Skip to content

Open Source

The State of Jenkins - 2016 Community Survey

This is a guest post by Bhavani Rao, Marketing Manager at CloudBees Last fall, prior to Jenkins World, CloudBees conducted a Community Survey. We received over 1200 responses, and thanks to this input, we have some interesting insights into how Jenkins users and their use of Jenkins are evolving. Based on the survey’s results, Jenkins is increasingly being used to support continuous delivery (CD). Adoption of Jenkins 2, which featured "Pipeline as code" and encouraged users to adopt Jenkins Pipeline, has skyrocketed to more than half of all Jenkins installations. Other data remained consistent with findings year-to-year, for example, the number of Jenkins users continues to increase and 90% of...
Categories: Open Source

Pipeline Workshop & Hackergarten @ ToulouseJAM Feedback

Earlier this month, a full-day event about Jenkins Pipeline was organized in Toulouse, France with the Toulouse JAM. After a warm-up on the previous Tuesday where Michaël Pailloncy had given a talk at the local Toulouse Devops user group about Jenkins Pipeline ecosystem, we were ready for more digging :-). The agenda We had planned the day in two parts: Morning would be a more driven workshop with slides & exercises to be completed Pizzas & beverages to split the day :-) Afternoon would be somehow like an Unconference, where people basically decide by themselves what they want to work on. We planned to have 30 attendees....
Categories: Open Source

Security updates for multiple Jenkins plugins

Multiple Jenkins plugins received updates today that fix several security vulnerabilities: Active Directory Distributed Fork Email Extension (Email-ext) Mailer SSH Slaves For an overview of what was fixed, see the security advisory. Additionally, we also published a security notice for the following plugin and recommend that users disable and uninstall it: Pipeline: Classpath Step This plugin is not part of the Pipeline suite of plugins, despite its name. It’s installed on just several hundred instances. Subscribe to the jenkinsci-advisories mailing list to receive important notifications related to Jenkins security....
Categories: Open Source

Blue Ocean Dev Log: March Week #3

We’re counting down the weeks until Blue Ocean 1.0, and we’re getting close! In this past week, the first release candidate has gone out to the Update Center, along with a new Pipeline Editor plugin. The Blue Ocean Pipeline Editor is its own plugin which integrates into Blue Ocean, so this was a coordinated release with Blue Ocean 1.0 rc1. Noteworthy this week: RC1 includes the Blue Ocean Pipeline Editor, which is integrates support for branch editing and saving the Pipeline back to GitHub (also referred to as "round-tripping"). Many dependencies have been upgraded Per-stage raw logs can be downloaded, this will be included in the next release. Editor design improvements Fixes for...
Categories: Open Source

FOSDEM 2017 Wrap-up

In early February numerous free and open source developers from around the world traveled to Brussels, Belgium, for arguably the largest event of its kind: FOSDEM. Among the thousands of hackers in attendance were a dozen or so Jenkins contributors. We have attended the event in the past, but this year we had a blizzard of activity spanning four days around the FOSDEM weekend. Figure 1. City Hall, photo by Kohsuke Kawaguchi One of our "accidental traditions" has become a happy hour the Friday night before FOSDEM truly begins at Cafe Le Roy d’Espagne on Grand Place right in the middle of Brussels. Conveniently located a few hundred meters away from...
Categories: Open Source

Blue Ocean Dev Log: March Week #2

We’re counting down the weeks until Blue Ocean 1.0. This week was one of continuing consolidation and polish. We also released b25 (beta #25), a collectors edition. The next version we will likely release will be a release candidate (RC). The b25 release however contained a number of fixes and features, such as branch filtering. Some other updates of note from this past week: Updated a bunch of dependencies around Pipeline and fixed a whole lot of long standing bugs. Some work went on to make acceptance tests run on varied browsers via Sauce Labs thanks to @halkeye! The Blue Ocean Pipeline Editor had its Save to SCM/GitHub functionality merged to master branch....
Categories: Open Source

The Tweets You Missed in February

Sonar - Thu, 03/09/2017 - 15:22

Here are the tweets you likely missed last month!

