Skip to content

feat(packaging) stop generating RPM repository on remote VM + introduces staging #777

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dduportal merged 2 commits into from
Nov 25, 2025
Merged

feat(packaging) stop generating RPM repository on remote VM + introduces staging #777

dduportal merged 2 commits into from
Nov 25, 2025

Conversation

@dduportal
Copy link
Contributor

@dduportal dduportal commented Nov 6, 2025
edited by MarkEWaite
Loading

Related to jenkins-infra/helpdesk#4774 (comment)

Must be merged at the same time as jenkinsci/packaging#540

  • Replace ALL usages of SSH in jenkinsci/packaging publication scripts by a local call. It implies changing RPM's call to createrepo (Ubuntu 18.04) by createrepo_c (Ubuntu 22.04 / 24.04)
  • Fixup SuSE/RPM merge specfiles and only build a single rpm for RH/SuSE jenkinsci/packaging#430 to ensure the jenkinsci/packaging's generateSite() functions take care of all site generation in all packages
  • Ensure the WAR uploadPackage() function in jenkinsci/packaging generates the latest links
  • Remove skipAlreadyPublished functions in all publication scripts in jenkinsci/packaging to ensure we always override the generated packages. It's disabled for Debian and RPM nowadays.
  • Ensure all rsync calls have the correct flags in all publication scripts in jenkinsci/packaging: preserving timestamps, archive mode (to ensure links and special unix file are preserved along with permissions, and include recursive folders)
  • Cleanup code (simplify calls to usual commands to avoid many operations, remove dead code)

Important notes on the "promotePackage" stage (which is the former syncMirror but renamed to materialize its full intent):

  • We copy binaries FIRST to archives.jenkins.io first to ensure the fallback is set. It is a fix to avoid published packages in get.jenkins.io which answers HTTP/404 until archives.jenkins.io or any mirror got the files (30 min max)
  • The publication to pkg.origin.jenkins.io does not utilize the "staging" directory on the remote VM (/var/www/pkg.jenkins.io.staging`) anymore. Instead it deploys generated files to the remote production webserver. 2 consequences:
    • No need to call the remote script sync.sh script anymore on the remote machine. But we'll have to keep it on the VM until we have both LTS and weekly packages with these changes.
    • If the publication fails during the rsync copy (not atomic), then users may have an incomplete repository. We accept that risk assuming pkg.origin.jenkins.io will be moved to Azure soon
  • The publication to pkg.origin.jenkins.io also introduces the copy to the file system for the future pkg.origin.jenkins in Azure so we can start comparing

Testing performed in https://release.ci.jenkins.io/job/core/job/package/job/helpdesk-4774 up to the rsync commands in dry-run + pointing to the custom branch in jenkinsci/packaging.

You can test the generated packages on https://staging.pkg.origin.jenkins.io (which serves binaries from https://staging.get.jenkins.io) with VPN enabled.

=> Will have to remove d8dcf8e before merging.

@dduportal dduportal force-pushed the helpdesk-4774 branch 2 times, most recently from bc74931 to c861b2e Compare November 22, 2025 08:28
This was referenced Nov 22, 2025
Open
Merged
Merged
dduportal added a commit to jenkins-infra/kubernetes-management that referenced this pull request Nov 24, 2025
@dduportal
feat(privatek8s/release.ci.jenkins.io) add SSH credential to access `…
72b5879 
…archives.jenkins.io` (#7273)

Related to
jenkins-infra/helpdesk#4774 (comment)

This PR requires
jenkins-infra/charts-secrets@773e785
to be applied by a kubernetes-management job in infra.ci.jenkins.io to
ensure the secret is written in the release.ci.jenkins.io controller
container.

The PR jenkins-infra/release#777 introduces a
direct copy (with `rsync`) of binaries from release.ci.jenkins.io
packaging Linux agent to archives.jenkins.io. As such, a SSH credential
is needed, which is introduced by the current PR as a top-level
credential in the JCasC setup for release.ci.jenkins.io.

