Update code

cyber-scot · Dec 14, 2023 · edf1308 · edf1308
1 parent 31f52fa
commit edf1308
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 54 deletions.
diff --git a/containers/jenkins-alpine/Dockerfile b/containers/jenkins-alpine/Dockerfile
@@ -7,11 +7,11 @@ LABEL org.opencontainers.image.source=https://github.com/cyber-scot/base-images
 ARG NORMAL_USER=jenkins
 
 # Environment variables for pyenv
-ENV PYENV_ROOT /home/${NORMAL_USER}/.pyenv
+ENV PYENV_ROOT /opt/.pyenv
 ENV PATH $PYENV_ROOT/shims:$PYENV_ROOT/bin:$PATH
 
 #Set path vars
-ENV PATH="/var/jenkins_home:/var/jenkins_home/.local:/var/jenkins_home/.local/bin:/opt/java/openjdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt:/opt/bin:/home/linuxbrew/.linuxbrew/bin:/home/linuxbrew/.local/bin:/home/${NORMAL_USER}/.local:/home/${NORMAL_USER}:/home/${NORMAL_USER}/.tfenv:/home/${NORMAL_USER}/.tfenv/bin:/home/${NORMAL_USER}/.pkenv:/home/${NORMAL_USER}/.pkenv/bin:/home/${NORMAL_USER}/.pyenv:/home/${NORMAL_USER}/.pyenv/bin:/home/${NORMAL_USER}/.pyenv/shims:/home/${NORMAL_USER}/.local/bin"
+ENV PATH="/var/jenkins_home:/var/jenkins_home/.local:/var/jenkins_home/.local/bin:/opt/java/openjdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt:/opt/bin:/home/linuxbrew/.linuxbrew/bin:/home/linuxbrew/.local/bin:/var/jenkins_home/.local:/home/${NORMAL_USER}:/opt/.tfenv:/opt/.tfenv/bin:/opt/.pkenv:/opt/.pkenv/bin:/opt/.pyenv:/opt/.pyenv/bin:/opt/.pyenv/shims:/opt/.local/bin"
 ENV PATHVAR="PATH=${PATH}"
 
 USER root
@@ -44,6 +44,8 @@ RUN echo '@edge https://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/
     lttng-ust && \
     echo $PATHVAR > /etc/environmentecho $PATHVAR > /etc/environment
 
+RUN chown -R ${NORMAL_USER}:${NORMAL_USER} /opt
+
 # Download the PowerShell '.tar.gz' archive
 RUN POWERSHELL_RELEASE_URL=$(curl -s -L https://api.github.com/repos/PowerShell/PowerShell/releases/latest | jq -r '.assets[] | select(.name | endswith("linux-musl-x64.tar.gz")) | .browser_download_url') && \
     curl -L $POWERSHELL_RELEASE_URL -o /tmp/powershell.tar.gz && \
@@ -53,51 +55,49 @@ RUN POWERSHELL_RELEASE_URL=$(curl -s -L https://api.github.com/repos/PowerShell/
     ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh && \
     ln -s /usr/bin/pwsh /usr/bin/powershell
 
