CloudBees CI on modern cloud platforms 2.235.4.1

Rolling release: 2020-08-12

Based on Jenkins LTS 2.235.4-cb-3

New features

Microsoft Teams Integration now available as a Preview (STICKY-505, -504, -503)

CloudBees Microsoft Teams Integration sends team (channel) messages in Microsoft Teams, providing actionable information about build status and test results, including direct links to results and error details.

Feature enhancements

Heap ratio setting has been deprecated for new masters (CPLT2-6461)

Previously, the heap ratio was set by default. However, recent JVM improvements allow the default JVM heuristics to work inside containers now. Better options, such as -XX:InitialRAMPercentage, -XX:MaxRAMPercentage and -XX:MinRAMPercentage, can be provided directly using the Java command line if more fine-grained control is needed. Therefore, the heap ratio is no longer set automatically for new masters.

Existing configurations are not affected by this change. Users can disable the heap ratio manually on existing masters.

CloudBees recommends removing the -XX:MaxRAMFraction=1, which used to be part of the default configuration. Removal of that option is strongly recommended if you disable the heap ratio.

Form changes: Tabular markup in Master Provisioning plugin (CPLT2-6648)

Master Provisioning configuration screens have moved into their own section on the Manage Jenkins screen.

The Configuration as Code items have moved from the unclassified category to masterProvisioning.

unclassified:
  kubernetesMasterProvisioning:
     ...
[source,YAML]

becomes:

masterProvisioning:
  kubernetes:
    ...
[source,YAML]
Add category for AWS Global Configuration plugin (CPLT2-6668)

The AWS button provided by this plugin on the /manage page has been moved from the Uncategorized category to the System Configuration category.

Bitbucket support in CloudBees Slack Integration plugin (STICKY-284, -538)

The CloudBees Slack Integration plugin GUI, as well as configuration-as-code schema, referred to GitHub user IDs when in fact it could work with any Jenkins branch source plugin defining the author of a “change request”, such as Bitbucket.

The GUI text for this field now refers more generically to SCM IDs. For purposes of CasC the preferred field name is now scmId rather than github.

Enable AppManifest for GitHub Enterprise (STICKY-668)

The wizard to create a new GitHub App was enabled on github.com, but not on GitHub Enterprise. The wizard did not work on GitHub Enterprise because of a 422 error code, which has been fixed in recent GitHub Enterprise releases (verified in 2.21.2).

The wizard is now enabled for both github.com and GitHub Enterprise, subject to other basic conditions.

Test results should mention positive results (STICKY-544)

Test result summaries mentioned how many or (in some cases) which tests failed or were skipped, but neglected to give the context of which tests passed.

Messages now reflect tests that were failed, skipped, and passed.

Integrate with disply-url-api (STICKY-169)

Links to build pages did not honor the Notification URL set in /me/configure.

These links now append display/redirect so as to show either the Classic or Blue Ocean view. More targeted links, such as test results, continue to go straight to Classic view.

CloudBees logo download for use from GitHub App wizard (STICKY-603)

The wizard to create a new GitHub App advised you to set a logo, but did not offer a sample or give any guidance.

You are now suggested to use a CloudBees logo, which is offered for download. This is a 200×200 PNG with transparency suitable for the purpose.

Updates to EndBuildError markdown in SCM Reporting plugin (STICKY-461)

The text displayed as the summary in the Checks tab for a failing Pipeline step was confusing.

This text has been reformatted.

The Docker Commons plugin and Configuration as Code (FNDJEN-2152)

This plugin now supports Configuration as Code.

The CloudBees Docker Hub/Registry Notification plugin and Configuration as Code (FNDJEN-2153)

This plugin now supports Configuration as Code.

Resolved issues

Up to Date column should cache its result (CPLT2-6642)

With a large number of masters, the list of masters is slow to display.

To resolve this issue, the Up to Date column has been redesigned to rely on cached data instead of live data.

Update Kubernetes plugin to 1.26.4 (CPLT2-6681)

The new admission controller in GKE prevents Windows pod creation if an empty security context is provided.

The security context is provided for a pod only when one exists.

Enable Delete Token button when the Slack token becomes invalid (STICKY-619)

If the configured Slack token was invalid, it was not possible to delete it, disconnecting from Slack. The Delete button was disabled.

With this fix, users can remove the both valid and invalid Slack tokens.

Broken docs link (STICKY-651)

A link to documentation on the SCM Id field was broken.

We added the missing slash to the URL and the link now works.

Clear failing commit statuses from a previous build of the same commit (STICKY-251)

If one build of a given commit reported some failing statuses, but a subsequent rebuild passed without reporting the same statuses, the commit (or whole pull request) could be left with stale failing statuses.

With this fix, at the end of a build, CloudBees will now supersede any stale statuses from previous builds of the same commit with a neutral notation.

Teams administration page displays only the first 100 Teams (CTR-2089)

With this fix, the number of Teams displayed limit has been extended to 150. The Teams list in the Team switcher in Masters has been also extended to 150.

