ROS Resources: Documentation | Support | Discussion Forum | Index | Service Status | ros @ Robotics Stack Exchange
Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

And a more general question: what is the (OSRF's) update policy for Jenkins

The advice I was given as a Jenkins maintainer is to do the best I can to stay on the latest Jenkins LTS but be very conservative with plugin updates. With the rationale being that LTS releases are quite well vetted before being chosen but plugin release quality is left entirely up to the plugin authors and use-case specific testing needs to be done each release to make sure the plugin still works for you (us).

Jenkins itself should be upgraded to 2.80.x immediately due to vulnerabilities discovered in the just deployed version (2.60.3).

I think you should be fine bumping that to the latest LTS release for your deployment. I try to keep the production configuration in sync with what's actually deployed on build.ros.org. In fact, it might be worth a PR to delete the explicit version requirement from the example configuration since we already request the LTS release via the config key above it. (source link)

ros-infrastructure/buildfarm_deployment/modules/profile/manifests/jenkins/rosplugins.pp 'pins' plugins to very specific versions, so my question is: are there any known issues with updating them that prompted the pinning of plugins in rosplugins.pp?

The initial reason for the version pinning is that the Jenkins puppet module cannot automatically fetch dependencies for plugins due to lack of dependency data for all but the latest release of a plugin. So each plugin and its transitive dependencies must be listed in a puppet manifest with the version desired. The upstream puppet-jenkins issue is https://github.com/jenkinsci/puppet-jenkins/issues/677

To keep puppet runs deterministic and save manual labor, particularly in light of the advice to update plugins cautiously, I wrote a little script that polls the live Jenkins server for the currently installed plugins and generates that rosplugins.pp manifest. That script lives in the buildfarm_deployment repo.

To my knowledge at the moment, there is only one plugin that explicitly should not be upgraded at the moment and its the GitHub Pull Request Builder Plugin. There's also an issue with the current version of the plugin but the update contains a worse bug. The issue tracking that is https://github.com/ros-infrastructure/buildfarm_deployment/issues/166

If you or any other community buildfarm maintainer decide to update plugins ahead of build.ros.org I would be very grateful to learn whether the upgrade was successful or not via an issue or pull request on the buildfarm deployment repository.