Attendees 
- @dduportal (Damien Duportal)
- @jayfranco999 (Jay Reddy)
- @smerle33 (Stéphane Merle)
- @andreas (Andreas)
Announcements 
- Jenkins Weekly Releases
- Last Week: 2.510 was successful except the packaging step (see below): You're invited to talk on Matrix
- Packaging did fail due to an Artifactory error: the Jenkins WAR’s maven metadata XML file wasn’t properly updated (only the markup “release” was set to 2.510 while the “latest” markup was kept at 2.509). Since packaging relies on this file to detect the latest available version of Jenkins, it required a manual fix (thanks Daniel!).
- Most probably an Artifactor-side issue: let’s check today’s release 2.511 behavior
- Packaging did fail due to an Artifactory error: the Jenkins WAR’s maven metadata XML file wasn’t properly updated (only the markup “release” was set to 2.510 while the “latest” markup was kept at 2.509). Since packaging relies on this file to detect the latest available version of Jenkins, it required a manual fix (thanks Daniel!).
- This week: 2.511, started on time - You're invited to talk on Matrix
- Last Week: 2.510 was successful except the packaging step (see below): You're invited to talk on Matrix
- Announcements:
- We had a security advisory last week (plugins only): https://groups.google.com/g/jenkinsci-advisories/c/nddPC2_FXrA
- We will migrate controllers and agents to use JDK21 instead of JDK17 (runtime only!) this Thursday 22 (morning EU)
Upcoming Calendar 
- Next Weekly: 2025-05-27, 2.512
- Next LTS: 2025-05-28, 2.504.2, Kris Stern is release lead
- Next Security Release as per jenkinsci-advisories: N.A.
- Upcoming credentials expirations (~3 weeks):
- 2025-05-22:
- (Issue to be done) Azure SP used by
packer-imagesin infra.ci: Extend Azure AD Application password validity for packer-resources (current end date: 2025-05-22T00:00:00Z) by jenkins-infra-updatecli[bot] · Pull Request #1030 · jenkins-infra/azure · GitHub- @smerle
- (Issue to be done) Azure SP used by
- 2025-05-22:
- Next major event: N.A.
Cloud Budgets
-
Azure CDF:
- February: $3.9k (invoice)
- March: $4,3k (invoice)
- April: $3,9k (invoice)
- May: $2,071 (forecast at $3.2k)
-
Azure Sponsorship (Microsoft Credits) - Remaining: $22,696 until 31 August 2025
- February: $11.2k
- March: $4,276
- April: $12.1k
- May: $8,577 (forecast at $13.2k)
-
DigitalOcean - Remaining $14,300 until January 02, 2026
- February: $237 (invoice)
- March: $272 (invoice)
- April: $349 (invoice)
- May: $235 (forecast at $365)
-
AWS:
-
CloudBees:
- February: $550
- March: $551
- April: $532
- May: $325 (forecast at $537)
-
Sponsored account (~$36,727 credits lefts until 01/31/2027)
- February: $8.5k
- March: $14,649
- April: $1,977
- May: $1,79 (forecast at $3)
-
-
Jfrog Artifactory Usage
- Storage: 1.32TB
- Bandwidth:
- March: 35.25 TB (better than expected)
- April: 26.34 TB (good! Mostly ‘releases’ repo: 22.25Tb, then 1.21 Tb on jcenter and 1 Tb on incrementals)
- May: 13,89 Tb (12,82 Tb is ‘releases’, forecast at ~21 TB)
Notes 
-
Done:
- Support:
- Keep infrastructure sane and up to date:
- Bump Terraform from
1.11.xto1.12.x- Cloudflare terraform project are broken since March.
- We must work on upgrading to the provider 5.x to fix this project.
- [docker-builder] bump to arm64 compatible
- Goal: to deprecate this image in favor of packer-image “all in one”, we need arm64 compliance.
