diff --git a/.jenkins/.env.yml b/.jenkins/.env.yml new file mode 100644 index 0000000..2038456 --- /dev/null +++ b/.jenkins/.env.yml @@ -0,0 +1,3 @@ +masterProfiles: ['','uat','prod'] +Profiles: ['','dev'] +jobConfigFile: "imagesConfig.yml" diff --git a/.jenkins/Jenkinsfile b/.jenkins/Jenkinsfile new file mode 100644 index 0000000..cf54cd4 --- /dev/null +++ b/.jenkins/Jenkinsfile @@ -0,0 +1,3 @@ +@Library('share-library@master')_ +orgName = 'xiaomayi' +pipelineImagesService(orgName) \ No newline at end of file diff --git a/dockerfiles/jdk/17.0.16-centos8-dos/Dockerfile b/dockerfiles/jdk/17.0.16-centos8-dos/Dockerfile new file mode 100644 index 0000000..f53909c --- /dev/null +++ b/dockerfiles/jdk/17.0.16-centos8-dos/Dockerfile @@ -0,0 +1,154 @@ +# 使用 CentOS 8 作为基础镜像 +FROM centos:8 + +# 维护者信息 +LABEL maintainer="小蚂蚁云团队" \ + description="JDK 17 on CentOS 8 with Chinese support" \ + version="1.0" + +# 设置环境变量 +ENV LANG zh_CN.UTF-8 +ENV LC_ALL zh_CN.UTF-8 +ENV JAVA_HOME /opt/jdk-17.0.16 +ENV PATH $JAVA_HOME/bin:$PATH +ENV CLASSPATH .:$JAVA_HOME/lib/jrt-fs.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar + +# 设置工作目录 +WORKDIR /tmp + +# 备份并替换 yum 源(解决 CentOS 8 EOL 问题) +RUN cd /etc/yum.repos.d/ && \ + # 备份原有 repo 文件 + rename '.repo' '.repo.bak' /etc/yum.repos.d/*.repo && \ + # 安装阿里云的 CentOS 8 归档镜像源 + curl -s -o /etc/yum.repos.d/Centos-vault-8.5.2111.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo && \ + # 启用阿里云仓库并禁用官方仓库 + sed -i 's|^mirrorlist=|#mirrorlist=|g' /etc/yum.repos.d/Centos-*.repo && \ + sed -i 's|^#baseurl=http://mirror.centos.org|baseurl=https://mirrors.aliyun.com|g' /etc/yum.repos.d/Centos-*.repo && \ + sed -i 's|^baseurl=http://mirror.centos.org|baseurl=https://mirrors.aliyun.com|g' /etc/yum.repos.d/Centos-*.repo && \ + # 确保仓库启用 + sed -i 's|^enabled=.*|enabled=1|g' /etc/yum.repos.d/Centos-*.repo + +# 安装基础软件包和中文支持,并一次性清理缓存 +RUN yum install -y \ + fontconfig \ + glibc-langpack-zh \ + glibc-locale-source \ + glibc-common && \ + # yum-utils \ + # net-tools \ + # vim \ + # curl && \ + # 设置中文语言环境 + localedef -c -f UTF-8 -i zh_CN zh_CN.utf8 && \ + localedef -c -f UTF-8 -i C UTF-8 && \ + # 设置系统locale + echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf && \ + echo 'LC_ALL="zh_CN.UTF-8"' >> /etc/locale.conf && \ + # 创建字体目录 + mkdir -p /usr/share/fonts/ && \ + chmod 755 /usr/share/fonts/ && \ + # 清理yum缓存 + yum clean all && \ + rm -rf /var/cache/yum && \ + yum makecache + +# 复制字体文件 +RUN mkdir -p /usr/share/fonts +COPY ./fonts/ /usr/share/fonts/ + +# 更新字体缓存并设置时区 +RUN fc-cache -fv && \ + ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \ + echo 'Asia/Shanghai' > /etc/timezone + +# # 安装 JDK +# WORKDIR /usr/local +# ADD jdk-17.0.16_linux-x64_bin.tar.gz /usr/local/ + +# # 验证 JDK 安装 +# RUN ln -sf ${JAVA_HOME} /usr/local/jdk-17.0.16 && \ +# java -version && \ +# javac -version + +# 添加并精简 JDK +ADD jdk-17.0.16_linux-x64_bin.tar.gz /opt/ + +# 精简JDK:删除不必要的文件 +RUN set -eux && \ + # 重命名JDK目录 + mv /opt/jdk-17.0.16 /opt/jdk-17.0.16-original && \ + \ + # 创建新的精简JDK目录 + mkdir -p /opt/jdk-17.0.16 && \ + \ + # 保留必要的目录和文件 + cp -r /opt/jdk-17.0.16-original/bin /opt/jdk-17.0.16/ && \ + cp -r /opt/jdk-17.0.16-original/lib /opt/jdk-17.0.16/ && \ + cp -r /opt/jdk-17.0.16-original/conf /opt/jdk-17.0.16/ && \ + cp -r /opt/jdk-17.0.16-original/include /opt/jdk-17.0.16/ && \ + \ + # 删除调试文件(使用通配符) + rm -rf /opt/jdk-17.0.16/lib/*.diz \ + /opt/jdk-17.0.16/lib/*/*.diz \ + /opt/jdk-17.0.16/lib/*/*/*.diz \ + /opt/jdk-17.0.16/lib/*.debuginfo \ + /opt/jdk-17.0.16/lib/*/*.debuginfo \ + /opt/jdk-17.0.16/lib/*/*/*.debuginfo \ + /opt/jdk-17.0.16/lib/*.pdb \ + /opt/jdk-17.0.16/lib/*/*.pdb \ + /opt/jdk-17.0.16/lib/*/*/*.pdb && \ + \ + # 删除不必要的模块和文件 + rm -rf /opt/jdk-17.0.16/lib/src.zip \ + /opt/jdk-17.0.16/lib/missioncontrol \ + /opt/jdk-17.0.16/lib/visualvm \ + /opt/jdk-17.0.16/lib/jfr \ + /opt/jdk-17.0.16/lib/security/cacerts.dummy \ + \ + # 删除演示和样例 + /opt/jdk-17.0.16-original/demo \ + /opt/jdk-17.0.16-original/sample \ + /opt/jdk-17.0.16-original/man \ + \ + # 删除文档 + /opt/jdk-17.0.16-original/legal \ + /opt/jdk-17.0.16-original/README.md \ + /opt/jdk-17.0.16-original/release && \ + \ + # 删除原始JDK目录 + rm -rf /opt/jdk-17.0.16-original && \ + \ + # 设置权限 + chmod -R 755 /opt/jdk-17.0.16 && \ + chown -R root:root /opt/jdk-17.0.16 &&\ + \ + # 验证JDK安装 + /opt/jdk-17.0.16/bin/java -version && \ + /opt/jdk-17.0.16/bin/javac -version + +# 清理临时文件和缓存 +RUN rm -rf /tmp/* /var/tmp/* /var/log/*log /var/log/nginx/*log \ + /var/log/*.log /var/log/dmesg /var/log/audit/*log \ + /root/.cache /*.repo.bak + +# 创建非 root 用户运行应用 +RUN groupadd -r esxi && \ + useradd -r -g esxi -m -d /app esxi && \ + chown -R esxi:esxi /app && \ + # 设置JDK目录权限 + chown -R esxi:esxi $JAVA_HOME + + +# 设置最终工作目录 +WORKDIR /app + +# 切换到非root用户 +#USER esxi + +# 健康检查(可选) +# HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ +# CMD java -version || exit 1 + +# 默认命令 +CMD ["java", "-version"] \ No newline at end of file diff --git a/dockerfiles/jdk/17.0.16-centos8-dos/deploy.sh b/dockerfiles/jdk/17.0.16-centos8-dos/deploy.sh new file mode 100644 index 0000000..e3c4981 --- /dev/null +++ b/dockerfiles/jdk/17.0.16-centos8-dos/deploy.sh @@ -0,0 +1,209 @@ +#!/bin/bash +set -euo pipefail + +# 配置参数 +IMAGE_NAME="jdk" +VERSION="17.0.16-centos8-dos" +HARBOR_REGISTRY="192.168.10.102:8001" # 替换为实际的Harbor地址 +HARBOR_PROJECT="xiaomayi-base" # 替换为实际的Harbor项目名 +HARBOR_USERNAME="deploy" # 替换为Harbor用户名 +HARBOR_PASSWORD="Harbor20240330" # 替换为Harbor密码 + +# 完整的镜像标签 +FULL_IMAGE_NAME="${HARBOR_REGISTRY}/${HARBOR_PROJECT}/${IMAGE_NAME}" +TAG_VERSION="${VERSION}" +TAG_LATEST="latest" + +# 颜色输出函数 +red() { echo -e "\033[31m$*\033[0m"; } +green() { echo -e "\033[32m$*\033[0m"; } +yellow() { echo -e "\033[33m$*\033[0m"; } +blue() { echo -e "\033[34m$*\033[0m"; } + +# 检查必要文件 +check_requirements() { + blue "检查构建所需文件..." + + if [ ! -f "jdk-17.0.16_linux-x64_bin.tar.gz" ]; then + red "错误: jdk-17.0.16_linux-x64_bin.tar.gz 不存在" + echo "请从Oracle官网下载JDK 17.0.16并放置在当前目录" + exit 1 + fi + + if [ ! -d "fonts" ]; then + yellow "提示: fonts 目录不存在,创建空目录" + mkdir -p fonts/ + yellow "可以放置中文字体文件到 fonts/ 目录以获得更好的中文支持" + fi + + green "✓ 文件检查完成" +} + +# 登录Harbor仓库 +login_to_harbor() { + blue "登录Harbor仓库: ${HARBOR_REGISTRY}" + + if echo "${HARBOR_PASSWORD}" | docker login -u "${HARBOR_USERNAME}" --password-stdin "${HARBOR_REGISTRY}"; then + green "✓ Harbor登录成功" + else + red "✗ Harbor登录失败" + exit 1 + fi +} + +# 构建Docker镜像 +build_image() { + blue "开始构建Docker镜像..." + + local build_cmd=( + docker build + # --pull + # --no-cache + -t "${FULL_IMAGE_NAME}:${TAG_VERSION}" + # -t "${FULL_IMAGE_NAME}:${TAG_LATEST}" + . + ) + + echo "执行命令: ${build_cmd[*]}" + + if "${build_cmd[@]}"; then + green "✓ 镜像构建成功" + else + red "✗ 镜像构建失败" + exit 1 + fi +} + +# 显示镜像信息 +show_image_info() { + blue "镜像构建信息:" + echo "----------------------------------------" + docker images "${FULL_IMAGE_NAME}" --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}" + echo "----------------------------------------" + + # 显示详细大小信息 + local image_size=$(docker image inspect "${FULL_IMAGE_NAME}:${TAG_VERSION}" --format='{{.Size}}' | awk '{printf "%.2f MB", $1/1024/1024}') + green "镜像大小: ${image_size}" +} + +# 测试镜像功能 +test_image() { + blue "测试镜像功能..." + + echo "1. 测试Java版本:" + if docker run --rm "${FULL_IMAGE_NAME}:${TAG_VERSION}" java -version; then + green "✓ Java测试通过" + else + red "✗ Java测试失败" + exit 1 + fi + + echo "2. 测试区域设置:" + if docker run --rm "${FULL_IMAGE_NAME}:${TAG_VERSION}" locale; then + green "✓ 区域设置测试通过" + else + red "✗ 区域设置测试失败" + exit 1 + fi + + echo "3. 测试时区设置:" + if docker run --rm "${FULL_IMAGE_NAME}:${TAG_VERSION}" date; then + green "✓ 时区测试通过" + else + red "✗ 时区测试失败" + exit 1 + fi +} + +# 推送镜像到Harbor +push_to_harbor() { + blue "推送镜像到Harbor仓库..." + + # 推送版本标签 + if docker push "${FULL_IMAGE_NAME}:${TAG_VERSION}"; then + green "✓ 版本标签推送成功: ${TAG_VERSION}" + else + red "✗ 版本标签推送失败" + exit 1 + fi + + # # 推送latest标签 + # if docker push "${FULL_IMAGE_NAME}:${TAG_LATEST}"; then + # green "✓ latest标签推送成功" + # else + # red "✗ latest标签推送失败" + # exit 1 + # fi +} + +# 清理本地镜像 +cleanup_local() { + blue "清理本地镜像..." + + docker rmi "${FULL_IMAGE_NAME}:${TAG_VERSION}" "${FULL_IMAGE_NAME}:${TAG_LATEST}" 2>/dev/null || true + green "✓ 本地镜像清理完成" +} + +# 验证远程镜像 +verify_remote_image() { + blue "验证远程镜像..." + + # 尝试拉取验证 + if docker pull "${FULL_IMAGE_NAME}:${TAG_VERSION}"; then + green "✓ 远程镜像验证成功" + docker rmi "${FULL_IMAGE_NAME}:${TAG_VERSION}" 2>/dev/null || true + else + red "✗ 远程镜像验证失败" + exit 1 + fi +} + +# 生成使用说明 +generate_usage() { + cat << EOF + +$(green "=== 镜像构建和推送完成 ===") +$(blue "镜像名称:") ${FULL_IMAGE_NAME} +$(blue "可用标签:") ${TAG_VERSION}, ${TAG_LATEST} + +$(yellow "使用方法:") +1. 拉取镜像: + docker pull ${FULL_IMAGE_NAME}:${TAG_VERSION} + +2. 运行测试: + docker run --rm ${FULL_IMAGE_NAME}:${TAG_VERSION} java -version + +3. 作为基础镜像使用: + FROM ${FULL_IMAGE_NAME}:${TAG_VERSION} + +$(green "镜像已成功推送到Harbor仓库!") +EOF +} + +# 主函数 +main() { + echo "$(blue '=== RockyLinux 8 JDK 17 基础镜像构建脚本 ===')" + echo "$(blue "目标仓库: ${HARBOR_REGISTRY}")" + echo "$(blue "镜像名称: ${IMAGE_NAME}")" + echo "$(blue "版本标签: ${VERSION}")" + echo "----------------------------------------" + + # 执行步骤 + check_requirements + login_to_harbor + build_image + show_image_info + test_image + push_to_harbor + cleanup_local + verify_remote_image + generate_usage + + green "✅ 所有步骤完成!" +} + +# 异常处理 +trap 'red "脚本执行被中断"; exit 1' INT TERM + +# 执行主函数 +main "$@" \ No newline at end of file diff --git a/resources/fonts/simsun.ttf b/resources/fonts/simsun.ttf new file mode 100644 index 0000000..e0115ab Binary files /dev/null and b/resources/fonts/simsun.ttf differ diff --git a/resources/jdk-17.0.16_linux-x64_bin.tar.gz b/resources/jdk-17.0.16_linux-x64_bin.tar.gz new file mode 100644 index 0000000..68b6243 Binary files /dev/null and b/resources/jdk-17.0.16_linux-x64_bin.tar.gz differ