Cookbook 24.04 migration (#147)

* 24.04 migration: Update Jenkins to latest LTS with updated plugins (#141)

* Update plugin install and removal

Signed-off-by: Crola1702 <[email protected]>

* Fix plugin_remove_filter undefined variable

Signed-off-by: Crola1702 <[email protected]>

* Upgrade publish-over-ssh to 1.24 in plugin list

This plugin had a security vulnerability, this is explained in 263f7d2.

Now https://plugins.jenkins.io/publish-over-ssh/ shows that security vulnerabilities were affecting versions 1.23 and earlier, so this is a bump to 1.24, where these vulnerabilities are not present anymore

Signed-off-by: Crola1702 <[email protected]>

* Update jenkins version

Signed-off-by: Crola1702 <[email protected]>

* Move plugins template file

Signed-off-by: Crola1702 <[email protected]>

* Upgrade openjdk version 8->21

Signed-off-by: Crola1702 <[email protected]>

* Update plugin list

Signed-off-by: Crola1702 <[email protected]>

* Apply suggested changes from  CasC plugin

* 'gitSCM' is an obsolete attribute name, please use 'scmGit'
* 'timestamperConfig' is an obsolete attribute name, please use 'timestamper'

* Parametrize jenkins jdk version from attributes

Signed-off-by: Crola1702 <[email protected]>

* Move plugin removal to plugins recipe

Signed-off-by: Crola1702 <[email protected]>

---------

Signed-off-by: Crola1702 <[email protected]>
Co-authored-by: root <[email protected]>

* 24.04 migration: Authentication Strategy (#142)

* Update plugin install and removal

Signed-off-by: Crola1702 <[email protected]>

* Move plugins template file

Signed-off-by: Crola1702 <[email protected]>

* Move plugin removal to plugins recipe

Signed-off-by: Crola1702 <[email protected]>

* Put authentication scripts and old resources in auth_strategy.groovy

Signed-off-by: Crola1702 <[email protected]>

* Fix syntax error

Signed-off-by: Crola1702 <[email protected]>

* Fix user creation script

Signed-off-by: Crola1702 <[email protected]>

* Use correct strategy in attributes and actually save the user

Signed-off-by: Crola1702 <[email protected]>

* Use mode 0500 for groovy scripts in init.groovy.d

Signed-off-by: Crola1702 <[email protected]>

---------

Signed-off-by: Crola1702 <[email protected]>

* 24.04 migration: Credentials (#143)

* Update plugin install and removal

Signed-off-by: Crola1702 <[email protected]>

* Fix plugin_remove_filter undefined variable

Signed-off-by: Crola1702 <[email protected]>

* Upgrade publish-over-ssh to 1.24 in plugin list

This plugin had a security vulnerability, this is explained in 263f7d2.

Now https://plugins.jenkins.io/publish-over-ssh/ shows that security vulnerabilities were affecting versions 1.23 and earlier, so this is a bump to 1.24, where these vulnerabilities are not present anymore

Signed-off-by: Crola1702 <[email protected]>

* Move plugins template file

Signed-off-by: Crola1702 <[email protected]>

* Upgrade openjdk version 8->21

Signed-off-by: Crola1702 <[email protected]>

* Move plugin removal to plugins recipe

Signed-off-by: Crola1702 <[email protected]>

* Fix syntax error

Signed-off-by: Crola1702 <[email protected]>

* Fix user creation script

Signed-off-by: Crola1702 <[email protected]>

* Fixed double variable declared

Signed-off-by: Crola1702 <[email protected]>

* Migrate credentials resources to groovy scripts

Signed-off-by: Crola1702 <[email protected]>

* Fix groovy syntax errors

Signed-off-by: Crola1702 <[email protected]>

* Remove credentials todos

Signed-off-by: Crola1702 <[email protected]>

* Use mode 0500 for groovy scripts in init.groovy.d

Signed-off-by: Crola1702 <[email protected]>

---------

Signed-off-by: Crola1702 <[email protected]>

* 24.04 migration: Agents (#145)

* Update plugin install and removal

Signed-off-by: Crola1702 <[email protected]>

* Fix plugin_remove_filter undefined variable

Signed-off-by: Crola1702 <[email protected]>

* Upgrade publish-over-ssh to 1.24 in plugin list

This plugin had a security vulnerability, this is explained in 263f7d2.

