Update LATEST_VERSION to 3355.v388858a_47b_33-5

.github/workflows/check-updates.yml

@@ -19,6 +19,8 @@ jobs:
         uses: actions/checkout@v3
         with:
           token: ${{ secrets.CHECK_UPDATES_TOKEN }}
+      - name: Install dependencies
+        run: sudo apt-get install -y jq
       - name: Check updates
         run: chmod +x ./update-version.sh && ./update-version.sh
       - name: Get latest version
@@ -29,4 +31,5 @@ jobs:
         with:
           commit_message: Update LATEST_VERSION to ${{ steps.latest-version.outputs.version }}
           commit_options: '--no-verify'
-          file_pattern: LATEST_VERSION
+          push_options: '--force'
+          file_pattern: LATEST_VERSION

Dockerfile

@@ -4,7 +4,9 @@ FROM jenkins/inbound-agent:${BASE_TAG}
 
 USER root
 
-RUN groupadd -g 987 docker && usermod -aG docker jenkins
+COPY start-agent.sh /usr/local/bin/start.sh
+RUN chmod 755 /usr/local/bin/start.sh
+ENTRYPOINT [ "/bin/bash", "/usr/local/bin/start.sh" ]
 
 RUN apt-get update && apt-get install -y \
     ca-certificates \
@@ -16,5 +18,4 @@ RUN apt-get update && apt-get install -y \
     apt-get update && apt-get install -y docker-ce-cli docker-buildx-plugin docker-compose-plugin && \
     apt-get clean && rm -rf /var/lib/apt/lists/*
 
-USER jenkins
-
+ENV DOCKER_HOST=unix:///var/run/docker.sock

LATEST_VERSION

@@ -0,0 +1 @@
+3355.v388858a_47b_33-5

README.md

@@ -1,2 +1,42 @@
 # jenkins-agent-with-docker
+
 带有 Docker CLI 的 Jenkins agent 镜像。
+
+> **Note**：仅适用于 Docker，不适用于 Podman。
+
+## 安全警告
+
+将宿主机的 Docker 访问接口提供给 Jenkins 容器（包括 Agent）是一件很危险的事情，一旦 Jenkins 执行了恶意流水线，
+那么流水线将能完全控制 Docker Engine，甚至能够访问宿主机的所有文件。因此，使用此镜像时必须非常小心。
+
+## Usage
+
+使用此镜像必须将宿主机的 `/var/run/docker.sock` 映射到容器内同等目录，否则 Docker CLI 无法正常工作。  
+
+### 创建用户和用户组
+
+如果 Docker 不是用软件包管理器安装的，那就要先创建一个 `docker` 用户组，然后将 `jenkins` 用户加入到该用户组内：  
+
+```bash
+sudo groupadd docker
+```
+
+然后创建一个 `jenkins` 用户，并将其加入到 Docker 用户组内：
+
+```bash
+sudo useradd -m -g docker jenkins
+```
+
+### 部署 Jenkins Agent 容器
+
+在原先的部署命令上，添加 `/var/run/docker.sock` 的映射和宿主机 `jenkins` 用户、`docker` 用户组的 ID 到容器中：
+
+```bash
+docker run -d --name agent \
+    -v /var/run/docker.sock:/var/run/docker.sock \
+    -e GID=$(grep docker /etc/group | cut -d: -f3) \
+    -e UID=$(id -u jenkins) \
+    lamgc/jenkins-agent-docker  -url {JENKINS_URL} -workDir=/home/jenkins/agent {Secret} {Agent_Name}
+```
+
+具体配置请参考原版镜像说明：[jenkins/inbound-agent - Readme](https://github.com/jenkinsci/docker-inbound-agent/#readme)  

start-agent.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+if [ $(id -u) != "0" ]; then
+  echo "This script must be run as root"
+  exit 1
+fi
+
+if [ -z "$GID" ]; then
+  echo "GID is not set"
+  exit 1
+fi
+if [ -z "$UID" ]; then
+  echo "UID is not set"
+  exit 1
+fi
+if ! grep -q docker /etc/group; then
+  groupadd -g $GID docker && usermod -aG docker jenkins
+  echo "Added docker group"
+fi
+if [ $(id -u jenkins) -ne $UID ]; then
+  usermod -u $UID jenkins
+  echo "Changed jenkins UID"
+fi
+
+echo "Starting agent..."
+runuser -u jenkins -m -g docker -- /bin/bash /usr/local/bin/jenkins-agent $@

update-version.sh

@@ -1,4 +1,39 @@
-LATEST_VERSION=$(curl -s https://api.github.com/repos/jenkinsci/docker-inbound-agent/releases/latest | grep tag_name | cut -d '"' -f 4)
-if [ "$LATEST_VERSION" != "$(cat LATEST_VERSION)" ]; then
+#!/bin/bash
+
+TEMP_JSON=$(mktemp)
+trap 'rm -f "$TEMP_JSON"' EXIT
+API_URL="https://api.github.com/repos/jenkinsci/docker-agent/releases/latest"
+
+HTTP_CODE=$(curl -fsL -o "$TEMP_JSON" -w "%{http_code}" "$API_URL")
+if [ $? -ne 0 ]; then
+    echo "Error: Network request failed."
+    exit 1
+fi
+
+if [ "$HTTP_CODE" != "200" ]; then
+    echo "Error: API returned HTTP $HTTP_CODE"
+    if [ -s "$TEMP_JSON" ]; then
+        echo "Response body:"
+        cat "$TEMP_JSON"
+    fi
+    exit 1
+fi
+
+LATEST_VERSION=$(jq -r '.tag_name // empty' "$TEMP_JSON")
+if [ -z "$LATEST_VERSION" ] || [ "$LATEST_VERSION" == "null" ]; then
+    echo "Error: Failed to extract tag_name from response."
+    exit 1
+fi
+
+if [ -f LATEST_VERSION ]; then
+    CURRENT_VERSION=$(cat LATEST_VERSION)
+else
+    CURRENT_VERSION=""
+fi
+
+if [ "$LATEST_VERSION" != "$CURRENT_VERSION" ]; then
+    echo "New version found: $LATEST_VERSION (Old: $CURRENT_VERSION)"
     echo "$LATEST_VERSION" > LATEST_VERSION
-fi
+else
+    echo "Already at latest version: $LATEST_VERSION"
+fi