SonarQube Scanner for Jenkins 2.6 adds the support of quality gates in pipeline jobs. https://t.co/GnsSH0PZE8 pic.twitter.com/QnJcZwdmkZ

— SonarQube (@SonarQube) February 28, 2017

SonarC# 5.6 Released: 7 new rules available https://t.co/3fibqDlc5i pic.twitter.com/N5RPoPQhS5

— SonarQube (@SonarQube) February 7, 2017

SonarJS 2.20 Released: track usage of non-existent variables, support of cognitive complexity and more … https://t.co/AY2EWKaZmr pic.twitter.com/wbAhrjywdR

— SonarQube (@SonarQube) February 15, 2017

"SonarLint – Bug hunting season is open" by @_henryju_ https://t.co/HBQqX9C7cp pic.twitter.com/VRjQCRby7x

— SonarLint (@SonarLint) February 20, 2017

SonarLint for Eclipse 2.6 shows issues context and highlights corresponding locations https://t.co/NRWpZwE1Ms pic.twitter.com/TRrFaAbiJa

— SonarLint (@SonarLint) February 27, 2017

Categories: Open Source

Blue Ocean Dev Log: March Week #1

We’re counting down the weeks until Blue Ocean 1.0. This week was relatively quiet with a few people away for a few days, and mostly about consolidation. There was a beta late last week, so this week we thought we would let people have a rest from the upgrade treadmill for once. One notable feature that has recently landed is "escaping to Classic" When you see the exit symbol (door with arrow) it will take you to an equivalent page in classic Jenkins (if one exists). You will notice this in a few places in the app now. Some other things that made it to master branch which...
Categories: Open Source

Blue Ocean Dev Log: February Week #4

We’re counting down the weeks until Blue Ocean 1.0. In all the excitement I forgot to post a dev log last week, so I will make up for it this week. In the last 10 days, 2 betas went out: b22 and b23, and a preview release of the editor. We expect the next release will be named a release candidate (we know there is still more to go in, but want to signal that things are getting into the final stages!). The Gitter chat room is getting busier, so join in! Also last week, the Blue Ocean Pipeline Editor was presented at the Jenkins Online Meetup, embedded below. Feature Highlights You can...
Categories: Open Source

Browser testing and conditional logic in Declarative Pipeline

This is a guest post by Liam Newman, Technical Evangelist at CloudBees. Declare Your Pipelines! Declarative Pipeline 1.0 is here! This is the fourth post in a series showing some of the cool features of Declarative Pipeline. In the previous post, we integrated several notification services into a Declarative Pipeline. We kept our Pipeline clean and easy to understand by using a shared library to make a custom step called sendNotifications that we called at the start and end of our Pipeline. In this blog post, we’ll start by translating the Scripted Pipeline in the sample project I worked with in "Browser-testing with Sauce OnDemand and Pipeline" and "xUnit and Pipeline" to Declarative. We’ll make our Pipeline clearer...
Categories: Open Source

Eating The Dog Food… In Public

Sonar - Thu, 02/16/2017 - 10:55

At SonarSource, we’ve always eaten our own dog food, but that hasn’t always been visible outside the company. I talked about how dogfooding works at SonarSource a couple years ago. Today, the process is much the same, but the visibility is quite different.

When I wrote about this in 2015, we used a private SonarQube server named “Dory” for dogfooding. Every project in the company was analyzed there, and it was Dory’s standards we were held to. Today, that’s still the case, but the server’s no longer private, and it’s no longer named “Dory”.

Today, we use next.sonarqube.com (nee Dory) for dogfooding, and it’s open to the public. That means you can follow along as, for instance, we run new rule implementations against our own code bases before releasing them to you. We also have a set of example projects we run new rules against before they even make it to Next, but seeing a potentially questionable issue raised against someone else’s code hits a different emotional note than seeing it raised against your own.

Of course, that’s the point of dogfooding: that we feel your pain. As an example, take the problem of new issues raised in the leak period on old code. Since we deploy new code analyzer snapshots on Next as often as daily, it means we’re always introducing new rules or improved implementations that find issues they didn’t find before. And that means that we’re always raising new issues on old code. Since we enforce the requirement to have a passing quality gate to release, this causes us the same problem you face when you do a “simple” code analyzer upgrade and suddenly see new issues on old code. Because we do feel that pain, SonarQube 6.3 includes changes to the algorithm that sets issue creation date so that issues from new rules that are raised on old code won’t be raised in the leak period.

Obviously, we’re not just testing rules on Next; we’re also testing changes to SonarQube itself. About once a day, a new version of SonarQube itself is deployed there. In fact, it happens so often, we added a notification block to our wallboard to keep up with it:

By running the latest milestone on our internal instance, each UI change is put through its paces pretty thoroughly. That’s because we all use Next, and no one in this crowd is meek or bashful.

Always running the latest milestone also means that if you decide to look over our shoulders at Next, you’ll get a sneak peek at where the next version is headed. Just don’t be surprised if details change from day to day. Because around here, change is the only constant.

Categories: Open Source

Say Hello to the Blue Ocean Pipeline Editor

Back in September 2016 we announced the availability of the Blue Ocean beta and the forthcoming Visual Pipeline Editor. We are happy to announce that you can try the Pipeline Editor preview release today. What is it? The Visual Pipeline Editor is the simplest way for anyone wanting to get started with creating Pipelines in Jenkins. It’s also a great way for advanced Jenkins users to start adopting pipeline. It allows developers to break up their pipeline into different stages and parallelize tasks that can occur at the same time - graphically. The rest is up to you. A pipeline you create visually will produce a Declarative...
Categories: Open Source

Declarative Pipeline: Notifications and Shared Libraries

This is a guest post by Liam Newman, Technical Evangelist at CloudBees. Declare Your Pipelines! Declarative Pipeline 1.0 is here! This is the third post in a series showing some of the cool features of Declarative Pipeline. In the previous post, we converted a Scripted Pipeline to a Declarative Pipeline, adding descriptive stages and post sections. In one of those post blocks, we included a placeholder for sending notifications. In this blog post, we’ll repeat what I did in "Sending Notifications in Pipeline but this time in Declarative Pipeline. First we’ll integrate calls to notification services Slack, HipChat, and Email into our Pipeline. Then we’ll refactor those calls into a single Step in a...
Categories: Open Source

Declarative Pipeline: Publishing HTML Reports

This is a guest post by Liam Newman, Technical Evangelist at CloudBees. Declare Your Pipelines! Declarative Pipeline 1.0 is here! This is the second post in a series showing some of the cool features of Declarative Pipeline. In the previous blog post, we created a simple Declarative Pipeline. In this blog post, we’ll go back and look at the Scripted Pipeline for the Publishing HTML Reports in Pipeline blog post. We’ll convert that Pipeline to Declarative syntax (including properties), go into more detail on the post section, and then we’ll use the agent directive to switch our Pipeline to run in Docker. Setup For this post, I’m going to use the blog/add-declarative/html branch of my fork of the hermann...
Categories: Open Source

Blue Ocean Dev Log: February Week #2

We’re counting down the weeks until Blue Ocean 1.0, which is planned for the end of March. If you hadn’t picked up on the hint in my previous post, most of the Blue Ocean development team is in Australia, where it is currently the middle of summer. As I write this it is about 1000 degrees outside. Emergency measures such as air-conditioning and beer have been deployed in order to continue Blue Ocean development. This week featured a new beta with the SCM API changes; many bug fixes, and some version bumps went out in beta 22. We also got some fresh new designs coming soon, though not in time for beta...
Categories: Open Source

Hacking with IntelliJ

Selenium - Wed, 02/08/2017 - 13:02

Jetbrains have a programme for Open Source projects which allows them to receive IntelliJ IDEA licenses. As part of that programme, which the Selenium project has participated in for many years, they’ve asked us to provide a fair and balanced review of IntelliJ. I’ll attempt to do that, and I’ll try and state my biases up-front so you’re aware of them.

I’ve been using Jetbrain’s IntelliJ to hack on the Selenium code since I started working on it slightly over ten years ago. It’s still my favourite IDE for my Java work, and it’s plenty of fun to use. For some time, I’ve been using the (free) Community Edition, which is ample for many coding needs.

Most of my work is in Java, and that’s where I know IDEA best. I dabble in Ruby and Python, and I’ve written a reasonably large amount of Javascript, all in IDEA.

The Pros:

In common with other good IDEs, IDEA has the ability to work seamlessly with many different languages. If you’re a polyglot programmer, being able to stay in the same tool for much of your work makes life a lot easier. On the Selenium project, we use Java, C#, Ruby, Python, and Javascript extensively. I don’t do any C#, and I mainly focus on Java, but the support for JS, Ruby, and Python is lovely and seems to work well. The built in type detection and code navigation features are impressive (particularly for untyped languages such as JS)

Of course, the feature that made IDEA so awesome in the first place is the range of refactoring options it offers. These are great, and always have been. One nice feature I’ve noticed as we move to a Java 8 future (finally!) is that it offers suggestions to help migrate to new features where they make sense (and, I’ll be honest, sometimes when they don’t). It’s made making use of lambdas a lot easier.

For a while, IDEA was becoming slower and more bloated, but I’m pleased to see that, partly thanks to the work of developers from Facebook, the latest releases feel snappier and handle larger projects more efficiently. One thing I appreciate is how open Jetbrains were to receiving patches to their core product: it displays a level of respect for external contributors that I feel is important (of course, I would think that: I work on OSS for fun!)

There’s a nice wide range of plugins available for IDEA. I’ve hooked up the Buck plugin and made use of it. Without an extensions API, this plugin wouldn’t have been possible, but having them there is incredibly useful and makes the IDE even more capable.

Finally for the plus points of the IDE, I love that the IDE tracks new versions of Java relatively closely — it’s fun to see what new language features we’ll be able to use in the future!

The Cons:

Although it’s a fine product, there are some niggles to be had.

Most annoyingly, the built in code analysis doesn’t always warn that some Java classes won’t compile. The most recent example was where IDEA didn’t flag that some lambdas couldn’t be used since the choice of method to use was ambiguous. This may be because the Java language continues its slothful way forward, and the compiler improves with each release — certainly these same files compiled just fine with older Java releases.

When an error does happen, I’ve yet to find the magic setting to allow IDEA to keep going as far as possible. One of the features I like about Eclipse is that it’ll compile as much as it can, even if there are invalid source files. When doing TDD, this allows you to move just a little bit faster as unit tests can run and pass so long as they don’t touch faulty code. I dearly wish this same capability was present in IDEA!

On the Selenium project, we use Buck for our builds. The Buck plugin doesn’t (yet!) allow me to build and run tests within the IDE, yet Buck performs some steps that can’t be repeated by the IDE that are required for a successful build. IDEA offers the ability to run an Ant step before a build is run, and it would be extremely useful if this was generalised to “any shell command”. Most of the time, it’s fine, but it’s irksome to forget to run things!

On the whole, I love IntelliJ an awful lot. It’s a fast and capable IDE, and the company behind it supports OSS. What’s not to love?


Categories: Open Source

Monitor Jenkins jobs with the Datadog plugin

This is a guest post by Emily Chang, Technical Author at Datadog. A modified version of this article was originally posted on the Datadog blog. If you’re using Jenkins to continuously integrate changes into your projects, it’s helpful to be able to quickly identify build failures and assess their impact on other components of your stack. Datadog’s plugin helps users monitor and alert on the performance of their Jenkins builds, right alongside the rest of their infrastructure and applications. As shown in the out-of-the-box dashboard below, the Datadog plugin provides a bird’s-eye view of job history and trends. You can use Datadog to: Set alerts...
Categories: Open Source

Declarative Pipeline for Maven Projects

This is a guest post by Liam Newman, Technical Evangelist at CloudBees. Declare Your Pipelines! Declarative Pipeline 1.0 is here! This is first in a series of blog posts that will show some of the cool features of Declarative Pipeline. For several of these posts, I’ll be revisiting some of my previous posts on using various plugins with (Scripted) Pipeline, and seeing how those are implemented in Declarative Pipeline. To start though, let’s get familiar with the basic structure of a Declarative Pipeline by creating a simple Pipeline for a Maven-based Java project - the Jenkins JUnit plugin. We’ll create a minimal Declarative Pipeline, add the settings needed to install Maven and the JDK, and...
Categories: Open Source

Google Summer Of Code 2017: Call for mentors

On behalf of the GSoC Org Admin team I am happy to announce that we are going to apply to Google Summer of Code (GSoC) again this year. In GSoC high-profile students work in open-source projects for several months under mentorship of organization members. We are looking for mentors and project ideas. So yes, we are looking for you :) Conditions As a mentor, you will be asked to: lead the project in the area of their interest actively participate in the project during student selection, community bonding and coding phases (March - August) work in teams of 2+ mentors per 1 each student dedicate a consistent and significant amount...
Categories: Open Source

The Tweets You Missed in January

Sonar - Mon, 02/06/2017 - 11:09

Here are the tweets you likely missed last month!

SonarQube 6.2 released: read the news and see in it screenshots! https://t.co/MaLzAnorc9https://t.co/qhVuMdnvSD pic.twitter.com/Lqvc7IklFf

— SonarQube (@SonarQube) January 10, 2017

Governance 1.2 dissociates overall health of an application portfolio and risk identified on its projects https://t.co/Ztt9a0AMQ4 pic.twitter.com/bVBhkKal1p

— SonarQube (@SonarQube) January 12, 2017

SonarPython 1.7 brings support for Cognitive Complexity https://t.co/r5Mi3ga0jw pic.twitter.com/1kwBUvaoVR

— SonarQube (@SonarQube) January 27, 2017

SonarC++ 4.4 Released: SonarLint for Eclipse CDT support, improved dataflow engine and 4 new ruleshttps://t.co/eQRS02gGN3 pic.twitter.com/MFxomdHCXF

— SonarQube (@SonarQube) January 12, 2017

SonarJS 2.19 Released: 14 new rules, including 2 rules detecting invalid calls to built-in methods https://t.co/RaZOecudjn #javascript pic.twitter.com/CvENmeD882

— SonarQube (@SonarQube) January 12, 2017

Detecting Type Issues in #javascript with SonarJS, see https://t.co/ugos9C3uXf pic.twitter.com/R2RTEt9jQ3

— SonarQube (@SonarQube) January 11, 2017

SonarLint for IntelliJ 2.7 shows issues context and highlights corresponding locations https://t.co/wvnnyVEjA4 pic.twitter.com/GMGBO3Vvwx

— SonarLint (@SonarLint) January 31, 2017

Categories: Open Source