Jenkins container including Checkmarx plugin
- Author: Pedric Kng
- Updated: 17 Dec 2020
Guide on installing Jenkins container with Checkmarx plugin See https://github.com/cx-demo/myjenkins
Overview
Installation
- Create Dockerfile
# base image
FROM jenkins/jenkins:lts
# Creator
LABEL maintainer="Pedric (cxdemosg@gmail.com)"
# Install maven in container
USER root
RUN apt-get update && apt-get install -y maven
USER jenkins
# Disable Jenkins setup wizard
ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false"
# Add list of plugins
ADD plugins.txt /usr/share/jenkins/ref/
# Install plugins
RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt
# Adding scripts
COPY groovy/* /usr/share/jenkins/ref/init.groovy.d/
- Build docker image
docker build -t myjenkins:latest -t myjenkins:<$VERSION> .
Helper sh script is available build.sh
# Note that the default image name is 'myjenkins'
./build.sh <image version>
- Run myjenkins container
docker run -p 6080:8080 --name $CONTAINER_NAME -v jenkins_home:/var/jenkins_home -v /downloads:/var/jenkins_home/downloads -d myjenkins:latest
Adding docker execution environment for Jenkins
- Including docker ce, docker ce-cli and containerd to Dockerfile
# install docker, docker-compose, docker-machine
# see: https://docs.docker.com/engine/installation/linux/docker-ce/ubuntu/
# see: https://docs.docker.com/engine/installation/linux/linux-postinstall/
# see: https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/
# prerequisites for docker
RUN apt-get update \
&& apt-get -y install \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common
# docker
RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - \
&& add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") $(lsb_release -cs) stable" \
&& apt-get update \
&& apt-get -y install docker-ce docker-ce-cli containerd.io
# docker-compose
RUN curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \
&& chmod +x /usr/local/bin/docker-compose
# give jenkins docker rights
RUN usermod -aG docker jenkins
- Give docker cli(Jenkins Container) privileges to docker.sock (host)
Quick means is to grant all permissions, but it is NOT recommended for production.
sudo chmod 777 /var/run/docker.sock
For a more secure setup, refer to [4]
-
Build docker image as described previously.
-
Execute jenkins docker with docker.sock bind
# Note how docker.sock is bind between the host and jenkins container
docker run -p 6080:8080 --name $CONTAINER_NAME -v jenkins_home:/var/jenkins_home -v /downloads:/var/jenkins_home/downloads -v /var/run/docker.sock:/var/run/docker.sock -v ${which docker}:${which docker} -d myjenkins:latest
References
Automating Jenkins Docker setup with default admin account [1]
Dockerizing jenkins 2 [2]
Docker inside Docker for Jenkins [4]