From b0529477f4cae82e6a415541966c2880c1127a9d Mon Sep 17 00:00:00 2001
From: Arvydas Silanskas <nma.arvydas.silanskas@gmail.com>
Date: Sat, 28 Sep 2024 11:53:40 +0300
Subject: [PATCH] parameterize docker group

---
 README.adoc              | 2 ++
 docker-compose.yml       | 2 ++
 jenkins-agent.Dockerfile | 3 ++-
 jenkins.yml              | 4 ----
 4 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/README.adoc b/README.adoc
index 4284110..1247d60 100644
--- a/README.adoc
+++ b/README.adoc
@@ -4,6 +4,7 @@
 
 . Run `create-keys.sh` to generate SSH keys used for Jenkins controller to talk to Jenkins agent;
 . Run `echo -n 'password' > adminpassword` to setup password for admin user (watchout to not add newlines);
+. Run `echo "DOCKER_GROUP=$(getent group docker | cut -d: -f3)" > .env` to setup agent's group so it can access docker socket;
 . Run `docker compose up -d`;
 . (Optionally) Add `update.sh` script to be run by cron periodically.
 
@@ -21,6 +22,7 @@ Jobs often need secrets, however these secrets should be scoped per-user / proje
 
 == Points of Improvement
 
+. Fix the goofy docker group mess;
 . Externalize user management (eg LDAP);
 . Use vaults for secret storage;
 . Change agent from persistent ssh to an adhoc provisioned instance.
diff --git a/docker-compose.yml b/docker-compose.yml
index 0bdf008..94e9536 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -17,6 +17,8 @@ services:
     build:
       context: .
       dockerfile: jenkins-agent.Dockerfile
+      args:
+        DOCKER_GROUP: '${DOCKER_GROUP}'
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
 
diff --git a/jenkins-agent.Dockerfile b/jenkins-agent.Dockerfile
index d77196a..6b1c17e 100644
--- a/jenkins-agent.Dockerfile
+++ b/jenkins-agent.Dockerfile
@@ -1,4 +1,5 @@
 FROM jenkins/ssh-agent:latest
 COPY --from=docker:dind /usr/local/bin/docker /usr/local/bin/
-RUN groupadd docker -g 971
+ARG DOCKER_GROUP
+RUN groupadd docker -g $DOCKER_GROUP
 RUN usermod -aG docker jenkins
diff --git a/jenkins.yml b/jenkins.yml
index 7da76f5..48afacb 100644
--- a/jenkins.yml
+++ b/jenkins.yml
@@ -67,10 +67,6 @@ jobs:
       folder('index_scheme_org') {
         displayName: 'index.scheme.org'
       }
-  - script: >
-      folder('index_scheme_org2') {
-        displayName: 'index.scheme.org2'
-      }
   - script: >
       multibranchPipelineJob('index_scheme_org/build') {
         displayName: 'Build and deploy'