Platform SIG June 18, 2024

Community
, , , ,
1

Attending:

Agenda:

  • Container image updates for the Jenkins controller

    • New LTS (2.452.2)
      • Mark and Darin made a great live about the changes.
      • Bump Alpine Linux Version to 3.20.0
      • Bump almalinux to 8.10
      • Bump ubi9/ubi to 9.4-947.1717074712
      • Bump ubi8/ubi to 8.10-901.1717584420
      • Styling mistake on one of the alerts that should be corrected in the .3
    • Weeklies (2.462 and 2.463)
      • Bump Debian Bookworm Linux Version to 20240612
      • Bump ubi9/ubi to 9.4-947.1717074712
      • Bump ubi8/ubi to 8.10-901.1717584420
    • 8000
      • :boom: Breaking changes: Remove Java 11 images on the weekly release line
        • We knew that we needed to end support for Java 11, and accelerated the migration because of the Spring Security project 5.x end-of-life

  • Container image updates for Jenkins agents

    • Two new releases for the SSH agent (5.39.0 and 5.40.0)
      • :boom: Breaking change: Remove the JDK21 Preview image (arm32)
      • Bump Git version on Windows to 2.45.2.windows.1
      • Bump Debian Bookworm Linux version to bookworm-20240612
    • One new release for docker-agent (3248.v65ecb_254c298-6)
      • :boom: Breaking change: Remove JDK21 Preview image (arm32)
      • Bump Debian Bookworm Linux version to bookworm-20240612

  • Work in progress on images:

    • Controller:
      • None.
    • Docker-agent:
      • None
    • Docker-ssh-agent:
      • chore: use docker bake to generate docker compose file
        • Enhancements:
          • Regroup all Linux and Windows image definitions in a common docker-bake.hcl file containing every parameter and helper functions
          • Remove build-windows.yaml
          • Simplify Jenkinsfile
          • Simplify build.ps1 by not having to massage parameters to deal with the fact that there are no Microsoft Artifact Registry ltsc2019 images, only 1809 ones
          • Simplify updatecli manifests
          • Prepare the terrain for when docker buildx will be functional to build Windows images
      • fix: implement docker calls as make targets
        • replaces docker calls by make ones so there isn’t an unjustified mix of these commands calls anymore and so that everything can be done via make commands from CI or locally.
      • chore: improve env var scopes and retrieve VERSION as env var in build.ps1
        • improves environment variable scopes, allows retrieving VERSION from env var in build.ps1 so it can benefit the new scoping, and shortens agentSelector comments in the Jenkinsfile.

  • The Spring project made an end of life announcement - JENKINS-68698

    • Key milestones in the Spring Security 6.x upgrade
      • File upload 2.x in Jenkins weekly 2.459 (no issues reported)
      • Require Java 17 in Jenkins weekly June 18, 2024 (see dev list)
      • Jetty 12 + EE 8 in Jenkins weekly during July
      • Jetty 12 + EE 9 + Spring Security 6.x in Jenkins weekly - TBD
    • Platform SIG members can help
      • Identify tasks for the “Require Java 17” step coming today
      • Test drive the Jetty 12 + EE 9 prototype from the jakarta branch
        • Built by the ci.jenkins.io job
          • Rebuilds frequently as Basil finds new issues
          • java -jar testing-jar is more than enough to test
        • Running for the last 24+ days in Mark’s test environment
        • Places that tend to have problems are forms presented to the user that do not retain the values entered by the users
        • Watch for stack traces in the Jenkins console logs in case those might point to something interesting
      • We created a sample that builds a docker container with the prototype inside

  • Built on top of jakarta [Core » jenkins] [Jenkins] (last successful build was four days ago).

  • Mark has it running and it works

  • See the quickstart-tutorials project on GitHub

    • Checkout the spring-security branch
    • Mark built his own with
      • docker compose -f build-docker-compose.yaml --profile maven up -d
    • Can use already built version with:
      • docker compose --profile maven pull && docker compose --profile maven up -d
    • Reach http://localhost:8080
    • Stop the experiment with:
      • docker compose --profile maven down -v --remove-orphans

  • Java 21 support - 2+2+2 Java Support Plan

    • Jenkins enhancement proposal by Mark Waite submitted and being reviewed
      • Needs more details before it is merged
      • Mark needs to do more research
      • Transition to Java 17 today for the weekly is live
      • Need a list of tasks to do before that change happens
      • Spring security 6.x requires Jetty 11 with Jakarta EE 9 (jakarta.servlet), not Jetty 10 with Jakarta EE 8 (javax.servlet)
      • August 31, 2024 date seems likely to stick
    • The last public build of Spring Framework 5.3.x is August 21, 2024
      • Spring framework 6.1 and later require Java 17
    • Special thanks to Basil Crow and Adrien Lecharpentier for their involvement.
      • They’re working on the first steps to get this done (FileUpload, then JDK 17, and then 1 to 2 weeks later Jetty 10 with EE8 to Jetty 12 with EE9).
    • Alternatives:
      • Accept that if there is a security vulnerability reported in Spring Security 5.8.x between August 2024 and the end of October 2024, we may need to fork Spring Security and fix it ourselves
      • Mark to start discussions in the mailing list to find alternatives
    • We’ll choose the next LTS baseline Jun 26, 2024. The baseline release for the next LTS will be something prior to the requirement of JDK17.
    • 12 weeks from June 26 (18th September 2024), we’ll choose an LTS baseline that requires Java 17. Most of the work prior to the switch to Spring 6.x should be ready by then.
    • 4 tasks in Jira that could be done by anyone who could help us with the June 25th.
      • 2 of them got resolved by Mark, one by Basil, and the last one, who knows, it’s also resolved