Now https://plugins.jenkins.io/publish-over-ssh/ shows that security vulnerabilities were affecting versions 1.23 and earlier, so this is a bump to 1.24, where these vulnerabilities are not present anymore

Signed-off-by: Crola1702 <[email protected]>

* Update jenkins version

Signed-off-by: Crola1702 <[email protected]>

* Move plugins template file

Signed-off-by: Crola1702 <[email protected]>

* Upgrade openjdk version 8->21

Signed-off-by: Crola1702 <[email protected]>

* Update plugin list

Signed-off-by: Crola1702 <[email protected]>

* Apply suggested changes from  CasC plugin

* 'gitSCM' is an obsolete attribute name, please use 'scmGit'
* 'timestamperConfig' is an obsolete attribute name, please use 'timestamper'

* Parametrize jenkins jdk version from attributes

Signed-off-by: Crola1702 <[email protected]>

* Move plugin removal to plugins recipe

Signed-off-by: Crola1702 <[email protected]>

* Put authentication scripts and old resources in auth_strategy.groovy

Signed-off-by: Crola1702 <[email protected]>

* Fix syntax error

Signed-off-by: Crola1702 <[email protected]>

* Fix user creation script

Signed-off-by: Crola1702 <[email protected]>

* Use correct strategy in attributes and actually save the user

Signed-off-by: Crola1702 <[email protected]>

* Fixed double variable declared

Signed-off-by: Crola1702 <[email protected]>

* Migrate credentials resources to groovy scripts

Signed-off-by: Crola1702 <[email protected]>

* Fix groovy syntax errors

Signed-off-by: Crola1702 <[email protected]>

* Remove credentials todos

Signed-off-by: Crola1702 <[email protected]>

* Agent: Parametrize java version

Signed-off-by: Crola1702 <[email protected]>

* Add bzip2 package dependecy

Signed-off-by: Crola1702 <[email protected]>

* Add bzip2 comment

Signed-off-by: Crola1702 <[email protected]>

---------

Signed-off-by: Crola1702 <[email protected]>
Co-authored-by: root <[email protected]>

* Update to latest jenkins version

Signed-off-by: Crola1702 <[email protected]>

* Remove deprecated agentProtocols section

From: https://www.jenkins.io/doc/upgrade-guide/2.492/:

'The agentProtocols section of a configuration as code global configuration should be deleted because it will now be ignored. If you do not wish to allow inbound TCP agents, disable the port instead of the protocol.'

Signed-off-by: Crola1702 <[email protected]>

* Use environment override attributes

Signed-off-by: Crola1702 <[email protected]>

* Add jenkins to jenkins-agent group

Groovy system scripts use the master node user, i.e., jenkins (See https://github.com/ros-infrastructure/ros_buildfarm/blob/4a6c69587a04834fe99d6adbc3db124f2c6d109c/ros_buildfarm/templates/snippet/builder_system-groovy.xml.em#L1-L15).
This is a problem, as the reconfigure jobs need access to views under jenkins-agent user workspace

Everything under /home/jenkins-agent has 750 permissions, so jenkins user does not have access by default.
Adding jenkins to the group will give the jenkins admin access to the jenkins agent data.

Signed-off-by: Crola1702 <[email protected]>

* Upgrade jenkins to 492.2

Signed-off-by: Crola1702 <[email protected]>

* Approve signatures using groovy script (#149)

* Approve signatures using groovy script

Signed-off-by: Crola1702 <[email protected]>

* Use 99 to run approved_signatures at the end

Signed-off-by: Crola1702 <[email protected]>

* Fix acme.sh not_if clause

Signed-off-by: Crola1702 <[email protected]>

* DEBUG: Comment approved-signatures script

Signed-off-by: Crola1702 <[email protected]>

* Restore approved_scripts.groovy

Signed-off-by: Crola1702 <[email protected]>

* Set order of init.groovy.d scripts

Signed-off-by: Crola1702 <[email protected]>

* Remove remotingSecurity

See: https://www.jenkins.io/doc/book/security/controller-isolation/jep-235/#api-compatibility

