Kohsuke - some more answers to your questions inline below. Also I thought of these other things on my walk to the office this morning that might be of interest:
- Parameters to jobs : most of my pipeline jobs have parameters defined inside. Would the Jenkinsfile Runner have a way to pass in parameters so it doesn't just use default values? - Environment values for jobs: For our pipeline automation deployments, we set "env" values (key value pairs as strings) at the gobal of folder level (using Jenkins Enterprise Folders plugin) and these define some environment for jobs (things like REST endpoints to some RESTful services we use in the jobs, for example). With the Jenkinsfile Runner have a way to supply this? - Script approvals : I have mentioned this below, but some way to define script approvals or get the required approvals would help possibly. I know if you are hitting script approvals, then probably trying to do too much in the pipeline code but it is easy to hit this with simple stuff like Java date functions or JSON parsing. - Jenkinsfile As a Service idea (JFAAS?): you mentioned this and I really like this idea. The possibility to externally run a Jenkinsfile supplied and get back some results like build artifacts and console output without having any jobs or builds appear on the Jenkins master or needing a job configuration. The reason is we tend to think about loading all our automation into Jenkins. But our world is not all inside Jenkins and we have other automation solutions that can have extensions and customisation. An example is some of our custom services we build and some off the shelf stuff like the Serena Business Process management server we have. But Jenkins is really good and doing some automation, tooling and spinning / scaling up agent workers in Docker etc, so it would be good to use that from these other services by having them send a Jenkinsfile they own over and getting some results back somehow. Maybe this is something different from Jenkinsfile Runner though. Best regards, --Bill On Tuesday, 6 March 2018 21:33:37 UTC, Kohsuke Kawaguchi wrote: > > > On Tue, Mar 6, 2018 at 2:57 AM Bill Dennis <bill....@gmail.com > <javascript:>> wrote: > >> Thanks Kohsuke, I tried to give some answers to your questions inline >> below, if I didn't mess up the reply.. >> >> Bill >> >> On Friday, 2 March 2018 17:57:24 UTC, Kohsuke Kawaguchi wrote: >> >>> >>> >>> On Fri, Mar 2, 2018 at 9:26 AM Bill Dennis <bill....@gmail.com> wrote: >>> >>>> Hello Kohsuke - >>>> >>>> I am a developer using Jenkins pipeline quite lot where I work. >>>> >>>> We are using Jenkins pipelines in two scenarios: >>>> >>>> - For CI building and testing some of our internal components (what >>>> Jenkins is traditionally used for) >>>> - For running / orchestrating complex automation processes (so >>>> Jenkins is talking to some external systems using SOAP / REST etc) via >>>> tooling and even directly via REST using plugins. >>>> >>>> I have mostly used JenkinsPipelineUnit for testing / validation of the >>>> pipelines and I have been looking into the direct / live approach that >>>> Oleg >>>> demonstrated (running Jenkins locally in Docker and getting the pipeline >>>> being developed direct from a host file system volume mount). >>>> >>>> I think Jenkinsfile Runner would be really useful for developers who >>>> don't need or want the overhead of developing tests with >>>> JenkinsPipelineUnit. I have worked with some developers wanting to develop >>>> Jenkinsfiles for their CI process and the main problem is knowing if the >>>> Jenkinsfile will work when they commit it to the repo. They go round this >>>> loop of commit / fix running in the production Jenkins or using the >>>> Jenkins >>>> pipeline "replay" feature. It can be a painful process if you are not >>>> familiar with Jenkins pipeline and Groovy syntax! >>>> >>> >>> This kind of context is really helpful. Thank you! >>> >> >> Happy to feedback. Thanks for Jenkins and pipeline as code, it helped me >> deliver some projects with Jenkins in a way that I thought would not be >> possible a few years ago. >> > > My pleasure, and really the portion I can take credit for is getting > smaller every day! > > >> >> >>> I think some things to consider are: >>>> >>>> - How does the Jenkins Runner replicate the agents / slaves identifiers >>>> on the target Jenkins? >>>> - How to deal with tooling on the target Jenkins (custom tools, JDKs, >>>> Gradle, etc)? >>>> >>> >>> Right, I guess your point is that Jenkinsfile Runner should aim to run >>> Jenkinsfile in much more realistic setup, and that doesn't stop at using >>> real Jenkins and real Pipeline plugins, but it also needs to include other >>> configurations