cleaned up jenkins agents that are dependant on other bases

.github/workflows/jenkins-agent-conftest-pr.yaml

@@ -18,6 +18,10 @@ jobs:
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
+      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
+        with:
+          dockerfile: ${{ env.context }}/Dockerfile
+
       - name: Build image
         uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2
         with:

.github/workflows/jenkins-agent-graalvm-pr.yaml

@@ -18,6 +18,11 @@ jobs:
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
+      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
+        with:
+          dockerfile: ${{ env.context }}/Dockerfile
+          ignore: DL3041
+
       - name: Build image
         uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2
         with:

.github/workflows/jenkins-agent-helm-pr.yaml

@@ -18,6 +18,10 @@ jobs:
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
+      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
+        with:
+          dockerfile: ${{ env.context }}/Dockerfile
+
       - name: Build image
         uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2
         with:

.github/workflows/jenkins-agent-python-publish.yaml

@@ -1,11 +1,9 @@
 name: jenkins-agent-python-publish
 on:
   push:
-    branches:
-      - jenkins-cleanup
-    #paths:
-    #  - jenkins-agents/jenkins-agent-python/version.json
-    #  - .github/workflows/jenkins-agent-python-publish.yaml
+    paths:
+      - jenkins-agents/jenkins-agent-python/version.json
+      - .github/workflows/jenkins-agent-python-publish.yaml
 
 # Declare default permissions as read only.
 permissions: read-all

jenkins-agents/jenkins-agent-conftest/Dockerfile

@@ -1,20 +1,40 @@
-FROM quay.io/redhat-cop/jenkins-agent-python:v1.2@sha256:fad872a01fb7013d782b1dccb5c46de38c8e853c158bb42b87db7696d6dbb012
-# ^ needed to install the python yq library 🐍
+# Builder
+FROM registry.access.redhat.com/ubi9/ubi:9.3-1476@sha256:fc300be6adbdf2ca812ad01efd0dee2a3e3f5d33958ad6cd99159e25e9ee1398 AS builder
+
+SHELL ["/bin/bash", "-c"]
 
-# renovate: datasource=github-releases depName=bats-core/bats-core
-ARG BATS_VERSION=v1.10.0
-# renovate: datasource=pypi depName=yq
-ARG YQ_VERSION=3.2.3
 # renovate: datasource=github-releases depName=open-policy-agent/conftest
 ARG CONFTEST_VERSION=v0.47.0
+RUN curl -L "https://github.com/open-policy-agent/conftest/releases/download/${CONFTEST_VERSION}/conftest_${CONFTEST_VERSION//v}_Linux_x86_64.tar.gz" -o /tmp/conftest.tar.gz && \
+    tar -xzf /tmp/conftest.tar.gz && \
+    mv conftest /usr/local/bin/conftest && \
+    conftest --version
+
+# Runnable
+FROM ghcr.io/garethahealy/containers-quickstarts/jenkins-agent-python:v4.14
+
+LABEL name="redhat-cop/jenkins-agent-conftest" \
+      io.k8s.display-name="Jenkins Agent Conftest" \
+      io.k8s.description="The jenkins agent conftest." \
+      com.redhat.component="redhat-cop/containers-quickstarts/jenkins-agent-conftest"
+
+SHELL ["/bin/bash", "-c"]
+
+# renovate: datasource=github-releases depName=bats-core/bats-core
+ARG BATS_VERSION=v1.10.0
 
 USER root
 
-RUN curl --fail -sL https://github.com/open-policy-agent/conftest/releases/download/${CONFTEST_VERSION}/conftest_${CONFTEST_VERSION//v}_Linux_x86_64.tar.gz | tar zxf - -C /usr/local/bin conftest && \
-    curl --fail -sL  https://github.com/bats-core/bats-core/archive/${BATS_VERSION}.tar.gz | tar zxf - -C /tmp && \
-    ./tmp/bats-core-${BATS_VERSION//v}/install.sh /usr/local && \
-    echo "na na na na na na na na na 🦇👨‍🦰" && \
-    rm -rf /tmp/bats* && \
-    pip install yq==${YQ_VERSION}
+COPY --from=builder /usr/local/bin/conftest /usr/local/bin/conftest
+
+COPY requirements.txt /requirements.txt
+RUN pip3.11 install --no-cache-dir -r /requirements.txt && \
+    curl -L "https://github.com/bats-core/bats-core/archive/${BATS_VERSION}.tar.gz" -o /tmp/bats.tar.gz && \
+    tar -C /tmp -xzf /tmp/bats.tar.gz && \
+    "/tmp/bats-core-${BATS_VERSION//v}/install.sh" /usr/local
 
