Back to blog

Jenkins April 2023 Newsletter

Alyssa Tong
Alyssa Tong
Damien DUPORTAL
Damien DUPORTAL
Kevin Martens
Kevin Martens
Mark Waite
Mark Waite
Bruno Verachten
Bruno Verachten
Wadeck Follonier
Wadeck Follonier
May 10, 2023

Jenkins April Newsletter

Key Takeaways

  • There was one security advisory this month announcing vulnerabilities regarding Jenkins plugins.

  • Cloud Cost Controls with improved resource cleanups and VM usage optimization to face the increased rate of builds on ci.jenkins.io.

  • Thanks to DigitalOcean for their continued support and ($8,400 credit) sponsorship of Jenkins.

  • Ppc64le docker agent images are now available.

  • Jenkins at cdCon + GitOpsCon!

Security Update

Contributed by: Wadeck Follonier

In April, there was one advisory regarding plugins published on April 12:

  • One coordinated effort related to improper masking of credentials.

  • 14 plugins were impacted.

  • 12 without fixes according to our documentation.

Governance Update

Contributed by: Mark Waite

The Chinese language Jenkins website is being retired. Translation updates have not been made in two years and users are perplexed when the installation instructions and other instructions are no longer correct. The Chinese localization of Jenkins continues to be available, but the links to the Chinese website have been removed.

Infrastructure Update Contributed by: Damien Duportal

  • Cloud Cost Controls with improved resource cleanups and VM usage optimization to face the increased rate of builds on ci.jenkins.io:

    • Decreased the AWS bill from $19,000 to $14,000, resulting in savings of $5,000.

    • Decreased the Azure bill by $2,000.

  • DigitalOcean gave $8,400 additional credits to the Jenkins project, for the infrastructure to sustain ci.jenkins.io increased build rate. Thanks to DigitalOcean for their continued support!

  • ci.jenkins.io performance improved by getting rid of the JobConfigHistory plugin.

  • The Ubuntu 22.04 upgrade campaign (18.04 is end-of-life in May 2023) is in progress.

  • Jenkins LTS 2.387.2 was deployed everywhere less than 48h after its release.

  • General availability of JDK 8u372-b07, 11.0.19+7, and 17.0.7+7.

  • Prototyping Azure arm64 build agents is done, we can move forward to production for our internal usages first.

User Experience Update

Contributed by: Mark Waite

An accessibility assessment of Jenkins has been provided by Deutsche Telekom. The assessment is being used by Cristina Pizzagalli and others to improve the Jenkins user experience for users with disabilities. Contributors that are interested in helping with the accessibility improvements should include their comments on JENKINS-71153.

Mobile users of Jenkins will now see a card layout of the Jenkins user interface, thanks to work done by Jan Faracik.

The Prototype.js JavaScript library that is widely used in Jenkins core and Jenkins plugins is being replaced. Special thanks to Tim Jacomb, Basil Crow, Alexander Brandes, and several others for their work replacing that library. Contributors that would like to help with the JavaScript work are invited to assign themselves one of the issues listed in JENKINS-70906.

Platform Modernization Update

Contributed by: Bruno Verachten

Over the course of April, the Jenkins platform saw several updates and improvements. These improvements include:

  • The Digicert code signing for MSI installer and jar file was updated.

  • The PGP signing key was updated for RPM and DEB packages.

  • Ppc64le: we’re almost at the end. Thank you so much for your contributions Kenneth!

    • docker-agent: PR merged.

    • docker-ssh-agent: PR merged.

    • Inbound-agent: PR merged.

    • The Controller PR is also done, but not merged yet.

  • Latest updates on the agent images:

    • Ssh-agent release 4.15.0

      • This includes updating Debian to bullseye-20230411 in /17/8/11/bullseye. (#234).

