签入版本

.jenkins/.env.yml

@@ -0,0 +1,3 @@
+masterProfiles: ['','uat','prod']
+Profiles: ['','dev']
+jobConfigFile: "imagesConfig.yml"

.jenkins/Jenkinsfile

@@ -0,0 +1,3 @@
+@Library('share-library@master')_
+orgName = 'xiaomayi'
+pipelineImagesService(orgName)

dockerfiles/jdk/17.0.16-centos8-dos/Dockerfile

@@ -0,0 +1,154 @@
+# 使用 CentOS 8 作为基础镜像
+FROM centos:8
+
+# 维护者信息
+LABEL maintainer="小蚂蚁云团队" \
+      description="JDK 17 on CentOS 8 with Chinese support" \
+      version="1.0"
+
+# 设置环境变量
+ENV LANG zh_CN.UTF-8
+ENV LC_ALL zh_CN.UTF-8
+ENV JAVA_HOME /opt/jdk-17.0.16
+ENV PATH $JAVA_HOME/bin:$PATH
+ENV CLASSPATH .:$JAVA_HOME/lib/jrt-fs.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
+
+# 设置工作目录
+WORKDIR /tmp
+
+# 备份并替换 yum 源（解决 CentOS 8 EOL 问题）
+RUN cd /etc/yum.repos.d/ && \
+    # 备份原有 repo 文件
+    rename '.repo' '.repo.bak' /etc/yum.repos.d/*.repo && \
+    # 安装阿里云的 CentOS 8 归档镜像源
+    curl -s -o /etc/yum.repos.d/Centos-vault-8.5.2111.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo && \
+    # 启用阿里云仓库并禁用官方仓库
+    sed -i 's|^mirrorlist=|#mirrorlist=|g' /etc/yum.repos.d/Centos-*.repo && \
+    sed -i 's|^#baseurl=http://mirror.centos.org|baseurl=https://mirrors.aliyun.com|g' /etc/yum.repos.d/Centos-*.repo && \
+    sed -i 's|^baseurl=http://mirror.centos.org|baseurl=https://mirrors.aliyun.com|g' /etc/yum.repos.d/Centos-*.repo && \
+    # 确保仓库启用
+    sed -i 's|^enabled=.*|enabled=1|g' /etc/yum.repos.d/Centos-*.repo
+
+# 安装基础软件包和中文支持，并一次性清理缓存
+RUN yum install -y \
+        fontconfig \
+        glibc-langpack-zh \
+        glibc-locale-source \
+        glibc-common && \
+        # yum-utils \
+        # net-tools \
+        # vim \
+        # curl && \
+    # 设置中文语言环境
+    localedef -c -f UTF-8 -i zh_CN zh_CN.utf8 && \
+    localedef -c -f UTF-8 -i C UTF-8 && \
+    # 设置系统locale
+    echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf && \
+    echo 'LC_ALL="zh_CN.UTF-8"' >> /etc/locale.conf && \
+    # 创建字体目录
+    mkdir -p /usr/share/fonts/ && \
+    chmod 755 /usr/share/fonts/ && \
+    # 清理yum缓存
+    yum clean all && \
+    rm -rf /var/cache/yum && \
+    yum makecache
+
+# 复制字体文件
+RUN mkdir -p /usr/share/fonts
+COPY ./fonts/ /usr/share/fonts/
+
+# 更新字体缓存并设置时区
+RUN fc-cache -fv && \
+    ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
+    echo 'Asia/Shanghai' > /etc/timezone
+
+# # 安装 JDK
+# WORKDIR /usr/local
+# ADD jdk-17.0.16_linux-x64_bin.tar.gz /usr/local/
+
+# # 验证 JDK 安装
+# RUN ln -sf ${JAVA_HOME} /usr/local/jdk-17.0.16 && \
+#     java -version && \
+#     javac -version
+
+# 添加并精简 JDK
+ADD jdk-17.0.16_linux-x64_bin.tar.gz /opt/
+
+# 精简JDK：删除不必要的文件
+RUN set -eux && \
+    # 重命名JDK目录
+    mv /opt/jdk-17.0.16 /opt/jdk-17.0.16-original && \
+    \
+    # 创建新的精简JDK目录
+    mkdir -p /opt/jdk-17.0.16 && \
+    \
+    # 保留必要的目录和文件
+    cp -r /opt/jdk-17.0.16-original/bin /opt/jdk-17.0.16/ && \
+    cp -r /opt/jdk-17.0.16-original/lib /opt/jdk-17.0.16/ && \
+    cp -r /opt/jdk-17.0.16-original/conf /opt/jdk-17.0.16/ && \
+    cp -r /opt/jdk-17.0.16-original/include /opt/jdk-17.0.16/ && \
+    \
+    # 删除调试文件（使用通配符）
+    rm -rf  /opt/jdk-17.0.16/lib/*.diz \
+            /opt/jdk-17.0.16/lib/*/*.diz \
+            /opt/jdk-17.0.16/lib/*/*/*.diz \
+            /opt/jdk-17.0.16/lib/*.debuginfo \
+            /opt/jdk-17.0.16/lib/*/*.debuginfo \
+            /opt/jdk-17.0.16/lib/*/*/*.debuginfo \
+            /opt/jdk-17.0.16/lib/*.pdb \
+            /opt/jdk-17.0.16/lib/*/*.pdb \
+            /opt/jdk-17.0.16/lib/*/*/*.pdb && \
+    \
+    # 删除不必要的模块和文件
+    rm -rf /opt/jdk-17.0.16/lib/src.zip \
+           /opt/jdk-17.0.16/lib/missioncontrol \
+           /opt/jdk-17.0.16/lib/visualvm \
+           /opt/jdk-17.0.16/lib/jfr \
+           /opt/jdk-17.0.16/lib/security/cacerts.dummy \
+           \
+           # 删除演示和样例
+           /opt/jdk-17.0.16-original/demo \
+           /opt/jdk-17.0.16-original/sample \
+           /opt/jdk-17.0.16-original/man \
+           \
+           # 删除文档
+           /opt/jdk-17.0.16-original/legal \
+           /opt/jdk-17.0.16-original/README.md \
+           /opt/jdk-17.0.16-original/release && \
+    \
+    # 删除原始JDK目录
+    rm -rf /opt/jdk-17.0.16-original && \
+    \
+    # 设置权限
+    chmod -R 755 /opt/jdk-17.0.16 && \
+    chown -R root:root /opt/jdk-17.0.16 &&\
+    \
+    # 验证JDK安装
+    /opt/jdk-17.0.16/bin/java -version && \
+    /opt/jdk-17.0.16/bin/javac -version
+
+# 清理临时文件和缓存
+RUN rm -rf /tmp/* /var/tmp/* /var/log/*log /var/log/nginx/*log \
+    /var/log/*.log /var/log/dmesg /var/log/audit/*log \
+    /root/.cache /*.repo.bak
+
+# 创建非 root 用户运行应用
+RUN groupadd -r esxi && \
+    useradd -r -g esxi -m -d /app esxi && \
+    chown -R esxi:esxi /app && \
+    # 设置JDK目录权限
+    chown -R esxi:esxi $JAVA_HOME
+
+
+# 设置最终工作目录
+WORKDIR /app
+
+# 切换到非root用户
+#USER esxi
+
+# 健康检查（可选）
+# HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+#     CMD java -version || exit 1
+
+# 默认命令
+CMD ["java", "-version"]