Signed-off-by: Crola1702 <[email protected]>

* Comment approved signatures script

Signed-off-by: Crola1702 <[email protected]>

* Stop clearingAPprovedSignatures before acutally approving some

Signed-off-by: Crola1702 <[email protected]>

* Remove scriptApproval attribute

We're using an approval_signatures.groovy script instead

Signed-off-by: Crola1702 <[email protected]>

---------

Signed-off-by: Crola1702 <[email protected]>

* Fix typo in gpg private-key

Signed-off-by: Crola1702 <[email protected]>

* Fix typo in gpg private-key (again)

Signed-off-by: Crola1702 <[email protected]>

* Revert "Fix typo in gpg private-key (again)"

See osrf/chef-osrf#303

This reverts commit 3773a05.

* Add jenkins-agent to needrestart overrides.

needrestart in 24.04 now runs for both attended and unattended upgrades.
It has a built-in list of long-running services which should not be
restarted arbitrarily but need to include our jenkins-agent since it may
be running jobs and shouldn't be stopped by an unattended-upgrade run.

* Prevent needrestart from restarting jenkins.

Jenkins is heavy enough that an inconvenient or unplanned restart is
quite disruptive.

* Add noble in the apt_repos suite

Signed-off-by: Crola1702 <[email protected]>

* Fix acme.sh not_if clause

Signed-off-by: Crola1702 <[email protected]>

* Add a Groovy script for configuring a sensible default view.

* Move approved-signatures script to cookbook_file

Signed-off-by: Crola1702 <[email protected]>

* Add missing production hashes

Signed-off-by: Crola1702 <[email protected]>

* Add Hudson model import

Signed-off-by: Crola1702 <[email protected]>

* Explicitly state why is bzip2 needed

Signed-off-by: Crola1702 <[email protected]>

---------

Signed-off-by: Crola1702 <[email protected]>
Co-authored-by: root <[email protected]>
Co-authored-by: Steven! Ragnarök <[email protected]>

Author: 3 people

attributes/agent.rb

@@ -30,5 +30,8 @@
 # The example build farm configurations assume that the 'buildagent' label is the default for building sourcedeb and binarydeb packages. Other labels may be used to control where other jobs run.
 default['ros_buildfarm']['agent']['labels'] = %w(buildagent)
 
+# JDK version to install
+default['ros_buildfarm']['agent']['jdk_version'] = 21
+
 # Prevents docker and containerd from getting updates and restarting mid build. See https://github.com/ros2/ci/issues/702
 default['ros_buildfarm']['unattended_upgrades']['package_blacklist'] = %w[docker.io containerd]

attributes/jenkins.rb

@@ -23,4 +23,7 @@
 # Last version supporting Java 8
 #default['jenkins']['master']['version'] = '2.346.1'
 # Last version supporting sysvinit scripts
-default['jenkins']['master']['version'] = '2.319.3'
+default['jenkins']['master']['version'] = '2.492.2'
+
+# JDK version to install
+default['jenkins']['master']['jdk_version'] = 21

