CloudBees CI on modern cloud platforms 2.401.3.3

Rolling release: 2023-07-26

Based on Jenkins LTS 2.401.3

CloudBees CI release highlights

Watch video

What’s new in CloudBees CI 2.401.3.3

Watch video

Security advisories

CloudBees Security Advisory 2023-07-26

New Features

CloudBees Workspace Caching with (AWS) S3

CloudBees introduces Workspace Caching with (AWS) S3 that allows pipelines caching artifacts on AWS S3 and using them for upcoming builds.

This is due to two new steps available for pipelines: readCache and writeCache. When these steps are used, the pipelines look for an available cache and use it if it is found. For new builds where caches do not exist, the pipelines will continue. For pull requests, the cache for the target branch is retrieved for the first build and used to create a cache dedicated for the pull request’s branch. Refer to CloudBees Workspace Cache Plugin for more information.

CloudBees Build Strategies Plugin CAP Inclusion

The CloudBees Build Strategies plugin is a new CloudBees Assurance Program (CAP) plugin.

This plugin adds custom Branch API build strategies that assist in the creation and management of Multibranch Projects and Organization Folders. The new strategy enabled by this plugin is called Initial Index Build Prevention.

For more information, refer to CloudBees Build Strategies Plugin.

Feature Enhancements

CloudBees Pipeline Explorer CAP Inclusion

CloudBees Pipeline Explorer is now a CloudBees Assurance Program (CAP) plugin. It is not installed automatically when upgrading, but it will install as a suggested plugin for new controllers. After it is installed, it is enabled by default.

The new issue list view helps streamline troubleshooting. This list displays all of your pipeline errors, including errors that are not directly associated with any log lines. Each issue displays the stage and error message. If there is an associated log line, a go-to link is provided that can be shared.

Auto refresh for the log viewport is now enabled by default and polling can be adjusted in the global configuration.

There are also accessibility improvements for the icons.

Configuration as Code Info Level Validations

Configuration as Code validations and prevalidations now come with the full list of validations that are performed as INFO messages. These messages will be available in bundle update logs, bundle update screen, controller configuration page, as well as CLI and endpoints.

Schema based validations added to Configuration as Code

All YAML files in a bundle can now be validated against their schema, and the syntactic error information is also provided.

Add the node IP to the controller with allowExternalAgents

When a controller has allowExternalAgents set, status.hostIP is now added as JNLP_NODE_IP.

Resolved Issues

Better support for managed controller with an identical domain

Despite a warning in the UI, when configuring a Managed controller, it is possible to choose the same domain for different managed controllers. That is a valid use case in environments where multiple Kubernetes endpoints are needed (such as a multi-cluster environment). However, this can cause unexpected behavior as managed controllers are sometimes searched for only by their domain, especially when using the hibernation feature. This issue has been fixed.

Branches containing a "/" consider the bundles as duplicated

When the Controller CasC Bundle Location is configured to check out the bundles from a Git repository and the branches are named following the Gitflow pattern, such as feature/dev, bundles from those branches are marked as duplicated.

Now the branches containing the character / in the name are supported.

Connecting a CasC-created shared agent that fails with NPE when using retentionStrategy.always

When a CasC-created shared agent item is configured with the retention strategy ALWAYS and the ‘sharedSlavePropertyImpl` property is added to the item in items.yaml, the shared agent no longer fails when the connection is set.

Configuration as Code remote validations take a long time at scale

After checking out the CasC Controller Bundles in the Operations Center, validations take a long time to execute, causing a timeout when the number of controllers is high.

Now, the validations are queued and executed in a background thread so the main execution thread remains unblocked.

controller failed to start after changing URL in CasC plugin catalog

controller will now start normally, ignoring the file in the URL if it’s in the same version.

A new system property core.casc.catalog.failOnExistingPlugin has been added. If it is set to true, the instance will fallback to it’s previous behavior and it will fail in this case.

Unable to look up some credentials types

When installing a plugin that is not in the CloudBees Assurance Program, which provides new credential type(s) in a client controller (for example, Azure VM Cloud, HashiCorp Vault plugin), looking up such credentials failed with an exception.

This issue has been resolved, and such credentials are now resolved as expected.