dockerfiles/jdk/17.0.16-centos8-dos/deploy.sh

@@ -0,0 +1,209 @@
+#!/bin/bash
+set -euo pipefail
+
+# 配置参数
+IMAGE_NAME="jdk"
+VERSION="17.0.16-centos8-dos"
+HARBOR_REGISTRY="192.168.10.102:8001"  # 替换为实际的Harbor地址
+HARBOR_PROJECT="xiaomayi-base"                  # 替换为实际的Harbor项目名
+HARBOR_USERNAME="deploy"           # 替换为Harbor用户名
+HARBOR_PASSWORD="Harbor20240330"           # 替换为Harbor密码
+
+# 完整的镜像标签
+FULL_IMAGE_NAME="${HARBOR_REGISTRY}/${HARBOR_PROJECT}/${IMAGE_NAME}"
+TAG_VERSION="${VERSION}"
+TAG_LATEST="latest"
+
+# 颜色输出函数
+red() { echo -e "\033[31m$*\033[0m"; }
+green() { echo -e "\033[32m$*\033[0m"; }
+yellow() { echo -e "\033[33m$*\033[0m"; }
+blue() { echo -e "\033[34m$*\033[0m"; }
+
+# 检查必要文件
+check_requirements() {
+    blue "检查构建所需文件..."
+    
+    if [ ! -f "jdk-17.0.16_linux-x64_bin.tar.gz" ]; then
+        red "错误: jdk-17.0.16_linux-x64_bin.tar.gz 不存在"
+        echo "请从Oracle官网下载JDK 17.0.16并放置在当前目录"
+        exit 1
+    fi
+
+    if [ ! -d "fonts" ]; then
+        yellow "提示: fonts 目录不存在，创建空目录"
+        mkdir -p fonts/
+        yellow "可以放置中文字体文件到 fonts/ 目录以获得更好的中文支持"
+    fi
+
+    green "✓ 文件检查完成"
+}
+
+# 登录Harbor仓库
+login_to_harbor() {
+    blue "登录Harbor仓库: ${HARBOR_REGISTRY}"
+    
+    if echo "${HARBOR_PASSWORD}" | docker login -u "${HARBOR_USERNAME}" --password-stdin "${HARBOR_REGISTRY}"; then
+        green "✓ Harbor登录成功"
+    else
+        red "✗ Harbor登录失败"
+        exit 1
+    fi
+}
+
+# 构建Docker镜像
+build_image() {
+    blue "开始构建Docker镜像..."
+    
+    local build_cmd=(
+        docker build
+        # --pull
+        # --no-cache
+        -t "${FULL_IMAGE_NAME}:${TAG_VERSION}"
+        # -t "${FULL_IMAGE_NAME}:${TAG_LATEST}"
+        .
+    )
+    
+    echo "执行命令: ${build_cmd[*]}"
+    
+    if "${build_cmd[@]}"; then
+        green "✓ 镜像构建成功"
+    else
+        red "✗ 镜像构建失败"
+        exit 1
+    fi
+}
+
+# 显示镜像信息
+show_image_info() {
+    blue "镜像构建信息:"
+    echo "----------------------------------------"
+    docker images "${FULL_IMAGE_NAME}" --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}"
+    echo "----------------------------------------"
+    
+    # 显示详细大小信息
+    local image_size=$(docker image inspect "${FULL_IMAGE_NAME}:${TAG_VERSION}" --format='{{.Size}}' | awk '{printf "%.2f MB", $1/1024/1024}')
+    green "镜像大小: ${image_size}"
+}
+
+# 测试镜像功能
+test_image() {
+    blue "测试镜像功能..."
+    
+    echo "1. 测试Java版本:"