attributes/plugins.rb

@@ -1,114 +1,130 @@
 default['ros_buildfarm']['jenkins']['plugins'] = {
-  "PrioritySorter" => "4.0.0",
-  "ace-editor" => "1.1",
-  "analysis-model-api" => "10.0.0",
-  "ant" => "1.9",
-  "antisamy-markup-formatter" => "2.1",
-  "apache-httpcomponents-client-4-api" => "4.5.13-1.0",
-  "audit-trail" => "3.7",
-  "badge" => "1.6",
+  "PrioritySorter" => "5.2.0",
+  "analysis-model-api" => "12.9.1",
+  "ant" => "511.v0a_a_1a_334f41b_",
+  "antisamy-markup-formatter" => "162.v0e6ec0fcfcf6",
+  "apache-httpcomponents-client-4-api" => "4.5.14-208.v438351942757",
+  "apache-httpcomponents-client-5-api" => "5.4-124.v31e2987e48f4",
+  "asm-api" => "9.7.1-97.v4cc844130d97",
+  "audit-trail" => "382.vf64d6f626060",
+  "badge" => "2.5",
   "bazaar" => "1.22",
-  #"benchmark" => "1.0.12-SNAPSHOT (private-50491052-cottsay)",
-  "bootstrap4-api" => "4.6.0-3",
-  "bouncycastle-api" => "2.17",
-  "branch-api" => "2.6.3",
-  "build-timeout" => "1.20",
-  "caffeine-api" => "2.9.1-23.v51c4e2c879c8",
-  "checks-api" => "1.7.0",
-  "cloudbees-folder" => "6.15",
-  "collapsing-console-sections" => "1.8.0",
-  "command-launcher" => "1.2",
-  "conditional-buildstep" => "1.3.6",
-  "configuration-as-code" => "1.51",
-  "copyartifact" => "1.45.2",
-  "credentials" => "2.4.1",
-  "credentials-binding" => "1.24",
-  "dashboard-view" => "2.16",
-  "data-tables-api" => "1.10.23-3",
-  "description-setter" => "1.10",
+  "bootstrap5-api" => "5.3.3-1",
+  "bouncycastle-api" => "2.30.1.78.1-248.ve27176eb_46cb_",
+  "branch-api" => "2.1200.v4b_a_3da_2eb_db_4",
+  "build-timeout" => "1.33",
+  "caffeine-api" => "3.1.8-133.v17b_1ff2e0599",
+  "checks-api" => "2.2.1",
+  "cloudbees-folder" => "6.975.v4161e479479f",
+  "collapsing-console-sections" => "1.10.0",
+  "command-launcher" => "116.vd85919c54a_d6",
+  "commons-compress-api" => "1.26.1-2",
+  "commons-lang3-api" => "3.17.0-84.vb_b_938040b_078",
+  "commons-text-api" => "1.12.0-129.v99a_50df237f7",
+  "conditional-buildstep" => "1.4.3",
+  "configuration-as-code" => "1903.v004d55388f30",
+  "copyartifact" => "757.v05365583a_455",
+  "credentials" => "1393.v6017143c1763",
+  "credentials-binding" => "687.v619cb_15e923f",
+  "dashboard-view" => "2.521.v339b_a_f4d8da_8",
+  "data-tables-api" => "2.1.8-1",
+  "description-setter" => "258.vcd25251271a_a_",
   "disable-failed-job" => "1.15",
-  "display-url-api" => "2.3.4",
-  "dtkit-api" => "3.0.0",
-  "durable-task" => "1.27",
-  "echarts-api" => "5.1.0-2",
-  "email-ext" => "2.78",
-  "embeddable-build-status" => "2.0.2",
-  "external-monitor-job" => "1.7",
-  "extra-columns" => "1.23",
-  "font-awesome-api" => "5.15.2-2",
-  "forensics-api" => "1.0.0",
-  "ghprb" => "1.42.1",
-  "git" => "4.7.1",
-  "git-client" => "3.7.1",
-  "git-forensics" => "1.0.0",
-  "git-server" => "1.9",
-  "github" => "1.29.5",
-  "github-api" => "1.95",
-  "github-branch-source" => "2.5.8",
-  "github-oauth" => "0.33",
-  "greenballs" => "1.15",
-  "groovy" => "2.2",
-  "groovy-postbuild" => "2.4.3",
+  "display-url-api" => "2.209.v582ed814ff2f",
