[FOLIO-3478] Update jenkins-slave-docker to Jammy LTS Created: 22/Apr/22  Updated: 17/May/22  Resolved: 17/May/22

Status: Closed
Project: FOLIO
Components: Continuous Integration
Affects versions: None
Fix versions: None

Type: Task Priority: P3
Reporter: Julian Ladisch Assignee: David Crossley
Resolution: Done Votes: 0
Labels: security, security-reviewed
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Relates
relates to FOLIO-3494 Create new jenkins docker image for N... Closed
Sprint: DevOps Sprint 139
Development Team: FOLIO DevOps
RCA Group: TBD

 Description   

Canonical has published Ubuntu 22.04 LTS (Jammy Jellyfish) on 21 April 2022.

https://github.com/folio-org/folio-tools/tree/master/jenkins-slave-docker = Docker image folioci/jenkins-slave-all is based on ubuntu:focal, the previous LTS version.

Ubuntu doesn't fix all security issues in Focal: https://snyk.io/test/docker/ubuntu%3A20.04

To keep our CI pipeline secure an increasingly amount of work is needed to back-port security fixes if we stay with Focal.

Therefore we should switch to Jammy. This will allow to switch from manually installed packages to Ubuntu packages making maintenance more easy.



 Comments   
Comment by David Crossley [ 13/May/22 ]

I have a branch for this at folio-tools.

Note that 'firefox' was available on our previous Focal-based image, but with Jammy it is now not installed via apt-get.

I presume that we do not want snap or flatpak on that image.

I suppose that another option would be to use "mozillateam/ppa" but i have not been able to get that to work.

So John Malconian or Julian Ladisch would you please assist.

Comment by Julian Ladisch [ 13/May/22 ]

Front-end modules have switched from Jenkins to GitHub Actions and therefore don't care whether Firefox exists in Jenkins.

The search https://github.com/search?q=org%3Afolio-org+firefox&type=code finds some ERM modules, however, they are back-end modules.

Maybe ask on #developer Slack channel whether there is any module that uses Firefox in the Jenkins pipeline.

Comment by David Crossley [ 13/May/22 ]

Some frontent modules have switched. There are still 50+ using Jenkins. I have found that people do not generally answer such questions. I thought that it would be easier to just make it available as before.

Comment by David Crossley [ 17/May/22 ]

Nothing is easy. We decided to remove firefox.

 

Comment by David Crossley [ 17/May/22 ]

The "java-11" image has been upgraded to 22.04 Jammy (folio-tools/pull/227). The current version is also labelled as 2.10.0

This buildNode is the default for back-end modules, and for the remaining front-end modules that do not yet use GitHub Actions Workflows.

For clarity their Jenkinsfile can declare:
buildNode = 'jenkins-agent-java11'

(Although note that either can now use 'jenkins-agent-java17' as per FOLIO-3494 Closed .)

Generated at Thu Feb 08 23:28:26 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.