chore: update java version (#198)

* debug

* debug (typo)

* fix: rockcraft version

* update identity bundle versions

* trivy ignore unpatched vuln

* test: use juju 3.5

* build command and fix comments

* try manual deploy

* test: public ingress relation jenkins

* fix: typo & lint

* test: add oathkeeper relations

* test: remove wait for idle before deploy

* test: fix: oathkeeper relation fix

* test: traefik certificates

* test: use model.integrate instead of deprecated model.relatet

* test: model wait for idle to get around buggy charms

* await status code

* fix tests for auth proxy

* fix lint

* fix lint

* proper auth address

* fix:  auth proxy test

* test: fix thinbackup plugin request

* remove debug

* fix type hint

* split plugins test

* try 1.29 microk8s

* debug

* kubeconfig dir & debug log

* revert to 1.28 microk8s

* remove testing microk8s config

* chore: remove patched CVEs

* chore: add unpatched CVE

* fix: plugins fix

* remove debug

.github/workflows/integration_test.yaml

@@ -15,12 +15,12 @@ jobs:
       channel: 1.28-strict/stable
       extra-arguments: |
         --kube-config=${GITHUB_WORKSPACE}/kube-config
-      modules: '["test_auth_proxy.py", "test_cos.py", "test_ingress.py", "test_jenkins.py", "test_k8s_agent.py", "test_machine_agent.py", "test_plugins.py", "test_proxy.py", "test_upgrade.py", "test_external_agent.py"]'
+      modules: '["test_auth_proxy.py", "test_cos.py", "test_ingress.py", "test_jenkins.py", "test_k8s_agent.py", "test_machine_agent.py", "test_plugins_part_1.py", "test_plugins_part_2.py", "test_proxy.py", "test_upgrade.py", "test_external_agent.py"]'
       pre-run-script: |
         -c "sudo microk8s config > ${GITHUB_WORKSPACE}/kube-config
         chmod +x tests/integration/pre_run_script.sh
         ./tests/integration/pre_run_script.sh"
-      juju-channel: 3.1/stable
+      juju-channel: 3/stable
       self-hosted-runner: true
       self-hosted-runner-label: "xlarge"
-      microk8s-addons: "dns ingress rbac storage metallb:10.15.119.2-10.15.119.4 registry"
+      microk8s-addons: "dns ingress rbac hostpath-storage metallb:10.15.119.2-10.15.119.4 registry"

.trivyignore

@@ -1,8 +1,2 @@
-# Pebble CVEs
-CVE-2024-24790
-CVE-2023-45288
-CVE-2024-34156
-# Jenkins plugin manager CVEs
-CVE-2023-5072
-# Jenkins CVEs
-CVE-2016-1000027
+# Jenkins executable
+CVE-2024-47072

jenkins_rock/rockcraft.yaml

@@ -36,17 +36,30 @@ parts:
       - curl
       - libnss3
       - unzip
-      - default-jdk-headless
+      - openjdk-21-jdk-headless
+    # Referred from https://github.com/jenkinsci/docker/blob/master/debian/bookworm/hotspot/Dockerfile
     overlay-packages:
       - bash
+      - ca-certificates
       - ca-certificates-java
+      - curl
       - fonts-dejavu-core
-      - libfontconfig1
-      - default-jre-headless
       - git
+      - gnupg
+      - gpg
+      - libfontconfig1
+      - libfreetype6
+      - libharfbuzz0b
+      - openjdk-21-jre-headless
+      - procps
+      - ssh-client
+      - tini
+      - tzdata
+      - wget
+      - unzip
     build-environment:
-      - JENKINS_VERSION: 2.462.2
-      - JENKINS_PLUGIN_MANAGER_VERSION: 2.12.13
+      - JENKINS_VERSION: 2.479.1
+      - JENKINS_PLUGIN_MANAGER_VERSION: 2.13.2
     override-build: |
       mkdir -p ${CRAFT_PART_INSTALL}/{srv/jenkins/,etc/default/jenkins/}
       # Use jenkins war rather than apt install for easier Jenkins version control.

src-docs/jenkins.py.md

@@ -8,6 +8,7 @@ Functions to operate Jenkins.
 **Global Variables**
 ---------------
 - **WEB_PORT**
+- **JENKINS_PLUGIN_MANAGER_VERSION**
 - **LOGIN_PATH**
 - **JUJU_API_TOKEN**
 - **REQUIRED_PLUGINS**
@@ -30,7 +31,7 @@ Functions to operate Jenkins.
 
