New features

Initial release of the Configuration as Code feature

Previously released as a Preview feature, Configuration as Code is now fully supported.

Configuration as Code simplifies the management of a CloudBees Core cluster by capturing the configuration of masters in human-readable declarative configuration files which can then be applied to a master in a reproducible way. By capturing the configuration in files, it can be treated as a first class revision-controlled artifact - versioned and then applied to masters while being centrally managed from CloudBees Core operations center.

Enhancements added for GA release:

  • Ability to view a list of CasC bundles in CJOC (CTR-402)

    A list of Configuration as Code (CasC) for Masters bundles is now displayed in the UI as a new option on Manage Jenkins.

    The Security access information is included in the information displayed for each bundle on the list.

  • Auto-generated security.xml bundle entries (CTR-1423)

    Access tokens are now autogenerated when a new Configuration as Code bundle is detected under the bundles folder in operations center.

    Also, now users can invalidate and generate new access tokens and download the appropriate link file to use in Client Masters on the Configuration as Code global configuration page.

  • Set Master on configuration bundle list (CTR-1654)

    Until now the way to create a Managed Master using a Configuration Bundle was via a naming convention. If the master name matched a bundle in the system, then it was applied during master provisioning.

    With this change, the association is now accomplished by entering a master’s full path name in a new field, Master Path, on the Configuration Bundles page in operations center. All bundles require the Master Path field be completed so they can be applied to masters. When a master is being provisioned, operations center checks for that field. If the master’s full name (in other words, the path inside operations center) matches a Master Path field for a bundle, then the bundle with that Master Path is applied to the master.

  • Add API version property to CasC bundle (CTR-1679)

    The apiVersion attribute is now required in the bundle.yaml file. Currently, the expected value is "1".

  • Fail fast during CasC bundle storage initialization in Operations Center (CTR-1448)

    Before this enhancement, operations center continued with the startup sequence even when there was an error creating the Configuration as Code bundles storage (IO errors specifically).

    Now operations center stops the startup cycle and shows a clear exception in logs when there is an error creating CasC bundles storage.

Initial release of Pipeline Policies

Previously released as a Preview feature, Pipeline Policies is now fully supported.

While administrators would like to enable their developers to use pipelines freely, they still may need to set some restrictions based on industry-specific regulatory compliance or general best practice principles. Pipeline Policies provide a central way to enforce best practices across pipeline projects. The plugin uses runtime validation that works for both scripted and declarative pipelines, allowing administrators to include warnings or block the execution of pipelines if policy rules are violated. This initial release of Pipeline Policies is aimed at helping users avoid antipatterns that can damage the stability of their masters.

Documentation for this plugin is available at Using Pipeline Policies.

Initial release of the CloudBees Core GitHub Reporting feature

Previously released as a Preview feature, CloudBees Core GitHub Reporting is now fully supported.

When using CloudBees GitHub Reporting, as the build runs, GitHub surfaces status information about the build directly in GitHub in real-time, alleviating the need to context switch over to Jenkins to get an overview. For example, if a PR fails, CloudBees GitHub Reporting posts pre-analyzed simple failures to GitHub, like “XXX” test is failing, SpotBugs violation, etc. Additionally, CloudBees GitHub Reporting posts automatic checks and status information inferred from Pipeline stages (no pipeline commands required).

Initial release of the CloudBees Core Personalized Slack Messaging feature

Previously released as a Preview feature, CloudBees Core Personalized Slack Messaging is now fully supported.

With CloudBees Core Personalized Slack Messaging, enabled with the CloudBees Slack Integration Plugin, you get relevant information proactively sent as a Slack Direct Message that provides the relevant build data so you know if the build was successful, and if not what action you need to take to troubleshoot a build. The Slack messages include links directly to the build, test, and error details where you can take immediate corrective action.

Tier 1 plugin support for Jenkins Configuration as Code (JCasC) (FNDJEN-1266)

CloudBees tier 1 plugins now support JCasC. This is available for CloudBees Core, CloudBees Jenkins Distribution, and CloudBees Jenkins Platform.

Go to the CloudBees supported platforms page for your product to see a list of the supported plugins.

Feature enhancements

Expose additional configuration options for Multibranch Pipelines in template.yaml (NGPIPELINE-1025)

Multibranch Pipeline Templates in Pipeline Template Catalogs are now able to configure a Branch Property Strategy in template.yaml. Documentation for configuring these options as well as SCM behaviors can be found in the newly published Multibranch Pipeline Template syntax guide.

As a CloudBees Core Administrator, I want to be able to configure SSL off-loading at the ingress controller and leverage Server Name Indication (SNI). (CTR-1650) (CPLT2-6395)

When setting up transport layer security (TLS) offloading at the Ingress Controller level, the Nginx Ingress Controller uses server name indication (SNI) to serve several hosts to clients. The operations center Agent did not support SNI when discovering operations center endpoints, and it wasn’t working in this kind of setup unless the certificate was configured as default, which was not always acceptable.

With this fix, we switched the HTTP client used to discover operations center endpoints to an implementation that supports SNI.

Analytics for the Declarative Pipeline Migration Assistant plugin (NGPIPELINE-757)

A new event was added to track the usage of the Declarative Pipeline Migration Assistant plugin.

Performance improvements to the Branch API Plugin WorkspaceLocatorImpl (NGPIPELINE-1071)

The Branch API Plugin made a remote call to an agent every time it looked up the workspace for a Multibranch Pipeline project.