 USER 1001
+
+RUN yq --version && \
+    bats --version && \
+    conftest --version

jenkins-agents/jenkins-agent-conftest/requirements.txt

@@ -0,0 +1 @@
+yq==3.2.3

jenkins-agents/jenkins-agent-graalvm/Dockerfile

@@ -1,41 +1,58 @@
-FROM quay.io/openshift/origin-jenkins-agent-maven:4.14@sha256:4a8671c25216b1b44bf47a363ec37d503568fa2f75ef1a010e2284ac1cc5df46
+# Builder
+FROM registry.access.redhat.com/ubi9/ubi:9.3-1476@sha256:fc300be6adbdf2ca812ad01efd0dee2a3e3f5d33958ad6cd99159e25e9ee1398 AS builder
 
-ARG GRAAL_VERSION=20.3.3.0-Final
-ENV GRAALVM_HOME=/opt/mandrelJDK
-ENV GRAAL_CE_URL=https://github.com/graalvm/mandrel/releases/download/mandrel-${GRAAL_VERSION}/mandrel-java11-linux-amd64-${GRAAL_VERSION}.tar.gz
-# renovate: datasource=github-releases depName=helm/helm
-ARG HELM_VERSION=v3.6.3
+SHELL ["/bin/bash", "-c"]
+
+# renovate: datasource=github-releases depName=graalvm/mandrel
+ARG GRAAL_VERSION=mandrel-21.3.4.0-Final
 # renovate: datasource=github-releases depName=stedolan/jq
 ARG JQ_VERSION=1.6
-# renovate: datasource=repology depName=homebrew/openshift-cli
-ARG OC_VERSION=4.14.3
 # renovate: datasource=github-releases depName=mikefarah/yq
 ARG YQ_VERSION=v4.40.5
+# renovate: datasource=github-releases depName=helm/helm
+ARG HELM_VERSION=v3.13.3
 
-ADD settings.xml $HOME/.m2/settings.xml
-ADD ubi8.repo /tmp/ubi8.repo
+RUN curl -L "https://github.com/graalvm/mandrel/releases/download/${GRAAL_VERSION}/mandrel-java11-linux-amd64-${GRAAL_VERSION//mandrel-}.tar.gz" -o mandrel-java11.tar.gz && \
+    tar -xzf mandrel-java11.tar.gz && \
+    mv "mandrel-java11-${GRAAL_VERSION//mandrel-}" /opt/mandrel-java11
 
-USER root
-RUN rm -f /etc/yum.repos.d/*.repo && \
-    mv /tmp/ubi8.repo /etc/yum.repos.d/ubi8.repo && \
-    dnf -y update --allowerasing && \
-    dnf install -y gcc gcc-c++ glibc-static glibc-devel zlib-devel && \
-    ### tools
-    mkdir -p ${GRAALVM_HOME} && \
-    cd ${GRAALVM_HOME} && \
-    curl -fsSL $GRAAL_CE_URL | tar -xzC ${GRAALVM_HOME} --strip-components=1 && \
-    curl -Lo /usr/local/bin/jq https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64 && \
+RUN curl -L "https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64" -o /usr/local/bin/jq && \
     chmod +x /usr/local/bin/jq && \
-    curl -L https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar --strip-components=1 -C /usr/local/bin -xzf - linux-amd64/helm && \
-    curl -Lo /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 && \
+    jq --version
+
+RUN curl -L "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" -o /usr/local/bin/yq && \
     chmod +x /usr/local/bin/yq && \
-    rm -f /usr/bin/oc && \
-    curl -sL https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${OC_VERSION}/openshift-client-linux.tar.gz \
-    | tar zxf - -C /usr/local/bin oc kubectl && \
-    ### Cleanup
-    dnf clean all && \
-    rm -rf /var/cache/yum
+    yq --version
+
+RUN curl -L "https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz" -o /tmp/helm.tar.gz && \
+    tar -xzf /tmp/helm.tar.gz && \
+    mv linux-amd64/helm /usr/local/bin/helm && \
+    helm version
+
+# Runnable
+FROM ghcr.io/garethahealy/containers-quickstarts/jenkins-agent-mvn:v4.14
+
+LABEL name="redhat-cop/jenkins-agent-graalvm" \
+      io.k8s.display-name="Jenkins Agent graalvm" \
+      io.k8s.description="The jenkins agent graalvm." \
+      com.redhat.component="redhat-cop/containers-quickstarts/jenkins-agent-graalvm"
+
+USER root
+
+RUN dnf install --nodocs -y gcc gcc-c++ glibc-static glibc-devel zlib-devel && \
+    dnf clean all
+
+COPY --from=builder /usr/local/bin/jq /usr/local/bin/jq
+COPY --from=builder /usr/local/bin/yq /usr/local/bin/yq
+COPY --from=builder /usr/local/bin/helm /usr/local/bin/helm
+COPY --from=builder /opt/mandrel-java11 /opt/mandrel-java11
 