+#Install Azure Modules for Powershell - This can take a while, so setting as final step to shorten potential rebuilds
+RUN pwsh -Command Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted && \
+    pwsh -Command Install-Module -Name Az -Force -AllowClobber -Scope AllUsers -Repository PSGallery && \
+    pwsh -Command Install-Module -Name Microsoft.Graph -Force -AllowClobber -Scope AllUsers -Repository PSGallery && \
+    pwsh -Command Install-Module -Name Pester -Force -AllowClobber -Scope AllUsers -Repository PSGallery
+
+RUN mkdir -p /opt/tfsec && \
+    curl -sSL $(curl -sSL https://api.github.com/repos/tfsec/tfsec/releases/latest | jq -r '.assets[] | select(.name | contains("tfsec-linux-amd64")) | .browser_download_url') -o /tmp/tfsec > /dev/null 2>&1 && \
+    chmod +x /tmp/tfsec && \
+    mv /tmp/tfsec /opt/tfsec/tfsec && \
+    ln -fs /opt/tfsec/tfsec /usr/bin/tfsec
+
+USER ${NORMAL_USER}
+WORKDIR /var/jenkins_home
+
 ## Install pyenv and the latest stable version of Python
-RUN git clone https://github.com/pyenv/pyenv.git /home/${NORMAL_USER}/.pyenv && \
+RUN git clone https://github.com/pyenv/pyenv.git /opt/.pyenv && \
     eval "$(pyenv init --path)" && \
     pyenvLatestStable=$(pyenv install --list | grep -v - | grep -E "^\s*[0-9]+\.[0-9]+\.[0-9]+$" | tail -1) && \
     pyenv install $pyenvLatestStable && \
     pyenv global $pyenvLatestStable && \
     pip install --upgrade pip && \
     pip install \
     pip-system-certs \
+    ansible \
     azure-cli \
     pipenv \
     virtualenv \
     terraform-compliance \
     checkov \
     pywinrm
 
-#Install Azure Modules for Powershell - This can take a while, so setting as final step to shorten potential rebuilds
-RUN pwsh -Command Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted && \
-    pwsh -Command Install-Module -Name Az -Force -AllowClobber -Scope AllUsers -Repository PSGallery && \
-    pwsh -Command Install-Module -Name Microsoft.Graph -Force -AllowClobber -Scope AllUsers -Repository PSGallery && \
-    pwsh -Command Install-Module -Name Pester -Force -AllowClobber -Scope AllUsers -Repository PSGallery
-
-
-RUN git clone --depth=1 https://github.com/tfutils/tfenv.git /home/${NORMAL_USER}/.tfenv && \
+RUN git clone --depth=1 https://github.com/tfutils/tfenv.git /opt/.tfenv && \
     tfenv install && \
     tfenv use
 
 # Install Packer Env
-RUN git clone https://github.com/iamhsa/pkenv.git /home/${NORMAL_USER}/.pkenv && \
+RUN git clone https://github.com/iamhsa/pkenv.git /opt/.pkenv && \
     PACKER_LATEST_URL=$(curl -sL https://releases.hashicorp.com/packer/index.json | jq -r '.versions[].builds[].url' | egrep -v 'rc|beta|alpha' | egrep 'linux.*amd64'  | tail -1) && \
     PACKER_LATEST_VERSION=$(echo "$PACKER_LATEST_URL" | awk -F '/' '{print $6}' | sed 's/packer_//' | sed 's/_linux_amd64.zip//') && \
     pkenv install ${PACKER_LATEST_VERSION} && \
     pkenv use ${PACKER_LATEST_VERSION}
 
-RUN chown -R ${NORMAL_USER}:${NORMAL_USER} /opt && \
-    chown -R ${NORMAL_USER}:${NORMAL_USER} /home/${NORMAL_USER}
-
-RUN curl -sSL $(curl -sSL https://api.github.com/repos/tfsec/tfsec/releases/latest | jq -r '.assets[] | select(.name | contains("tfsec-linux-amd64")) | .browser_download_url') -o /tmp/tfsec > /dev/null 2>&1 && \
-    chmod +x /tmp/tfsec && \
-    mv /tmp/tfsec /usr/local/bin
-
-
-USER ${NORMAL_USER}
-WORKDIR /home/${NORMAL_USER}
-
 RUN jenkins-plugin-cli --plugins \
     apache-httpcomponents-client-4-api \
     azure-credentials \

diff --git a/containers/jenkins-alpine/packer.pkr.hcl b/containers/jenkins-alpine/packer.pkr.hcl
@@ -78,7 +78,7 @@ variable "tags" {
 }
 