The CLI commands of the CloudBees Skip Next Build Plugin cannot find Pipeline jobs

In the Pipeline Explorer, the CLI commands apply-skip and remove-skip cannot be used with Pipeline jobs. This issue is now fixed.

The Cluster Operation Groovy step still required Overall/RunScripts

The cluster operations step Execute Groovy Script on Controller was still explicitly requiring the deprecated Overall/RunScripts permission (in addition to Overall/Administer) that is deprecated. This issue is now fixed. The step now only requires the Overall/Administer permission.

Pipeline Explorer’s tree view displays stages in the wrong order and/or more than once in some cases

There was an error with in-progress pipelines that have nested parallel steps so that some stages appear more than once. This is now fixed.

Validating single sign-on configuration with CloudBees Software Delivery Automation fails with a 302 status code

When the user tries to check the single sign-on (SSO) configuration with CloudBees Software Delivery Automation, it would fail with a 302 status code. A different URL is used for verification which returns 200 (when the SDA URL is correct).

System configuration’s text field for "Send analytics events to this URL" shows a 401 status code

The System Configuration screen’s text field for "Send analytics events to this URL" showed a 401 status code even when the authentication was correct. The check is now authenticated.

Support Bundle Anonymization is slow and resource consuming

The anonymization slows down the generation of a Support Bundle and has a noticeable impact on performance, especially on larger instances. The general issue has been fixed. The slowness and the resource consumption has improved, allowing even larger instances to benefit from the feature.

Syntax error in sidecar-injector Helm template helpers

There was a syntax error in the sidecar-injector Helm template helpers. This issue is resolved.

Users' Notification URL set on a controller could be reset after synchronization with operations center

If a plugin that provides an alternate Notification URL is only installed on the controller, but not on the operations center; then the Users' Notification URLs that are set on controllers with values provided by that plugin could be reset after synchronization with the operations center.

This behavior is now corrected.

Controller local permissions are not listed in the operations center Roles page

There was an issue with the controller permissions gathering tasks in the operations center (those are permissions defined by plugins that are installed in controllers but not in the operations center).

The issue is resolved.

Invalid URL on the licenses page

The licenses for cloudbees-analytics contained an incorrect URL for the cloudbees-analytics-api library. As the API has no project page, the URL has been removed.

Installing a plugin without a valid license would cause a 404 error

The 404 error was caused by a dead link.

This issue is resolved.

Support Bundle generation returns 'MalformedInputException: Input length = 1'

JENKINS-71466: Support Bundle generation returns 'MalformedInputException: Input length = 1' when anonymization is on. Generate a support bundle with the Controller Task Log Recorders option.

Known Issues

Older versions of controllers cannot start after receiving new bundle versions

When the operations center sends new bundle versions to controllers older than 2.401.1.3, the controller cannot start.

This issue does not affect controllers in version 2.401.1.3 or newer.

There are three ways to fix the issue: * Upgrade all controllers to version 2.401.1.3 or newer. * Stop configuring controllers in versions prior to 2.401.1.3 using CasC. * Install a Plugin Catalog on the operations center with a beekeeper exception to install cloudbees-casc-server:2.5.1. The Plugin Catalog can be enabled in operations center by setting the system property Dcom.cloudbees.jenkins.cjp.installmanager.CJPPluginManager.enablePluginCatalogInOC=true.

Duplicate Pipeline Template Catalogs in the Configuration as Code (CasC) for Controllers jenkins.yaml file on each instance restart

If a Pipeline Template Catalog is configured in the CasC jenkins.yaml file and the id property is not defined, the catalog is duplicated on each instance restart and in the exported CasC configuration.

Upgrade Notes

Controller CloudBees Assurance Program plugin changes since 2.401.2.3

The following plugins have been added to the Controller CloudBees Assurance Program since 2.401.2.3:

  • CloudBees Build Strategies (cloudbees-build-strategies-plugin)

  • CloudBees Cache Step Plugin (cloudbees-cache-step)

  • CloudBees Pipeline Explorer (cloudbees-pipeline-explorer)

  • CloudBees Replication Plugin (cloudbees-replication)

  • CloudBees S3 Cache Plugin (cloudbees-s3-cache)

Jenkins 2.401 upgrade notes