 USER 1001
-WORKDIR ${USER_HOME_DIR}
-ENV PATH ${PATH}:${GRAALVM_HOME}/bin
+
+ENV GRAALVM_HOME=/opt/mandrel-java11
+ENV PATH="${PATH}:${GRAALVM_HOME}/bin"
+
+RUN jq --version && \
+    yq --version && \
+    helm version && \
+    native-image --version

jenkins-agents/jenkins-agent-helm/Dockerfile

@@ -1,54 +1,69 @@
-FROM quay.io/openshift/origin-jenkins-agent-base:4.14@sha256:1284ffe5b63ee7da4c4463d5f44b471fd42ce01c06f5c72edc195a30dcc1f7f4
+# Builder
+FROM registry.access.redhat.com/ubi9/ubi:9.3-1476@sha256:fc300be6adbdf2ca812ad01efd0dee2a3e3f5d33958ad6cd99159e25e9ee1398 AS builder
 
-# renovate: datasource=github-releases depName=helm/helm
-ARG HELM_VERSION=v3.13.2
+SHELL ["/bin/bash", "-c"]
+
+# renovate: datasource=github-releases depName=stedolan/jq
+ARG JQ_VERSION=1.6
 # renovate: datasource=github-releases depName=mikefarah/yq
 ARG YQ_VERSION=v4.40.5
-# renovate: datasource=github-releases depName=helm/chart-testing
-ARG CT_VERSION=v3.10.1
-# renovate: datasource=repology depName=homebrew/openshift-cli
-ARG OPENSHIFT_CLIENT_VERSION=4.14.3
+# renovate: datasource=github-releases depName=helm/helm
+ARG HELM_VERSION=v3.13.3
 # renovate: datasource=github-releases depName=open-policy-agent/conftest
 ARG CONFTEST_VERSION=v0.47.0
 # renovate: datasource=github-releases depName=stackrox/kube-linter
 ARG KUBE_LINTER_VERSION=v0.6.5
+# renovate: datasource=github-releases depName=helm/chart-testing
+ARG CT_VERSION=v3.10.1
+
+RUN curl -L "https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64" -o /usr/local/bin/jq && \
+    chmod +x /usr/local/bin/jq && \
+    jq --version
+
+RUN curl -L "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" -o /usr/local/bin/yq && \
+    chmod +x /usr/local/bin/yq && \
+    yq --version
+
+RUN curl -L "https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz" -o /tmp/helm.tar.gz && \
+    tar -xzf /tmp/helm.tar.gz && \
+    mv linux-amd64/helm /usr/local/bin/helm && \
+    helm version
+
+RUN curl -L "https://github.com/open-policy-agent/conftest/releases/download/${CONFTEST_VERSION}/conftest_${CONFTEST_VERSION//v}_Linux_x86_64.tar.gz" -o /tmp/conftest.tar.gz && \
+    tar -xzf /tmp/conftest.tar.gz && \
+    mv conftest /usr/local/bin/conftest && \
+    conftest --version
+
+RUN curl -L "https://github.com/stackrox/kube-linter/releases/download/${KUBE_LINTER_VERSION}/kube-linter-linux.tar.gz" -o /tmp/kube-linter-linux.tar.gz && \
+    tar -xzf /tmp/kube-linter-linux.tar.gz && \
+    mv kube-linter /usr/local/bin/kube-linter && \
+    kube-linter version
+
+RUN curl -L "https://github.com/helm/chart-testing/releases/download/${CT_VERSION}/chart-testing_${CT_VERSION//v}_linux_amd64.tar.gz" -o /tmp/chart-testing.tar.gz && \
+    tar -C /tmp -xzf /tmp/chart-testing.tar.gz && \
+    mv /tmp/ct /usr/local/bin/ct && \
+    ct version
+
+# Runnable
+FROM ghcr.io/garethahealy/containers-quickstarts/jenkins-agent-python:v4.14
+
+LABEL name="redhat-cop/jenkins-agent-helm" \
+      io.k8s.display-name="Jenkins Agent helm" \
+      io.k8s.description="The jenkins agent helm." \
+      com.redhat.component="redhat-cop/containers-quickstarts/jenkins-agent-helm"
+
+COPY --from=builder /usr/local/bin/jq /usr/local/bin/jq
+COPY --from=builder /usr/local/bin/yq /usr/local/bin/yq
+COPY --from=builder /usr/local/bin/helm /usr/local/bin/helm
+COPY --from=builder /usr/local/bin/conftest /usr/local/bin/conftest
+COPY --from=builder /usr/local/bin/kube-linter /usr/local/bin/kube-linter
+COPY --from=builder /usr/local/bin/ct /usr/local/bin/ct
+COPY --from=builder /tmp/etc ${HOME}/.ct
 
