Приложение 10. Пример docker-compose.yml для контейнера Jenkins
Jenkins
version: '3.2'
services:
jenkins:
image: docker.swordfishsecurity.com/appsechub/sfs-jenkins:${jenkins_master}
container_name: jenkins
user: 1000:1000
ports:
- 8080:8080
environment:
- JENKINS_URL=http://jenkins.company.com
- JENKINS_ADMIN_USER=admin
- JENKINS_ADMIN_PASSWORD=<some-password>
- DOCKER_HOST=tcp://docker-in-docker:2375
- gradle_dependency_task=dependencies
- fetch_license=true
- maven_home=/opt/maven
- gradle_home=/opt/gradle
- github_token=
- gradle_args=
- mvn_args=
- cdxgen_npm_url=https://registry.npmjs.org/
- cdxgen_maven_central_url=https://repo1.maven.org/maven2/
- cdxgen_android_maven=https://maven.google.com/
- cdxgen_pypi_url=https://pypi.org/pypi/
- cdxgen_go_url=https://pkg.go.dev/
- cdxgen_nuget_url=https://api.nuget.org/v3/registration3/
networks:
- network
volumes:
- ./jenkins_home:/var/jenkins_home:z
- ./fortify/projects:/fortify/projects
- /etc/localtime:/etc/localtime
- /etc/timezone:/etc/timezone
- ./certs:/tmp/certs
cap_add:
- SYS_ADMIN
pids_limit: 100
security_opt:
- no-new-privileges
restart: on-failure:5
cpu_shares: 1024
deploy:
resources:
limits:
memory: 2048M
node-all:
image: docker.swordfishsecurity.com/appsechub/sfs-jenkins-slave-all:${jenkins_node}
container_name: node-all
networks:
- network
user: 2000:2000
environment:
- LANG=en_US.utf-8
- DOCKER_HOST=tcp://docker-in-docker:2375
volumes:
- ./ssh-pub-keys-all:/home/ubuntu/.ssh
- ./jenkins-slave-all:/home/ubuntu/jenkins-slave
- /etc/localtime:/etc/localtime
- /etc/timezone:/etc/timezone
- ./certs:/tmp/certs
restart: on-failure:5
cpu_shares: 2048
deploy:
resources:
limits:
memory: 3072M
docker-in-docker:
image: docker.swordfishsecurity.com/public/docker:19.03.3-dind
container_name: docker-in-docker
privileged: true
volumes:
- ./docker-certs:/etc/docker/certs.d
- /sys/fs/cgroup:/sys/fs/cgroup:ro
environment:
- DOCKER_TLS_CERTDIR=
networks:
- network
pids_limit: 100
restart: on-failure:5
cpu_shares: 512
deploy:
resources:
limits:
memory: 512M
networks:
network:
driver: "bridge"
driver_opts:
com.docker.network.driver.mtu: 1450
Jenkins на Astra Linux
version: '3.2'
services:
jenkins:
image: docker.swordfishsecurity.com/appsechub/sfs-jenkins:${jenkins_master}
container_name: jenkins
user: 1000:1000
ports:
- 8080:8080
environment:
- JENKINS_URL=http://jenkins.company.com
- JENKINS_ADMIN_USER=admin
- JENKINS_ADMIN_PASSWORD=<some-password>
- DOCKER_HOST=ssh://<user>@<domain>
- gradle_dependency_task=dependencies
- fetch_license=true
- maven_home=/opt/maven
- gradle_home=/opt/gradle
- github_token=
- gradle_args=
- mvn_args=
- cdxgen_npm_url=https://registry.npmjs.org/
- cdxgen_maven_central_url=https://repo1.maven.org/maven2/
- cdxgen_android_maven=https://maven.google.com/
- cdxgen_pypi_url=https://pypi.org/pypi/
- cdxgen_go_url=https://pkg.go.dev/
- cdxgen_nuget_url=https://api.nuget.org/v3/registration3/
networks:
- network
volumes:
- ./jenkins_home:/var/jenkins_home:z
- ./fortify/projects:/fortify/projects
- /etc/localtime:/etc/localtime
- /etc/timezone:/etc/timezone
- ./certs:/tmp/certs
cap_add:
- SYS_ADMIN
pids_limit: 100
security_opt:
- no-new-privileges
restart: on-failure:5
cpu_shares: 1024
deploy:
resources:
limits:
memory: 2048M
node-all:
image: docker.swordfishsecurity.com/appsechub/sfs-jenkins-slave-all:${jenkins_node}
container_name: node-all
networks:
- network
user: 2000:2000
environment:
- LANG=en_US.utf-8
- DOCKER_HOST=ssh://<user>@<domain>
volumes:
- ./ssh-pub-keys-all:/home/astra/.ssh
- ./jenkins-slave-all:/home/astra/jenkins-slave
- /etc/localtime:/etc/localtime
- /etc/timezone:/etc/timezone
- ./certs:/tmp/certs
restart: on-failure:5
cpu_shares: 2048
deploy:
resources:
limits:
memory: 3072M
networks:
network:
driver: "bridge"
driver_opts:
com.docker.network.driver.mtu: 1450