From 65f6471028951abc63b59940d1e9564beddb12bc Mon Sep 17 00:00:00 2001
From: Knut Ahlers <knut@ahlers.me>
Date: Fri, 6 Apr 2018 14:07:02 +0200
Subject: [PATCH] Improve jenkins docker image

- Move installation code to build.sh
- Add Jenkins to `docker` group to enable access to docker.sock
- Fix installing Docker for wrong Debian version
  - From now on use automated detection of Debian version
- Install fewer packages by now installing recommends
- Do a proper cleanup of helper packages and apt lists
- Use sudoers.d instead of appending to sudoers

Signed-off-by: Knut Ahlers <knut@ahlers.me>
---
 Dockerfile | 10 ++--------
 build.sh   | 28 ++++++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 8 deletions(-)
 create mode 100755 build.sh

diff --git a/Dockerfile b/Dockerfile
index 2cba6d0..1251c6f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,13 +1,7 @@
 FROM jenkins/jenkins:2.107.1
 USER root
 
-RUN bash -c "if ! [ -e /usr/lib/apt/methods/https ]; then apt-get update && apt-get install -y apt-transport-https; fi"
-
-RUN set -ex \
- && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 \
- && sh -c "echo deb [arch=amd64] https://download.docker.com/linux/debian jessie stable > /etc/apt/sources.list.d/docker.list" \
- && apt-get update && apt-get install -y docker-ce \
- && apt-get install -y sudo \
- && echo "jenkins ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+COPY build.sh /usr/local/bin/build.sh
+RUN /usr/local/bin/build.sh
 
 USER jenkins
diff --git a/build.sh b/build.sh
new file mode 100755
index 0000000..9fad3db
--- /dev/null
+++ b/build.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+set -euxo pipefail
+
+export DEBIAN_FRONTEND=noninteractive
+
+apt-get update
+
+# Install helper utils
+apt-get install -y --no-install-recommends \
+	apt-transport-https \
+	lsb-release \
+	sudo
+
+# Install docker-ce
+apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
+
+echo "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -sc) stable" >/etc/apt/sources.list.d/docker.list
+apt-get update
+apt-get install -y --no-install-recommends docker-ce
+
+# Allow jenkins to use `sudo` and docker
+echo "jenkins ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers.d/jenkins
+usermod -a -G docker jenkins
+
+# Cleanup
+apt-get purge -y lsb-release
+apt-get autoremove --purge -y
+rm -rf /var/lib/apt/lists/*