Best Practices for Dockerfile in repository

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Best Practices for Dockerfile in repository

Simon Richter
Hi,

Looking at https://jenkins.io/doc/book/pipeline/docker/#dockerfile , I've
set up a repository for our project with a Dockerfile to describe the build
environment, and a simple Jenkinsfile describing the build:

    pipeline {
        agent {
            dockerfile true
        }
        stages {
            stage('Build') {
                steps {
                    sh 'make'
                }
            }
        }
    }

To make this build correctly, I had to install Docker CLI inside the
Jenkins container and give Jenkins access to control Docker.

The latter is kind of obvious, and Jenkins already had that access in order
to spawn agents as required, but I'm wondering if it makes sense to require
the Docker CLI, as I have to make sure it is present on whatever agent
builds the project, so the assertion in the documentation that it is only
Windows and MacOS agents that would have trouble running such a pipeline is
a bit bold.

I can certainly work around that, so I'm wondering what is the best
approach:

 - continue to build a derived image for Jenkins, adding the Docker CLI as
   a statically linked executable, and limit execution of Docker pipelines
   to master
 - set up a single agent that has the Docker CLI installed, give it an
   appropriate label, and use that
 - use the Docker cloud plugin to create agents on-demand that have the
   Docker CLI installed, and use these to build the pipeline (so a single
   build creates two containers).

There was a pull request[1] that eliminates the need for Docker CLI to run
a pipeline with 'agent { dockerfile true }', but it has been closed.

What would be the most sensible option to build a project like this from a
Jenkins instance that is itself running inside a Docker container?

Is there a readymade image of jenkins/jenkins:lts plus the Docker CLI, or
jenkinsci/slave:latest plus the Docker CLI, or do I have to build and
maintain these myself?

   Simon

[1] https://github.com/jenkinsci/docker-workflow-plugin/pull/195

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/20200205111953.GB6800%40psi5.com.
Reply | Threaded
Open this post in threaded view
|

Re: Best Practices for Dockerfile in repository

Marc Runkel
Hey Simon,

We went ahead and built our own..

FROM docker

RUN apk add --no-cache git nodejs npm docker-compose openssh-client && \
    apk add python py-pip py-setuptools git ca-certificates && \
    pip install python-dateutil && \
    git clone https://github.com/s3tools/s3cmd.git /opt/s3cmd && \
    ln -s /opt/s3cmd/s3cmd /usr/bin/s3cmd

COPY ./files/s3cfg /root/.s3cfg

I'm currently working on getting multiple images to work so that we don't have to include stuff like mysql clients and JS building tools in this image but 
that's not working for me.  Hopefully I'll get a response to my earlier message so I can get that working.

m.

On Wednesday, February 5, 2020 at 12:20:11 PM UTC+1, Simon Richter wrote:
Hi,

Looking at <a href="https://jenkins.io/doc/book/pipeline/docker/#dockerfile" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fjenkins.io%2Fdoc%2Fbook%2Fpipeline%2Fdocker%2F%23dockerfile\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHoMb-4fl3EF7SED1eea3w7yHJEbg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fjenkins.io%2Fdoc%2Fbook%2Fpipeline%2Fdocker%2F%23dockerfile\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHoMb-4fl3EF7SED1eea3w7yHJEbg&#39;;return true;">https://jenkins.io/doc/book/pipeline/docker/#dockerfile , I've
set up a repository for our project with a Dockerfile to describe the build
environment, and a simple Jenkinsfile describing the build:

    pipeline {
        agent {
            dockerfile true
        }
        stages {
            stage('Build') {
                steps {
                    sh 'make'
                }
            }
        }
    }

To make this build correctly, I had to install Docker CLI inside the
Jenkins container and give Jenkins access to control Docker.

The latter is kind of obvious, and Jenkins already had that access in order
to spawn agents as required, but I'm wondering if it makes sense to require
the Docker CLI, as I have to make sure it is present on whatever agent
builds the project, so the assertion in the documentation that it is only
Windows and MacOS agents that would have trouble running such a pipeline is
a bit bold.

I can certainly work around that, so I'm wondering what is the best
approach:

 - continue to build a derived image for Jenkins, adding the Docker CLI as
   a statically linked executable, and limit execution of Docker pipelines
   to master
 - set up a single agent that has the Docker CLI installed, give it an
   appropriate label, and use that
 - use the Docker cloud plugin to create agents on-demand that have the
   Docker CLI installed, and use these to build the pipeline (so a single
   build creates two containers).

There was a pull request[1] that eliminates the need for Docker CLI to run
a pipeline with 'agent { dockerfile true }', but it has been closed.

What would be the most sensible option to build a project like this from a
Jenkins instance that is itself running inside a Docker container?

Is there a readymade image of jenkins/jenkins:lts plus the Docker CLI, or
jenkinsci/slave:latest plus the Docker CLI, or do I have to build and
maintain these myself?

   Simon

[1] <a href="https://github.com/jenkinsci/docker-workflow-plugin/pull/195" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fjenkinsci%2Fdocker-workflow-plugin%2Fpull%2F195\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFPaglIEqVrvOwCiIY-Tjsgas15ug&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fjenkinsci%2Fdocker-workflow-plugin%2Fpull%2F195\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFPaglIEqVrvOwCiIY-Tjsgas15ug&#39;;return true;">https://github.com/jenkinsci/docker-workflow-plugin/pull/195

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/9b1526a5-07d7-4e48-a997-cd824e2c7444%40googlegroups.com.