docs: explain JFrog integration 🐸 (#8682)

2025-08-03 08:22:37 +00:00 · 2023-07-24 18:16:09 -05:00
parent 29963433ee
commit 8686b7a499
6 changed files with 352 additions and 10 deletions
--- a/examples/templates/jfrog-docker/README.md
+++ b/examples/templates/jfrog-docker/README.md
@@ -0,0 +1,26 @@
+---
+name: JFrog and Docker
+description: Develop inside Docker containers using your local daemon
+tags: [local, docker, jfrog]
+icon: /icon/docker.png
+---
+
+# jfrog-docker
+
+To get started, run `coder templates init`. When prompted, select this template.
+Follow the on-screen instructions to proceed.
+
+## Editing the image
+
+Edit the `Dockerfile` and run `coder templates push` to update workspaces.
+
+## code-server
+
+`code-server` is installed via the `startup_script` argument in the `coder_agent`
+resource block. The `coder_app` resource is defined to access `code-server` through
+the dashboard UI over `localhost:13337`.
+
+# Next steps
+
+Check out our [Docker](../docker/) template for a more fully featured Docker
+example.
--- a/examples/templates/jfrog-docker/build/Dockerfile
+++ b/examples/templates/jfrog-docker/build/Dockerfile
@@ -0,0 +1,21 @@
+FROM ubuntu
+
+RUN apt-get update \
+	&& apt-get install -y \
+	curl \
+	git \
+	golang \
+	sudo \
+	vim \
+	wget \
+	npm \
+	&& rm -rf /var/lib/apt/lists/*
+
+ARG USER=coder
+RUN useradd --groups sudo --no-create-home --shell /bin/bash ${USER} \
+	&& echo "${USER} ALL=(ALL) NOPASSWD:ALL" >/etc/sudoers.d/${USER} \
+	&& chmod 0440 /etc/sudoers.d/${USER}
+RUN curl -fL https://install-cli.jfrog.io | sh
+RUN chmod 755 $(which jf)
+USER ${USER}
+WORKDIR /home/${USER}
--- a/examples/templates/jfrog-docker/main.tf
+++ b/examples/templates/jfrog-docker/main.tf
@@ -0,0 +1,137 @@
+terraform {
+  required_providers {
+    coder = {
+      source  = "coder/coder"
+      version = "~> 0.11.1"
+    }
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "~> 3.0.1"
+    }
+    artifactory = {
+      source  = "registry.terraform.io/jfrog/artifactory"
+      version = "6.22.3"
+    }
+  }
+}
+
+locals {
+  username = data.coder_workspace.me.owner
+}
+
+data "coder_provisioner" "me" {
+}
+
+provider "docker" {
+}
+
+data "coder_workspace" "me" {
+}
+
+variable "jfrog_url" {
+  type        = string
+  description = "The URL of the JFrog instance."
+}
+
+variable "artifactory_access_token" {
+  type        = string
+  description = "The admin-level access token to use for JFrog."
+}
+
+
+# Configure the Artifactory provider
+provider "artifactory" {
+  url          = "${var.jfrog_url}/artifactory"
+  access_token = var.artifactory_access_token
+}
+
+resource "artifactory_access_token" "me" {
+  username = data.coder_workspace.me.owner_email
+  # The token should live for the duration of the workspace.
+  end_date_relative = "0s"
+}
+
+resource "coder_agent" "main" {
+  arch                   = data.coder_provisioner.me.arch
+  os                     = "linux"
+  startup_script_timeout = 180
+  startup_script         = <<-EOT
+    set -e
+
+    # install and start code-server
+    curl -fsSL https://code-server.dev/install.sh | sh -s -- --method=standalone --prefix=/tmp/code-server --version 4.11.0
+    /tmp/code-server/bin/code-server --auth none --port 13337 >/tmp/code-server.log 2>&1 &
+
+    # The jf CLI checks $CI when determining whether to use interactive
+    # flows.
+    export CI=true
+
+    jf c rm 0 || true
+    echo ${artifactory_access_token.me.access_token} | \
+      jf c add --access-token-stdin --url ${var.jfrog_url} 0
+
+    # Configure the `npm` CLI to use the Artifactory "npm" registry.
+    cat << EOF > ~/.npmrc
+    email = ${data.coder_workspace.me.owner_email}
+    registry=${var.jfrog_url}/artifactory/api/npm/npm/
+    EOF
+    jf rt curl /api/npm/auth >> .npmrc
+  EOT
+}
+
+resource "coder_app" "code-server" {
+  agent_id     = coder_agent.main.id
+  slug         = "code-server"
+  display_name = "code-server"
+  url          = "http://localhost:13337/?folder=/home/${local.username}"
+  icon         = "/icon/code.svg"
+  subdomain    = false
+  share        = "owner"
+
+  healthcheck {
+    url       = "http://localhost:13337/healthz"
+    interval  = 5
+    threshold = 6
+  }
+}
+
+resource "docker_volume" "home_volume" {
+  name = "coder-${data.coder_workspace.me.id}-home"
+  # Protect the volume from being deleted due to changes in attributes.
+  lifecycle {
+    ignore_changes = all
+  }
+}
+
+resource "docker_image" "main" {
+  name = "coder-${data.coder_workspace.me.id}"
+  build {
+    context = "./build"
+    build_args = {
+      USER = local.username
+    }
+  }
+  triggers = {
+    dir_sha1 = sha1(join("", [for f in fileset(path.module, "build/*") : filesha1(f)]))
+  }
+}
+
+resource "docker_container" "workspace" {
+  count = data.coder_workspace.me.start_count
+  image = docker_image.main.name
+  # Uses lower() to avoid Docker restriction on container names.
+  name = "coder-${data.coder_workspace.me.owner}-${lower(data.coder_workspace.me.name)}"
+  # Hostname makes the shell more user friendly: coder@my-workspace:~$
+  hostname   = data.coder_workspace.me.name
+  entrypoint = ["sh", "-c", coder_agent.main.init_script]
+  env        = ["CODER_AGENT_TOKEN=${coder_agent.main.token}"]
+  host {
+    host = "host.docker.internal"
+    ip   = "host-gateway"
+  }
+  volumes {
+    container_path = "/home/${local.username}"
+    volume_name    = docker_volume.home_volume.name
+    read_only      = false
+  }
+}