[JENKINS-73703] Add agent images for UBI 9

README_agent.md

@@ -64,6 +64,11 @@ The image has several supported configurations, which can be accessed via the fo
       * `jenkins/agent:alpine-jdk17`
       * `jenkins/agent:latest-alpine`
       * `jenkins/agent:latest-alpine-jdk17`
+    * rhel-ubi9 (Based on Red Hat Universal Base Image 9)
+      * `jenkins/agent:rhel-ubi9`
+      * `jenkins/agent:rhel-ubi9-jdk17`
+      * `jenkins/agent:latest-rhel-ubi9`
+      * `jenkins/agent:latest-rhel-ubi9-jdk17`
   * Java 21:
     * bookworm (Based on `debian:bookworm-${builddate}`):
       * `jenkins/agent:bookworm`
@@ -75,6 +80,9 @@ The image has several supported configurations, which can be accessed via the fo
       * `jenkins/agent:alpine-jdk21`
       * `jenkins/agent:latest-alpine`
       * `jenkins/agent:latest-alpine-jdk21`
+    * rhel-ubi9 (Based on Red Hat Universal Base Image 9)
+      * `jenkins/agent:rhel-ubi9-jdk21`
+      * `jenkins/agent:latest-rhel-ubi9-jdk21`
   * Java 11:
     * bookworm (Based on `debian:bookworm-${builddate}`):
       * `jenkins/agent:bookworm`

docker-bake.hcl

@@ -96,6 +96,10 @@ variable "DEBIAN_RELEASE" {
   default = "bookworm-20240904"
 }
 
+variable "UBI9_TAG" {
+  default = "9.4-1214.1726694543"
+}
+
 variable "JAVA11_VERSION" {
   default = "11.0.24_8"
 }
@@ -151,6 +155,13 @@ function "debian_platforms" {
   : ["linux/amd64", "linux/arm64", "linux/ppc64le", "linux/s390x"]))
 }
 
+# Return an array of RHEL UBI 9 platforms to use depending on the jdk passed as parameter
+# Note: Jenkins controller container image only supports jdk17 and jdk21 for ubi9
+function "rhel_ubi9_platforms" {
+  params = [jdk]
+  result = ["linux/amd64", "linux/arm64", "linux/ppc64le"]
+}
+
 target "alpine" {
   matrix = {
     type = ["agent", "inbound-agent"]
@@ -233,3 +244,31 @@ target "agent_archlinux_jdk11" {
   ]
   platforms = ["linux/amd64"]
 }
+
+target "rhel_ubi9" {
+  matrix = {
+    type = ["agent", "inbound-agent"]
+    jdk  = [17, 21]
+  }
+  name       = "${type}_rhel_ubi9_jdk${jdk}"
+  target     = type
+  dockerfile = "rhel/ubi9/Dockerfile"
+  context    = "."
+  args = {
+    UBI9_TAG       = UBI9_TAG
+    VERSION        = REMOTING_VERSION
+    JAVA_VERSION   = "${javaversion(jdk)}"
+  }
+  tags = [
+    # If there is a tag, add versioned tag suffixed by the jdk
+    equal(ON_TAG, "true") ? "${REGISTRY}/${orgrepo(type)}:${REMOTING_VERSION}-${BUILD_NUMBER}-rhel-ubi9-jdk${jdk}" : "",
+    # If there is a tag and if the jdk is the default one, add versioned short tag
+    equal(ON_TAG, "true") ? (is_default_jdk(jdk) ? "${REGISTRY}/${orgrepo(type)}:${REMOTING_VERSION}-${BUILD_NUMBER}-rhel-ubi9" : "") : "",
+    # If the jdk is the default one, add rhel and latest short tags
+    is_default_jdk(jdk) ? "${REGISTRY}/${orgrepo(type)}:rhel-ubi9" : "",
+    is_default_jdk(jdk) ? "${REGISTRY}/${orgrepo(type)}:latest-rhel-ubi9" : "",
+    "${REGISTRY}/${orgrepo(type)}:rhel-ubi9-jdk${jdk}",
+    "${REGISTRY}/${orgrepo(type)}:latest-rhel-ubi9-jdk${jdk}",
+  ]
+  platforms = rhel_ubi9_platforms(jdk)
+}

rhel/ubi9/Dockerfile

@@ -0,0 +1,113 @@
+ARG UBI9_TAG="9.4-1214.1726694543"
+FROM registry.access.redhat.com/ubi9/ubi:"${UBI9_TAG}" AS jre-build
+SHELL ["/bin/bash", "-e", "-u", "-o", "pipefail", "-c"]
+
+# This Build ARG is populated by Docker
+# Ref. https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
+ARG TARGETPLATFORM
+
+COPY adoptium-get-jdk-link.sh /usr/bin/local/adoptium-get-jdk-link.sh
+COPY adoptium-install-jdk.sh /usr/bin/local/adoptium-install-jdk.sh
+
+ARG JAVA_VERSION=17.0.12_7
+
+RUN dnf install --disableplugin=subscription-manager --setopt=install_weak_deps=0 --setopt=tsflags=nodocs --allowerasing -y \
+    ca-certificates \
+    curl \
+    jq \
+    && dnf clean --disableplugin=subscription-manager all \
+    && /usr/bin/local/adoptium-install-jdk.sh
+
+ENV PATH="/opt/jdk-${JAVA_VERSION}/bin:${PATH}"
+
+# Generate smaller java runtime without unneeded files
+# for now we include the full module path to maintain compatibility
+# while still saving space (approx 200mb from the full distribution)
+RUN case "$(jlink --version 2>&1)" in \
+      # jlink version 11 has less features than JDK17+
+      "11."*) set -- "--strip-debug" "--compress=2" ;; \
+      "17."*) set -- "--strip-java-debug-attributes" "--compress=2" ;; \
+      # the compression argument is different for JDK21
+      "21."*) set -- "--strip-java-debug-attributes" "--compress=zip-6" ;; \
+      *) echo "ERROR: unmanaged jlink version pattern" && exit 1 ;; \
+    esac; \
+    jlink \
+      "$1" \
+      "$2" \
+      --add-modules ALL-MODULE-PATH \
+      --no-man-pages \
+      --no-header-files \
+      --output /javaruntime
+
+FROM registry.access.redhat.com/ubi9/ubi:"${UBI9_TAG}" AS agent
+
+ARG user=jenkins
+ARG group=jenkins
+ARG uid=1000
+ARG gid=1000
+
+RUN groupadd -g "${gid}" "${group}" \
+  && useradd -l -c "Jenkins user" -d /home/"${user}" -u "${uid}" -g "${gid}" -m "${user}" || echo "user ${user} already exists."
+
+ARG AGENT_WORKDIR=/home/"${user}"/agent
+ENV TZ=Etc/UTC
+
+RUN dnf install --disableplugin=subscription-manager --setopt=install_weak_deps=0 --setopt=tsflags=nodocs -y \
+      ca-certificates \
+      fontconfig \
+      git \
+      git-lfs \
+      less \
+      patch \
+      tzdata \
+    && dnf clean --disableplugin=subscription-manager all
+
+ARG VERSION=3261.v9c670a_4748a_9
+ADD --chown="${user}":"${group}" "https://repo.jenkins-ci.org/public/org/jenkins-ci/main/remoting/${VERSION}/remoting-${VERSION}.jar" /usr/share/jenkins/agent.jar
+RUN chmod 0644 /usr/share/jenkins/agent.jar \
+    && ln -sf /usr/share/jenkins/agent.jar /usr/share/jenkins/slave.jar
+
+ENV LANG C.UTF-8
+
+ENV JAVA_HOME=/opt/java/openjdk
+COPY --from=jre-build /javaruntime "$JAVA_HOME"
+ENV PATH="${JAVA_HOME}/bin:${PATH}"
+
+USER "${user}"
+ENV AGENT_WORKDIR=${AGENT_WORKDIR}
+RUN mkdir -p /home/"${user}"/.jenkins && mkdir -p "${AGENT_WORKDIR}"
+
+VOLUME /home/"${user}"/.jenkins
+VOLUME "${AGENT_WORKDIR}"
+WORKDIR /home/"${user}"
+ENV USER=${user}
+LABEL \
+  org.opencontainers.image.vendor="Jenkins project" \
+  org.opencontainers.image.title="Official Jenkins Agent Base container image for UBI 9" \
+  org.opencontainers.image.description="This is a base image, which provides the Jenkins agent executable (agent.jar)" \
+  org.opencontainers.image.version="${VERSION}" \
+  org.opencontainers.image.url="https://www.jenkins.io/" \
+  org.opencontainers.image.source="https://github.com/jenkinsci/docker-agent" \
+  org.opencontainers.image.licenses="MIT"
+
+## Inbound Agent image target
+FROM agent AS inbound-agent
+
+ARG user=jenkins
+
+USER root
+COPY ../../jenkins-agent /usr/local/bin/jenkins-agent
+RUN chmod +x /usr/local/bin/jenkins-agent &&\
+    ln -s /usr/local/bin/jenkins-agent /usr/local/bin/jenkins-slave
+USER ${user}
+
+LABEL \
+  org.opencontainers.image.vendor="Jenkins project" \
+  org.opencontainers.image.title="Official Jenkins Inbound Agent Base container image for UBI 9" \
+  org.opencontainers.image.description="This is an image for Jenkins agents using TCP or WebSockets to establish inbound connection to the Jenkins controller" \
+  org.opencontainers.image.version="${VERSION}" \
+  org.opencontainers.image.url="https://www.jenkins.io/" \
+  org.opencontainers.image.source="https://github.com/jenkinsci/docker-agent" \
+  org.opencontainers.image.licenses="MIT"
+
+ENTRYPOINT ["/usr/local/bin/jenkins-agent"]