chore(updatecli): keep default JENKINS_VERSION and WAR_SHA up to date

[lemeurherve]

This PR adds an updatecli manifest to keep the default JENKINS_VERSION and WAR_SHA values up to date.

Ref:

• Default JENKINS_VERSION should be updated more frequently #2165

Testing done

updatecli diff --config ./updatecli/updatecli.d/jenkins-version.yaml --values ./updatecli/values.github-action.yaml

+++++++++++
+ PREPARE +
+++++++++++

Loading Pipeline "./updatecli/updatecli.d/jenkins-version.yaml"

SCM repository retrieved: 1


++++++++++++++++++
+ AUTO DISCOVERY +
++++++++++++++++++



++++++++++++
+ PIPELINE +
++++++++++++



##########################################
# BUMP DEFAULT `JENKINS_VERSION` VERSION #
##########################################

source: source#latestVersion
--------------------
Searching for version matching pattern "\\d+\\.\\d+$"
✔ GitHub release version "jenkins-2.544" found matching pattern "\\d+\\.\\d+$" of kind "regex"
[transformers]
✔ Result correctly transformed from "jenkins-2.544" to "2.544"

condition: condition#isDockerImagePublished
--------------------------------
✔ docker image jenkins/jenkins:2.544 found

source: source#latestWarSha
-------------------
The shell 🐚 command "/bin/sh /var/folders/tp/wg7m13056jjgb2z1_jv07j1r0000gn/T/updatecli/bin/4da12af0bc4e12a7c2ade878679d24ea017b483133c3bab84e97bbeca4f7c531.sh" ran successfully with the following output:
----
58d2c25c42859d0423329221629c9d4f99e68d68cb50d7c61f4474c27938a973
----
✔ shell command executed successfully

target: target#updateDockerfilesJenkinsVersion
--------------------------------------

**Dry Run enabled**

⚠ The line #97, matched by the keyword "ARG" and the matcher "JENKINS_VERSION", is changed from "ARG JENKINS_VERSION" to "ARG JENKINS_VERSION=2.544".
⚠ The line #111, matched by the keyword "ARG" and the matcher "JENKINS_VERSION", is changed from "ARG JENKINS_VERSION" to "ARG JENKINS_VERSION=2.544".
⚠ The line #101, matched by the keyword "ARG" and the matcher "JENKINS_VERSION", is changed from "ARG JENKINS_VERSION" to "ARG JENKINS_VERSION=2.544".
⚠ The line #100, matched by the keyword "ARG" and the matcher "JENKINS_VERSION", is changed from "ARG JENKINS_VERSION" to "ARG JENKINS_VERSION=2.544".
⚠ - changed lines [97] of file "alpine/hotspot/Dockerfile", changed lines [111] of file "debian/Dockerfile", changed lines [101] of file "rhel/Dockerfile", changed lines [100] of file "windows/windowsservercore/hotspot/Dockerfile"


CHANGELOG:
----------

Title: jenkins-2.544
Published At: 2025-12-30 11:00:27 +0000 UTC
Link: https://github.com/jenkinsci/jenkins/releases/tag/jenkins-2.544
Description: _This is an automatically generated changelog draft for Jenkins weekly releases.
See https://www.jenkins.io/changelog/2.544/ for the official changelog for this release._

## 🐛 Bug fixes

* [JENKINS-75905](https://issue-redirect.jenkins.io/issue/75905) - Include update site URL in signature verification in error messages (#25980) @adhamahmad

All contributors: @NotMyFault, @adhamahmad, @jenkins-release-bot, @renovate[bot], @shbhmexe and [renovate[bot]](https://github.com/apps/renovate)


target: target#updateGoldenFiles
------------------------

**Dry Run enabled**

"tests/golden/expected_tags.txt" updated with [dry run] content "2.544"

[snip, nested script block breaking GH markdown...]