The Branch API Plugin now caches workspace locations to avoid unnecessary remoting calls when looking up workspaces for Multibranch Pipeline projects.

WorkspaceLocatorImpl should not use Node instances as monitors (NGPIPELINE-1118)

The Branch API Plugin locked Node objects during workspace cleanup operations, which could lead to unnecessary lock contention.

The Branch API Plugin no longer locks Node objects during workspace cleanup operations.

Resolved issues

API fails on templatized job: NotExportableException: class GradleInstallation doesn’t have @ExportedBean (CPLT2-6466)

Using the Jenkins export feature (for example, …/api/json?depth=1) on a templatized job could cause an error in case certain special template attribute controls were used, such as tool installations.

The exported ‘values’ property of a templatized job now uses the persisted form of attribute controls, typically strings rather than the model objects they name, in cases where the live form would cause an export error. Note that the ‘depth’ query parameter is deprecated and should never be used; instead use ‘tree’ and specify those fields you wish to retrieve.

Issue in view-job-filters filtering by disabled (CPLT2-6274)

The View Job Filters plugin had a job status filter purporting to let you filter in/out disabled jobs, which did not work for Pipeline.

A generalized check was added to handle both traditional and Pipeline job types.

[JENKINS-61854] "Test Ldap Settings" button stopped functioning. (FNDJEN-2184)

The button "Test LDAP Settings" stopped working on Jenkins 2.14 and later.

The button has been fixed.

Multibranch Pipelines based on Pipeline Templates cannot enable "Suppress automatic SCM triggering" (NGPIPELINE-1025)

Multibranch Pipelines based on Pipeline Templates from Pipeline Template Catalogs could not enable "Suppress automatic SCM triggering" because a "Branch Property Strategy" could not be configured.

Multibranch Pipelines based on Pipeline Templates from Pipeline Template Catalogs are now able to configure a "Branch Property Strategy".

The Pipeline:Job plugin had a JavaScript error with IE11 (NGPIPELINE-1145)

The Pipeline console view did not work correctly in Internet Explorer 11 due to use of unsupported JavaScript functions.

The Pipeline console view now only uses JavaScript functions that are supported by Internet Explorer 11.

Parameter names for templates in Pipeline Template Catalogs are not validated correctly. (NGPIPELINE-1006)

If a parameter used in the template.yaml file for a Pipeline Template in a Pipeline Template Catalog was not a valid Java identifier, the template would silently fail to load.

When a template is imported, the parameters are checked to make sure they are valid Java identifiers. If not, a validation error is displayed in the catalog import log and the import fails.

Using a properties step with a Pipeline Template breaks the connection to the root template (NGPIPELINE-905)

Using the properties step inside of a non-Multibranch Pipeline created from a Pipeline Template in a Pipeline Template Catalog caused the Pipeline to become permanently detached from the Pipeline Template.

Using the properties step inside of a non-Multibranch Pipeline created from a Pipeline Template in a Pipeline Template Catalog no longer causes the Pipeline to become permanently detached from the Pipeline Template. Pipeline Template Catalogs must be reimported in order for the fix to take effect. Jobs that were already detached from their template will not be fixed automatically; they must be manually recreated from a Pipeline Template.

Library step cannot be used at top of Declarative Pipeline with entire Pipeline timeout rule (NGPIPELINE-1125)

In a Declarative Pipeline, use of the library step could cause validation of top-level timeout policies to show misleading validation failures.

A code change was made to allow the library step to be treated similarly to @Library when placed above the opening line of the plpeline { …​ } block.

[JENKINS-62063] BlueOcean UI is broken due to ClassCastException (NGPIPELINE-1169)

The BlueOcean UI is broken due to ClassCastException when using the CloudBees Pipeline: Templates Plugin and the Pipeline: Multibranch with defaults Plugin.

A check was added to ensure the Pipeline instance is castable to the appropriate type.

The CloudBees Fast Archiving Plugin used a check that was not thread safe (CTR-1660)

With this fix, the archiveArtifacts step can be used in parallel blocks and in filesystems that are not high performance filesystems.

Managed Master provisioning error (CTR-1716)

When provisioning a Managed Master using Configuration as Code, an internal application programming interface (API) was returning the wrong value. This erroneous value caused the provisioning to fail.

With this fix, the API call now returns an appropriate value, and Configuration as Code masters provisioning works as expected.

Masters provisioning in Configuration as Code is broken if security.xml is deleted (CTR-1138)

When using Configuration as Code, there was an issue provisioning masters when the security file,JENKINS_HOME/core-casc-security.xml, did not exist.

Now the provisioning process continues normally even when the security file is missing.

Check the availability of the Configuration as Code bundle when the CM-OC connection is done (CTR-758)

If a warning was already enabled related to the unavailability of the configuration bundle because of Client Master-Operations Center connection issues, when the connection was restored the warning would persist until the periodic work task was executed.

With this fix, whenever a master is connected to the operations center, a request for the configuration bundle is completed to avoid delays in updating administrator warnings.

Known issues

This version contains a known issue which prevents the use of CloudBees High Availability (HA) (CTR-1785)

The secondary node does not start up properly, and displays the following message in the logs: java.lang.ClassNotFoundException: com.cloudbees.bouncycastle.v160.util.io.pem.PemReader.

Revisions

Revision 3 (2020-06-03)

CloudBees Security Advisory 2020-06-03

Revision 2 (2020-05-27)

Plugin updates