Jenkins April 2023 Newsletter
Key Takeaways
-
There was one security advisory this month announcing vulnerabilities regarding Jenkins plugins.
-
Cloud Cost Controls with improved resource cleanups and VM usage optimization to face the increased rate of builds on ci.jenkins.io.
-
Thanks to DigitalOcean for their continued support and ($8,400 credit) sponsorship of Jenkins.
-
Ppc64le docker agent images are now available.
-
Jenkins at cdCon + GitOpsCon!
Contributed by: Wadeck Follonier
In April, there was one advisory regarding plugins published on April 12:
-
One coordinated effort related to improper masking of credentials.
-
14 plugins were impacted.
-
12 without fixes according to our documentation.
Contributed by: Mark Waite
The Chinese language Jenkins website is being retired. Translation updates have not been made in two years and users are perplexed when the installation instructions and other instructions are no longer correct. The Chinese localization of Jenkins continues to be available, but the links to the Chinese website have been removed.
Contributed by: Damien Duportal
-
Cloud Cost Controls with improved resource cleanups and VM usage optimization to face the increased rate of builds on ci.jenkins.io:
-
Decreased the AWS bill from $19,000 to $14,000, resulting in savings of $5,000.
-
Decreased the Azure bill by $2,000.
-
-
DigitalOcean gave $8,400 additional credits to the Jenkins project, for the infrastructure to sustain ci.jenkins.io increased build rate. Thanks to DigitalOcean for their continued support!
-
ci.jenkins.io performance improved by getting rid of the JobConfigHistory plugin.
-
The Ubuntu
22.04upgrade campaign (18.04is end-of-life in May 2023) is in progress. -
Jenkins LTS
2.387.2was deployed everywhere less than 48h after its release. -
General availability of JDK
8u372-b07,11.0.19+7, and17.0.7+7. -
Prototyping Azure
arm64build agents is done, we can move forward to production for our internal usages first.
Contributed by: Mark Waite
An accessibility assessment of Jenkins has been provided by Deutsche Telekom. The assessment is being used by Cristina Pizzagalli and others to improve the Jenkins user experience for users with disabilities. Contributors that are interested in helping with the accessibility improvements should include their comments on JENKINS-71153.
Mobile users of Jenkins will now see a card layout of the Jenkins user interface, thanks to work done by Jan Faracik.
The Prototype.js JavaScript library that is widely used in Jenkins core and Jenkins plugins is being replaced. Special thanks to Tim Jacomb, Basil Crow, Alexander Brandes, and several others for their work replacing that library. Contributors that would like to help with the JavaScript work are invited to assign themselves one of the issues listed in JENKINS-70906.
Contributed by: Bruno Verachten
Over the course of April, the Jenkins platform saw several updates and improvements. These improvements include:
-
The Digicert code signing for MSI installer and jar file was updated.
-
The PGP signing key was updated for RPM and DEB packages.
-
Ppc64le: we’re almost at the end. Thank you so much for your contributions Kenneth!
-
Latest updates on the agent images:
-
Ssh-agent release 4.15.0
-
This includes updating Debian to
bullseye-20230411in/17/8/11/bullseye. (#234). -
Adding
ppc64lesupport back into the Jenkins CI SSH agent Docker build. (#220) @ksalerno99 -
Now using Java
11.0.18(#231) @MarkEWaite
-
-
Docker-agent release 3107.v665000b_51092-8
-
Upgrade of Arch Linux from
base-20230319.0.135218tobase-20230409.0.141585in/11/archlinux. (#402) -
Upgrade of Debian from
bullseye-20230320tobullseye-20230411in11/17/bullseye. (#403) -
Added
ppc64lesupport back into the Jenkins CI agent Docker build. (#391) @ksalerno99 -
Exposing the default image user to the environment variable user. (#400) @dduportal
-
-
-
Mark Waite is working on a system that would warn when operating system end-of-life is approaching.
Contributed by: Kevin Martens
Over the course of April, there were 4 blog posts published, featuring seven different authors. Bruno Verachten continues his series on building android apps in Jenkins. As Google Summer of Code begins, we want to acknowledge and thank all of the applicants for their efforts. Thanks to all of the continuing and new contributors, all of your work helps support both the Jenkins project and the Open-Source community.
We also want to thank DigitalOcean for their continued support and sponsorship of Jenkins. They have provided us with an additional $8,400 credit as the Infrastructure team works on reducing bandwidth usage further.
Contributed by: Alyssa Tong
Jenkins in Google Summer of Code (GSoC)
We had an unprecedented number of GSoC applicants interested in Jenkins this year. The Jenkins project received over 60 proposals by the close of the application period. Dedicated Jenkins mentors worked overtime and weekends to review and grade proposals within a two weeks period. Many THANKS to the wonderful Jenkins mentors, this program isn’t possible without them.
Best of luck to all GSoC participants!
Jenkins at cdCon + GitOpsCon
April was all about preparations for cdCon, which took place on May 8–9, 2023 in Vancouver, Canada as cdCon + GitOpsCon, co-organized with the Cloud Native Computing Foundation (CNCF). Members of the Jenkins Governance Board, long-time Jenkins users and contributors Mark Waite and Alexander Brandes were in attendance. Mark took part in the Graduated Projects Keynote Panel, discussing Jenkins Community’s experiences with graduation and sharing his thoughts on why graduation matters for the community and users of Jenkins. Recordings for the conference will be available in approximately two weeks, on the CDF YouTube channel.
Thanks to everyone who attended!
About the authors
