Update jenkins #564
Update jenkins #564
Conversation
Following discussion on #544 give up with tagged versions and only expose "latest" and "weekly"
|
I've love to see this merged. There is a recent security advisory and version 1.600 is the latest recommended version: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27 Additionally, dropping ALL versions seems a bit extreme. Jenkins maintains a set of LTS releases which are released every 12 weeks: https://wiki.jenkins-ci.org/display/JENKINS/LTS+Release+Line. This seems like a nice compromise between the constant weekly versions and dropping useful version tags completely. Could we add the most recent LTS in addition to latest and weekly (as a start)? |
|
I am confused by the lack of any tags for version numbers; a user won't be able to pull We had talked about this in #544, and I was understanding that the problem was the sprawl of versions. I agree with @lamielle that it would be nice to keep a set of LTS versions as well as a few weekly versions. As older versions drop off the list here, they will still be available on the hub as their unique tagged version (like |
|
@yosifkit imho it doesn't make sense to not have the same behavior / README doc for all docker "official" images available on dockerhub. If at some time we prune some of them from this repo to reduce number of tags, then we will break user experience. |
|
@yosifkit added 1.596.1 tag - will then only publish "latest LTS" as official docker image tag |
|
It seems the docker official image process doesn't mesh well with the jenkins (slightly unusual) release patterns and tempo. Even LTS in jenkins are quite frequent - which is causing some confusion. If a user wants fine grained versions - it is better if the jenkins project itself maintains this in its own namespaced repo - and keep official for latest LTS (optional tags for versions, if that can work). The reason a user may want very specific versions would be in locating a bug - not an every day occurrence. |
|
We are definitely open to having all the supported releases here. Even having a Looking at upstream's website, the latest "release" (weekly) is |
|
What say you @ndeloof ? |
|
My point is, as long as this process is a manual review, even the PR is based on an already discussed and polished Dockerfile template, I won't have enough spare cycles to handle this on a weekly basis. I've proposed to get this image repo moved to jenkinsci OSS community github repo so "someone" can create a PR every week, will be discussed on next governance meeting (April 1st) |
|
@yosifkit does anything prevent this PR to be merged ? |
|
LGTM, ping @tianon Build test of #564; e771f21 ( $ url="https://raw.githubusercontent.com/docker-library/official-images/e771f21311ef3380442976cc1b6a922bf94e2f51/library/jenkins"
$ bashbrew build "$url"
Fetching jenkins (git://github.com/cloudbees/jenkins-ci.org-docker) ...
Processing jenkins:latest ...
Processing jenkins:1.596.1 ...
$ bashbrew list "$url" | xargs test/run.sh
testing jenkins:latest
'utc' [1/2]...passed
'cve-2014--shellshock' [2/2]...passed
testing jenkins:1.596.1
'utc' [1/2]...passed
'cve-2014--shellshock' [2/2]...passed |
|
I'd like to be clear that we disagree on the way an official image should be maintained, not a Docker image in general, which is the important distinction here. You are free to maintain anything under This does LGTM for now though -- I agree that we can iterate more post-merge. |
Following discussion on #544
give up with tagged versions and only expose "latest" and "weekly"