+  "dtkit-api" => "3.0.3",
+  "durable-task" => "581.v299a_5609d767",
+  "echarts-api" => "5.5.1-4",
+  "eddsa-api" => "0.3.0-4.v84c6f0f4969e",
+  "email-ext" => "1866.v14fa_6d201654",
+  "embeddable-build-status" => "487.va_0ef04c898a_2",
+  "emoji-symbols-api" => "13.v723a_b_8e234d1",
+  "external-monitor-job" => "215.v2e88e894db_f8",
+  "extra-columns" => "1.27",
+  "font-awesome-api" => "6.6.0-2",
+  "forensics-api" => "2.6.0",
+  "ghprb" => "1.42.2",
+  "git" => "5.6.0",
+  "git-client" => "6.1.0",
+  "git-forensics" => "2.2.1",
+  "git-server" => "126.v0d945d8d2b_39",
+  "github" => "1.40.0",
+  "github-api" => "1.321-478.vc9ce627ce001",
+  "github-branch-source" => "1807.v50351eb_7dd13",
+  "github-oauth" => "621.v33b_4394dda_4d",
+  "groovy" => "457.v99900cb_85593",
+  "groovy-postbuild" => "267.va_df06de9fa_fa_",
+  "gson-api" => "2.11.0-85.v1f4e87273c33",
   "heavy-job" => "1.1",
-  "htmlpublisher" => "1.21",
-  #"image-gallery" => "1.5-SNAPSHOT (private-d17880bb-cottsay)",
-  "jackson2-api" => "2.12.3",
-  "javadoc" => "1.4",
-  "jdk-tool" => "1.1",
-  "jobConfigHistory" => "2.18.3",
+  "htmlpublisher" => "1.37",
+  "instance-identity" => "201.vd2a_b_5a_468a_a_6",
+  "ionicons-api" => "74.v93d5eb_813d5f",
+  "jackson2-api" => "2.17.0-379.v02de8ec9f64c",
+  "jakarta-activation-api" => "2.1.3-1",
+  "jakarta-mail-api" => "2.1.3-1",
+  "javadoc" => "280.v050b_5c849f69",
+  "javax-activation-api" => "1.2.0-7",
+  "javax-mail-api" => "1.6.2-10",
+  "jaxb" => "2.3.9-1",
+  "jdk-tool" => "80.v8a_dee33ed6f0",
+  "jjwt-api" => "0.11.5-112.ve82dfb_224b_a_d",
+  "jobConfigHistory" => "1283.veb_dfb_00b_5ec0",
   "jobrequeue" => "1.1",
-  "jquery" => "1.12.4-0",
-  "jquery-detached" => "1.2.1",
-  "jquery3-api" => "3.6.0-1",
-  "jsch" => "0.1.55.2",
-  "junit" => "1.49",
-  "ldap" => "1.26",
-  "log-parser" => "2.1",
-  "mailer" => "1.32.1",
-  "mapdb-api" => "1.0.9.0",
-  "matrix-auth" => "2.6.6",
-  "matrix-project" => "1.18",
-  "maven-plugin" => "3.4",
-  "mercurial" => "2.14",
-  "metrics" => "3.1.2.10",
-  "modernstatus" => "1.2",
-  "monitoring" => "1.80.0",
-  "pam-auth" => "1.5.1",
-  "parameterized-trigger" => "2.40",
-  "pipeline-utility-steps" => "2.5.0",
-  "plain-credentials" => "1.7",
-  "plot" => "2.1.6",
-  "plugin-util-api" => "2.1.0",
-  "pollscm" => "1.3.1",
-  "popper-api" => "1.16.1-2",
+  "jquery" => "1.12.4-3",
+  "jquery3-api" => "3.7.1-2",
+  "jsch" => "0.2.16-86.v42e010d9484b_",
+  "json-api" => "20240303-101.v7a_8666713110",
+  "json-path-api" => "2.9.0-118.v7f23ed82a_8b_8",
+  "junit" => "1311.v39e1716e4eb_e",
+  "ldap" => "770.vb_455e934581a_",
+  "log-parser" => "2.3.7",
+  "mailer" => "489.vd4b_25144138f",
+  "mapdb-api" => "1.0.9-40.v58107308b_7a_7",
+  "matrix-auth" => "3.2.3",
+  "matrix-project" => "840.v812f627cb_578",
+  "maven-plugin" => "3.24",
+  "mercurial" => "1260.vdfb_723cdcc81",
+  "metrics" => "4.2.21-458.vcf496cb_839e4",
+  "mina-sshd-api-common" => "2.14.0-136.v4d2b_0853615e",
+  "mina-sshd-api-core" => "2.14.0-136.v4d2b_0853615e",
+  "modernstatus" => "1.3",
+  "monitoring" => "2.4.0",
