2020 A Year Like No Other
The Jenkins community congratulates all users and contributors with the New Year! Let’s take a look at some changes this year. We would like to thank all awesome Jenkins users and contributors who have been with us during this year.
Highlights
Some of the key highlights:
-
Hundreds of first-timer contributors joined the community
-
Major UI/UX improvements in the Jenkins core, including the landing page, plugin manager, dark theme, and read-only configurations support
-
Outreach programs like Google Summer of Code (7 projects), Google Season of Docs, UI/UX hackfest, etc.
-
Public roadmap for the project
-
Terminology changes in the project, new Code of Conduct
-
Technical debt cleanup: XStream unforking, Acegi Security replacement, etc.
-
Continued evolution of the plugin ecosystem, especially in the area of Cloud Native solutions and tool integrations
-
Continued documentation cleanup, great progress with plugin documentation migration
-
Graduation in the Continuous Delivery Foundation
Jenkins User Interface and User Experience
This year there were many activities around Jenkins user experience and long-anticipated user interface changes. This is a coordinated effort being led by the User Experience SIG, and by many contributors to the project. Key project highlights:
-
Look & Feel updates of the Jenkins Web UI, including styling rework, new typography and layouts
-
Major rework of plugin management UI/UX
-
Dark theme for Jenkins
-
Accessibility improvements
-
Support for read-only configuration pages
In May we also organized a Jenkins UI/UX hackfest where we worked on some key stories improving user experience.
Jenkins security
In 2020 the Jenkins security team has released 19 advisories for the Jenkins core, plugins and other components. In total 198 vulnerabilities were fixed, and 72 plugin vulnerabilities were announced without a fix at the time of advisory publishing. As a project, we are receiving a continuous flow of new reports and continue to provide corrections. Cross-site scripting (XSS) vulnerabilities were the most popular type this year, followed by unprotected credentials.
There have also been developer tooling improvements, including GitHub CodeQL evaluation for targeted security issues search and Find-Sec-Bugs adoption for static analysis of the plugin and Jenkins core code. Along with wider adoption of Dependabot and automated dependency scanning on GitHub.
Documentation
Jenkins Documentation SIG is working on creating more documentation for Jenkins on different platforms, including cloud platforms. Jenkins on Kubernetes was one of the key stories this year for the SIG, along with documentation migration to jenkins.io and wider adoption of Documentation-as-code in plugins. 95% of the 200 most installed Jenkins plugins have moved to "documentation as code" or have a pending pull request with updates. In total, almost 600 plugins have already been migrated. There were major updates in Jenkins documentation on jenkins.io, with a lot of content being moved from the old Jenkins Wiki.
2020 was the first year when Jenkins participated in Google Season of Docs (GSoD). This program brings together open-source and technical writers communities for the benefit of both. This year’s student, Zainab Abubakar, did an amazing job documenting Jenkins on Kubernetes. Now Jenkins users can find official documentation about deploying and scaling Jenkins in Kubernetes. See the project report by Zainab here.
Jenkins Release Automation
The Jenkins project has delivered weekly and long term support releases since it was formed in 2011. Those releases were delivered by Kohsuke Kawaguchi from his release infrastructure.
Beginning in April 2020, those releases are delivered by the new release automation setup. It is hosted within the Jenkins’ Kubernetes cluster, with fully automated management and continuous delivery of services within the setup. We transitioned to new build processes, new code signing certificates, and new release automation jobs. Thanks to Olivier Vernin and all Infrastructure sub-project contributors for the successful completion of the release automation project!
Moreover, there is ongoing work on continuous delivery of Jenkins plugins (JEP-229) and on re-designing other Jenkins instances within the project (infra-ci, trusted-ci, and ci.jenkins.io for plugins). In the next few months these stories should provide Jenkins contributors with a modern environment for CI and CD of all Jenkins components.