See
https://github.com/jenkins-infra/release/pull/777/files#diff-29d0485a091dfb585170e6716985cca942ceae5e403f0e84af4fb1b28642e9feR509
dduportal
dduportal commented Nov 24, 2025
View reviewed changes
utils/release.bash
# TODO: Remove the copy to archive in remote script and generate symlinks here
ssh "${PKGSERVER_SSH_OPTS[@]}" "${PKGSERVER}" /srv/releases/sync.sh
. `# source` \
[email protected]:/srv/releases `# destination # TODO: get hostname and path from env`
Copy link
Contributor Author

@dduportal dduportal Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Requires jenkins-infra/kubernetes-management#7273

@dduportal dduportal mentioned this pull request Nov 24, 2025
Merged
dduportal added a commit to jenkins-infra/kubernetes-management that referenced this pull request Nov 24, 2025
@dduportal
feat(privatek8s/release.ci.jenkibns.io) add SSH hostheys for remote s…
a148d98 
…ervers used by the packaging pipeline (#7274)

Needed by jenkins-infra/release#777 as removing
the SSH options used to avoid SSH host keys in
jenkinsci/packaging#540 are breaking the
packaging pipeline.

Requires
jenkins-infra/charts-secrets@d7ef7e7

Applied and verified manually (see
https://github.com/jenkins-infra/release/pull/777/files#diff-ad30548cc54e46cac25ca9233185676eb831aaef7403bc828ac706ae80237671R59)
dduportal
dduportal commented Nov 24, 2025
View reviewed changes
Jenkinsfile.d/core/package
Comment on lines +296 to +297
SSH_HOSTKEY_ARCHIVES_JENKINS_IO = credentials('ssh-hostkey-archives.jenkins.io')
SSH_HOSTKEY_PKG_ORIGIN_JENKINS_IO = credentials('ssh-hostkey-pkg.origin.jenkins.io')
Copy link
Contributor Author

@dduportal dduportal Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

jenkins-infra/kubernetes-management#7274

@dduportal dduportal force-pushed the helpdesk-4774 branch 2 times, most recently from 69499fb to d8dcf8e Compare November 24, 2025 14:18
dduportal
dduportal commented Nov 24, 2025
View reviewed changes
@dduportal dduportal marked this pull request as ready for review November 24, 2025 14:30
@dduportal dduportal requested a review from a team as a code owner November 24, 2025 14:30
@dduportal dduportal changed the title feat(packaging) use staging and then promote with all generation on local agent feat(packaging) stop generating RPM repository on remote VM + introduces staging Nov 24, 2025
MarkEWaite
MarkEWaite approved these changes Nov 25, 2025
View reviewed changes
Copy link
Contributor

@MarkEWaite MarkEWaite left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look very good to me.

I think that we will always have a .ssh directory on the agent with correct permissions, so the mkdir -p is probably not needed. However, if we're retaining it, then I think we might want to set the permissions on the directory when we create it. It is not required, just an optional item for consideration. I incorrectly thought that ssh checked the permissions of the .ssh directory, but when I modified the directory permissions on Ubuntu Linux 22.04, there was no warning or error message.

The other comment is purely stylistic and can be ignored without any issue.

@dduportal dduportal mentioned this pull request Nov 25, 2025
Open
dduportal
dduportal commented Nov 25, 2025
View reviewed changes
dduportal
dduportal commented Nov 25, 2025
View reviewed changes
Copy link
Contributor Author

@dduportal dduportal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • jenkinsci/packaging#540 has been merged
  • Feedback applied (+ a nitpick on my side)
  • The "test" commit has been deleted

We can proceed to merge, before the incoming 2.539 release!

@dduportal dduportal merged commit 5f20e41 into master Nov 25, 2025
2 checks passed
@dduportal dduportal deleted the helpdesk-4774 branch November 25, 2025 08:37
@dduportal dduportal mentioned this pull request Nov 25, 2025
Closed
dduportal added a commit that referenced this pull request Dec 2, 2025
@dduportal
Merge pull request #777 from jenkins-infra/helpdesk-4774
f4efa94 
feat(packaging) stop generating RPM repository on remote VM + introduces staging

(cherry picked from commit 5f20e41)
dduportal added a commit that referenced this pull request Dec 3, 2025
@dduportal
Merge pull request #777 from jenkins-infra/helpdesk-4774
d21b091 
feat(packaging) stop generating RPM repository on remote VM + introduces staging

(cherry picked from commit 5f20e41)
@dduportal dduportal mentioned this pull request Dec 3, 2025
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MarkEWaite MarkEWaite MarkEWaite approved these changes

@timja timja Awaiting requested review from timja

@lemeurherve lemeurherve Awaiting requested review from lemeurherve

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dduportal @MarkEWaite