From affec6f945f44c7780e42b59ad4108062a075517 Mon Sep 17 00:00:00 2001
From: Adrian Clay <adrian.clay1@nhs.net>
Date: Thu, 15 Aug 2024 19:52:20 +0100
Subject: [PATCH]  Get the Jenkins worker image working (#178)

* Get the Jenkins worker image working

This image hadn't been touched in years, and wasn't working.

The original base image was using an unsupported version of
Debian, so also switch to a more recent base image.

Also use this opportunity to update Docker and AWS CLI tool.

* Update README with latest version for jenkins-worker

---------

Co-authored-by: MartinWheelerMT <martin.wheeler@madetech.com>
---
 pipeline/packer/jenkins-worker/Dockerfile     | 18 +++++-----
 pipeline/packer/jenkins-worker/README.md      | 24 +++++++++----
 .../packer/jenkins-worker/jenkins-worker.json | 35 -------------------
 3 files changed, 27 insertions(+), 50 deletions(-)
 delete mode 100644 pipeline/packer/jenkins-worker/jenkins-worker.json

diff --git a/pipeline/packer/jenkins-worker/Dockerfile b/pipeline/packer/jenkins-worker/Dockerfile
index d060a6851..469dfdf64 100755
--- a/pipeline/packer/jenkins-worker/Dockerfile
+++ b/pipeline/packer/jenkins-worker/Dockerfile
@@ -1,4 +1,4 @@
-FROM jenkins/jnlp-slave:latest
+FROM jenkins/jnlp-slave:4.13.3-1
 
 # Need to be root to install packages
 USER root
@@ -7,7 +7,8 @@ USER root
 RUN rm -rf /var/lib/apt/lists/* && apt update
 
 # Install Packer
-RUN wget -O packer.zip https://releases.hashicorp.com/packer/1.4.2/packer_1.4.2_linux_amd64.zip && \
+RUN apt-get install wget unzip && \
+        wget -O packer.zip https://releases.hashicorp.com/packer/1.4.2/packer_1.4.2_linux_amd64.zip && \
         unzip packer.zip -d /usr/bin/ && \
         rm packer.zip
 
@@ -17,7 +18,7 @@ RUN wget -O terraform.zip https://releases.hashicorp.com/terraform/0.12.31/terra
         rm terraform.zip
 
 # Install Python 3.9
-RUN apt-get update && apt-get install -y build-essential checkinstall libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev libgdbm-dev libc6-dev libbz2-dev uuid-dev zlib1g-dev libffi-dev swig pkg-config && \
+RUN apt-get update && apt-get install -y build-essential libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev libgdbm-dev libc6-dev libbz2-dev uuid-dev zlib1g-dev libffi-dev swig pkg-config && \
         wget -O python.tgz https://www.python.org/ftp/python/3.9.19/Python-3.9.19.tgz && \
         tar -xf python.tgz && rm python.tgz && \
         cd Python-3.9.19 && \
@@ -44,18 +45,17 @@ RUN apt-get update && \
         apt-key fingerprint 0EBFCD88 && \
         add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" && \
         apt-get update && \
-        apt-get install -qq -y --no-install-recommends docker-ce=5:19.03.6~3-0~debian-stretch && \
-        curl -L https://github.com/docker/compose/releases/download/1.27.4/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose && \
-        chmod +x /usr/local/bin/docker-compose
+        apt-get install -qq -y --no-install-recommends docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin && \
+        echo 'docker compose --compatibility "$@"' > /usr/local/bin/docker-compose && chmod +x /usr/local/bin/docker-compose
 
 # Install curl and libSSL, so Tornado can use the CURL HTTP client.
 RUN apt-get update && apt-get install -y libcurl4-openssl-dev libssl-dev
 
