Merge From Master#2
Open
mchaulagain wants to merge 335 commits intomchaulagain:masterfrom
Open
Conversation
Without a timestamp, the permissions are ignored
Remove `ZpoolMonitor` and `ZPoolExpandNotice`
…tool Update pom.xml to match archetype and use `jenkins.baseline` property to keep bom in sync
…capacity (#1032) * Log EC2 errors while calling RunInstances for reserved capacity * Address format violations
…des requested (#1033) * Log EC2 errors while calling RunInstances for reserved capacity * Update log message to include number of nodes requested
Removed associatePublicIp check for building the NW interface obj
…the NW interface obj"
Revert "[JENKINS-75002] Removed associatePublicIp check for building the NW interface obj"
[JENKINS-76058] Fix OpenSSH Certificate Hostkey handling + Improve verifier
…extension Bumps [io.jenkins.tools.incrementals:git-changelist-maven-extension](https://github.com/jenkinsci/incrementals-tools) from 1.10 to 1.13. - [Release notes](https://github.com/jenkinsci/incrementals-tools/releases) - [Commits](jenkinsci/incrementals-tools@parent-1.10...parent-1.13) --- updated-dependencies: - dependency-name: io.jenkins.tools.incrementals:git-changelist-maven-extension dependency-version: '1.13' dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…ools.incrementals-git-changelist-maven-extension-1.13 build(deps): bump io.jenkins.tools.incrementals:git-changelist-maven-extension from 1.10 to 1.13
* [JENKINS-76083] Fix tests for SSH Verifiers * [JENKINS-76083] Fix regression: pass the correct algorithm --------- Co-authored-by: Raihaan Shouhell <raihaanhimself@gmail.com>
* Migrate annotations and imports * Migrate assertions * Remove public visibility for test classes and methods * Minor code cleanup Co-authored-by: Raihaan Shouhell <raihaanhimself@gmail.com>
* reconnect when agent is offline * address comments * move offline check --------- Co-authored-by: car-roll <cchiou@cloudbees.com> Co-authored-by: Raihaan Shouhell <raihaanhimself@gmail.com>
…num for IP assignment control (#1148) * Deprecate boolean `associatePublicIp` and add `AssociateIpStrategy` enum for IP assignment control JENKINS-75002 Currently, public IP assignment behavior is inconsistent: - `associatePublicIp=true`: - Creates a `NetworkInterface` - Sets `associatePublicIpAddress(true)` - Configures subnet and security groups on the interface - `associatePublicIp=false`: - **On-demand**: - Does *not* use a `NetworkInterface` - Configures subnet/security groups at the RunInstance level - Public IP assignment depends on the subnet's `MapPublicIpOnLaunch` setting (inherited) - **Spot**: - Uses a `NetworkInterface` - Sets `associatePublicIpAddress(false)`, enforcing *no* public IP (does *not* inherit) This prevents reliable enforcement of "no public IP" via AWS Service Control Policies. The current logic follows [PR 447](#447), which reverted [JENKINS-58578](https://issues.jenkins.io/browse/JENKINS-58578), losing the ability of `associatePublicIp=false` to always disable public IP assignment. - **Always create** the primary `NetworkInterface`. - Replace the boolean `associatePublicIp` with the `AssociateIpStrategy` enum: - `PUBLIC_IP`: Always assign a public IP (`associatePublicIpAddress=true`) - `PRIVATE_IP`: Never assign a public IP (`associatePublicIpAddress=false`) - `SUBNET`: Inherit the subnet's `MapPublicIpOnLaunch` (leave unset) - `DEFAULT`: Matches current behavior: `PRIVATE_IP` for spot, `SUBNET` for on-demand The `DEFAULT` option maintains backward compatibility and is used as the UI default. * permission check in AssociateIPStrategy requests * fix javadoc links * Use label 'Associate IP Strategy' instead of 'Associate IP' Co-authored-by: Jérôme Pochat <jpochat@cloudbees.com> --------- Co-authored-by: Jérôme Pochat <jpochat@cloudbees.com>
Co-authored-by: Raihaan Shouhell <raihaanhimself@gmail.com>
…w or save cloud configurations (#1140) * JENKINS-76057: Add getter methods for SlaveTemplate properties * JENKINS-76057: Add DescriptorImpl for deprecated AmazonEC2Cloud class with display name * JENKINS-76057: Add getter method for EC2Cloud name property * JENKINS-76057: Add @DataBoundConstructor to AmazonEC2Cloud for form binding Jenkins form submission requires @DataBoundConstructor to identify which constructor Stapler should use when creating instances from form data. Without this annotation, form submissions fail with: org.kohsuke.stapler.NoStaplerConstructorException: There's no @DataBoundConstructor on any constructor of class hudson.plugins.ec2.AmazonEC2Cloud This prevents users from saving EC2 cloud configuration changes through the Jenkins web interface, causing HTTP 500 errors on form submission. Similar pattern was used in SpotConfiguration (commit a467252, March 2020) and required across Jenkins plugins as Stapler framework enforcement became stricter in recent Jenkins versions. * JENKINS-76057: Reorder import statements in AmazonEC2Cloud to fix Spotless violation --------- Co-authored-by: Raihaan Shouhell <raihaanhimself@gmail.com>
…nstances (#1151) Co-authored-by: Raihaan Shouhell <raihaanhimself@gmail.com>
/pull/1148 JENKINS-75002
…gy-fix-compat Fix associatePublicIp backward compatible.