of Jenkins. I think Jesse made a similar observation. I have >>> a few thoughts: >>> >>> - Configuration-as-code >>> <https://github.com/jenkinsci/configuration-as-code-plugin> could >>> play a role here in terms of letting people define the configuration of >>> Jenkins once and use it both in production and in setup like Jenkinsfile >>> Runner >>> - I'm a fan of making Jenkinsfile itself more portable. For example, >>> if people are already in the mode of using docker images to run builds >>> in, >>> then more of the toolings would be packaged in there, and it should >>> allow >>> Jenkinsfile Runner to run your project in much the same way as your >>> production Jenkins. I'm curious how much of this is already reality vs >>> ideal that people are working toward. >>> >>> Yes, all of this. I have often thought that we need something like >> declarative pipeline for the configuration of Jenkins as code instead of >> going into all those web config pages. Jenkins master as Docker container >> seems good. In our environment we are not currently using Docker but I have >> seen that that is the way to go. Getting a larger organisation to adopt the >> right technology and the associated costs of that is the challenge, so we >> remain using traditional Jenkins slaves and tooling methods. Hopefully >> Dockerised soon. We do use Jenkins Enterprise from CloudBees. >> > > "something like declarative pipeline for the configuration of Jenkins as > code instead of going into all those web config pages" --- please do check > out the linked configuration-as-code effort. I think you'll love it. > > And thanks for the explanation of the state of your current Jenkins master. > > I think the perfect Jenkinsfile Runner for me would provide: >>>> >>>> - Somehow capture the plugins, tooling and agents on our production >>>> Jenkins >>>> - Validate the Jenkinsfile pipeline syntax >>>> >>> >>> I think this is already happening as a result of actually running the >>> pipeline -- one of the virtue of actually using the real pipeline plugins >>> to run! >>> >>> >>>> - Validate the Jenkinsfile against the plugins and agents / tooling >>>> (fail if it refers to some tool or agent not configured for example). >>>> - Run the Jenkinfile in some sort of "no-op" mode : what would it do if >>>> I ran it, without actually doing anything >>>> >>> >>> This one is interesting. I assumed JenkinsPipelineUnit does this pretty >>> well, though. Can you tell me more about this? I'm imagining you'd want to >>> be able to selectively mock out some steps (e.g., when Jenkinsfile gets to >>> sh "./deploy.sh" don't actually do it and pretend that it succeeded) but >>> more details would be helpful. >>> >> >> Yes, in JenkinsPipelineUnit I pretty much mock out everything like calls >> to tools. Because pipeline is based on Groovy I thought I could do some >> unit tests using Spock and Groovy for pipelines but then I discovered it >> was already done and shared as JenkinsPipelineUnit, so hat tip to Ozan >> there. So the Spock unit tests I write are confirming the execution of the >> tools is correct but not actually running them. I also write >> JenkinsPipelineUnit test code for my share library code as well confirming >> the behaviour, so actually all my use of special tooling is captured in >> libraries as DSL like constructs. A great feature of JenkinsPipelineUnit is >> that it can generate the execution callstack of the "mocked" pipeline run. >> These callstacks can be stored as files and JenkinsPipelineUnit tests can >> assert the execution callstack of a test run against a file committed as >> part of the tests. I do this for all my pipelines and share library units. >> So the callstacks actually capture the execution of tooling with >> commandline params etc and any time I change the pipeline code I can see >> what is changed by diffing the callstack file changes. Another thing you >> can do with this is run the pipeline jobs with different parameters in the >> tests (Spock parameterised tests) and by comparing the callstack files can >> see how the pipeline behaviour differs between these runs and assert the >> correct behaviour. All this without having to hit a real Jenkins server and >> wait for long running processes to complete! So this is all fine and you >> can write tests for the pipelines and check the use of tooling etc, but >> when you come to run the pipeline on the actual server, the tools or agents >> / slaves labels are not configured as expected for the fully tested >> pipeline. So this is where something like Jenkins Runner will be good to >> use. My tests are based on code methods in the project I have here: >> https://github.com/macg33zr/pipelineUnit >> > > So just to make sure I understand you correctly, given all that you do > with JenkinsPipelineUnit, the point of "integration test" for you is to > actually run in real Jenkins, in order to verify that agent labels exist, > those agents do have the tools that your 'sh' step uses, etc. > Yes, some way to integration test against a real Jenkins would really help. This is the main integration test mode. Another thing that trips us up is script approvals, and this is something that can be quite painful if doing certain things with pipeline and shared libraries (and this is why I am looking into plugin development right now for our own custom steps). It would be really good to get some output of script approvals required so that they can be inspected and configured on the server or the Jenkinsfile / library updated. However, I still like the idea that something like Jenkinsfile Runner can spin up a "scratch" jenkins locally. This is because I would use it during development when I don't want to consume resources on the deployed master or break something that might affect someone else. I have been looking at something like what Oleg demoed with Jenkins in Docker and Filesystem SCM plugin for this scenario. This is because my main development involves multiple Jenkinsfile pipelines with some sort of orchestration of pipeline jobs going on (I don't really see Jenkinsfile Runner supporting that). With a Jenkinsfile Runner on this local scratch Jenkins I might also have the opportunity to run it with or without the script approvals bypassed in some way so I could get pipelines and libraries up and running quickly in the global pipeline library scenario (I don't care too much for the script security running this scratch Jenkins locally). > > - Actually run the Jenkinsfile locally so I can know it works completely >>>> before committing to source control. >>>> >>> >>> Yeah, this was the first goal for me. >>> >>> >>>> - Run the Jenkinsfile on the target Jenkins master server using the >>>> resources of that server (so know it works on the server). >>>> >>> >>> This got me thinking that maybe all I needed was a Jenkins CLI command >>> that behind the scene creates a temporary/hidden job on the target Jenkins >>> master and run the Pipeline. IOW, keep the same development flow as >>> Jenkinsfile Runner today, but don't run Jenkins locally, just do it on your >>> actual Jenkins. >>> >> >> Yes, this would be great, an anonymous job and just pull back the output >> and console log. A plugin for IntelliJ or whatever IDE using this would be >> even better :-) >> > > Great, between your feedback and what I think Johanness is saying, I'm > starting to picture the next POTD. > Looking forward to it! > > Hope that helps! >>>> >>>> Bill Dennis >>>> >>>> >>>> On Thursday, 1 March 2018 19:23:15 UTC, Kohsuke Kawaguchi wrote: >>>>> >>>>> Jenkinsfile Runner is an experiment to package Jenkins pipeline >>>>> execution as a command line tool. The intend use cases include: >>>>> >>>>> - Use Jenkins in Function-as-a-Service context >>>>> - Assist editing Jenkinsfile locally >>>>> - Integration test shared libraries >>>>> >>>>> Over the past year, I've done some deep-dive 1:1 conversations with >>>>> some Jenkins users and I felt something like this might move the needle >>>>> for >>>>> them in an important way. >>>>> >>>>> I'd love to hear any reactions on your side. Could something like this >>>>> be important for you, does it miss any key points for you? If you >>>>> mentally >>>>> picture a perfect version of this, what would that do, and how would you >>>>> use? >>>>> >>>>> Let me know! >>>>> >>>>> -- >>>>> Kohsuke Kawaguchi >>>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Jenkins Developers" group. >>>> >>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to jenkinsci-de...@googlegroups.com. >>> >>> >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/jenkinsci-dev/b475ecc2-2807-47c7-809f-5e6c1a51d2e0%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/jenkinsci-dev/b475ecc2-2807-47c7-809f-5e6c1a51d2e0%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >>> Kohsuke Kawaguchi >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Developers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to jenkinsci-de...@googlegroups.com <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-dev/c1ae5ba9-d54d-4c87-ad3d-d7b1ae004148%40googlegroups.com >> >> <https://groups.google.com/d/msgid/jenkinsci-dev/c1ae5ba9-d54d-4c87-ad3d-d7b1ae004148%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- > Kohsuke Kawaguchi > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/5d6df19b-dc98-4c52-9d9d-0f511d3e540c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
