Improve jenkins docker image

- Move installation code to build.sh
- Add Jenkins to `docker` group to enable access to docker.sock
- Fix installing Docker for wrong Debian version
  - From now on use automated detection of Debian version
- Install fewer packages by now installing recommends
- Do a proper cleanup of helper packages and apt lists
- Use sudoers.d instead of appending to sudoers

Signed-off-by: Knut Ahlers <knut@ahlers.me>

Dockerfile

@@ -1,13 +1,7 @@
 FROM jenkins/jenkins:2.107.1
 USER root
 
-RUN bash -c "if ! [ -e /usr/lib/apt/methods/https ]; then apt-get update && apt-get install -y apt-transport-https; fi"
-
-RUN set -ex \
- && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 \
- && sh -c "echo deb [arch=amd64] https://download.docker.com/linux/debian jessie stable > /etc/apt/sources.list.d/docker.list" \
- && apt-get update && apt-get install -y docker-ce \
- && apt-get install -y sudo \
- && echo "jenkins ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+COPY build.sh /usr/local/bin/build.sh
+RUN /usr/local/bin/build.sh
 
 USER jenkins

build.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+set -euxo pipefail
+
+export DEBIAN_FRONTEND=noninteractive
+
+apt-get update
+
+# Install helper utils
+apt-get install -y --no-install-recommends \
+	apt-transport-https \
+	lsb-release \
+	sudo
+
+# Install docker-ce
+apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
+
+echo "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -sc) stable" >/etc/apt/sources.list.d/docker.list
+apt-get update
+apt-get install -y --no-install-recommends docker-ce
+
+# Allow jenkins to use `sudo` and docker
+echo "jenkins ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers.d/jenkins
+usermod -a -G docker jenkins
+
+# Cleanup
+apt-get purge -y lsb-release
+apt-get autoremove --purge -y
+rm -rf /var/lib/apt/lists/*