+    if docker run --rm "${FULL_IMAGE_NAME}:${TAG_VERSION}" java -version; then
+        green "✓ Java测试通过"
+    else
+        red "✗ Java测试失败"
+        exit 1
+    fi
+    
+    echo "2. 测试区域设置:"
+    if docker run --rm "${FULL_IMAGE_NAME}:${TAG_VERSION}" locale; then
+        green "✓ 区域设置测试通过"
+    else
+        red "✗ 区域设置测试失败"
+        exit 1
+    fi
+    
+    echo "3. 测试时区设置:"
+    if docker run --rm "${FULL_IMAGE_NAME}:${TAG_VERSION}" date; then
+        green "✓ 时区测试通过"
+    else
+        red "✗ 时区测试失败"
+        exit 1
+    fi
+}
+
+# 推送镜像到Harbor
+push_to_harbor() {
+    blue "推送镜像到Harbor仓库..."
+    
+    # 推送版本标签
+    if docker push "${FULL_IMAGE_NAME}:${TAG_VERSION}"; then
+        green "✓ 版本标签推送成功: ${TAG_VERSION}"
+    else
+        red "✗ 版本标签推送失败"
+        exit 1
+    fi
+    
+    # # 推送latest标签
+    # if docker push "${FULL_IMAGE_NAME}:${TAG_LATEST}"; then
+    #     green "✓ latest标签推送成功"
+    # else
+    #     red "✗ latest标签推送失败"
+    #     exit 1
+    # fi
+}
+
+# 清理本地镜像
+cleanup_local() {
+    blue "清理本地镜像..."
+    
+    docker rmi "${FULL_IMAGE_NAME}:${TAG_VERSION}" "${FULL_IMAGE_NAME}:${TAG_LATEST}" 2>/dev/null || true
+    green "✓ 本地镜像清理完成"
+}
+
+# 验证远程镜像
+verify_remote_image() {
+    blue "验证远程镜像..."
+    
+    # 尝试拉取验证
+    if docker pull "${FULL_IMAGE_NAME}:${TAG_VERSION}"; then
+        green "✓ 远程镜像验证成功"
+        docker rmi "${FULL_IMAGE_NAME}:${TAG_VERSION}" 2>/dev/null || true
+    else
+        red "✗ 远程镜像验证失败"
+        exit 1
+    fi
+}
+
+# 生成使用说明
+generate_usage() {
+    cat << EOF
+
+$(green "=== 镜像构建和推送完成 ===")
+$(blue "镜像名称:") ${FULL_IMAGE_NAME}
+$(blue "可用标签:") ${TAG_VERSION}, ${TAG_LATEST}
+
+$(yellow "使用方法:")
+1. 拉取镜像:
+   docker pull ${FULL_IMAGE_NAME}:${TAG_VERSION}
+
+2. 运行测试:
+   docker run --rm ${FULL_IMAGE_NAME}:${TAG_VERSION} java -version
+
+3. 作为基础镜像使用:
+   FROM ${FULL_IMAGE_NAME}:${TAG_VERSION}
+
+$(green "镜像已成功推送到Harbor仓库!")
+EOF
+}
+
+# 主函数
+main() {
+    echo "$(blue '=== RockyLinux 8 JDK 17 基础镜像构建脚本 ===')"
+    echo "$(blue "目标仓库: ${HARBOR_REGISTRY}")"
+    echo "$(blue "镜像名称: ${IMAGE_NAME}")"
+    echo "$(blue "版本标签: ${VERSION}")"
+    echo "----------------------------------------"
+    
+    # 执行步骤
+    check_requirements
+    login_to_harbor
+    build_image
+    show_image_info
+    test_image
+    push_to_harbor
+    cleanup_local
+    verify_remote_image
+    generate_usage
+    
+    green "✅ 所有步骤完成!"
+}
+
+# 异常处理
+trap 'red "脚本执行被中断"; exit 1' INT TERM
+
+# 执行主函数
+main "$@"