KNEL/KNELProductionContainers
2
0
Fork 0
Code Pull Requests Actions Packages Releases Activity
Files
c8c4bd4e9b58322cb5bd554c5f9702bb273b9b30
KNELProductionContainers/CloudronPackages/Jenkins/start.sh
ReachableCEO c8c4bd4e9b feat(jenkins): complete Jenkins package with OIDC support and production methodology 
- Add comprehensive OIDC authentication configuration for Jenkins
- Include CloudronManifest.json in Docker image root directory
- Create production packaging methodology template
- Add OIDC authentication audit document
- Jenkins package ready for live Cloudron testing

Next: Test installation on live Cloudron instance
2025-10-17 10:32:28 -05:00

115 lines
4.4 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
log() { echo "[start] $(date -Is) $*"; }
abort() { echo "[start] ERROR: $*" >&2; exit 1; }
# Defaults
: "${APP_PORT:=8080}"
: "${JENKINS_HOME:=/app/data/jenkins_home}"
log "Starting Jenkins CI/CD on port ${APP_PORT}"
# Ensure Jenkins home directory exists and is writable
mkdir -p "${JENKINS_HOME}"
chown -R cloudron:cloudron /app/data || true
# Set Jenkins environment variables
export JENKINS_HOME="${JENKINS_HOME}"
export JENKINS_OPTS="--httpPort=${APP_PORT} --httpListenAddress=0.0.0.0"
# Configure Jenkins for Cloudron with OIDC support
log "Configuring Jenkins for Cloudron environment with OIDC authentication"
# Create basic Jenkins configuration if not exists
if [[ ! -f "${JENKINS_HOME}/config.xml" ]]; then
log "Creating initial Jenkins configuration with OIDC support"
mkdir -p "${JENKINS_HOME}"
# Create OIDC configuration if environment variables are provided
if [[ -n "${CLOUDRON_OIDC_ISSUER_URL:-}" && -n "${CLOUDRON_OIDC_CLIENT_ID:-}" ]]; then
log "Configuring OIDC authentication for Jenkins"
mkdir -p "${JENKINS_HOME}/org.jenkinsci.plugins.openid_connect"
# Create OIDC security realm configuration
cat > "${JENKINS_HOME}/org.jenkinsci.plugins.openid_connect.OpenIdConnectSecurityRealm.xml" <<'OIDC_XML'
<?xml version='1.1' encoding='UTF-8'?>
<org.jenkinsci.plugins.openid_connect.OpenIdConnectSecurityRealm plugin="openid-connect@2.4">
<issuer>${CLOUDRON_OIDC_ISSUER_URL}</issuer>
<clientId>${CLOUDRON_OIDC_CLIENT_ID}</clientId>
<clientSecret>${CLOUDRON_OIDC_CLIENT_SECRET}</clientSecret>
<scopes>openid,email,profile</scopes>
<usernameField>preferred_username</usernameField>
<fullNameField>name</fullNameField>
<emailField>email</emailField>
<disableSslVerification>false</disableSslVerification>
<logoutFromOpenidProvider>true</logoutFromOpenidProvider>
<postLogoutRedirectUrl>${CLOUDRON_OIDC_REDIRECT_URI}</postLogoutRedirectUrl>
<escapeHatchEnabled>false</escapeHatchEnabled>
<escapeHatchUsername>admin</escapeHatchUsername>
<escapeHatchSecret>jenkins-escape-hatch</escapeHatchSecret>
<escapeHatchGroup>admin</escapeHatchGroup>
<automanualconfigure>false</automanualconfigure>
<wellKnownOpenIDConfigurationUrl></wellKnownOpenIDConfigurationUrl>
<readTimeout>20</readTimeout>
<connectTimeout>10</connectTimeout>
<tokenServerUrl></tokenServerUrl>
<authorizationServerUrl></authorizationServerUrl>
<userInfoServerUrl></userInfoServerUrl>
<userNameField></userNameField>
<tokenFieldToCheckKey></tokenFieldToCheckKey>
<tokenFieldToCheckValue></tokenFieldToCheckValue>
</org.jenkinsci.plugins.openid_connect.OpenIdConnectSecurityRealm>
OIDC_XML
fi
# Create basic config.xml for Jenkins
cat > "${JENKINS_HOME}/config.xml" <<'XML'
<?xml version='1.1' encoding='UTF-8'?>
<hudson>
<version>2.450</version>
<numExecutors>2</numExecutors>
<mode>NORMAL</mode>
<useSecurity>true</useSecurity>
<authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy"/>
<securityRealm class="hudson.security.HudsonPrivateSecurityRealm">
<disableSignup>true</disableSignup>
</securityRealm>
<disableRememberMe>false</disableRememberMe>
<projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
<workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULLNAME}</workspaceDir>
<buildsDir>${JENKINS_HOME}/builds/${ITEM_FULLNAME}</buildsDir>
<markupFormatter class="hudson.markup.RawHtmlMarkupFormatter" plugin="antisamy-markup-formatter@3.1"/>
<jdks/>
<viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
<myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
<clouds/>
<slaves/>
<scm class="hudson.scm.NullSCM"/>
<views>
<hudson.model.AllView>
<owner class="hudson" reference="../../.."/>
<name>all</name>
<filterExecutors>false</filterExecutors>
<filterQueue>false</filterQueue>
<properties class="hudson.model.View$PropertyList"/>
</hudson.model.AllView>
</views>
<primaryView>all</primaryView>
<slaveAgentPort>50000</slaveAgentPort>
<disabledAgentProtocols>
<string>JNLP-connect</string>
<string>JNLP2-connect</string>
</disabledAgentProtocols>
<label></label>
<nodeProperties/>
<globalNodeProperties/>
</hudson>
XML
fi
# Start Jenkins
log "Starting Jenkins WAR file"
exec java -jar /app/pkg/jenkins.war ${JENKINS_OPTS}
View Git Blame Copy Permalink