 # Install awscli
-ENV AWS_CLI_VERSION="1.16.312"
-RUN curl https://s3.amazonaws.com/aws-cli/awscli-bundle-${AWS_CLI_VERSION}.zip -o awscli-bundle.zip && \
+ENV AWS_CLI_VERSION="2.17.27"
+RUN curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${AWS_CLI_VERSION}.zip -o awscli-bundle.zip && \
         unzip awscli-bundle.zip && \
-        ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws && \
+        ./aws/install && \
         rm -rf aws*
 
 # Cleanup
diff --git a/pipeline/packer/jenkins-worker/README.md b/pipeline/packer/jenkins-worker/README.md
index c3dfd961f..e13199dd9 100644
--- a/pipeline/packer/jenkins-worker/README.md
+++ b/pipeline/packer/jenkins-worker/README.md
@@ -1,11 +1,23 @@
 # Jenkins worker image
 
-The files in this folder are used to create the image of a Jenkins worker for the Jenkin [amazon-ecs plugin](https://wiki.jenkins.io/display/JENKINS/Amazon+EC2+Container+Service+Plugin).
+The files in this folder are used to create the image of a Jenkins worker for the Jenkins [amazon-ecs plugin].
+
+[amazon-ecs plugin]: https://wiki.jenkins.io/display/JENKINS/Amazon+EC2+Container+Service+Plugin
 
 Usage:
 1. Make sure you're logged into AWS with the appropriate credentials on your computer.
-2. Run these commands:
-```bash
-docker build -t temporary/jenkins-worker:latest .
-DOCKER_REGISTRY=nameOfDockerRegistry BUILD_TAG=buildTag packer build jenkins-worker.json
-```
+2. Find out what the latest version of the jenkins-worker is by searching inside the `jenkins-worker` ECR registry.
+3. You can either replace the current build, if your change is low-risk, or create a new version allowing you
+   the ability to rollback.
+4. Run these commands, specifying the version you wish to publish as.
+   ```shell
+   VERSION=0.6
+   REGISTRY="$(aws sts get-caller-identity --query 'Account' --output text).dkr.ecr.eu-west-2.amazonaws.com"
+   aws ecr get-login-password --region eu-west-2 | docker login -u AWS --password-stdin $REGISTRY
+   docker buildx build --platform linux/amd64 --tag $REGISTRY/jenkins-worker:$VERSION --push .
+   ```
+5. If you have specified a new version, you'll need to generate a new ECS Task Definition revision pointing to 
+   that image label.
+   You can then specify that revision within Jenkins -> Configure System -> ECS agent template -> Task Definition Override,
+   All subsequent Jenkins builds will use that new worker image, and if you want to rollback the previous revision
+   can be placed within the Task Definition Overview box.
\ No newline at end of file
diff --git a/pipeline/packer/jenkins-worker/jenkins-worker.json b/pipeline/packer/jenkins-worker/jenkins-worker.json
deleted file mode 100644
index 763a80ceb..000000000
--- a/pipeline/packer/jenkins-worker/jenkins-worker.json
+++ /dev/null
@@ -1,35 +0,0 @@
-{
-  "_description": "This template produces a Jenkins worker.",
-  "variables": {
-    "registry": "{{env `DOCKER_REGISTRY`}}",
-    "repository": "/jenkins-worker",
-    "tag": "{{env `BUILD_TAG`}}"
-  },
-  "builders": [
-    {
-      "type": "docker",
-      "image": "temporary/jenkins-worker:latest",
-      "pull": false,
-      "commit": true,
-      "changes": [
-        "ENTRYPOINT [\"jenkins-slave\"]"
-      ]
-    }
-  ],
-  "provisioners": [
-  ],
-  "post-processors": [
-    [
-      {
-        "type": "docker-tag",
-        "repository": "{{user `registry`}}{{user `repository`}}",
-        "tag": "{{user `tag`}}"
-      },
-      {
-        "type": "docker-push",
-        "ecr_login": true,
-        "login_server": "https://{{user `registry`}}{{user `repository`}}"
-      }
-    ]
-  ]
-}