      • Adding ppc64le support back into the Jenkins CI SSH agent Docker build. (#220) @ksalerno99

      • Now using Java 11.0.18 (#231) @MarkEWaite

    • Docker-agent release 3107.v665000b_51092-8

      • Upgrade of Arch Linux from base-20230319.0.135218 to base-20230409.0.141585 in /11/archlinux. (#402)

      • Upgrade of Debian from bullseye-20230320 to bullseye-20230411 in 11/17/bullseye. (#403)

      • Added ppc64le support back into the Jenkins CI agent Docker build. (#391) @ksalerno99

      • Exposing the default image user to the environment variable user. (#400) @dduportal

  • Mark Waite is working on a system that would warn when operating system end-of-life is approaching.

Documentation Update Contributed by: Kevin Martens

Over the course of April, there were 4 blog posts published, featuring seven different authors. Bruno Verachten continues his series on building android apps in Jenkins. As Google Summer of Code begins, we want to acknowledge and thank all of the applicants for their efforts. Thanks to all of the continuing and new contributors, all of your work helps support both the Jenkins project and the Open-Source community.

We also want to thank DigitalOcean for their continued support and sponsorship of Jenkins. They have provided us with an additional $8,400 credit as the Infrastructure team works on reducing bandwidth usage further.

Outreach and advocacy Update

Contributed by: Alyssa Tong

Jenkins in Google Summer of Code (GSoC)

We had an unprecedented number of GSoC applicants interested in Jenkins this year. The Jenkins project received over 60 proposals by the close of the application period. Dedicated Jenkins mentors worked overtime and weekends to review and grade proposals within a two weeks period. Many THANKS to the wonderful Jenkins mentors, this program isn’t possible without them.

Best of luck to all GSoC participants!

Jenkins at cdCon + GitOpsCon

April was all about preparations for cdCon, which took place on May 8–9, 2023 in Vancouver, Canada as cdCon + GitOpsCon, co-organized with the Cloud Native Computing Foundation (CNCF). Members of the Jenkins Governance Board, long-time Jenkins users and contributors Mark Waite and Alex Brandes were in attendance. Mark took part in the Graduated Projects Keynote Panel, discussing Jenkins Community’s experiences with graduation and sharing his thoughts on why graduation matters for the community and users of Jenkins. Recordings for the conference will be available in approximately two weeks, on the CDF YouTube channel.

Thanks to everyone who attended!

About the authors

Alyssa Tong

Alyssa Tong

Member of the Jenkins Advocacy and Outreach SIG. Alyssa drives and manages Jenkins participation in community events and conferences like FOSDEM, SCaLE, cdCON, and KubeCon. She is also responsible for Marketing & Community Programs at CloudBees, Inc.

Damien DUPORTAL

Damien DUPORTAL

Damien is the Jenkins Infrastructure officer and a software engineer at CloudBees working as a Site Reliability Engineer for the Jenkins Infrastructure project. Not only he is a decade-old Hudson/Jenkins user but also an open-source citizen who participates in Updatecli, Asciidoctor, Traefik and many others.

Kevin Martens

Kevin Martens

Kevin Martens is part of the CloudBees Documentation team, helping with Jenkins documentation creation and maintenance.

Mark Waite

Mark Waite

Mark is a member of the Jenkins governing board, a long-time Jenkins user and contributor, a core maintainer, and maintainer of the git plugin, the git client plugin, the platform labeler plugin, the embeddable build status plugin, and several others. He is one of the authors of the "Improve a plugin" tutorial.

Bruno Verachten

Bruno Verachten

Bruno is a father of two, husband of one, geek in denial, beekeeper, permie and a Developer Relations for the Jenkins project. He’s been tinkering with continuous integration and continuous deployment since 2013, with various products/tools/platforms (Gitlab CI, Circle CI, Travis CI, Shippable, Github Actions, …​), mostly for mobile and embedded development.
He’s passionate about embedded platforms, the ARM&RISC-V ecosystems, and Edge Computing. His main goal is to add FOSS projects and platforms to the ARM&RISC-V architectures, so that they become as boring as X86_64.
He is also the creator of miniJen, the smallest multi-cpu architectures Jenkins instance known to mankind.

Wadeck Follonier

Wadeck Follonier

Wadeck is the Jenkins security officer, leading the security team in improving Jenkins security. He likes to provide solutions that are both useful and easy to use.