 locals {
-  path_var = "/var/jenkins_home:/var/jenkins_home/.local:/var/jenkins_home/.local/bin:/opt/java/openjdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt:/opt/bin:/home/linuxbrew/.linuxbrew/bin:/home/linuxbrew/.local/bin:/home/${var.normal_user}/.local:/home/${var.normal_user}/.tfenv:/home/${var.normal_user}/.tfenv/bin:/home/${var.normal_user}/.pkenv:/home/${var.normal_user}/.pkenv/bin:/home/${var.normal_user}/.pyenv:/home/${var.normal_user}/.pyenv/bin:/home/${var.normal_user}/.pyenv/shims:/home/${var.normal_user}/.local/bin"
+  path_var = "/var/jenkins_home:/var/jenkins_home/.local:/var/jenkins_home/.local/bin:/opt/java/openjdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt:/opt/bin:/home/linuxbrew/.linuxbrew/bin:/home/linuxbrew/.local/bin:/home/${var.normal_user}/.local:/opt/.tfenv:/opt/.tfenv/bin:/opt/.pkenv:/opt/.pkenv/bin:/opt/.pyenv:/opt/.pyenv/bin:/opt/.pyenv/shims:/opt/.local/bin"
   packages = [
     "bash",
     "build-base",
@@ -155,7 +155,7 @@ source "docker" "alpine" {
     format("LABEL org.opencontainers.image.source=%s/%s/%s", var.project_scm, var.org, var.project),
     format("LABEL org.opencontainers.image.title=%s", var.container_name),
     format("ENV PATH=%s", local.path_var),
-    format("ENV PYENV_ROOT=%s", "/home/${var.normal_user}/.pyenv"),
+    format("ENV PYENV_ROOT=%s", "/opt/.pyenv"),
   ]
 
   run_command = ["-d", "-i", "-t", "--user=root", "--entrypoint=/sbin/tini", "--", "{{.Image}}", "--", "/usr/local/bin/jenkins.sh"]
@@ -174,6 +174,14 @@ build {
     ]
   }
 
+  provisioner "shell" {
+    environment_vars = ["PATH=${local.path_var}", "USER=root"]
+    execute_command  = "sudo -Hu root sh -c '{{ .Vars }} {{ .Path }}'"
+    inline = [
+      "chown -R ${var.normal_user}:${var.normal_user} /opt",
+    ]
+  }
+
   provisioner "shell" {
     environment_vars = ["PATH=${local.path_var}", "USER=root"]
     execute_command  = "sudo -Hu root sh -c '{{ .Vars }} {{ .Path }}'"
@@ -189,16 +197,12 @@ build {
   }
 
   provisioner "shell" {
-    environment_vars = ["PATH=${local.path_var}", "USER=root"]
+    environment_vars = ["PATH=${local.path_var}", "PYENV_ROOT=/opt/.pyenv", "USER=root"]
     execute_command  = "sudo -Hu root sh -c '{{ .Vars }} {{ .Path }}'"
     inline = [
-      "git clone https://github.com/pyenv/pyenv.git /home/${var.normal_user}/.pyenv",
-      "eval \"$(pyenv init --path)\"",
-      "pyenvLatestStable=$(pyenv install --list | grep -v - | grep -E \"^\\s*[0-9]+\\.[0-9]+\\.[0-9]+$\" | tail -1)",
-      "pyenv install $pyenvLatestStable",
-      "pyenv global $pyenvLatestStable",
-      "pip install --upgrade pip",
-      "pip install ${join(" ", local.pip_packages)}"
+      "curl -sSL $(curl -sSL https://api.github.com/repos/tfsec/tfsec/releases/latest | jq -r '.assets[] | select(.name | contains(\"tfsec-linux-amd64\")) | .browser_download_url') -o /tmp/tfsec > /dev/null 2>&1",
+      "chmod +x /tmp/tfsec",
+      "mv /tmp/tfsec /usr/local/bin"
     ]
   }
 