"tests/golden/expected_tags_latest_weekly.txt" updated with [dry run] content "2.544"

[snip, nested script block breaking GH markdown...]

"tests/golden/expected_tags_latest_lts.txt" updated with [dry run] content "2.544"

[snip, nested script block breaking GH markdown...]

⚠ - 3 file(s) updated with "2.544":
	* tests/golden/expected_tags.txt
	* tests/golden/expected_tags_latest_weekly.txt
	* tests/golden/expected_tags_latest_lts.txt


CHANGELOG:
----------

Title: jenkins-2.544
Published At: 2025-12-30 11:00:27 +0000 UTC
Link: https://github.com/jenkinsci/jenkins/releases/tag/jenkins-2.544
Description: _This is an automatically generated changelog draft for Jenkins weekly releases.
See https://www.jenkins.io/changelog/2.544/ for the official changelog for this release._

## 🐛 Bug fixes

* [JENKINS-75905](https://issue-redirect.jenkins.io/issue/75905) - Include update site URL in signature verification in error messages (#25980) @adhamahmad

All contributors: @NotMyFault, @adhamahmad, @jenkins-release-bot, @renovate[bot], @shbhmexe and [renovate[bot]](https://github.com/apps/renovate)


target: target#updateDockerBakeJenkinsVersion
-------------------------------------

**Dry Run enabled**

⚠ - changes detected:
	path "variable.JENKINS_VERSION.default" updated from "2.534" to "2.544" in file "docker-bake.hcl"


CHANGELOG:
----------

Title: jenkins-2.544
Published At: 2025-12-30 11:00:27 +0000 UTC
Link: https://github.com/jenkinsci/jenkins/releases/tag/jenkins-2.544
Description: _This is an automatically generated changelog draft for Jenkins weekly releases.
See https://www.jenkins.io/changelog/2.544/ for the official changelog for this release._

## 🐛 Bug fixes

* [JENKINS-75905](https://issue-redirect.jenkins.io/issue/75905) - Include update site URL in signature verification in error messages (#25980) @adhamahmad

All contributors: @NotMyFault, @adhamahmad, @jenkins-release-bot, @renovate[bot], @shbhmexe and [renovate[bot]](https://github.com/apps/renovate)


target: target#updateDockerBakeWarSha
-----------------------------

**Dry Run enabled**

⚠ - changes detected:
	path "variable.WAR_SHA.default" updated from "fcf13a8ebbe69d678608cc4b3885ece7d7e697d6da4c3691025a06968ddef228" to "58d2c25c42859d0423329221629c9d4f99e68d68cb50d7c61f4474c27938a973" in file "docker-bake.hcl"


ACTIONS
========

No target found for action "default"

=============================

SUMMARY:



⚠ Bump default `JENKINS_VERSION` version:
	Source:
		✔ [latestVersion] Get latest Jenkins Core release version
		✔ [latestWarSha] Get latest Jenkins Core sha256 checksum
	Condition:
		✔ [isDockerImagePublished] Check if the docker image has been published
	Target:
		⚠ [updateDockerBakeJenkinsVersion] Update default value of JENKINS_VERSION in docker-bake.hcl
		⚠ [updateDockerBakeWarSha] Update default value of WAR_SHA in docker-bake.hcl
		⚠ [updateDockerfilesJenkinsVersion] Update value of JENKINS_VERSION in Dockerfile
		⚠ [updateGoldenFiles] Update value of JENKINS_VERSION in golden files


Run Summary
===========
Pipeline(s) run:
  * Changed:	1
  * Failed:	0
  * Skipped:	0
  * Succeeded:	0
  * Total:	1

Submitter checklist

• Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
• Ensure that the pull request title represents the desired changelog entry
• Please describe what you did
• Link to relevant issues in GitHub or Jira
• Link to relevant pull requests, esp. upstream and downstream changes
• Ensure you have provided tests that demonstrate the feature works or the issue is fixed

[lemeurherve]

