Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Tim Jacomb
    @timja
    dduportal
    @dduportal:matrix.org
    [m]
    Ok, so the release process looks flawed: I would expect the "remoting version" to be infered from the tag then, right ?
    Tim Jacomb
    @timja
    it is inferred
    dduportal
    @dduportal:matrix.org
    [m]
    Oh i see. Then we should NOT deploy images if the build is not triggered by a tag
    Tim Jacomb
    @timja
    yes i don't think there's much point in that
    and yeah main branch uses whatever is there
    / tests
    dduportal
    @dduportal:matrix.org
    [m]
    gotcha.
    Tim Jacomb
    @timja
    that should be updated every now and then but generally doesn't need to be touched
    dduportal
    @dduportal:matrix.org
    [m]
    first thing first: the default values from the Dockerfile should be removed then
    then, we should either:
    • Add an updatecli/depedndanbot/whatever to update the version on the bake file
      OR
    • not specify a version and autodetermien it with a call to the gh api e.g." get the latest version")
    Tim Jacomb
    @timja
    the defaults are there so that the image builds with just a docker build
    and same in the bake file
    and yes the master / tests could auto determine it but I don't think that's great for deterministic builds
    updatecli to update everything would be fine
    dduportal
    @dduportal:matrix.org
    [m]

    the image builds with just a docker build

    I understand this was the constraint with DockerHub in the past, but I don't see the point nowadays?

    updatecli to update everything would be fine

    👍️

    Tim Jacomb
    @timja
    nice to be able to just docker build it for testing something
    dduportal
    @dduportal:matrix.org
    [m]
    ok, so the updatecli needs to update all references
    sounds like a job for grep and sed :D
    Tim Jacomb
    @timja
    :)
    dduportal
    @dduportal:matrix.org
    [m]
    @timja: jenkinsci/docker-inbound-agent#280 as first step (to stop pushing from main branch + fixing the unexpected tag builds)
    dduportal
    @dduportal:matrix.org
    [m]

    For information, I've manually updated the tag v38db_38a_b_7a_86-2 on the image jenkins/docker-agent with the following command: git tag 3046.v38db_38a_b_7a_86-2 3046.v38db_38a_b_7a_86-2^{} -f -a && git push upstream v38db_38a_b_7a_86 --force. The GitHub release did not change and points to the updated tag: https://github.com/jenkinsci/docker-agent/releases/tag/3046.v38db_38a_b_7a_86-2 (as the git ref did not change).

    The reason was to annotate the tag so it's seen as the latest (before the change, 4.13-2 was still the "most recent")

    dduportal
    @dduportal:matrix.org
    [m]
    @MarkEWaite: I was mistaken: this function (and the associated sorting issue) is used by the image entrypoint, when it lists plugins to deploy into the jenkins_home/plugins from /usr/share/jenkins/ref (as @timja pointed me out)
    So the snippet from @dipjul might solve the issue, but did not have time to verify yet
    sealor
    @sealor:matrix.org
    [m]

    Hello everyone!

    I read that I can execute a groovy script on the first Jenkins start-up.
    Is it also possible to somehow run a groovy script at Docker build time?

    2 replies
    papi83dm
    @papi83dm
    My docker jenkins keeps running out of memory, how do I determine what is using the memory and how much memory I need to allocate? its currently running with 8GB of ram.
    halkeye
    @halkeye:g4v.dev
    [m]
    sealor: lemme rephrase. What operations would you want to do on build time? those init scripts are run time
    2 replies
    dduportal
    @dduportal:matrix.org
    [m]
    @timja: about the release-drafter PR I made on the docker-inbound-agent. I'm looking at https://github.com/jenkinsci/jenkins-infra-test-plugin/blob/master/.github/workflows/cd.yml to see what the call to the reusable action would look like. I feel like in this case it's the same amount of information in the YAML, only to reuse the action version. Did I miss something?
    Tim Jacomb
    @timja
    @dduportal:matrix.org it's one central place to update versions
    i.e. so release drafter sends an update
    only one place gets a dependabot update
    not 500
    dduportal
    @dduportal:matrix.org
    [m]
    make sense. I need to update my PR then
    Tim Jacomb
    @timja
    if there's an issue it can either be rolled back centrally or if it's isolated can pin to previous version of reusable workflow temporarily
    dduportal
    @dduportal:matrix.org
    [m]
    Another thing: I do not undertsand why is 3046.v38db_38a_b_7a_86-2 marked as the "latest" github release while 3063.v26e24490f041-1 is the most recent (ref. https://github.com/jenkinsci/docker-agent/releases )
    Tim Jacomb
    @timja
    @dduportal:matrix.org i think annotated vs non annotated most likely
    dduportal
    @dduportal:matrix.org
    [m]
    Damn, I'm dumb: the "latest" is pointed to the datetime of the GH release itself. Not to the associated tag or commit's datetime. Thanks
    dduportal
    @dduportal:matrix.org
    [m]
    dduportal
    @dduportal:matrix.org
    [m]
    @timja: last one before release: jenkinsci/docker-inbound-agent#285
    oh no I forgot a commit
    dduportal
    @dduportal:matrix.org
    [m]
    @slide: Sorry that my PR was auto merged before your review. i'm working on rollbacking the changes you mentionned (I want to challenge these tests but that would be a discussion for later and your review shows that it should be fixed)
    dduportal
    @dduportal:matrix.org
    [m]
    @slide: I've tried the following: jenkinsci/docker-inbound-agent#286
    Shan
    @sbollap1
    hello folks I am using jenkins/inbound-agent:4.10-3-jdk11 and seeing 2 HIGH CVEs on it High CVE-2022-24765, High CVE-2019-8457 any other version I should be trying for Jenkins 2.361.1
    halkeye
    @halkeye:g4v.dev
    [m]
    isn't CVE-2022-24765 about git for windows? why would it affect a linux docker image?
    DoofusCanadensis
    @kenrachynski:matrix.org
    [m]
    there are two windows images at that URL
    1 reply
    halkeye
    @halkeye:g4v.dev
    [m]
    CVE-2019-8457 is for sqlite in ubuntu earlier than 19.x, adnd doesn't list debian
     docker run --rm --entrypoint "" "jenkins/inbound-agent:4.10-3-jdk11" bash -c "cat /etc/*release"
    PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"