diff --git a/.github/ISSUE_TEMPLATE/1-lts-release-checklist.md b/.github/ISSUE_TEMPLATE/1-lts-release-checklist.md index 4c533a33..adbc12a9 100644 --- a/.github/ISSUE_TEMPLATE/1-lts-release-checklist.md +++ b/.github/ISSUE_TEMPLATE/1-lts-release-checklist.md @@ -54,7 +54,7 @@ This role should rotate between LTS releases - [ ] Merge backporting PR in jenkinci/jenkins using a merge commit (do not squash) -- [ ] Retrieve the url for the RC from the commit status (continuous-integration/jenkins/incrementals) of the last build on the stable branch (requires a passing build). You will get something like https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/main/cli/2.303.2-rc31385.6eec6c02fc3d/, replace `cli` with `jenkins-war`, visit the page and copy the URL to the war file, for the earlier example it would be https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/main/jenkins-war/2.303.2-rc31385.6eec6c02fc3d/jenkins-war-2.303.2-rc31385.6eec6c02fc3d.war. If incrementals are broken you can deploy a build from your own machine with `mvn -e clean deploy -DskipTests=true`. +- [ ] Retrieve the url for the RC from the commit status (Jenkins Incrementals Publisher / Incrementals) of the last build on the stable branch (requires a passing build). Visit the `jenkins-war` URL and copy the URL of the war file, which would be something like https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/main/jenkins-war/2.303.2-rc31385.6eec6c02fc3d/jenkins-war-2.303.2-rc31385.6eec6c02fc3d.war. If incrementals are broken you can deploy a build from your own machine with `mvn -e clean deploy -DskipTests=true`. - [ ] Publish a pre-release [Github release](https://github.com/jenkinsci/jenkins/releases), e.g. [sample](https://github.com/jenkinsci/jenkins/releases/tag/jenkins-2.289.2-rc) currently we don't have a changelog for RCs @@ -94,4 +94,4 @@ This role should rotate between LTS releases - [ ] Confirm that the images are available at [Docker hub](https://hub.docker.com/r/jenkins/jenkins/tags) -- [ ] [Update ci.jenkins.io](https://github.com/jenkins-infra/runbooks/tree/master/ci#upgrading-jenkins) to the new LTS release (note: repo is private, requires infra team membership) +- [ ] Create a [helpdesk](https://github.com/jenkins-infra/helpdesk/issues) ticket to update `ci.jenkins.io`, `trusted.ci`, `cert.ci` and `release.ci` to the new LTS release, [example](https://github.com/jenkins-infra/helpdesk/issues/2816) diff --git a/Jenkinsfile.d/core/package b/Jenkinsfile.d/core/package index f2a7f513..f9b36159 100644 --- a/Jenkinsfile.d/core/package +++ b/Jenkinsfile.d/core/package @@ -1,7 +1,6 @@ pipeline { agent { kubernetes { - label 'package-linux' yamlFile 'PodTemplates.d/package-linux.yaml' workingDir '/home/jenkins/agent' } @@ -15,7 +14,7 @@ pipeline { 'stable-rc', 'security' ], - description: 'Define which Jenkins Release we are packaging for. https://git.io/Jv7Nr', + description: 'Define which Jenkins Release we are packaging for. https://github.com/jenkins-infra/release/tree/master/profile.d', name: 'RELEASE_PROFILE' ) string( @@ -256,7 +255,6 @@ pipeline { // as the step 'container' is known to not be working agent { kubernetes { - label 'packaging-windows' yamlFile 'PodTemplates.d/package-windows.yaml' } } diff --git a/Jenkinsfile.d/core/release b/Jenkinsfile.d/core/release index 3bef6c89..2764a9fa 100644 --- a/Jenkinsfile.d/core/release +++ b/Jenkinsfile.d/core/release @@ -9,7 +9,6 @@ pipeline { agent { kubernetes { - label 'release-linux' yamlFile 'PodTemplates.d/release-linux.yaml' } } @@ -22,7 +21,7 @@ pipeline { 'stable-rc', 'weekly' ], - description: 'Define which release profile we are going to use. https://git.io/Jv7Nr', + description: 'Define which release profile we are going to use. https://github.com/jenkins-infra/release/tree/master/profile.d', name: 'RELEASE_PROFILE' ) string( diff --git a/Jenkinsfile.d/core/stable b/Jenkinsfile.d/core/stable index d3bed6c5..131e2eb5 100644 --- a/Jenkinsfile.d/core/stable +++ b/Jenkinsfile.d/core/stable @@ -2,7 +2,6 @@ pipeline { agent { kubernetes { - label 'release-stable' } } diff --git a/Jenkinsfile.d/core/stable-rc b/Jenkinsfile.d/core/stable-rc index 4d81b9d1..99c8d0b5 100644 --- a/Jenkinsfile.d/core/stable-rc +++ b/Jenkinsfile.d/core/stable-rc @@ -2,7 +2,6 @@ pipeline { agent { kubernetes { - label 'release-stable-rc' } } diff --git a/Jenkinsfile.d/core/weekly b/Jenkinsfile.d/core/weekly index fe648c09..a9aaa33d 100644 --- a/Jenkinsfile.d/core/weekly +++ b/Jenkinsfile.d/core/weekly @@ -2,7 +2,6 @@ pipeline { agent { kubernetes { - label 'release-weekly' } } diff --git a/PodTemplates.d/package-linux.yaml b/PodTemplates.d/package-linux.yaml index 2fc3f91e..ba89fcab 100644 --- a/PodTemplates.d/package-linux.yaml +++ b/PodTemplates.d/package-linux.yaml @@ -7,7 +7,7 @@ metadata: spec: containers: - name: jnlp - image: jenkinsciinfra/packaging:2.1.9 + image: jenkinsciinfra/packaging:2.1.41 imagePullPolicy: "IfNotPresent" env: - name: "HOME" diff --git a/PodTemplates.d/package-windows.yaml b/PodTemplates.d/package-windows.yaml index da775b50..9113800d 100644 --- a/PodTemplates.d/package-windows.yaml +++ b/PodTemplates.d/package-windows.yaml @@ -8,7 +8,7 @@ metadata: jenkins/default-release-jenkins-agent: true spec: containers: - - image: "jenkins/inbound-agent:4.3-9-windowsservercore-1809" + - image: "jenkins/inbound-agent:4.13-2-jdk11-nanoserver-1809" imagePullPolicy: "Always" name: "jnlp" resources: diff --git a/PodTemplates.d/release-linux.yaml b/PodTemplates.d/release-linux.yaml index 5bfb3d21..c2db4ffc 100644 --- a/PodTemplates.d/release-linux.yaml +++ b/PodTemplates.d/release-linux.yaml @@ -7,15 +7,13 @@ metadata: spec: containers: - name: jnlp - image: jenkinsciinfra/packaging:2.1.9 + image: jenkinsciinfra/packaging:2.1.41 imagePullPolicy: "IfNotPresent" env: - name: "HOME" value: "/home/jenkins/agent/workspace" - name: "MAVEN_OPTS" value: "-Xmx8g -Xms8g" - - name: "JENKINS_JAVA_BIN" - value: "/opt/jdk-11/bin/java" resources: limits: memory: "16Gi" diff --git a/README.adoc b/README.adoc index 49d04024..2e9c0e3a 100644 --- a/README.adoc +++ b/README.adoc @@ -223,7 +223,7 @@ At this stage, we are going to retrieve the Java code, release a new version usi It's important to notice that we do not use the maven release plugin to checkout git repositories neither to push changes. This allow us to release from a different git repository than the one defined in the pom.xml. We also need to be able to push commits to a different repository than the one defined in the pom.xml. . link:http://maven.apache.org/maven-release/maven-release-plugin/perform-mojo.html#localCheckout[localCheckout] must be set to true -. link:http://maven.apache.org/maven-release/maven-release-plugin/prepare-mojo.html#pushChanges[puchChanges] must be set to false +. link:http://maven.apache.org/maven-release/maven-release-plugin/prepare-mojo.html#pushChanges[pushChanges] must be set to false ==== Steps diff --git a/profile.d/components/remoting b/profile.d/components/remoting index 519c5c72..f6f04b81 100644 --- a/profile.d/components/remoting +++ b/profile.d/components/remoting @@ -1,4 +1,5 @@ -RELEASE_GIT_BRANCH=master +# Releases from the master branch now use JEP-229, not this release process +RELEASE_GIT_BRANCH=stable-4.13.x RELEASE_GIT_REPOSITORY=git@github.com:jenkinsci/remoting.git GIT_EMAIL=66998184+jenkins-release-bot@users.noreply.github.com GIT_NAME="Jenkins Release Bot" diff --git a/utils/release.bash b/utils/release.bash index 51cd11d4..a885d530 100755 --- a/utils/release.bash +++ b/utils/release.bash @@ -77,6 +77,7 @@ function configureKeystore(){ case "$SIGN_CERTIFICATE" in *.pem ) openssl pkcs12 -export \ + -legacy `# https://github.com/openssl/openssl/issues/11672` \ -out "$SIGN_KEYSTORE" \ -in "${SIGN_CERTIFICATE}" \ -password "pass:$SIGN_STOREPASS" \ @@ -85,8 +86,14 @@ function configureKeystore(){ *.pfx ) # pfx file download from azure key vault are not password protected, which is required for maven release plugin # so we need to add a new password - openssl pkcs12 -in "${SIGN_CERTIFICATE}" -out tmpjenkins.pem -nodes -passin pass:"" + openssl pkcs12 \ + -in "${SIGN_CERTIFICATE}" \ + -legacy `# https://github.com/openssl/openssl/issues/11672` \ + -out tmpjenkins.pem \ + -nodes \ + -passin pass:"" openssl pkcs12 -export \ + -legacy `# https://github.com/openssl/openssl/issues/11672` \ -out "$SIGN_KEYSTORE" \ -in tmpjenkins.pem \ -password "pass:$SIGN_STOREPASS" \ @@ -429,7 +436,7 @@ function stageRelease(){ # 2020-06-24: --no-transfer-progress doesn't seem to be fully suported in maven release plugin # This workaround can be reverted once MRELEASE-1048 is fixed # https://issues.apache.org/jira/browse/MRELEASE-1048 - mvn -B \ + mvn -V -B \ "-DstagingRepository=${MAVEN_REPOSITORY_NAME}::default::${MAVEN_REPOSITORY_URL}/${MAVEN_REPOSITORY_NAME}" \ -s settings-release.xml \ --no-transfer-progress \ @@ -567,7 +574,7 @@ function main(){ --showPackagingPlan) echo "Show Packaging Plan" && showPackagingPlan ;; --promoteStagingMavenArtifacts) echo "Promote Staging Maven Artifacts" && promoteStagingMavenArtifacts ;; --promoteStagingGitRepository) echo "Promote Staging Git Repository" && promoteStagingGitRepository ;; - --rollback) echo "Rollback release $RELEASE_SCM_TAG" && rollblack ;; + --rollback) echo "Rollback release $RELEASE_SCM_TAG" && rollback ;; --stageRelease) echo "Stage Release" && stageRelease ;; --packaging) echo 'Execute packaging makefile, quote required around Makefile target' && packaging "$2";; --syncMirror) echo 'Trigger mirror synchronization' && syncMirror ;;