feat(jenkins): complete Jenkins package with OIDC support and production methodology

- Add comprehensive OIDC authentication configuration for Jenkins
- Include CloudronManifest.json in Docker image root directory
- Create production packaging methodology template
- Add OIDC authentication audit document
- Jenkins package ready for live Cloudron testing

Next: Test installation on live Cloudron instance

CloudronPackages/Jenkins/Dockerfile

@@ -30,9 +30,11 @@ RUN cd /tmp && \
     mv jenkins.war /app/pkg/jenkins.war && \
     chown cloudron:cloudron /app/pkg/jenkins.war
 
-# Copy startup script
+# Copy startup script and manifest
 COPY start.sh /app/pkg/start.sh
-RUN chmod +x /app/pkg/start.sh && chown cloudron:cloudron /app/pkg/start.sh
+COPY CloudronManifest.json /app/pkg/CloudronManifest.json
+COPY CloudronManifest.json /CloudronManifest.json
+RUN chmod +x /app/pkg/start.sh && chown cloudron:cloudron /app/pkg/start.sh /app/pkg/CloudronManifest.json /CloudronManifest.json
 
 USER cloudron
 

CloudronPackages/Jenkins/start.sh

@@ -18,14 +18,51 @@ chown -R cloudron:cloudron /app/data || true
 export JENKINS_HOME="${JENKINS_HOME}"
 export JENKINS_OPTS="--httpPort=${APP_PORT} --httpListenAddress=0.0.0.0"
 
-# Configure Jenkins for Cloudron
-log "Configuring Jenkins for Cloudron environment"
+# Configure Jenkins for Cloudron with OIDC support
+log "Configuring Jenkins for Cloudron environment with OIDC authentication"
 
 # Create basic Jenkins configuration if not exists
 if [[ ! -f "${JENKINS_HOME}/config.xml" ]]; then
-    log "Creating initial Jenkins configuration"
+    log "Creating initial Jenkins configuration with OIDC support"
     mkdir -p "${JENKINS_HOME}"
     
+    # Create OIDC configuration if environment variables are provided
+    if [[ -n "${CLOUDRON_OIDC_ISSUER_URL:-}" && -n "${CLOUDRON_OIDC_CLIENT_ID:-}" ]]; then
+        log "Configuring OIDC authentication for Jenkins"
+        mkdir -p "${JENKINS_HOME}/org.jenkinsci.plugins.openid_connect"
+        
+        # Create OIDC security realm configuration
+        cat > "${JENKINS_HOME}/org.jenkinsci.plugins.openid_connect.OpenIdConnectSecurityRealm.xml" <<'OIDC_XML'
+<?xml version='1.1' encoding='UTF-8'?>
+<org.jenkinsci.plugins.openid_connect.OpenIdConnectSecurityRealm plugin="openid-connect@2.4">
+  <issuer>${CLOUDRON_OIDC_ISSUER_URL}</issuer>
+  <clientId>${CLOUDRON_OIDC_CLIENT_ID}</clientId>
+  <clientSecret>${CLOUDRON_OIDC_CLIENT_SECRET}</clientSecret>
+  <scopes>openid,email,profile</scopes>
+  <usernameField>preferred_username</usernameField>
+  <fullNameField>name</fullNameField>
+  <emailField>email</emailField>
+  <disableSslVerification>false</disableSslVerification>
+  <logoutFromOpenidProvider>true</logoutFromOpenidProvider>
+  <postLogoutRedirectUrl>${CLOUDRON_OIDC_REDIRECT_URI}</postLogoutRedirectUrl>
+  <escapeHatchEnabled>false</escapeHatchEnabled>
+  <escapeHatchUsername>admin</escapeHatchUsername>
+  <escapeHatchSecret>jenkins-escape-hatch</escapeHatchSecret>
+  <escapeHatchGroup>admin</escapeHatchGroup>
+  <automanualconfigure>false</automanualconfigure>
+  <wellKnownOpenIDConfigurationUrl></wellKnownOpenIDConfigurationUrl>
+  <readTimeout>20</readTimeout>
+  <connectTimeout>10</connectTimeout>
+  <tokenServerUrl></tokenServerUrl>
+  <authorizationServerUrl></authorizationServerUrl>
+  <userInfoServerUrl></userInfoServerUrl>
+  <userNameField></userNameField>
+  <tokenFieldToCheckKey></tokenFieldToCheckKey>
+  <tokenFieldToCheckValue></tokenFieldToCheckValue>
+</org.jenkinsci.plugins.openid_connect.OpenIdConnectSecurityRealm>
+OIDC_XML
+    fi
+    
     # Create basic config.xml for Jenkins
     cat > "${JENKINS_HOME}/config.xml" <<'XML'
 <?xml version='1.1' encoding='UTF-8'?>