Terminology updates
Since July, we have officially replaced the old "master" terminology with the "controller" term. It is a follow-up to the "agent" terminology introduced in 2016. We have also deprecated usages of the “blacklist/whitelist” terminology in all components. Currently the community is working on the cleanup of the remaining occurrences in the codebase and documentation, and we invite everyone to contribute.
As a part of the terminology cleanup, last spring we announced the renaming of the official Docker images for Jenkins agents. As a reminder, it does not have any immediate impact on Jenkins users, but they are expected to gradually upgrade their instances.
“Jenkins is the Way” program
This year the Advocacy and Outreach SIG started the “Jenkins is the Way” initiative which focuses on promoting user success stories. Over the year, the team published 54 user stories and six case studies on https://stories.jenkins.io/ as well as a significant amount of community marketing. We also published a number of testimonial videos advertising user stories, including this Introduction to "Jenkins is the Way" video.
See all the stories HERE
Events
Google Summer of Code
In 2020 we had seven students working in the Jenkins mentoring organization. We had 6 projects focused on Jenkins and one project focused on Jenkins X. As usual, in GSoC we focused on problems important to the Jenkins users and community members. The projects delivered highly anticipated new features and key architecture changes needed for the long-term evolution of Jenkins.
This is the first-ever time in Jenkins when all GSoC students have reached the final evaluation and successfully passed it. It was an incredible effort by all the project members and, most importantly, by the students. Thanks a lot to them!
Jenkins in Hacktoberfest 2020
In October we participated in Hacktoberfest. Our featured projects included the Jenkins core, jenkins.io website and plugins.jenkins.io, Helm charts, and multiple plugins. We also encouraged contributors to participate in the Documentation as Code and terminology cleanup across the entire Jenkins ecosystem.
See the details in the Hacktoberfest page.
In total we received 226 pull requests from Hacktoberfest participants. Some stats per Jenkins GitHub organization:
-
'jenkinsci', PRs: 189, Hacktoberfest contributors: 61
-
'jenkins-infra', PRs: 100, Hacktoberfest contributors: 40
-
'jenkins-zh', PRs: 37, Hacktoberfest contributors: 2
Jenkins at DevOps World
The annual DevOps World, formerly known as DevOps World | Jenkins World held on Sept 22-24, with workshops on Sept 25. Just like other events in 2020, DevOps World pivoted to a virtual event but that didn’t mean there was a shortage of sessions or networking opportunities. There were over 50 Jenkins/open-source. And a special congratulations is in order to this year’s Jenkins Contributor Award winners:
-
James Holderness - Jenkins security MVP
-
Marky Jackson - Most valuable Jenkins advocate
-
Tim Jacomb - Most valuable Jenkins contributor
Below are just a few sessions, the full agenda can be found HERE:
Graduation at Continuous Delivery Foundation
Jenkins is the first project to graduate in the CD Foundation. In August the project announced that the Jenkins project has achieved the graduated status in the Continuous Delivery Foundation (CDF). Thanks to all contributors who made our graduation possible! Below you can find a few key changes we have applied during the graduation process:
-
We introduced a new public roadmap for the Jenkins project. This roadmap aggregates key initiatives in all community areas: features, infrastructure, documentation, community, etc. It makes the project more transparent to all Jenkins users and adopters, and at the same time helps potential contributors find the hot areas and opportunities for contribution. The roadmap is driven by the Jenkins community and it has a fully public process documented in JEP-14.
-
A new list of Jenkins adopters was introduced on jenkins.io. This list highlights Jenkins users and references their case studies and success stories, including ones submitted through the Jenkins Is The Way portal. Please do not hesitate to add your company there!
-
We passed the Core Infrastructure Initiative (CII) certification. This certification helps us to verify compliance with open source best practices and to make adjustments in the project (see the bullets below). It also provides Jenkins users and adopters with a public summary about compliance with each best practice. Details are on the Jenkins core page.
-
Jenkins Code of Conduct was updated to the new version of Contributor Covenant. In particular, it sets best practices of behavior in the community, and expands definitions of unacceptable behavior.