Suggested change

	command: curl --disable --fail --silent --show-error --location "https://repo.jenkins-ci.org/releases/org/jenkins-ci/main/jenkins-war/{{ source "latestVersion" }}/jenkins-war-{{ source "latestVersion" }}.war.sha256"
	command: gh release view "jenkins-{{ source "latestVersion" }}" --repo jenkinsci/jenkins --json assets --jq '.assets[] | select(.name == "jenkins.war").digest' | sed 's/sha256://'

FWIW, I had the command above in my first draft, replaced to use the same as in

docker/.ci/publish.sh

Line 85 in 52d8ee8

WAR_SHA="$(curl --disable --fail --silent --show-error --location "https://repo.jenkins-ci.org/releases/org/jenkins-ci/main/jenkins-war/${JENKINS_VERSION}/jenkins-war-${JENKINS_VERSION}.war.sha256")"

even if in that case it's more about the Core GH release as signal than the availability of the sha256 from JFrog artifactory, not really in the dependency path of the resulting update.

[lemeurherve]

Note: no update for the LTS golden file, as it now properly uses the simulated LTS JENKINS_VERSION and not the default JENKINS_VERSION.

The update of this LTS golden file is done with #2172

Ref:

• chore(tests): use a LTS JENKINS_VERSION for expected_tags_latest_lts #2184

[timja]

https://updates.jenkins.io/latestCore.txt is the official method of getting the latest core version

[lemeurherve]

Thanks, addressed in 4347b7e

[lemeurherve]

Not sure why no PR has been opened by updatecli, No target found for action "default"

from last logs on master

https://github.com/jenkinsci/docker/actions/runs/20894353415/job/60030463486:

<snip>
##########################################
# BUMP DEFAULT `JENKINS_VERSION` VERSION #
##########################################

Pipeline ID	: 9d0d7648ae1697150c1ed0caf71e31295a764a760d497c32bc26b381fb04263f

source: latestVersion
---------------------

✔ content: found from file "https://updates.jenkins.io/latestCore.txt":
2.545

source: latestWarSha
--------------------

The shell 🐚 command "/bin/sh /tmp/updatecli/bin/a8b7b192ed4d906c0ebe839f884e297c54840ac25690b9435be4f90d7a8c06d3.sh" ran successfully with the following output:
----
d9be5cd8090074b859b264f89e19e78e3b28efd0acdf6a47e1d12d5d2bd68ad5
----
✔ shell command executed successfully

condition: isDockerImagePublished
---------------------------------

✔ docker image jenkins/jenkins:2.545 found

target: updateJenkinsVersionInDockerfiles
-----------------------------------------

⚠ The line #97, matched by the keyword "ARG" and the matcher "JENKINS_VERSION", is changed from "ARG JENKINS_VERSION" to "ARG JENKINS_VERSION=2.545".
⚠ The line #111, matched by the keyword "ARG" and the matcher "JENKINS_VERSION", is changed from "ARG JENKINS_VERSION" to "ARG JENKINS_VERSION=2.545".
⚠ The line #101, matched by the keyword "ARG" and the matcher "JENKINS_VERSION", is changed from "ARG JENKINS_VERSION" to "ARG JENKINS_VERSION=2.545".
⚠ The line #100, matched by the keyword "ARG" and the matcher "JENKINS_VERSION", is changed from "ARG JENKINS_VERSION" to "ARG JENKINS_VERSION=2.545".
⚠ - changed lines [97] of file "alpine/hotspot/Dockerfile", changed lines [111] of file "debian/Dockerfile", changed lines [101] of file "rhel/Dockerfile", changed lines [100] of file "windows/windowsservercore/hotspot/Dockerfile"
---

No follow up action needed

---
Pipeline Name	: Bump JDK17 version
Pipeline ID	: 04b8a347a72ce9b63c57d30f47d1466887f35fcae7350f100cc85d0dd91226ab
Dry run		: false
Repository	: github.com/jenkinsci/docker@master
Action		: Bump JDK17 version to 17.0.17+10
---

