Automating plugin release process via GitHub Actions

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Automating plugin release process via GitHub Actions

Radek Antoniuk
I'm thinking about automating the plugin release process using GH Actions:
It seems that the process for setting this up for releasing on GH is quite straightforward. 
The issue is uploading the new artifact to the Artifactory, for what we need the credentials that are managed through:

There are two problems here:
- what user should be used in GH action to push to Artifactory
- the GH secrets can be only created by GH org owners

Do you think it's a good idea to try this out?
For me the benefits are:
- the release process will be done in a standard environment defined by the used docker image (obviously could be done locally but that's the point not to do have the need to do it in docker locally)
- the process can be automated, e.g. "do a release at the last day of month if there were any new PRs merged" - that would increase transparency and predictability on the releases

Cheers,
Radek

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/a799d799-6015-4252-8eb6-8d7f06a76609%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Re: Automating plugin release process via GitHub Actions

Matt Sicker
This sounds like it might relate well to a reproducible builds project
of some sort. Ideally we'd be able to do that in ci.jenkins.io, though
credentials management is a little less fine-grained there, so doing
so that way would likely required a trusted CI/CD environment.

Whether it's in Jenkins, GitHub Actions, or elsewhere, what I've
always done is create dedicated CD credentials while limiting said
credentials' access scopes as much as possible.

On Fri, Mar 27, 2020 at 2:16 PM Radek Antoniuk <[hidden email]> wrote:

>
> I'm thinking about automating the plugin release process using GH Actions:
>
> https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets
> https://github.com/marketplace/actions/maven-release
> https://help.github.com/en/actions/reference/events-that-trigger-workflows
> https://www.asyncapi.com/blog/automated-releases/
>
> It seems that the process for setting this up for releasing on GH is quite straightforward.
> The issue is uploading the new artifact to the Artifactory, for what we need the credentials that are managed through:
> https://github.com/jenkins-infra/repository-permissions-updater/blob/master/permissions/
>
> There are two problems here:
> - what user should be used in GH action to push to Artifactory
> - the GH secrets can be only created by GH org owners
>
> Do you think it's a good idea to try this out?
> For me the benefits are:
> - the release process will be done in a standard environment defined by the used docker image (obviously could be done locally but that's the point not to do have the need to do it in docker locally)
> - the process can be automated, e.g. "do a release at the last day of month if there were any new PRs merged" - that would increase transparency and predictability on the releases
>
> Cheers,
> Radek
>
> --
> You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
> To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/a799d799-6015-4252-8eb6-8d7f06a76609%40googlegroups.com.



--
Matt Sicker
Senior Software Engineer, CloudBees

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAEot4owf%2B6KJyABmzVvxLkNhC-_MRZLs%3D%3DB8ntPzxHxCYVeK5Q%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Automating plugin release process via GitHub Actions

slide
In reply to this post by Radek Antoniuk
There has been some discussion about automating plugin releases in the past. I think it would make more sense to do something on ci.jenkins.io, but you'd run into similar issues with user creds for upload.

On Fri, Mar 27, 2020, 12:16 Radek Antoniuk <[hidden email]> wrote:
I'm thinking about automating the plugin release process using GH Actions:
It seems that the process for setting this up for releasing on GH is quite straightforward. 
The issue is uploading the new artifact to the Artifactory, for what we need the credentials that are managed through:

There are two problems here:
- what user should be used in GH action to push to Artifactory
- the GH secrets can be only created by GH org owners

Do you think it's a good idea to try this out?
For me the benefits are:
- the release process will be done in a standard environment defined by the used docker image (obviously could be done locally but that's the point not to do have the need to do it in docker locally)
- the process can be automated, e.g. "do a release at the last day of month if there were any new PRs merged" - that would increase transparency and predictability on the releases

Cheers,
Radek

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/a799d799-6015-4252-8eb6-8d7f06a76609%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPiUgVfRt8oCtOGQCgu8Hp%3Dv8WcdPEECcdyxYCqb_gsz4JL0BQ%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Automating plugin release process via GitHub Actions

Jesse Glick-4
On Fri, Mar 27, 2020 at 3:32 PM Slide <[hidden email]> wrote:
> There has been some discussion about automating plugin releases in the past.

https://jenkins.io/jep/221

and a working PoC

https://github.com/jenkinsci/log-cli-plugin/tree/master/.github/workflows

but for general usage we had discussed using a dedicated private
Jenkins server, not GitHub Actions.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr0ctfepOARVexG2eNEAeE5SMe7-M1qWK8KrCzJS%3DDWuyQ%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Automating plugin release process via GitHub Actions

Radek Antoniuk
Thanks Jesse for this links, very interesting.

I like the idea that is proposed in JEP and even though I am a fan of GitOps, I think that in the current GH organisation plugin layout, the JEP #221 approach is a better first step.
I would probably drop the customisation of the plugin versioning and enforce a standarization (gitflow, master branch) to ensure we have a common approach among all plugins.

As you mentioned, I suppose that I should not take the PoC setup to implement it in jira-plugin as it should be handled by the infra invisibly..
So as the status of this JEP is a proposal, what's the next step for making this happen?



On Fri, Mar 27, 2020 at 9:22 PM Jesse Glick <[hidden email]> wrote:
On Fri, Mar 27, 2020 at 3:32 PM Slide <[hidden email]> wrote:
> There has been some discussion about automating plugin releases in the past.

https://jenkins.io/jep/221

and a working PoC

https://github.com/jenkinsci/log-cli-plugin/tree/master/.github/workflows

but for general usage we had discussed using a dedicated private
Jenkins server, not GitHub Actions.

--
You received this message because you are subscribed to a topic in the Google Groups "Jenkins Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-dev/dNzLGbm36mQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr0ctfepOARVexG2eNEAeE5SMe7-M1qWK8KrCzJS%3DDWuyQ%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPe2pWg2Lb1AVedzJnQRH4zJKCcJN9f6TKZwGrJ3-d687Rch%2Bw%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Automating plugin release process via GitHub Actions

Jesse Glick-4
On Fri, Mar 27, 2020 at 5:33 PM Radosław Antoniuk
<[hidden email]> wrote:
> So as the status of this JEP is a proposal, what's the next step for making this happen?

Karl Shultz was hoping to find time to move it along. Needs effort
from Jenkins infra people, which is a scarce resource.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr1Rp4vp-uio_j78akOx4Wpaw2CkVS%3D6igTWHSa39Np0BA%40mail.gmail.com.