 ---
 
-<a href="../src/jenkins.py#L117"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/jenkins.py#L118"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ## <kbd>function</kbd> `get_admin_credentials`
 
@@ -54,7 +55,7 @@ Retrieve admin credentials.
 
 ---
 
-<a href="../src/jenkins.py#L691"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/jenkins.py#L692"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ## <kbd>function</kbd> `is_storage_ready`
 
@@ -84,7 +85,7 @@ Return whether the Jenkins home directory is mounted and owned by jenkins.
 
 ---
 
-<a href="../src/jenkins.py#L745"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/jenkins.py#L746"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ## <kbd>function</kbd> `install_default_config`
 
@@ -103,7 +104,7 @@ Install default jenkins-config.xml.
 
 ---
 
-<a href="../src/jenkins.py#L754"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/jenkins.py#L755"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ## <kbd>function</kbd> `install_auth_proxy_config`
 
@@ -122,7 +123,7 @@ Install jenkins-config.xml for auth_proxy.
 
 ---
 
-<a href="../src/jenkins.py#L763"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/jenkins.py#L764"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ## <kbd>function</kbd> `install_logging_config`
 
@@ -141,7 +142,7 @@ Install logging config.
 
 ---
 
-<a href="../src/jenkins.py#L867"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/jenkins.py#L868"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ## <kbd>function</kbd> `get_agent_name`
 
@@ -202,7 +203,7 @@ Wrapper for Jenkins functionality.
 
 Attrs:  environment: the Jenkins environment configuration.  web_url: the Jenkins web URL.  login_url: the Jenkins login URL.  version: the Jenkins version. 
 
-<a href="../src/jenkins.py#L163"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/jenkins.py#L164"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `__init__`
 
@@ -256,7 +257,7 @@ Returns: the web URL.
 
 ---
 
-<a href="../src/jenkins.py#L436"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/jenkins.py#L437"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `add_agent_node`
 
@@ -281,7 +282,7 @@ Add a Jenkins agent node.
 
 ---
 
-<a href="../src/jenkins.py#L353"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/jenkins.py#L354"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `bootstrap`
 
@@ -311,7 +312,7 @@ Initialize and install Jenkins.
 
 ---
 
-<a href="../src/jenkins.py#L378"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/jenkins.py#L379"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `get_node_secret`
 
@@ -341,7 +342,7 @@ Get node secret from jenkins.
 
 ---
 
-<a href="../src/jenkins.py#L456"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/jenkins.py#L457"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `remove_agent_node`
 
@@ -366,7 +367,7 @@ Remove a Jenkins agent node.
 
 ---
 
-<a href="../src/jenkins.py#L586"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/jenkins.py#L587"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `remove_unlisted_plugins`
 
@@ -396,7 +397,7 @@ Remove plugins that are not in the list of desired plugins.
 
 ---
 
-<a href="../src/jenkins.py#L558"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/jenkins.py#L559"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `rotate_credentials`
 
@@ -425,7 +426,7 @@ Invalidate all Jenkins sessions and create new password for admin account.
 
 ---
 
-<a href="../src/jenkins.py#L504"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/jenkins.py#L505"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `safe_restart`
 
@@ -449,7 +450,7 @@ Safely restart Jenkins server after all jobs are done executing.
 
 ---
 
-<a href="../src/jenkins.py#L204"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/jenkins.py#L205"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `update_prefix`
 
@@ -467,7 +468,7 @@ Update jenkins prefix.
 
 ---
 
-<a href="../src/jenkins.py#L223"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/jenkins.py#L224"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `wait_ready`
 
@@ -529,7 +530,7 @@ Represents an error probing for Jenkins storage mount.
 
  - <b>`msg`</b>:  Explanation of the error. 
 
-<a href="../src/jenkins.py#L682"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/jenkins.py#L683"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `__init__`
 

src/jenkins.py

@@ -31,6 +31,7 @@
 logger = logging.getLogger(__name__)
 
 WEB_PORT = 8080
+JENKINS_PLUGIN_MANAGER_VERSION = "2.13.2"
 LOGIN_PATH = "/login?from=%2F"
 EXECUTABLES_PATH = Path("/srv/jenkins/")
 JENKINS_HOME_PATH = Path("/var/lib/jenkins")
@@ -841,7 +842,7 @@ def _install_plugins(
         "java",
         *proxy_args,
         "-jar",
-        "jenkins-plugin-manager-2.12.13.jar",
+        f"jenkins-plugin-manager-{JENKINS_PLUGIN_MANAGER_VERSION}.jar",
         "-w",
         "jenkins.war",
         "-d",