No follow up action needed

---
Pipeline Name	: Bump JDK21 version
Pipeline ID	: f4216179a539a84d143597af9f2887ecffc2bc2b733e2fc82c6f261242ebe949
Dry run		: false
Repository	: github.com/jenkinsci/docker@master
Action		: Bump JDK21 version to 21.0.9+10
---

No follow up action needed

---
Pipeline Name	: Bump JDK25 version
Pipeline ID	: 932f2f152a8db6f3b690de963d39fe4815d817cd16c13784a2076883b3f7721d
Dry run		: false
Repository	: github.com/jenkinsci/docker@master
Action		: Bump JDK25 version to 25.0.1+8
---

No follow up action needed

---
Pipeline Name	: Bump default `JENKINS_VERSION` version
Pipeline ID	: 9d0d7648ae1697150c1ed0caf71e31295a764a760d497c32bc26b381fb04263f
Dry run		: false
Repository	: github.com/jenkinsci/docker@master
Action		: Bump default `JENKINS_VERSION` to 2.545
---

No target found for action "default"

---
Pipeline Name	: Bump RHEL version
Pipeline ID	: 5e27d7ce15b42708f780fc2446b920cc1c4fb1a2e5080122db4caa907ab4ad05
Dry run		: false
Repository	: github.com/jenkinsci/docker@master
Action		: Bump RHEL version to 9.7-1767674301
---

No follow up action needed

---
Pipeline Name	: Bump shellcheck version
Pipeline ID	: beae1710546e9d48d7a7628660df4e6fa674949cc9d3ab506915e1c647884e5d
Dry run		: false
Repository	: github.com/jenkinsci/docker@master
Action		: Bump `shellcheck` version to 0.11.0
---

No follow up action needed

=============================

SUMMARY:

✔ Bump Alpine version:
	Source:
		✔ [latestVersion] Get the latest Alpine Linux version
	Condition:
		✔ [testDockerImageExists] Does the Docker Image exist on the Docker Hub?
		✔ [testDockerfileArg] Does the Dockerfile have an ARG instruction for the Alpine Linux version?
	Target:
		✔ [updateDockerBake] Update the value of the base image (ARG ALPINE_TAG) in the docker-bake.hcl
		      * Repository: https://github.com/jenkinsci/docker.git (branch: master)
		✔ [updateDockerfile] Update the value of the JDK base image (ARG ALPINE_TAG) in the Dockerfile
		      * Repository: https://github.com/jenkinsci/docker.git (branch: master)


✔ Bump `git-lfs` version:
	Source:
		✔ [lastReleaseVersion] Get the latest `git-lfs` release version
	Target:
		✔ [updateVersion] Update `git-lfs` version in debian dockerfile
		      * Repository: https://github.com/jenkinsci/docker.git (branch: master)


✔ Bump hadolint version:
	Source:
		✔ [lastReleaseVersion] Get the latest hadolint release version
	Target:
		✔ [updateVersion] Update the `hadolint` version in the tools/hadolint script
		      * Repository: https://github.com/jenkinsci/docker.git (branch: master)


✔ Bump JDK17 version:
	Source:
		✔ [lastVersion] Get the latest Adoptium JDK17 version
	Condition:
		✔ [checkTemurinAllReleases] Check if the "<lastVersion>" is available for all platforms
	Target:
		✔ [setJDK17Version] Bump JDK17 version in Dockerfiles
		      * Repository: https://github.com/jenkinsci/docker.git (branch: master)
		✔ [setJDK17VersionDockerBake] Bump JDK17 version for Linux images in the docker-bake.hcl file
		      * Repository: https://github.com/jenkinsci/docker.git (branch: master)


