infra/docker/jenkins/files/jenkins.sh

#! /bin/bash -e

# cert prep
for i in /secrets/jenkins.crt /etc/ssl/certs/ca-cert-MaskedName_Root_CA.pem; do
    cat $i >> /tmp/jenkins_bundle.crt
    echo >> /tmp/jenkins_bundle.crt
done

expect <(cat <<EOH
spawn openssl pkcs12 -inkey /secrets/jenkins.key -in /tmp/jenkins_bundle.crt -export -out /secrets/jenkins.jks
expect "Enter Export Password:"
send -- "password\r"
expect "Verifying - Enter Export Password:"
send -- "password\r"
interact
EOH
)

# defaultish jenkins stuff
: "${JENKINS_WAR:="/usr/share/jenkins/jenkins.war"}"
: "${JENKINS_HOME:="/var/jenkins_home"}"
: "${COPY_REFERENCE_FILE_LOG:="${JENKINS_HOME}/copy_reference_file.log"}"
: "${REF:="/usr/share/jenkins/ref"}"
touch "${COPY_REFERENCE_FILE_LOG}" || { echo "Can not write to ${COPY_REFERENCE_FILE_LOG}. Wrong volume permissions?"; exit 1; }
echo "--- Copying files at $(date)" >> "$COPY_REFERENCE_FILE_LOG"
find "${REF}" \( -type f -o -type l \) -exec bash -c '. /usr/local/bin/jenkins-support; for arg; do copy_reference_file "$arg"; done' _ {} +

# if `docker run` first argument start with `--` the user is passing jenkins launcher arguments
if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then

  # read JAVA_OPTS and JENKINS_OPTS into arrays to avoid need for eval (and associated vulnerabilities)
  java_opts_array=()
  while IFS= read -r -d '' item; do
    java_opts_array+=( "$item" )
  done < <([[ $JAVA_OPTS ]] && xargs printf '%s\0' <<<"$JAVA_OPTS")

  readonly agent_port_property='jenkins.model.Jenkins.slaveAgentPort'
  if [ -n "${JENKINS_SLAVE_AGENT_PORT:-}" ] && [[ "${JAVA_OPTS:-}" != *"${agent_port_property}"* ]]; then
    java_opts_array+=( "-D${agent_port_property}=${JENKINS_SLAVE_AGENT_PORT}" )
  fi

  if [[ "$DEBUG" ]] ; then
    java_opts_array+=( \
      '-Xdebug' \
      '-Xrunjdwp:server=y,transport=dt_socket,address=5005,suspend=y' \
    )
  fi

  jenkins_opts_array=( )
  while IFS= read -r -d '' item; do
    jenkins_opts_array+=( "$item" )
  done < <([[ $JENKINS_OPTS ]] && xargs printf '%s\0' <<<"$JENKINS_OPTS")

  exec java -Duser.home="$JENKINS_HOME" "${java_opts_array[@]}" -jar ${JENKINS_WAR} "${jenkins_opts_array[@]}" "$@"
fi

# As argument is not jenkins, assume user want to run his own process, for example a `bash` shell to explore this image
exec "$@"
Basic jenkins install (no ssl) with nomad 2020-10-04 00:35:33 +00:00			`#! /bin/bash -e`

Add docker configs for jenkins with ssl god kill me 2020-10-14 02:56:33 +00:00			`# cert prep`
			`for i in /secrets/jenkins.crt /etc/ssl/certs/ca-cert-MaskedName_Root_CA.pem; do`
			`cat $i >> /tmp/jenkins_bundle.crt`
			`echo >> /tmp/jenkins_bundle.crt`
			`done`

			`expect <(cat <<EOH`
			`spawn openssl pkcs12 -inkey /secrets/jenkins.key -in /tmp/jenkins_bundle.crt -export -out /secrets/jenkins.jks`
			`expect "Enter Export Password:"`
			`send -- "password\r"`
			`expect "Verifying - Enter Export Password:"`
			`send -- "password\r"`
			`interact`
			`EOH`
			`)`

			`# defaultish jenkins stuff`
Basic jenkins install (no ssl) with nomad 2020-10-04 00:35:33 +00:00			`: "${JENKINS_WAR:="/usr/share/jenkins/jenkins.war"}"`
			`: "${JENKINS_HOME:="/var/jenkins_home"}"`
			`: "${COPY_REFERENCE_FILE_LOG:="${JENKINS_HOME}/copy_reference_file.log"}"`
			`: "${REF:="/usr/share/jenkins/ref"}"`
			`touch "${COPY_REFERENCE_FILE_LOG}" \|\| { echo "Can not write to ${COPY_REFERENCE_FILE_LOG}. Wrong volume permissions?"; exit 1; }`
			`echo "--- Copying files at $(date)" >> "$COPY_REFERENCE_FILE_LOG"`
			`find "${REF}" \( -type f -o -type l \) -exec bash -c '. /usr/local/bin/jenkins-support; for arg; do copy_reference_file "$arg"; done' _ {} +`

			# if `docker run` first argument start with `--` the user is passing jenkins launcher arguments
			`if [[ $# -lt 1 ]] \|\| [[ "$1" == "--"* ]]; then`

			`# read JAVA_OPTS and JENKINS_OPTS into arrays to avoid need for eval (and associated vulnerabilities)`
			`java_opts_array=()`
			`while IFS= read -r -d '' item; do`
			`java_opts_array+=( "$item" )`
			`done < <([[ $JAVA_OPTS ]] && xargs printf '%s\0' <<<"$JAVA_OPTS")`

			`readonly agent_port_property='jenkins.model.Jenkins.slaveAgentPort'`
			`if [ -n "${JENKINS_SLAVE_AGENT_PORT:-}" ] && [[ "${JAVA_OPTS:-}" != "${agent_port_property}" ]]; then`
			`java_opts_array+=( "-D${agent_port_property}=${JENKINS_SLAVE_AGENT_PORT}" )`
			`fi`

			`if [[ "$DEBUG" ]] ; then`
			`java_opts_array+=( \`
			`'-Xdebug' \`
			`'-Xrunjdwp:server=y,transport=dt_socket,address=5005,suspend=y' \`
			`)`
			`fi`

			`jenkins_opts_array=( )`
			`while IFS= read -r -d '' item; do`
			`jenkins_opts_array+=( "$item" )`
			`done < <([[ $JENKINS_OPTS ]] && xargs printf '%s\0' <<<"$JENKINS_OPTS")`

			`exec java -Duser.home="$JENKINS_HOME" "${java_opts_array[@]}" -jar ${JENKINS_WAR} "${jenkins_opts_array[@]}" "$@"`
			`fi`

			# As argument is not jenkins, assume user want to run his own process, for example a `bash` shell to explore this image
			`exec "$@"`