Package or bust!
This commit is contained in:
@@ -15,100 +15,8 @@ mkdir -p "${JENKINS_HOME}"
|
||||
chown -R cloudron:cloudron /app/data || true
|
||||
|
||||
# Set Jenkins environment variables
|
||||
export JENKINS_HOME="${JENKINS_HOME}"
|
||||
export JENKINS_HOME
|
||||
export JENKINS_OPTS="--httpPort=${APP_PORT} --httpListenAddress=0.0.0.0"
|
||||
|
||||
# Configure Jenkins for Cloudron with OIDC support
|
||||
log "Configuring Jenkins for Cloudron environment with OIDC authentication"
|
||||
|
||||
# Create basic Jenkins configuration if not exists
|
||||
if [[ ! -f "${JENKINS_HOME}/config.xml" ]]; then
|
||||
log "Creating initial Jenkins configuration with OIDC support"
|
||||
mkdir -p "${JENKINS_HOME}"
|
||||
|
||||
# Create OIDC configuration if environment variables are provided
|
||||
if [[ -n "${CLOUDRON_OIDC_ISSUER_URL:-}" && -n "${CLOUDRON_OIDC_CLIENT_ID:-}" ]]; then
|
||||
log "Configuring OIDC authentication for Jenkins"
|
||||
mkdir -p "${JENKINS_HOME}/org.jenkinsci.plugins.openid_connect"
|
||||
|
||||
# Create OIDC security realm configuration
|
||||
cat > "${JENKINS_HOME}/org.jenkinsci.plugins.openid_connect.OpenIdConnectSecurityRealm.xml" <<'OIDC_XML'
|
||||
<?xml version='1.1' encoding='UTF-8'?>
|
||||
<org.jenkinsci.plugins.openid_connect.OpenIdConnectSecurityRealm plugin="openid-connect@2.4">
|
||||
<issuer>${CLOUDRON_OIDC_ISSUER_URL}</issuer>
|
||||
<clientId>${CLOUDRON_OIDC_CLIENT_ID}</clientId>
|
||||
<clientSecret>${CLOUDRON_OIDC_CLIENT_SECRET}</clientSecret>
|
||||
<scopes>openid,email,profile</scopes>
|
||||
<usernameField>preferred_username</usernameField>
|
||||
<fullNameField>name</fullNameField>
|
||||
<emailField>email</emailField>
|
||||
<disableSslVerification>false</disableSslVerification>
|
||||
<logoutFromOpenidProvider>true</logoutFromOpenidProvider>
|
||||
<postLogoutRedirectUrl>${CLOUDRON_OIDC_REDIRECT_URI}</postLogoutRedirectUrl>
|
||||
<escapeHatchEnabled>false</escapeHatchEnabled>
|
||||
<escapeHatchUsername>admin</escapeHatchUsername>
|
||||
<escapeHatchSecret>jenkins-escape-hatch</escapeHatchSecret>
|
||||
<escapeHatchGroup>admin</escapeHatchGroup>
|
||||
<automanualconfigure>false</automanualconfigure>
|
||||
<wellKnownOpenIDConfigurationUrl></wellKnownOpenIDConfigurationUrl>
|
||||
<readTimeout>20</readTimeout>
|
||||
<connectTimeout>10</connectTimeout>
|
||||
<tokenServerUrl></tokenServerUrl>
|
||||
<authorizationServerUrl></authorizationServerUrl>
|
||||
<userInfoServerUrl></userInfoServerUrl>
|
||||
<userNameField></userNameField>
|
||||
<tokenFieldToCheckKey></tokenFieldToCheckKey>
|
||||
<tokenFieldToCheckValue></tokenFieldToCheckValue>
|
||||
</org.jenkinsci.plugins.openid_connect.OpenIdConnectSecurityRealm>
|
||||
OIDC_XML
|
||||
fi
|
||||
|
||||
# Create basic config.xml for Jenkins
|
||||
cat > "${JENKINS_HOME}/config.xml" <<'XML'
|
||||
<?xml version='1.1' encoding='UTF-8'?>
|
||||
<hudson>
|
||||
<version>2.450</version>
|
||||
<numExecutors>2</numExecutors>
|
||||
<mode>NORMAL</mode>
|
||||
<useSecurity>true</useSecurity>
|
||||
<authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy"/>
|
||||
<securityRealm class="hudson.security.HudsonPrivateSecurityRealm">
|
||||
<disableSignup>true</disableSignup>
|
||||
</securityRealm>
|
||||
<disableRememberMe>false</disableRememberMe>
|
||||
<projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
|
||||
<workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULLNAME}</workspaceDir>
|
||||
<buildsDir>${JENKINS_HOME}/builds/${ITEM_FULLNAME}</buildsDir>
|
||||
<markupFormatter class="hudson.markup.RawHtmlMarkupFormatter" plugin="antisamy-markup-formatter@3.1"/>
|
||||
<jdks/>
|
||||
<viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
|
||||
<myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
|
||||
<clouds/>
|
||||
<slaves/>
|
||||
<scm class="hudson.scm.NullSCM"/>
|
||||
<views>
|
||||
<hudson.model.AllView>
|
||||
<owner class="hudson" reference="../../.."/>
|
||||
<name>all</name>
|
||||
<filterExecutors>false</filterExecutors>
|
||||
<filterQueue>false</filterQueue>
|
||||
<properties class="hudson.model.View$PropertyList"/>
|
||||
</hudson.model.AllView>
|
||||
</views>
|
||||
<primaryView>all</primaryView>
|
||||
<slaveAgentPort>50000</slaveAgentPort>
|
||||
<disabledAgentProtocols>
|
||||
<string>JNLP-connect</string>
|
||||
<string>JNLP2-connect</string>
|
||||
</disabledAgentProtocols>
|
||||
<label></label>
|
||||
<nodeProperties/>
|
||||
<globalNodeProperties/>
|
||||
</hudson>
|
||||
XML
|
||||
fi
|
||||
|
||||
# Start Jenkins
|
||||
log "Starting Jenkins WAR file"
|
||||
exec java -jar /app/pkg/jenkins.war ${JENKINS_OPTS}
|
||||
|
||||
exec java -jar /app/pkg/jenkins.war
|
||||
Reference in New Issue
Block a user