✔ Bump JDK21 version:
	Source:
		✔ [lastTemurin21Version] Get the latest Adoptium JDK21 version via the API
	Condition:
		✔ [checkTemurinAllReleases] Check if the "<lastTemurin21Version>" is available for all platforms
	Target:
		✔ [setJDK21VersionDockerBake] Bump JDK21 version for Linux images in the docker-bake.hcl file
		      * Repository: https://github.com/jenkinsci/docker.git (branch: master)
		✔ [setJDK21VersionWindowsDockerCompose] Bump JDK21 version in build-windows.yaml
		      * Repository: https://github.com/jenkinsci/docker.git (branch: master)


✔ Bump JDK25 version:
	Source:
		✔ [lastTemurin25Version] Get the latest Adoptium JDK25 version via the API
	Condition:
		✔ [checkTemurinAllReleases] Check if the "<lastTemurin25Version>" is available for all platforms
	Target:
		✔ [setJDK25VersionDockerBake] Bump JDK25 version for Linux images in the docker-bake.hcl file
		      * Repository: https://github.com/jenkinsci/docker.git (branch: master)
		✔ [setJDK25VersionWindowsDockerCompose] Bump JDK25 version in build-windows.yaml
		      * Repository: https://github.com/jenkinsci/docker.git (branch: master)


✔ Bump RHEL version:
	Source:
		✔ [latestVersion] Get latest RHEL version
		✔ [releaseLine] Get the current Debian release line
	Condition:
		✔ [checkDockerImage] Check if container image of the current RHEL release line is available
	Target:
		✔ [updateDockerBake] Update default value of variable RHEL_TAG in docker-bake.hcl
		      * Repository: https://github.com/jenkinsci/docker.git (branch: master)
		✔ [updateDockerfile] Update value of base image (ARG RHEL_TAG) in Dockerfile
		      * Repository: https://github.com/jenkinsci/docker.git (branch: master)


✔ Bump shellcheck version:
	Source:
		✔ [lastReleaseVersion] Get the latest shellcheck release version
	Target:
		✔ [updateVersion] Update the `shellcheck` version in the tools/shellcheck script
		      * Repository: https://github.com/jenkinsci/docker.git (branch: master)


- Bump Debian version:
	Source:
		✔ [latestVersion] Get the latest Debian version
		✔ [releaseLine] Get the current Debian release line
	Condition:
		✗ [checkArchitecturesAvailability] Check if container image is available for all architectures
		✔ [testDockerfileArg] Does the Dockerfile have an ARG instruction for the Debian version?
		✔ [testVersionInBakeFile] Does the bake file have variable DEBIAN_VERSION
	Target:
		- [updateDockerBake] Update the value of the base image DEBIAN_VERSION in the docker-bake.hcl
		      * Repository: https://github.com/jenkinsci/docker.git (branch: master)
		- [updateDockerfile] Update the value of the base image (ARG DEBIAN_VERSION) in the Dockerfile
		      * Repository: https://github.com/jenkinsci/docker.git (branch: master)


⚠ Bump default `JENKINS_VERSION` version:
	Source:
		✔ [latestVersion] Get latest Jenkins Core release version
		✔ [latestWarSha] Get latest Jenkins Core sha256 checksum
	Condition:
		✔ [isDockerImagePublished] Check if the docker image has been published
	Target:
		⚠ [updateJenkinsVersionInDockerBake] Update default value of JENKINS_VERSION in docker-bake.hcl
		⚠ [updateJenkinsVersionInDockerfiles] Update value of JENKINS_VERSION in Dockerfile
		⚠ [updateJenkinsVersionInGoldenFiles] Update value of JENKINS_VERSION in (weekly) golden files
		⚠ [updateWarShaInDockerBake] Update default value of WAR_SHA in docker-bake.hcl


Run Summary
===========
Pipeline(s) run:
  * Changed:	1
  * Failed:	0
  * Skipped:	1
  * Succeeded:	8
  * Total:	10