@@ -214,46 +218,41 @@ build {
   }
 
   provisioner "shell" {
-    environment_vars = ["PATH=${local.path_var}", "USER=root"]
-    execute_command  = "sudo -Hu root sh -c '{{ .Vars }} {{ .Path }}'"
+    environment_vars = ["PATH=${local.path_var}"]
+    execute_command  = "sudo -Hu ${var.normal_user} sh -c '{{ .Vars }} {{ .Path }}'"
     inline = [
-      "git clone --depth=1 https://github.com/tfutils/tfenv.git /home/${var.normal_user}/.tfenv",
+      "git clone --depth=1 https://github.com/tfutils/tfenv.git /opt/.tfenv",
       "tfenv install",
       "tfenv use"
     ]
   }
 
   provisioner "shell" {
-    environment_vars = ["PATH=${local.path_var}", "PYENV_ROOT=/home/${var.normal_user}/.pyenv", "USER=root"]
-    execute_command  = "sudo -Hu root sh -c '{{ .Vars }} {{ .Path }}'"
-    inline = [
-      "curl -sSL $(curl -sSL https://api.github.com/repos/tfsec/tfsec/releases/latest | jq -r '.assets[] | select(.name | contains(\"tfsec-linux-amd64\")) | .browser_download_url') -o /tmp/tfsec > /dev/null 2>&1",
-      "chmod +x /tmp/tfsec",
-      "mv /tmp/tfsec /usr/local/bin"
-    ]
-  }
-
-  provisioner "shell" {
-    environment_vars = ["PATH=${local.path_var}", "USER=root"]
-    execute_command  = "sudo -Hu root sh -c '{{ .Vars }} {{ .Path }}'"
+    environment_vars = ["PATH=${local.path_var}"]
+    execute_command  = "sudo -Hu ${var.normal_user} sh -c '{{ .Vars }} {{ .Path }}'"
     inline = [
-      "git clone https://github.com/iamhsa/pkenv.git /home/${var.normal_user}/.pkenv",
+      "git clone https://github.com/iamhsa/pkenv.git /opt/.pkenv",
       "pkenv install latest",
       "pkenv use latest"
     ]
   }
 
   provisioner "shell" {
-    environment_vars = ["PATH=${local.path_var}", "USER=root"]
-    execute_command  = "sudo -Hu root sh -c '{{ .Vars }} {{ .Path }}'"
+    environment_vars = ["PATH=${local.path_var}"]
+    execute_command  = "sudo -Hu ${var.normal_user} sh -c '{{ .Vars }} {{ .Path }}'"
     inline = [
-      "chown -R ${var.normal_user}:${var.normal_user} /opt",
-      "chown -R ${var.normal_user}:${var.normal_user} /home/${var.normal_user}",
+      "git clone https://github.com/pyenv/pyenv.git /opt/.pyenv",
+      "eval \"$(pyenv init --path)\"",
+      "pyenvLatestStable=$(pyenv install --list | grep -v - | grep -E \"^\\s*[0-9]+\\.[0-9]+\\.[0-9]+$\" | tail -1)",
+      "pyenv install $pyenvLatestStable",
+      "pyenv global $pyenvLatestStable",
+      "pip install --upgrade pip",
+      "pip install ${join(" ", local.pip_packages)}"
     ]
   }
 
   provisioner "shell" {
-    environment_vars = ["PATH=${local.path_var}", "PYENV_ROOT=/home/${var.normal_user}/.pyenv"]
+    environment_vars = ["PATH=${local.path_var}", "PYENV_ROOT=/opt/.pyenv"]
     execute_command  = "sudo -Hu ${var.normal_user} sh -c '{{ .Vars }} {{ .Path }}'"
     inline = [
       "jenkins-plugin-cli --plugins ${join(" ", local.jenkins_plugins)}"