Security Realm idStrategy issue (CTR-1784)

While the authorization strategy for the Operations Center was not case-sensitive for the username field, the Team Masters were case-sensitive and had to match exactly what was entered on the Team administration page used to add users. This meant that a user recorded in lower-case was able to sign on with upper-case letters to the Operations Center but was not recognized in the Team Master.

With this fix, Team Masters allow users to sign on with different character cases when using an authorization strategy that is not case sensitive for UserId or external GroupId.

ConnectedMaster ping thread is not implemented (CTR-2075)

The ConnectedMaster ping thread is not implemented which meant that the Operations Center was not able to detect that a connection to a Master was broken.

With this fix, we implement the ping thread to identify and cleanup disconnected Masters.

RBAC: Empty group members are interpreted as anonymous (CTR-786)

Modifying configuration XML files to specify a group with an empty member name was resulting in any anonymous users automatically considered members of that group.

With this fix, we now sanity check configuration files and filter out empty groups/roles.

Broken link to RBAC group propagated from Operations Center (CTR-56)

On Client Masters with the Role-based access control (RBAC) Authentication Strategy enforced by Operations Center, the links to the member Groups on the Roles page were broken.

Now the are links direct the user to the Group configuration in Operations Center.

Move/Copy/Promote Copy with builds dropdown is not easily accessible (CTR-2158)

Recent UI updates in Jenkins core caused the Copy with builds button dropdown to be less accessible, only appearing when users selected a small section of the button.

With this fix, we split the button in two separated buttons: Copy with builds and Copy without builds.

RBAC CLI command result in NOOP at master’s root (CTR-1439)

When a Master is connected to Operations Center and the security realm is pushed from Operations Center, then RBAC groups and roles operations at Master root are not permitted, as those groups and roles come from Operations Center.

With this fix, RBAC groups and roles operations at Master root are still not permitted, but return a better message to the user indicating the situation.

RBAC Groups REST API fails when accessed from a connected Master item (CTR-535)

When accessing OC_URL/jobs/[master_name]/groups/api/json an error is shown in the UI.

With this fix, the groups and roles created at item level are correctly returned by the HTTP API.

Accessing /groups page is slow when groups have lots of users or the database is slow (CTR-1530)

The load time of the global Groups page was slow when a group had a large number of members.

With this fix, we reduced the amount of data retrieved to render this view.

Deadlock issue in com.cloudbees.opscenter.server.rbac (CTR-458)

There was an issue with com.cloudbees.opscenter.server.rbac that produced a deadlock.

When there were a large amount of Masters with read permissions, an issue was occurring with the alerter of licensing issues that caused a deadlock. With this fix, the issue that was causing the deadlock is no longer a problem.

Thread contention in Agent page using custom probe command (CTR-2137)

Using the CloudBees Nodes Plus plugin custom probe command in agents may have caused thread contention if the script required a lengthy amount of time running checks.

With this fix, CloudBees has fixed the thread contention issue so that queued threads block waiting for the result of the probe command, ending with all Jenkins dashboard rendering pages blocked.

Fix a memory leak on RBAC node containers (CTR-979)

There was a memory leak when a high number of nodes were created and deleted (a common behavior when using clouds to provision ephemeral agents). Node objects were not properly collected by the JVM Garbage Collector.

With this fix, node objects are now stored in a cache with weak keys, so entries are properly garbage collected. Item listeners have been also added, so cache entries are invalidated when items are deleted in Jenkins.

Errors on startup: "The queue was not initialized, the action (enqueue or shutdown) will not take place." (FNDJEN-2037)

The CloudBees Analytics Plugin populated the log when the initialization didn’t finish before sending an analytics message.

The message now is provided only once.

Link to CloudBees download in Beekeeper is broken (FNDJEN-2090)

A broken link to the downloads page for our fixed line release products has been fixed.

Known issues

None.

Upgrade notes

End of life announcement

As of July 1, 2020, CloudBees will no longer support Alpine container images. Red Hat Universal Base Image (UBI) images will be the standard going forward.

For information about UBI, see the Red Hat documentation.

The decision to move from Alpine to UBI was made because OpenJDK no longer supports Alpine. CloudBees has been building and maintaining these images. However, CloudBees is aware of DNS issues with some Kubernetes clusters that span from the Alpine base using muslc libraries as well as other binary differences when using the muslc vs standard c libraries.

Customers moving from Alpine to UBI container images should not see any impact from this change and should not need to migrate data.

This affects CloudBees Core on modern platforms only. CloudBees will continue to release Alpine images for CloudBees Jenkins Enterprise 1.x customers who have purchased extended support.

For more information regarding this end-of-life announcement, please contact your Customer Success Manager.

End-of-life announcement

After assessing the viability of our supported plugins, CloudBees will no longer support the CloudBees Secure Copy Plugin after September 1, 2018.

This end-of-life announcement allows CloudBees to focus on driving new technology and product innovation as well as maintaining existing products that are actively used by customers.

After September 1, 2018 the plugin will lose functionality when upgraded. CloudBees recommends replacing it with Cluster-wide copy artifacts.

For more information regarding this end-of-life announcement, please contact your Customer Success Manager.