[FOLIO-3478] Update jenkins-slave-docker to Jammy LTS Created: 22/Apr/22 Updated: 17/May/22 Resolved: 17/May/22 |
|
| Status: | Closed |
| Project: | FOLIO |
| Components: | Continuous Integration |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Task | Priority: | P3 |
| Reporter: | Julian Ladisch | Assignee: | David Crossley |
| Resolution: | Done | Votes: | 0 |
| Labels: | security, security-reviewed | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||
| Sprint: | DevOps Sprint 139 | ||||||||
| Development Team: | FOLIO DevOps | ||||||||
| RCA Group: | TBD | ||||||||
| Description |
|
Canonical has published Ubuntu 22.04 LTS (Jammy Jellyfish) on 21 April 2022. https://github.com/folio-org/folio-tools/tree/master/jenkins-slave-docker = Docker image folioci/jenkins-slave-all is based on ubuntu:focal, the previous LTS version. Ubuntu doesn't fix all security issues in Focal: https://snyk.io/test/docker/ubuntu%3A20.04 To keep our CI pipeline secure an increasingly amount of work is needed to back-port security fixes if we stay with Focal. Therefore we should switch to Jammy. This will allow to switch from manually installed packages to Ubuntu packages making maintenance more easy. |
| Comments |
| Comment by David Crossley [ 13/May/22 ] |
|
I have a branch for this at folio-tools. Note that 'firefox' was available on our previous Focal-based image, but with Jammy it is now not installed via apt-get. I presume that we do not want snap or flatpak on that image. I suppose that another option would be to use "mozillateam/ppa" but i have not been able to get that to work. So John Malconian or Julian Ladisch would you please assist. |
| Comment by Julian Ladisch [ 13/May/22 ] |
|
Front-end modules have switched from Jenkins to GitHub Actions and therefore don't care whether Firefox exists in Jenkins. The search https://github.com/search?q=org%3Afolio-org+firefox&type=code finds some ERM modules, however, they are back-end modules. Maybe ask on #developer Slack channel whether there is any module that uses Firefox in the Jenkins pipeline. |
| Comment by David Crossley [ 13/May/22 ] |
|
Some frontent modules have switched. There are still 50+ using Jenkins. I have found that people do not generally answer such questions. I thought that it would be easier to just make it available as before. |
| Comment by David Crossley [ 17/May/22 ] |
|
Nothing is easy. We decided to remove firefox.
|
| Comment by David Crossley [ 17/May/22 ] |
|
The "java-11" image has been upgraded to 22.04 Jammy (folio-tools/pull/227). The current version is also labelled as 2.10.0 This buildNode is the default for back-end modules, and for the remaining front-end modules that do not yet use GitHub Actions Workflows. For clarity their Jenkinsfile can declare: (Although note that either can now use 'jenkins-agent-java17' as per
|