* Test with Java 25 and Java 21 Java 25 released September 16, 2025. The Jenkins project wants to support Java 25 soon. Compile and test on ci.jenkins.io with Java 25 and Java 21. Intentionally continues to generate Java 17 byte code as configured by the plugin parent pom. Does not compile or test with Java 17 any longer because we have found no issues in the past that were specific to the Java 17 compiler. The plan is to drop support for Java 17 in the not too distant future so that the Jenkins project is only supporting two major Java versions at a time, Java 21 and Java 25. Testing done: * Confirmed that automated tests pass with Java 25 * Remove unnecessary trailing comma
see #1986 Co-authored-by: Raihaan Shouhell <raihaanhimself@gmail.com>
Reduce the risk that new dependencies will be injected accidentally from a dependency update. The developer documentation provides more details at https://www.jenkins.io/doc/developer/plugin-development/dependencies-and-class-loading/#build-time-validation-of-bundled-artifacts Originally added to Maven hpi plugin in pull request: * jenkinsci/maven-hpi-plugin#771 Testing done * Confirmed that automated tests pass
Co-authored-by: Raihaan Shouhell <raihaanhimself@gmail.com>
* Ludicrous Mode: Lightweight queuing of work What is ludicrous speed? ------------------------ [Obligatory video of ludicrous speed](https://youtu.be/oApAdwuqtn8?si=uJHPP5OXz9GNllY0) <details><summary>Ludicrous speed is faster than light speed</summary> ---  </details> --- Patch details ------------- `Queue.maintian()` is a critical path in Jenkins core. Any performance delays can significantly impact Jenkins scheduling work on agents. At around 800 agents, Jenkins becomes unavailable since it becomes nearly permanently locked with work queued up. This patch was tested with over 1000 Jenkins agents in AWS and work was scheduled near-instantly. The EC2 plugin's retention strategy (`check()`, `start()`) is called under the Queue lock and made live EC2 API calls for every agent. The patch splits all EC2 operations into two categories: - **Lightweight** (runs under Queue lock): Returns immediately with no AWS interaction. Schedules heavy work on background thread pools and returns. - **Heavyweight** (runs outside Queue lock): EC2 API calls (describeInstances, getState, connect), idle timeout, reconnect — all run on dedicated `HEAVY_WORK_EXECUTOR` and `PROVISIONING_EXECUTOR` thread pools. Provisioning now returns `PlannedNode` futures immediately instead of blocking on `runInstances`. Instance counts are cached with a 30-second TTL to avoid repeated `describeInstances` calls. Dead-node detection uses batch `describeInstances` (one API call per cloud) instead of per-node calls. When agents come online, `scheduleMaintenance()` is called to trigger an immediate Queue re-evaluation rather than waiting for the next 5-second timer tick. Patch series ------------ This patch is part of a series which enables my production instance to scale work up to ludicrous amounts of agents. - ec2 plugin (this patch) - [job-restrictions plugin] - [leastload plugin] AI Analysis ----------- See detailed [AI analysis for ec2 plugin][1]. Testing done ------------ First pressure tested in a non-production environment. It is now running in production for me for about a week. Submitter checklist ------------------- - [x] Make sure you are opening from a **topic/feature/bugfix branch** (right side) and not your main branch! - [x] Ensure that the pull request title represents the desired changelog entry - [x] Please describe what you did - [ ] Link to relevant issues in GitHub or Jira - [x] Link to relevant pull requests, esp. upstream and downstream changes - [ ] Ensure you have provided tests that demonstrate the feature works or the issue is fixed [1]: https://github.com/samrocketman/jenkins-ai-analysis/blob/main/ludicrous-mode-analysis/ec2-plugin/ [job-restrictions plugin]: jenkinsci/job-restrictions-plugin#210 [leastload plugin]: jenkinsci/leastload-plugin#22 Co-authored-by: sgleske@integralads.com * Address Jenkins failures * spotless apply
* fix cachedSlaveTemplates being null This should fix issue #2002 * Fill in gaps for NPE fix (#2004) How current fix is incomplete ----------------------------- `readResolve()` has an early return this on line 540 inside the credential migration path. The `cachedTemplateSlaves` null check was placed after this early return, so any EC2Cloud instance with legacy accessId/secretKey credentials matching an existing credential would exit `readResolve()` without initializing cachedTemplateSlaves, hitting the same NPE. This change ----------- Moves the `cachedTemplateSlaves` null-check initialization to the top of `readResolve()`, immediately after `slaveCountingLock`, so it executes before any early return path. Co-authored-by: sgleske@integralads.com --------- Co-authored-by: Sam Gleske <875669+samrocketman@users.noreply.github.com>
Large language models and other readers were causing performance problems. The ci.jenkins.io controller has been reconfigured to limit access to authenticated users in order to prevent performance problems. That change requires that we adjust the URL of the embeddable build status update URL. Testing done * Validated the change in a sample repository * Will check the pull request after it is submitted
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.