.
Now, bash or java can't be found.

not ok 3 [docker.io/jenkins/ssh-agent:alpine-jdk17] image has bash and java installed and in the PATH
# (from function `assert_success' in file tests/test_helper/bats-assert/src/assert_success.bash, line 42,
#  in test file tests/tests.bats, line 43)
#   `assert_success' failed
# adb1ded4913ac98bdfb1b3cb51c3eab030dcd2781516719737064d902572ae04
#
# -- command failed --
# status : 1
# output : Error response from daemon: No such container: bats-jenkins-ssh-agent-bash-java
# --
#

java seems to be found:

 docker run --rm jenkins/ssh-agent:alpine-jdk17 java --version
+ [[ '' == ssh-* ]]
+ [[ '' == ssh-* ]]
+ env
+ grep _
+ [[ 2 -gt 0 ]]
+ echo 'setup-sshd params: java' --version
+ [[ java == ssh-* ]]
+ [[ java --version == \/\u\s\r\/\s\b\i\n\/\s\s\h\d\ \-\D\ \-\p\ \2\2 ]]
+ echo 'Executing params: '\''java' '--version'\'''
+ exec java --version
setup-sshd params: java --version
Executing params: 'java --version'
openjdk 17.0.7 2023-04-18
OpenJDK Runtime Environment Temurin-17.0.7+7 (build 17.0.7+7)
OpenJDK 64-Bit Server VM Temurin-17.0.7+7 (build 17.0.7+7, mixed mode)

bash is also found:

docker run --rm jenkins/ssh-agent:alpine-jdk17 /bin/bash -c 'echo "Hello, world!"'
+ [[ '' == ssh-* ]]
+ [[ '' == ssh-* ]]
+ env
+ grep _
+ [[ 3 -gt 0 ]]
+ echo 'setup-sshd params: /bin/bash' -c 'echo "Hello, world!"'
+ [[ /bin/bash == ssh-* ]]
+ [[ /bin/bash -c echo "Hello, world!" == \/\u\s\r\/\s\b\i\n\/\s\s\h\d\ \-\D\ \-\p\ \2\2 ]]
+ echo 'Executing params: '\''/bin/bash' -c 'echo "Hello, world!"'\'''
+ exec /bin/bash -c 'echo "Hello, world!"'
setup-sshd params: /bin/bash -c echo "Hello, world!"
Executing params: '/bin/bash -c echo "Hello, world!"'
Hello, world!

🤔
Let's have a look at the test.

[gounthar]

I had a look at the tests, and launched the same commands that went fine:

docker run --rm jenkins/ssh-agent:alpine-jdk17 which bash
+ [[ '' == ssh-* ]]
+ [[ '' == ssh-* ]]
+ env
+ grep _
setup-sshd params: which bash
Executing params: 'which bash'
+ [[ 2 -gt 0 ]]
+ echo 'setup-sshd params: which' bash
+ [[ which == ssh-* ]]
+ [[ which bash == \/\u\s\r\/\s\b\i\n\/\s\s\h\d\ \-\D\ \-\p\ \2\2 ]]
+ echo 'Executing params: '\''which' 'bash'\'''
+ exec which bash
/bin/bash
gounthar@his-machine:/mnt/c/Support/users/jenkins/git/ci/docker-ssh-agent (alpine-multi-stage)$ docker run --rm jenkins/ssh-agent:alpine-jdk17 bash --version
+ [[ '' == ssh-* ]]
+ [[ '' == ssh-* ]]
+ env
+ grep _
setup-sshd params: bash --version
Executing params: 'bash --version'
+ [[ 2 -gt 0 ]]
+ echo 'setup-sshd params: bash' --version
+ [[ bash == ssh-* ]]
+ [[ bash --version == \/\u\s\r\/\s\b\i\n\/\s\s\h\d\ \-\D\ \-\p\ \2\2 ]]
+ echo 'Executing params: '\''bash' '--version'\'''
+ exec bash --version
GNU bash, version 5.2.15(1)-release (x86_64-alpine-linux-musl)
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gounthar@his-machine:/mnt/c/Support/users/jenkins/git/ci/docker-ssh-agent (alpine-multi-stage)$ docker run --rm jenkins/ssh-agent:alpine-jdk17 which java
+ [[ '' == ssh-* ]]
+ [[ '' == ssh-* ]]
+ env
+ grep _
+ [[ 2 -gt 0 ]]
+ echo 'setup-sshd params: which' java
+ [[ which == ssh-* ]]
+ [[ which java == \/\u\s\r\/\s\b\i\n\/\s\s\h\d\ \-\D\ \-\p\ \2\2 ]]
+ echo 'Executing params: '\''which' 'java'\'''
+ exec which java
setup-sshd params: which java
Executing params: 'which java'
/opt/java/openjdk/bin/java
gounthar@his-machine:/mnt/c/Support/users/jenkins/git/ci/docker-ssh-agent (alpine-multi-stage)$ docker run --rm jenkins/ssh-agent:alpine-jdk17 sh -c "java -version"
+ [[ '' == ssh-* ]]
+ [[ '' == ssh-* ]]
setup-sshd params: sh -c java -version
Executing params: 'sh -c java -version'
+ env
+ grep _
+ [[ 3 -gt 0 ]]
+ echo 'setup-sshd params: sh' -c 'java -version'
+ [[ sh == ssh-* ]]
+ [[ sh -c java -version == \/\u\s\r\/\s\b\i\n\/\s\s\h\d\ \-\D\ \-\p\ \2\2 ]]
+ echo 'Executing params: '\''sh' -c 'java -version'\'''
+ exec sh -c 'java -version'
openjdk version "17.0.7" 2023-04-18
OpenJDK Runtime Environment Temurin-17.0.7+7 (build 17.0.7+7)
OpenJDK 64-Bit Server VM Temurin-17.0.7+7 (build 17.0.7+7, mixed mode)
gounthar@his-machine:/mnt/c/Support/users/jenkins/git/ci/docker-ssh-agent (alpine-multi-stage)$

[gounthar]

I guess the error has more to do with

# output : Error response from daemon: No such container: bats-jenkins-ssh-agent-bash-java

than with the presence of java and bash.

Today, the message is somehow different, but the conveyed idea is the same:

# output : Error response from daemon: Container 8f37eb85109bcc5b6be25a655ab9ff783ce198626af416ef97a19cd9f1c97aaf is not running

[gounthar]

How come tests have passed here?

[dduportal]

LGTM!

Approving and merging since the "locale UTF-8" problem is fixed by adding the missing package.

The failing check is unrelated to the change here: it is also failing on the master branch

[gounthar]

Thank you so much for your time and guidance.