Public Roadmap
The Jenkins project now has a public, community-driven project roadmap. Roadmap items are major initiatives and are considered as official plans. The roadmap aggregates key initiatives in all areas of the project.
Many of the 2020 released roadmap items are mentioned elsewhere in this document, including release automation, Core Infrastructure Initiative (CII) certification, user interface improvements, read-only configuration pages, and Google Summer of Code projects like the GitHub Checks API or External Fingerprint Storage.
Other roadmap items include mirror infrastructure improvements, a new Windows installer, and preview releases of pluggable storage for external fingerprints, build logs, and unit test results.
Jenkins 2020 Elections
In October-December the Jenkins community held the regular elections. This year we were electing for 2 governance board members and for all five officer positions, namely: Security, Events, Release, Infrastructure, and Documentation. These roles are an essential part of Jenkins' community governance and well-being. We thank all candidates and voters who participated this year.
Key results:
-
Gavin Mogan and Marky Jackson joined the Jenkins Governance Board
-
Tim Jacomb was elected as Release Officer
-
Marky Jackson became the new Events Officer
-
Olivier Vernin, Daniel Beck, and Mark Waite will continue as Infrastructure, Security and Documentation officers
Full election results: https://www.jenkins.io/blog/2020/12/03/election-results/
And even more
This blog post does not provide a full overview of what changed in the project, it is just a slice of the key highlights mentioned by the contributors. The Jenkins project consists of more than 2000 plugins and components which are developed by thousands of contributors. Thanks to them, a lot of changes happen in the project every day. We are cordially grateful to everybody who participates in the project, regardless of contribution size. Everything matters: new features, bug fixes, documentation, blog posts, well reported issues, Stackoverflow responses, etc. THANKS A LOT TO ALL CONTRIBUTORS!
So, keep updating Jenkins and exploring new features. And stay tuned, there is much more to come next year!
What’s next?
Technical changes. 2021 will be another busy year for the Jenkins community. There are many long-overdue changes in the project, which need to happen if we want Jenkins to succeed. There are many areas on the roadmap: UX revamp, cloud native Jenkins, pluggable storage, etc. There will also be a continued cleanup of old dependencies and technical debt. Several key changes are expected to land in the March LTS baseline: update to Spring Security, XStream unforking, JQuery update, etc.(announcement). In addition to that, we will keep working on expanding platform support in Jenkins, including provisioning support for new Java versions and official images for more architectures like Arm.
Documentation. Documentation efforts will continue in the next year, with a focus on documenting Jenkins usage on modern platforms and and automation use-cases. Wide adoption of documentation-as-code will also continue for plugins By this time almost 600 plugins have been migrated, but there are hundreds more plugins to go.
Security. Another important area is Jenkins security. Automation tools like Jenkins are a key part of the software delivery process in organizations, and their security is essential for the security of products. Misconfigured or outdated systems are a common attack vector, but there are also areas for improvement on the project’s side. Be sure there will be security advisories and vulnerability fixes in 2021. We plan to keep adopting best security development and software delivery practices, and to improve dependency management and developer tools in the project. These areas will be in the spotlight for the project next year.
Events. Next month we will participate in FOSDEM, and there will be a virtual Jenkins stand there. There will also be a CI/CD devroom. If you are interested to meet Jenkins contributors, it is a great opportunity. We also plan to continue all outreach programs and on onboarding more contributors. At the moment we are looking for Google Summer of Code 2020 mentors and project ideas (announcement). We are also ready to consider other non-coding project ideas as a part of CommunityBridge. If you are interested, please contact the Advocacy and Outreach SIG.
Join us in 2021!
We are always looking for more contributors, regardless of the profile and experience. Jenkins is a vast ecosystem which includes many modern technologies.
We invite Jenkins users and contributors to participate in the community and to move these initiatives forward! Join us in the mailing lists and special interest groups,