- We are now fully compliant (including typo and typo-checkstyle CLIs) linux/arm64
- However we do NOT build on arm64 (too slow due to Qemu used for Docker multi architectures, while we use native arm64 for packer-images)
- Certbot: keep it up to date (along with its plugins)
- Goal: update our outaded version of certbot CLI and its plugin, and keep them up to date
- Tracking new versions was done 2 weeks ago
- Last week we fixed some missing version updates (in unit tests) and we deployed certbot 4.x
- Bump Terraform from
-
- Support:
- Keep infrastructure sane and up to date:
- Monitor builds on our private instances (trusted.ci.jenkins.io / infra.ci.jenkins.io / release.ci.jenkins.io)
- Started on the new pipeline library which goal is to generate and publish JSON report for each “critical” build
- Testing will happen on docker-404 as per Jay’s question (not actively used)
- Started on the new pipeline library which goal is to generate and publish JSON report for each “critical” build
- [stats.jenkins.io/infra-statistics] Move “data for the usage stats site” generation (from anonymized data) out from Andrew machine
- Andrew uploaded the SQL dump to usage.jenkins.io VM
- Next step: Damien meets Andrew again in June to generate data for May and write down a runbook
- Issue to be delayed to June (in ~2 milestones)
- OSUOSL: decrease mirror dependency
- Goal: accelerate plugins and Core releases and decrease operational risks if OSUOSL goes down
- WiP: enabling public rsync on archives.jenkins.io
- rsync server is already there but used to have restricted hosts
- WiP on firewalls opening
- Next step: contact all mirrors to update theire copy reference from OSUOSL to archives.jenkins.io
- packer-images: use api.adoptium.net for updatecli and installation of JDKs
- Goal: improve adoptium JDK version detection and remove “homemade” shell code.
- Also: prerequisite for providing new EA JDK25 to jenkins developers
- Done: updatecli native Adoptium sources are now used
- WiP on switching the method used for JDK installation
- Bonus: checksums!
- Goal: improve adoptium JDK version detection and remove “homemade” shell code.
- Monitor builds on our private instances (trusted.ci.jenkins.io / infra.ci.jenkins.io / release.ci.jenkins.io)
- 2025 Cloud Usage: ensure that we can run until end of year
- [puppet.jenkins.io] Migrate to DigitalOcean
- Let’s close this issue now we’ve removed DO puppet, and we’ll have to focus on migration to Ansible
- ETA: after getting rid of pkg VM
- [puppet.jenkins.io] Migrate to DigitalOcean
- Use JDK21 Platform-wide
- Move controllers to JDK21 (runtime)
- Move agents to JDK21 (runtime)
- WiP on preparing, almost there. Challenge is to ensure that
JAVA_HOMEstill points at Java 17 while installing a JDK21.- If, in hieradata (Puppet) we have docker images with only checksum, prepend the tag such as
jenkins/inbound-agent:jdk17@sha256:xxxxxxxxxxxxx
- If, in hieradata (Puppet) we have docker images with only checksum, prepend the tag such as
- Announcement to be done for Thursday 22
-
Issues staying in backlog/triage:
- Switch agent (java home) to JDK21 default
- Switch default JDK to 21 for pipeline libraries
- Switch default JDK to 21 for build tools
- JDK25 integration
- Chinese jenkins site incorrect site redirection
- [Azure] Migrate (e.g. re-create) AKS clusters
publick8sandprivatek8swith modern settings (private API, Azure Linux, NAT outbound) - [cert.ci/trusted.ci/private.vpn] Default outbound access for VMs in Azure will be retired
- [private.vpn.jenkins.io] Azure deprecates Public IPs of type “Basic” the 30 September 2025
- Add a real-world job to weekly.ci.jenkins.io
- Move collection of stats out from Kohsuke’s home
- Support [skip ci] on default branch
- Create build for jenkinsci/winp on release ci server
- [Update Center] HTTP/404 on
/current/updates/*.json*links - dnf5 update fails with gpgcheck=1
- Add monitoring for CD secrets updates
-
Issues added to the next milestone: