Skip to content

continuous blog - the official hudson weblog
Syndicate content
Updated: 1 hour 15 min ago

Mobile App for Jenkins User Conference Bay Area

Mon, 10/20/2014 - 21:10

Jenkins User Conference in Bay Area is this Thursday, and one of the new things this year is the mobile app.

There's an Android version as well as an iPhone version. I've installed it locally, and it's very handy for checking the agenda, get more info about speakers and sponsors.

Categories: Open Source

FreeBSD project use of Jenkins for OS testing

Mon, 10/20/2014 - 18:12

This is a guest post by Craig Rodrigues

The FreeBSD project produces a modern operating system derived from BSD Unix.

In the past 6 months, we have set up Jenkins at http://jenkins.freebsd.org/, to continuously build FreeBSD as developers add new code to the project. This has helped us identify and fix build breaks very quickly.

We have gone even farther by integrating Jenkins, Kyua, and Bhyve. Kyua is a testing framework for infrastructure software. Bhyve is the native hypervisor that comes with FreeBSD (similar to KVM on Linux).

We use the Build Flow plugin in this example Build flow to do the following:

  1. Build the FreeBSD kernel and userland on amd64 whenever someone checks in new code to http://svn.freebsd.org
  2. Create a bootable FreeBSD disk image with makefs
  3. Boot the image under bhyve
  4. Run these commands inside the bhyve VM:

cd /usr/tests; kyua test; kyua report-junit --output=test-output.xml

  1. Shut down the bhyve VM
  2. Imports test-output.xml into Jenkins.
  3. Produces a full native test report in Jenkins

The results of this work were presented at the Bay Area FreeBSD Users Group in this presentation in October 2014.

Jenkins has been very easy to set up and use under FreeBSD. We hope that by using Jenkins to run OS-level unit tests, we will be able to improve the quality of FreeBSD. For further information, please feel free to contact us at freebsd-testing@FreeBSD.org .

Categories: Open Source

CVE-2014-3566 "poodle" impact on Jenkins

Thu, 10/16/2014 - 03:36

Another day, another SSL vulnerability! Google has announced a vulnerability in SSL v3, and if you are using the "Winstone" servlet container built into Jenkins, and if you are using the HTTPS connector with the --httpsPort option (it is off by default), then you are vulnerable to this problem.

I've just issued a security advisory on this. If you haven't already subscribed to the Jenkins security advisory mailing list, this is a great opportunity to do so.

The advisory includes the target delivery vehicles for the fix and how you can address the problem in the mean time. Inside corporate intranet, where Jenkins is typically used, I suppose there's a degree of trust among participants to make this less of a problem. But if you run an internet facing Jenkins, be sure to deploy the fix.

(And as I write this, I've fixed all the https://*.jenkins-ci.org servers to disable SSLv3, so we are covered there)

Categories: Open Source

Gradle-fy your Jenkins Plugin Project

Tue, 10/07/2014 - 01:12

(This is a guest post from Daniel Spilker)

Jenkins supports building plugins using Gradle for a while now. Last week a new version of the Gradle JPI plugin has been released to iron out some issues.

The Gradle JPI plugin enables a 100% groovy plugin development environment with Groovy as primary programming language, Spock for writing tests and Gradle as build system. Have a look at the Job DSL plugin for an example.

An existing Maven build can be converted to Gradle by using the build.gradle template from the Gradle JPI plugin's README. For instance, the POM from the Gradle plugin translates to this build.gradle file:

buildscript {
    repositories {
        mavenCentral()
        maven {
            url 'http://repo.jenkins-ci.org/releases/'
        }
    }
    dependencies {
        classpath 'org.jenkins-ci.tools:gradle-jpi-plugin:0.6.0'
    }
}

apply plugin: 'jpi'

group = 'org.jenkins-ci.plugins'
version = '1.25-SNAPSHOT'

jenkinsPlugin {
    coreVersion = '1.480'
    displayName = 'Jenkins Gradle plugin'
    url = 'https://wiki.jenkins-ci.org/display/JENKINS/Gradle+Plugin'
    gitHubUrl = 'https://github.com/jenkinsci/gradle-plugin'

    developers {
        developer {
            id 'gbois'
            name 'Gregory Boissinot'
            timezone '+1'
        }
    }                           
}

dependencies {
    compile 'org.jenkins-ci.lib:dry-run-lib:0.1'
}

Usage of the Gradle JPI plugin is similar to working with the Maven HPI plugin. Use gradle jpi to build the plugin file. gradle check runs the tests, gradle install copies the plugin into the local Maven repository, gradle uploadArchives deploys the plugin to the Jenkins Maven repository and gradle server starts a Jenkins development server with the plugin installed.

It is recommended to use Gradle 1.8 because that is the version used to build and test the Gradle JPI plugin.

For the next release it is planned to do some maintenance like fixing code style issues and adding tests. After that more issues need to be addressed to bring the plugin on par with the Maven HPI plugin, most notably fixing the test dependencies (JENKINS-17129) and publishing the plugin's JAR (JENKINS-25007). Updating Gradle to 2.x and getting the plugin on the Gradle plugin portal is also on the wishlist.

Categories: Open Source

CVE-2014-6271 impact on Jenkins

Fri, 09/26/2014 - 01:26

I suspect many of you have been impacted by CVE-2014-6271 (aka "shellshock" bash vulnerability.) We had our share of updates to do for various *.jenkins-ci.org servers.

Java application servers in general (including one that ships in Jenkins) do not fork off processes like Apache does to serve requests, so the kind of CGI attacks you see on Apache does not apply. We are currently unaware of any vulnerabilities in Jenkins related to CVE-2014-6271, and no plan to issue a patch for that.

That said, we did come up with one possible way attackers can exploit vulnerable bash through Jenkins, that you might want to be aware of.

When a build is parameterized, parameters are passed to the processes Jenkins launch as environment variables. So if you have a shell step (which uses bash by default), and if Eve only has a BUILD permission but not CONFIGURE permission, then Eve can exploit this vulnerability by carefully crafting parameter values, and have the bash runs arbitrary processes on the slave that run the build.

In most such scenarios, Eve would have to be an authenticated user on Jenkins. Jenkins also leaves the record of who triggered what build with what parameters, so there's an audit trail. But if your Jenkins fits this description, hopefully this serves as one more reason to update your bash.

Finally, to get notified of future security advisories from Jenkins, see this Wiki page.

Categories: Open Source

Jenkins in JavaOne 2014

Thu, 09/25/2014 - 01:25

There'll be several talks that touch Jenkins. The first is from me and Jesse called Next Step in Automation: Elastic Build Environment [CON3387] Monday 12:30pm.

Then later Tuesday, there's Building a Continuous Delivery Pipeline with Gradle and Jenkins [CON11237] from Benjamin Muschko of Gradleware.

Thursday has several Jenkins talks. One is The Deploy Factory: Open Source Tools for Java Deployment [CON1880] from Bruno Souza (aka the Java Man from Brazil) and Edson Yanaga. In this same time slot, guys from eBay are doing Platform Upgrades as a Service [CON5685], which discusses how they rely on automation to make platform upgrades painless. Then Mastering Continuous Delivery and DevOps [CON1844] from Michael Huttermann.

In the exhibit area, the Jenkins project doesn't have its own booth (JavaOne is too expensive for that), but I'll be at the CloudBees booth, so is Jesse Glick. Find us at the booth for any Jenkins questions or impromptu hacking session, which would really help us as we get distracted from the booth duties that way. Or just drop by to get stickers, pin badges, and other handouts to take for your colleagues.

And finally, Script Bowl 2014: The Battle Rages On [CON2939] gets an honorable mention because our own Tyler Croy is representing JRuby against other scripting languages, including my favorite Groovy. Hmm, who should I root for...

Categories: Open Source

More Jenkins-related continuous delivery events in Chicago, Washington DC, and San Francisco

Thu, 09/25/2014 - 00:54

The usual suspects, such as CloudBees, XebiaLabs, SOASTA, PuppetLabs, et al are doing a Jenkins-themed continuous delivery event series called "cdSummit." The event is free, has a nice mix of user/vendor talks, and has an appeal to managers and team leads who are working on and struggling with continuous delivery and automation.

I've spoken in the past events, and I enjoyed the high-level pitches from various speakers. The last two events at Paris and London filled up completely, so I suspect others have liked them, too.

If you live near Chicago, Washington DC, or San Francisco, check out the date and see if you can make it. RSVP is from here. If you do, be sure to pick up Jenkins stickers and pin badges!

Categories: Open Source

Jenkins Workflow Summit RSVP

Thu, 09/18/2014 - 02:47

As was discussed some time ago, the workflow summit is being organized, and it's open for RSVP.

Due to the overwhelming demand, I've increased the capacity this time to 50, but this is an unconference where everyone needs to participate, which means we really cannot have too many people without changing the dynamics of the event.

So please make sure you are willing to participate, as in not just listening and watching, but actually willing to speak. We expect you to bring something to the table — opinions, experiences, rants, presentations, feedbacks, etc. If you don't please let others take the seat, and rest assured we will give a presentation about workflow in JUC Bay Area.

If you understand the criteria, please RSVP is from here.

Categories: Open Source

Jenkins User Meet-up in Paris

Tue, 09/02/2014 - 23:49

My apologies for the last minute announcement, but there will be a Jenkins user meet-up in Paris on Sep 10th 7:00pm, which is just next week. The event is hosted by Zenika. You'll hear from Gregory Boissinot and Adrien Lecharpentier about plugin development, and I'll be talking about workflow.

It's been a while we do a meet-up in Paris. Looking forward to seeing as many of you as possible. The event is free, but please RSVP so that we know what to expect.

Categories: Open Source

JUC SF 2014 is Here!

Thu, 08/28/2014 - 23:09

JUC SF on October 23, 2014 is shaping up to be bigger and better this year.

Here’s what we have in store for you!

Three Tracks

We’ve received a record high of 40 stellar proposals this year. To accommodate the many community proposals, we’ve decide to add a third track to the agenda. JUC SF sessions are now available for you to view. We have speakers from Google, Target, Gap, Cloudera, Ebay, Chicago Drilling Company, and much more. Register now for early bird price. The early bird price is only good until September 21, 2014.

Live Stream

If you can’t attend the conference in person, Track 1 sessions will be available via live stream, it’s all free. Brought to you by CloudBees. Registration for JUC SF live stream is here.

Get Drunk on Code

Have a beer while learning how to write Jenkins plugin. Steve Christou, Jenkins support engineer will lead this lecture from 3:30pm to 6:00pm. He will teach everything from how to get started, to techniques like writing a new CLI Command, to writing your own builder.

Ask the Experts

Meet the Jenkins creator, committers, support engineers, and developers. We have dedicated time slot(s) for our attendees to get 1 on 1 access to our experts. Exact time is TBD. Ask them anything from plugins, configuration, technical support, to bug fixes.

Our current list of experts are:

  • Andrew Bayer
  • Gareth Bowles
  • Steve Christou
  • Jesse Glick
  • Kohsuke Kawaguchi
  • Dean Yu

Want to join our panel of experts? Contact Alyssa Tong aly13@gmail.com

Exhibit Mixer

Sixteen technology sponsors will be showcasing their newest technologies during the exhibition hour from 2:25 – 3:30pm. Grab a beer, visit with sponsors and see how they are using Jenkins.

This is just a taste of what you’ll see at JUC SF. We look forward to seeing you there!!

Categories: Open Source

Workflow plugin code walk-through

Thu, 08/28/2014 - 18:38

Jesse and I will walk through the source code of the workflow plugin, highlights key abstractions and extension points, and discuss how they are put together.

If you are interested in developing or retrofitting plugins to work with workflows, I think you'll find this session interesting.

The event will be on Google Hangout tomorrow. The time of the day is the same as usual office hours.

Categories: Open Source