From ee84d867d21a7805f65de9a731e65ae38909bba9 Mon Sep 17 00:00:00 2001 From: Alex Earl Date: Sat, 4 Apr 2020 06:00:07 -0700 Subject: [PATCH] All tests implemented and passing --- 11/nanoserver-1809/Dockerfile | 12 +++---- 11/windowsservercore-1809/Dockerfile | 14 ++++----- 8/nanoserver-1809/Dockerfile | 12 +++---- 8/windowsservercore-1809/Dockerfile | 14 ++++----- CreateProfile.psm1 | 39 ++--------------------- Jenkinsfile | 41 ++++++++++++++++++++++-- make.ps1 | 2 +- setup-sshd.ps1 | 4 +-- tests/sshAgent.Tests.ps1 | 47 ++++++---------------------- tests/test_helpers.psm1 | 3 -- 10 files changed, 78 insertions(+), 110 deletions(-) diff --git a/11/nanoserver-1809/Dockerfile b/11/nanoserver-1809/Dockerfile index dc22e189..19c28809 100644 --- a/11/nanoserver-1809/Dockerfile +++ b/11/nanoserver-1809/Dockerfile @@ -51,9 +51,9 @@ ENV PATH="${WindowsPATH};${ProgramFiles}\PowerShell;${JAVA_HOME}\bin" ARG OPENSSH_VERSION=v8.1.0.0p1-Beta ARG user=jenkins -ARG JENKINS_AGENT_HOME=C:/Users/${user} +ARG JENKINS_AGENT_WORK="C:/Users/${user}/Work" ENV JENKINS_AGENT_USER ${user} -ENV JENKINS_AGENT_HOME ${JENKINS_AGENT_HOME} +ENV JENKINS_AGENT_WORK ${JENKINS_AGENT_WORK} USER ContainerAdministrator @@ -82,7 +82,7 @@ RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tl Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value 'ChallengeResponseAuthentication no' ; ` Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value 'HostKeyAgent \\.\pipe\openssh-ssh-agent' ; ` Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value ('Match User {0}' -f $env:JENKINS_AGENT_USER) ; ` - Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value (' AuthorizedKeysFile {0}/.ssh/authorized_keys' -f $env:JENKINS_AGENT_HOME) ; ` + Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value (' AuthorizedKeysFile C:/Users/{0}/.ssh/authorized_keys' -f $env:JENKINS_AGENT_USER) ; ` New-Item -Path HKLM:\SOFTWARE -Name OpenSSH -Force | Out-Null ; ` New-ItemProperty -Path HKLM:\SOFTWARE\OpenSSH -Name DefaultShell -Value 'C:\Program Files\Powershell\pwsh.exe' -PropertyType string -Force | Out-Null @@ -90,11 +90,11 @@ COPY CreateProfile.psm1 C:/ # create user and user directory RUN Import-Module -Force C:/CreateProfile.psm1 ; ` - New-UserWithProfile -UserName $env:JENKINS_AGENT_USER -Description 'Jenkins Agent User' -HomeDir $env:JENKINS_AGENT_HOME -Verbose ; ` + New-UserWithProfile -UserName $env:JENKINS_AGENT_USER -Description 'Jenkins Agent User' ; ` Remove-Item -Force C:/CreateProfile.psm1 -VOLUME "${JENKINS_AGENT_HOME}/Work" "${JENKINS_AGENT_HOME}/AppData/Local/Temp" -WORKDIR "${JENKINS_AGENT_HOME}/Work" +VOLUME "${JENKINS_AGENT_WORK}" "C:/Users/${user}/AppData/Local/Temp" +WORKDIR "${JENKINS_AGENT_WORK}" COPY setup-sshd.ps1 C:/ProgramData/Jenkins/setup-sshd.ps1 diff --git a/11/windowsservercore-1809/Dockerfile b/11/windowsservercore-1809/Dockerfile index 4350dc1e..8cced3b3 100644 --- a/11/windowsservercore-1809/Dockerfile +++ b/11/windowsservercore-1809/Dockerfile @@ -2,7 +2,7 @@ # The MIT License # -# Copyright (c) 2019, Alex Earl +# Copyright (c) 2019-2020, Alex Earl # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal @@ -29,9 +29,9 @@ SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPref ARG OPENSSH_VERSION=v8.1.0.0p1-Beta ARG user=jenkins -ARG JENKINS_AGENT_HOME=C:/Users/${user} +ARG JENKINS_AGENT_WORK="C:/Users/${user}/Work" ENV JENKINS_AGENT_USER ${user} -ENV JENKINS_AGENT_HOME ${JENKINS_AGENT_HOME} +ENV JENKINS_AGENT_WORK ${JENKINS_AGENT_WORK} USER ContainerAdministrator @@ -60,7 +60,7 @@ RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tl Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value 'ChallengeResponseAuthentication no' ; ` Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value 'HostKeyAgent \\.