+  "okhttp-api" => "4.11.0-181.v1de5b_83857df",
+  "pam-auth" => "1.11",
+  "parameterized-trigger" => "806.vf6fff3e28c3e",
+  "pipeline-groovy-lib" => "744.v5b_556ee7c253",
+  "pipeline-utility-steps" => "2.18.0",
+  "plain-credentials" => "183.va_de8f1dd5a_2b_",
+  "plot" => "2.2.0",
+  "plugin-util-api" => "5.1.0",
+  "pollscm" => "1.5",
+  "prism-api" => "1.29.0-18",
   "publish-over" => "0.22",
-  #"publish-over-ssh" => "1.22",
-  "purge-build-queue-plugin" => "1.0",
-  "rebuild" => "1.31",
-  "run-condition" => "1.2",
-  "scm-api" => "2.6.4",
-  "script-security" => "1.76",
-  "snakeyaml-api" => "1.27.0",
-  "ssh-agent" => "1.17",
-  "ssh-credentials" => "1.18.1",
-  "ssh-slaves" => "1.28.1",
-  "structs" => "1.24",
-  "subversion" => "2.14.0",
-  "swarm" => "3.22",
+  "publish-over-ssh" => "383.v4eb_4c44da_2dd",
+  "purge-build-queue-plugin" => "88.v23b_97b_f2c7a_d",
+  "rebuild" => "332.va_1ee476d8f6d",
+  "run-condition" => "1.7",
+  "scm-api" => "698.v8e3b_c788f0a_6",
+  "script-security" => "1369.v9b_98a_4e95b_2d",
+  "snakeyaml-api" => "2.3-123.v13484c65210a_",
+  "ssh-agent" => "376.v8933585c69d3",
+  "ssh-credentials" => "349.vb_8b_6b_9709f5b_",
+  "ssh-slaves" => "2.1010.v64ec48721231",
+  "sshd" => "3.330.vc866a_8389b_58",
+  "structs" => "338.v848422169819",
+  "subversion" => "1281.vc8837f91a_07a_",
+  "swarm" => "3.48",
   "systemloadaverage-monitor" => "1.2",
-  "timestamper" => "1.11.3",
-  "token-macro" => "2.15",
-  "translation" => "1.16",
-  "trilead-api" => "1.0.13",
-  "warnings-ng" => "9.0.1",
-  #"windows-slaves" => "1.3.1", # Delisted https://github.com/jenkinsci/windows-slaves-plugin?tab=readme-ov-file#notice-of-deprecation
-  "workflow-api" => "2.42",
-  "workflow-cps" => "2.90",
-  "workflow-cps-global-lib" => "2.15",
-  "workflow-job" => "2.40",
-  "workflow-multibranch" => "2.23",
-  "workflow-scm-step" => "2.12",
-  "workflow-step-api" => "2.23",
-  "workflow-support" => "3.8",
-  "xunit" => "3.0.2",
+  "timestamper" => "1.28",
+  "token-macro" => "400.v35420b_922dcb_",
+  "trilead-api" => "2.147.vb_73cc728a_32e",
+  "variant" => "60.v7290fc0eb_b_cd",
+  "warnings-ng" => "11.12.0",
+  "workflow-api" => "1336.vee415d95c521",
+  "workflow-cps" => "4000.v5198556e9cea_",
+  "workflow-job" => "1472.ve4d5eca_143c4",
+  "workflow-multibranch" => "795.ve0cb_1f45ca_9a_",
+  "workflow-scm-step" => "427.v4ca_6512e7df1",
+  "workflow-step-api" => "678.v3ee58b_469476",
+  "workflow-support" => "936.v9fa_77211ca_e1",
+  "xunit" => "3.1.5",
 }

attributes/repo.rb

@@ -9,7 +9,7 @@
 default['ros_buildfarm']['apt_repos']['architectures'] = %w[i386 amd64 arm64 armhf source]
 
 # The list of Debian and Ubuntu distributions supported by your build farm.
-default['ros_buildfarm']['apt_repos']['suites'] = %w[xenial bionic focal stretch buster]
+default['ros_buildfarm']['apt_repos']['suites'] = %w[xenial bionic focal stretch buster noble]
 
 # The official buildfarm provides rsync endpoints to allow syncing between mirrors.
 # Endpoints are defined in a nested hash structure with an example below