-## Required in order to avoid ct "ascii codec can't encode character" error
-ENV PYTHONIOENCODING=utf-8 \
-    LANG=C.UTF-8 \
-    LANGUAGE=C.UTF-8 \
-    LC_ALL=C.UTF-8
-
-COPY ubi8.repo /tmp/
-
-## Install helm, yq, conftest & kube-linter
-RUN curl -sL https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar zxf - -C /usr/local/bin --strip-components=1 linux-amd64/helm && \
-    curl -sL https://github.com/open-policy-agent/conftest/releases/download/${CONFTEST_VERSION}/conftest_${CONFTEST_VERSION//v}_Linux_x86_64.tar.gz | tar zxf - -C /usr/local/bin conftest && \
-    curl -sL https://github.com/stackrox/kube-linter/releases/download/${KUBE_LINTER_VERSION}/kube-linter-linux.tar.gz | tar zxf - -C /usr/local/bin kube-linter && \
-    curl -sL  https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 -o /usr/local/bin/yq && \
-    chmod -R 755 /usr/local/bin/yq
-
-## Install ct
-RUN curl -sL -o /tmp/chart-testing.tar.gz https://github.com/helm/chart-testing/releases/download/${CT_VERSION}/chart-testing_${CT_VERSION//v}_linux_amd64.tar.gz && \
-    mkdir ${HOME}/.ct && \
-    tar zxf /tmp/chart-testing.tar.gz -C /usr/local/bin ct && \
-    tar zxf /tmp/chart-testing.tar.gz -C ${HOME}/.ct --strip-components=1 etc && \
-    rm /tmp/chart-testing.tar.gz
-
-## Install git, python 3.8, yamale, and yamllint
-RUN INSTALL_PKGS="git python38 python38-pip" && \
-    rm -f /etc/yum.repos.d/*.repo && \
-    mv /tmp/ubi8.repo /etc/yum.repos.d/ubi8.repo && \
-    dnf -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \
-    dnf -y clean all && \
-    alternatives --set python3 /usr/bin/python3.8 && \
-    python3 -m pip install yamale==3.0.1 && \
-    python3 -m pip install yamllint==1.24.1 && \
-    chmod -R 775 /var/lib/alternatives && \
-    chmod -R 775 /etc/alternatives
-
-## Install oc and kubectl
-RUN curl -sL https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${OPENSHIFT_CLIENT_VERSION}/openshift-client-linux.tar.gz \
-    | tar zxf - -C /usr/local/bin oc kubectl
-
-USER 1001
+RUN jq --version && \
+    yq --version && \
+    helm version && \
+    conftest --version && \
+    kube-linter version && \
+    ct version && \
+    ls -l "${HOME}/.ct"