\pipe\openssh-ssh-agent' ; ` Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value ('Match User {0}' -f $env:JENKINS_AGENT_USER) ; ` - Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value (' AuthorizedKeysFile {0}/.ssh/authorized_keys' -f $env:JENKINS_AGENT_HOME) ; ` + Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value (' AuthorizedKeysFile C:/Users/{0}/.ssh/authorized_keys' -f $env:JENKINS_AGENT_USER) ; ` New-Item -Path HKLM:\SOFTWARE -Name OpenSSH -Force | Out-Null ; ` New-ItemProperty -Path HKLM:\SOFTWARE\OpenSSH -Name DefaultShell -Value 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -PropertyType string -Force | Out-Null @@ -68,11 +68,11 @@ COPY CreateProfile.psm1 C:/ # create user and user directory RUN Import-Module -Force C:/CreateProfile.psm1 ; ` - New-UserWithProfile -UserName $env:JENKINS_AGENT_USER -Description 'Jenkins Agent User' -HomeDir $env:JENKINS_AGENT_HOME -Verbose ; ` + New-UserWithProfile -UserName $env:JENKINS_AGENT_USER -Description 'Jenkins Agent User' ; ` Remove-Item -Force C:/CreateProfile.psm1 -VOLUME "${JENKINS_AGENT_HOME}/Work" "${JENKINS_AGENT_HOME}/AppData/Local/Temp" -WORKDIR "${JENKINS_AGENT_HOME}/Work" +VOLUME "${JENKINS_AGENT_WORK}" "C:/Users/${user}/AppData/Local/Temp" +WORKDIR "${JENKINS_AGENT_WORK}" COPY setup-sshd.ps1 C:/ProgramData/Jenkins/setup-sshd.ps1 diff --git a/8/nanoserver-1809/Dockerfile b/8/nanoserver-1809/Dockerfile index 6179aee3..8cd77b79 100644 --- a/8/nanoserver-1809/Dockerfile +++ b/8/nanoserver-1809/Dockerfile @@ -51,9 +51,9 @@ ENV PATH="${WindowsPATH};${ProgramFiles}\PowerShell;${JAVA_HOME}\bin" ARG OPENSSH_VERSION=v8.1.0.0p1-Beta ARG user=jenkins -ARG JENKINS_AGENT_HOME=C:/Users/${user} +ARG JENKINS_AGENT_WORK="C:/Users/${user}/Work" ENV JENKINS_AGENT_USER ${user} -ENV JENKINS_AGENT_HOME ${JENKINS_AGENT_HOME} +ENV JENKINS_AGENT_WORK ${JENKINS_AGENT_WORK} USER ContainerAdministrator @@ -82,7 +82,7 @@ RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tl Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value 'ChallengeResponseAuthentication no' ; ` Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value 'HostKeyAgent \\.\pipe\openssh-ssh-agent' ; ` Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value ('Match User {0}' -f $env:JENKINS_AGENT_USER) ; ` - Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value (' AuthorizedKeysFile {0}/.ssh/authorized_keys' -f $env:JENKINS_AGENT_HOME) ; ` + Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value (' AuthorizedKeysFile C:/Users/{0}/.ssh/authorized_keys' -f $env:JENKINS_AGENT_USER) ; ` New-Item -Path HKLM:\SOFTWARE -Name OpenSSH -Force | Out-Null ; ` New-ItemProperty -Path HKLM:\SOFTWARE\OpenSSH -Name DefaultShell -Value 'C:\Program Files\Powershell\pwsh.exe' -PropertyType string -Force | Out-Null @@ -90,11 +90,11 @@ COPY CreateProfile.psm1 C:/ # create user and user directory RUN Import-Module -Force C:/CreateProfile.psm1 ; ` - New-UserWithProfile -UserName $env:JENKINS_AGENT_USER -Description 'Jenkins Agent User' -HomeDir $env:JENKINS_AGENT_HOME -Verbose ; ` + New-UserWithProfile -UserName $env:JENKINS_AGENT_USER -Description 'Jenkins Agent User' ; ` Remove-Item -Force C:/CreateProfile.psm1 -VOLUME "${JENKINS_AGENT_HOME}/Work" "${JENKINS_AGENT_HOME}/AppData/Local/Temp" -WORKDIR "${JENKINS_AGENT_HOME}/Work" +VOLUME "${JENKINS_AGENT_WORK}" "C:/Users/${user}/AppData/Local/Temp" +WORKDIR "${JENKINS_AGENT_WORK}" COPY setup-sshd.ps1 C:/ProgramData/Jenkins/setup-sshd.ps1 diff --git a/8/windowsservercore-1809/Dockerfile b/8/windowsservercore-1809/Dockerfile index 9edd321d..4dce869f 100644 --- a/8/windowsservercore-1809/Dockerfile +++ b/8/windowsservercore-1809/Dockerfile @@ -2,7 +2,7 @@ # The MIT License # -# Copyright (c) 2019, Alex Earl +# Copyright (c) 2019-2020, Alex Earl # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal @@ -29,9 +29,9 @@ SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPref ARG OPENSSH_VERSION=v8.1.0.0p1-Beta ARG user=jenkins -ARG JENKINS_AGENT_HOME=C:/Users/${user} +ARG JENKINS_AGENT_WORK="C:/Users/${user}/Work" ENV JENKINS_AGENT_USER ${user} -ENV JENKINS_AGENT_HOME ${JENKINS_AGENT_HOME} +ENV JENKINS_AGENT_WORK ${JENKINS_AGENT_WORK} USER ContainerAdministrator @@ -60,7 +60,7 @@ RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tl Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value 'ChallengeResponseAuthentication no' ; ` Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value 'HostKeyAgent \\.\pipe\openssh-ssh-agent' ; ` Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value ('Match User {0}' -f $env:JENKINS_AGENT_USER) ; ` - Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value (' AuthorizedKeysFile {0}/.ssh/authorized_keys' -f $env:JENKINS_AGENT_HOME) ; ` + Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value (' AuthorizedKeysFile C:/Users/{0}/.ssh/authorized_keys' -f $env:JENKINS_AGENT_USER) ; ` New-Item -Path HKLM:\SOFTWARE -Name OpenSSH -Force | Out-Null ; ` New-ItemProperty -Path HKLM:\SOFTWARE\OpenSSH -Name DefaultShell -Value 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -PropertyType string -Force | Out-Null @@ -68,11 +68,11 @@ COPY CreateProfile.psm1 C:/ # create user and user directory RUN Import-Module -Force C:/CreateProfile.psm1 ; ` - New-UserWithProfile -UserName $env:JENKINS_AGENT_USER -Description 'Jenkins Agent User' -HomeDir $env:JENKINS_AGENT_HOME -Verbose ; ` + New-UserWithProfile -UserName $env:JENKINS_AGENT_USER -Description 'Jenkins Agent User' ; ` Remove-Item -Force C:/CreateProfile.psm1 -VOLUME "${JENKINS_AGENT_HOME}/Work" "${JENKINS_AGENT_HOME}/AppData/Local/Temp" -WORKDIR "${JENKINS_AGENT_HOME}/Work" +VOLUME "${JENKINS_AGENT_WORK}" "C:/Users/${user}/AppData/Local/Temp" +WORKDIR "${JENKINS_AGENT_WORK}" COPY setup-sshd.ps1 C:/ProgramData/Jenkins/setup-sshd.ps1 diff --git a/CreateProfile.psm1 b/CreateProfile.psm1 index 8c32c818..fd405448 100644 --- a/CreateProfile.psm1 +++ b/CreateProfile.psm1 @@ -63,25 +63,13 @@ function New-UserWithProfile { [Parameter(Mandatory=$false, ValueFromPipelineByPropertyName=$true, Position=1)] - [string]$Description = '', - - [Parameter(Mandatory=$false, - ValueFromPipelineByPropertyName=$true, - Position=2)] - [string]$HomeDir="C:\Users\$UserName" + [string]$Description = '' ) Write-Verbose "Creating local user $Username"; try { - if($HomeDir.ToLower().Replace('\', '/') -ne "C:/Users/$UserName".ToLower()) { - if(-not (Test-Path $HomeDir)) { - New-Item -ItemType Directory -Path $HomeDir - } - net user $UserName /ADD /ACTIVE:YES /EXPIRES:NEVER /FULLNAME:"$Description" /PASSWORDCHG:NO /PASSWORDREQ:NO /HOMEDIR:$HomeDir - } else { - net user $UserName /ADD /ACTIVE:YES /EXPIRES:NEVER /FULLNAME:"$Description" /PASSWORDCHG:NO /PASSWORDREQ:NO - } + net user $UserName /ADD /ACTIVE:YES /EXPIRES:NEVER /FULLNAME:"$Description" /PASSWORDCHG:NO /PASSWORDREQ:NO net localgroup Administrators /add $UserName } catch { Write-Error $_.Exception.Message; @@ -89,29 +77,6 @@ function New-UserWithProfile { } $localUser = New-Object System.Security.Principal.NTAccount($UserName) - $administrators = New-Object System.Security.Principal.NTAccount('BUILTIN\Administrators') - $system = New-Object System.Security.Principal.NTAccount('NT AUTHORITY\SYSTEM') - - if($HomeDir.ToLower().Replace('\', '/') -ne "C:/Users/$UserName".ToLower()) { - Write-Warning "Setting access on $HomeDir!!!" - $acl = Get-Acl $HomeDir - $acl.SetAccessRuleProtection($true,$false) - ForEach ($u in @($localUSer, $administrators, $system)) { - $acl.AddAccessRule( - [System.Security.AccessControl.FileSystemAccessRule]::new( - $u, - [System.Security.AccessControl.FileSystemRights]::FullControl, - [System.Security.AccessControl.InheritanceFlags]'ContainerInherit, ObjectInherit', - [System.Security.AccessControl.PropagationFlags]::None, - [System.Security.AccessControl.AccessControlType]::Allow - ) - ) - } - $acl.SetOwner($administrators) - $acl.SetGroup($administrators) - Set-Acl -Path $HomeDir -AclObject $acl - Get-Acl $HomeDir - } $methodName = 'UserEnvCP' $script:nativeMethods = @(); diff --git a/Jenkinsfile b/Jenkinsfile index 0eb998a9..845f2252 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -24,9 +24,35 @@ pipeline { options { timeout(time: 60, unit: 'MINUTES') } + environment { + DOCKERHUB_ORGANISATION = "${infra.isTrusted() ? 'jenkins' : 'jenkins4eval'}" + } steps { checkout scm - powershell "& ./make.ps1" + powershell "& ./make.ps1 build" + powershell '& ./make.ps1 test' + script { + def branchName = "${env.BRANCH_NAME}" + if (branchName ==~ 'master') { + // we can't use dockerhub builds for windows + // so we publish here + infra.withDockerCredentials { + powershell '& ./make.ps1 publish' + } + } + + if (env.TAG_NAME != null) { + def tagItems = env.TAG_NAME.split('-') + if(tagItems.length == 2) { + // we need to build and publish the tag version + infra.withDockerCredentials { + powershell "& ./make.ps1 -PushVersions -Tag ${env.TAG_NAME} publish" + } + } + } + } + + powershell '& docker system prune --force --all' } } stage('Linux') { @@ -37,8 +63,17 @@ pipeline { timeout(time: 30, unit: 'MINUTES') } steps { - checkout scm - sh "make build" + script { + if(!infra.isTrusted()) { + deleteDir() + checkout scm + sh ''' + make build + make test + docker system prune --force --all + ''' + } + } } } } diff --git a/make.ps1 b/make.ps1 index 7b2dad74..88d30059 100644 --- a/make.ps1 +++ b/make.ps1 @@ -4,7 +4,7 @@ Param( [String] $Target = "build", [String] $AdditionalArgs = '', [String] $Build = '', - [String] $Tag = '4.3-1', + [String] $Tag = '1.0-1', [switch] $PushVersions = $false ) diff --git a/setup-sshd.ps1 b/setup-sshd.ps1 index 5a14475d..dea47f6e 100644 --- a/setup-sshd.ps1 +++ b/setup-sshd.ps1 @@ -34,7 +34,7 @@ Param( ) function Get-SSHDir { - return Join-Path $env:JENKINS_AGENT_HOME '.ssh' + return Join-Path "C:/Users/$env:JENKINS_AGENT_USER" '.ssh' } function Check-SSHDir { @@ -64,7 +64,7 @@ function Write-HostKey($Key) { } # Give the user Full Access to the home directory -icacls.exe $env:JENKINS_AGENT_HOME /grant "${env:JENKINS_AGENT_USER}:(CI)(OI)(F)" | Out-Null +icacls.exe "C:/Users/$env:JENKINS_AGENT_USER" /grant "${env:JENKINS_AGENT_USER}:(CI)(OI)(F)" | Out-Null # check the .ssh dir permissions Check-SSHDir diff --git a/tests/sshAgent.Tests.ps1 b/tests/sshAgent.Tests.ps1 index d65a840c..104bc0de 100644 --- a/tests/sshAgent.Tests.ps1 +++ b/tests/sshAgent.Tests.ps1 @@ -154,9 +154,10 @@ Describe "[$JDK $FLAVOR] build args" { } It 'uses build args correctly' { - $TEST_USER="foo" + $TEST_USER="testuser" + $TEST_JAW="C:/hamster" - $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "build --build-arg user=$TEST_USER -t $AGENT_IMAGE $FOLDER" + $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "build --build-arg `"user=$TEST_USER`" --build-arg `"JENKINS_AGENT_WORK=$TEST_JAW`" -t $AGENT_IMAGE $FOLDER" $exitCode | Should -Be 0 $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "run -dit --name $AGENT_CONTAINER -P $AGENT_IMAGE $SHELL" @@ -165,45 +166,15 @@ Describe "[$JDK $FLAVOR] build args" { $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "exec $AGENT_CONTAINER net user $TEST_USER" $exitCode | Should -Be 0 - $stdout | Should -Match $TEST_USER + $stdout | Should -Match "User name\s*$TEST_USER" + + $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "exec $AGENT_CONTAINER $SHELL -C `"(Get-ChildItem env:\ | Where-Object { `$_.Name -eq 'JENKINS_AGENT_WORK' }).Value`"" + $exitCode | Should -Be 0 + $stdout.Trim() | Should -Match "$TEST_JAW" } AfterAll { Cleanup($AGENT_CONTAINER) Pop-Location -StackName 'agent' } -} - -# @test "[${JDK} ${FLAVOR}] use build args correctly" { -# cd "${BATS_TEST_DIRNAME}"/.. || false - -# local TEST_USER=test-user -# local TEST_GROUP=test-group -# local TEST_UID=2000 -# local TEST_GID=3000 -# local TEST_JAH=/home/something - -# docker build \ -# --build-arg "user=${TEST_USER}" \ -# --build-arg "group=${TEST_GROUP}" \ -# --build-arg "uid=${TEST_UID}" \ -# --build-arg "gid=${TEST_GID}" \ -# --build-arg "JENKINS_AGENT_HOME=${TEST_JAH}" \ -# -t "${SUT_IMAGE}" \ -# "${FOLDER}" - -# docker run -d --name "${SUT_CONTAINER}" -P "${SUT_IMAGE}" "${PUBLIC_SSH_KEY}" - -# RESULT=$(docker exec "${SUT_CONTAINER}" sh -c "id -u -n ${TEST_USER}") -# [ "${RESULT}" = "${TEST_USER}" ] -# RESULT=$(docker exec "${SUT_CONTAINER}" sh -c "id -g -n ${TEST_USER}") -# [ "${RESULT}" = "${TEST_GROUP}" ] -# RESULT=$(docker exec "${SUT_CONTAINER}" sh -c "id -u ${TEST_USER}") -# [ "${RESULT}" = "${TEST_UID}" ] -# RESULT=$(docker exec "${SUT_CONTAINER}" sh -c "id -g ${TEST_USER}") -# [ "${RESULT}" = "${TEST_GID}" ] -# RESULT=$(docker exec "${SUT_CONTAINER}" sh -c 'stat -c "%U:%G" "${JENKINS_AGENT_HOME}"') -# [ "${RESULT}" = "${TEST_USER}:${TEST_GROUP}" ] - -# clean_test_container -# } +} \ No newline at end of file diff --git a/tests/test_helpers.psm1 b/tests/test_helpers.psm1 index fbe40771..5621d768 100644 --- a/tests/test_helpers.psm1 +++ b/tests/test_helpers.psm1 @@ -129,9 +129,6 @@ function Run-ThruSSH($container, $privateKeyVal, $cmd) { } else { $TMP_PRIV_KEY_FILE = New-TemporaryFile Set-Content -Path $TMP_PRIV_KEY_FILE -Value "$privateKeyVal" - # icacls.exe $TMP_PRIV_KEY_FILE /setowner $env:JENKINS_AGENT_USER | Out-Null - # icacls.exe $TMP_PRIV_KEY_FILE /grant $('{0}:(CI)(OI)(F)' -f $env:JENKINS_AGENT_USER) /grant "administrators:(CI)(OI)(F)" | Out-Null - # icacls.exe $TMP_PRIV_KEY_FILE /inheritance:r | Out-Null $exitCode, $stdout, $stderr = Run-Program (Join-Path $PSScriptRoot 'ssh.exe') "-i `"${TMP_PRIV_KEY_FILE}`" -o LogLevel=quiet -o UserKnownHostsFile=NUL -o StrictHostKeyChecking=no -l jenkins localhost -p $SSH_PORT $cmd" Remove-Item -Force $TMP_PRIV_KEY_FILE