Download war from mirrors unless we are publishing a release #2059
Conversation
Reduce Artifactory bandwidth use for container builds by downloading the Jenkins war file from the nearest mirror site rather than downloading from repo.jenkins-ci.org when building without publishing. Download from Artifactory when building to publish. Adjust JENKINS_URL to use Artifactory when publishing and otherwise to download the Jenkins war file from the mirrors. Testing done: Confirmed the following configurations work as expected on Linux: | Publish | Weekly | LTS | | ------- | ----------- | ----------- | | true | Artifactory | Artifactory | | false | mirrors | mirrors | Tested the Windows changes in my Powershell local environment. Did not test the build on Windows. Rely on ci.jenkins.io for that test. Published Linux based builds to markewaite/experiments. Confirmed that that build and publish process downloaded from Artifactory. JENKINS_URL does not benefit from a default value because it must always be computed in docker-bake.hcl or provided as a build argument. Helps reduce Artifactory bandwidth use as requested in: * jenkins-infra/helpdesk#4747
Previously the AdditionalArgs was being defined and then never used. No need to append to a variable that does not exist. Use a simpler name for the variable.
|
The failing Windows tests are more than I'm ready to manage today. I may spend additional time on this later. I'm glad that it builds and tests as expected on Linux and glad that it builds on Windows. Failing windows tests will wait for another day. |
| @@ -90,13 +90,13 @@ RUN mkdir -p ${REF}/init.groovy.d | |||
|
|
|||
| # jenkins version being bundled in this docker image | |||
| ARG JENKINS_VERSION | |||
| ENV JENKINS_VERSION=${JENKINS_VERSION:-2.504} | |||
| ENV JENKINS_VERSION=${JENKINS_VERSION:-2.516.1} | |||
There was a problem hiding this comment.
| ENV JENKINS_VERSION=${JENKINS_VERSION:-2.516.1} | |
| ENV JENKINS_VERSION=${JENKINS_VERSION} |
In order to avoid spreading the same value on multiple locations, which makes it tedious to maintain, WDYT about avoiding passing any default version?
We keep the ENV to ensure the resolved value is stored in the image (ARG is only available during build) but no default value as we rely on docker bake and docker-compose
|
|
||
| # jenkins.war checksum, download will be validated using it | ||
| ARG JENKINS_SHA=efc91d6be8d79dd078e7f930fc4a5f135602d0822a5efe9091808fdd74607d32 | ||
| ARG JENKINS_SHA=c308a27e81f4ce3aa6787e96caf771534f7f206fefbb83969d77b15fc7f2700a |
There was a problem hiding this comment.
| ARG JENKINS_SHA=c308a27e81f4ce3aa6787e96caf771534f7f206fefbb83969d77b15fc7f2700a | |
| ARG JENKINS_SHA |
WDYT we apply the same pattern as other ARGs and we rely only on docker bake/compose to avoid spreading the values on many locations?
There was a problem hiding this comment.
That changes the development experience by requiring that every invocation of make must provide a value for JENKINS_SHA and JENKINS_VERSION. We might be able to overcome that by allowing the Makefile to request the SHA based on the JENKINS_VERSION using the same technique that is in the .ci/publish.sh script, but that seems like it will increase the complexity and remove some of the simplification that you would like to see.
| @@ -105,7 +105,7 @@ function Run-Program($cmd, $params, $verbose=$false) { | |||
| } | |||
|
|
|||
| function Build-Docker($tag) { | |||
| $exitCode, $stdout, $stderr = Run-Program 'docker-compose' '--file=build-windows.yaml build --parallel' | |||
| $exitCode, $stdout, $stderr = Run-Program 'docker-compose' '--file=build-windows.yaml build --parallel --build-arg JENKINS_URL=' + $env:JENKINS_URL | |||
There was a problem hiding this comment.
Instead of changing the compose call, WDYT if we rely on https://docs.docker.com/compose/how-tos/environment-variables/set-environment-variables/#additional-information instead?
| @@ -94,6 +94,12 @@ variable "BOOKWORM_TAG" { | |||
| default = "20250721" | |||
| } | |||
|
|
|||
| variable "JENKINS_URL" { } | |||
There was a problem hiding this comment.
| variable "JENKINS_URL" { } | |
| variable "JENKINS_URL" { | |
| default = "https://repo.jenkins-ci.org/public/org/jenkins-ci/main/jenkins-war/${JENKINS_VERSION}/jenkins-war-${JENKINS_VERSION}.war" | |
| } |
WDYT if we define the "most common" value here (e.g. the current default which will be kept) and we only define a custom URL on the ci.jenkins.io pipeline? The goal would be to avoid the tedious logic around our "war" / "war-stable" detection. Your code works marvelously but it is still some branching code to maintain inside a declarative (docker bake) system
There was a problem hiding this comment.
I tried that as one of my first iterations and was unable to persuade the bake file to expand the value of JENKINS_VERSION at the correct time. I abandoned the idea because no other variable in the file uses other variables to expand them.
If there is a way to do that, I'm open to it. I couldn't make it work with my efforts.
There was a problem hiding this comment.
I'd like to take a shot at it. Is this PR urgent?
There was a problem hiding this comment.
I'd like to take a shot at it. Is this PR urgent?
Not at all. I'd love to have you look at it when you're back from vacation.
| // Default environment variable set to allow images publication | ||
| def envVars = ['PUBLISH=true'] | ||
| // Only publish images from trusted.ci.jenkins.io | ||
| def envVars = ['PUBLISH=' + env.JENKINS_URL.startsWith('https://trusted.ci.jenkins.io')] |
There was a problem hiding this comment.
Ideally, we should not need this detection (see my comment about default value)
Download war from mirrors unless we are publishing a release
Reduce Artifactory bandwidth use for container builds by downloading the Jenkins war file from the nearest mirror site rather than downloading from repo.jenkins-ci.org when building without publishing.
Download from Artifactory when building to publish.
Adjust JENKINS_URL to use Artifactory when publishing and otherwise to download the Jenkins war file from the mirrors.
JENKINS_URL does not benefit from a default value because it must always be computed in docker-bake.hcl or provided as a build argument.
Helps reduce Artifactory bandwidth use as requested in:
Testing done
Confirmed the following configurations work as expected on Linux:
Tested the Windows changes in my Powershell local environment.
Did not test the build on Windows. Rely on ci.jenkins.io for that test.
Published Linux based builds to markewaite/experiments. Confirmed that that build and publish process downloaded from Artifactory.
Submitter checklist