From 77a08241b4edbb07d4337cea0e0bcfa5bccba247 Mon Sep 17 00:00:00 2001
From: Srita <165175362+sritamoon@users.noreply.github.com>
Date: Thu, 11 Apr 2024 11:48:55 +0200
Subject: [PATCH] Update Jenkins and plugins to version v2.426.3, update agent
 and packages (#1270)

---
 CHANGELOG.md                             |  2 +-
 configuration-sample/ods-core.env.sample | 37 ++++++++++--------------
 jenkins/agent-base/Dockerfile.ubi8       | 15 +++++-----
 jenkins/master/Dockerfile.ubi8           |  2 +-
 jenkins/master/plugins.ubi8.txt          | 28 +++++++++---------
 5 files changed, 38 insertions(+), 46 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 97114417e..bc39e5ad6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,7 +6,7 @@
 - Nexus Maintenance (update version to latest, helm migration) ([#1242](https://github.com/opendevstack/ods-core/issues/1242))
 - Update api version in ocp templates for image, buildconfig, route and deploymentconfig ([#1072](https://github.com/opendevstack/ods-jenkins-shared-library/issues/1072))
 - SonarQube Maintenance (LTS update, DB update, SAML setup) ([#1211](https://github.com/opendevstack/ods-core/issues/1211))
-
+- Update Jenkins and plugins to version v2.426.3, update agent and packages. Switch base image from "registry.redhat.io/openshift4/ose" to "registry.redhat.io/ocp-tools-4" [#1270](https://github.com/opendevstack/ods-core/pull/1270)
 
 ## [4.3.1] - 2024-02-19
 
diff --git a/configuration-sample/ods-core.env.sample b/configuration-sample/ods-core.env.sample
index 46c455113..e75a7ba51 100644
--- a/configuration-sample/ods-core.env.sample
+++ b/configuration-sample/ods-core.env.sample
@@ -185,15 +185,12 @@ CONFLUENCE_URL=http://192.168.56.31:8090
 
 # Base image for Jenkins master.
 # For UBI8-based images (OpenShift 4):
-# - RHEL variant: https://catalog.redhat.com/software/containers/openshift4/ose-jenkins/5cdd918ad70cc57c44b2d279
-# -      Example: registry.redhat.io/openshift4/ose-jenkins:v4.6
-# -      Last tested: registry.redhat.io/openshift4/ose-jenkins:v4.10.0-202305170515.p0.g2988625.assembly.stream
+# - RHEL variant: https://catalog.redhat.com/software/containers/ocp-tools-4/jenkins-rhel8/5fe1f38288e9c2f788526306
+# -      Example: registry.redhat.io/ocp-tools-4/jenkins-rhel8:v4.14.0
+# -      Last tested: registry.redhat.io/ocp-tools-4/jenkins-rhel8:v4.14.0-1706517686
 # - Community variant: https://quay.io/repository/openshift/origin-jenkins?tab=tags
 # -           Example: quay.io/openshift/origin-jenkins:4.6
-# For RHEL7-based images (OpenShift 3.11):
-# - Available tags listed at: https://catalog.redhat.com/software/containers/openshift3/jenkins-2-rhel7/581d2f4500e5d05639b6517b
-# - Example: registry.access.redhat.com/openshift3/jenkins-2-rhel7:v3.11
-JENKINS_MASTER_BASE_FROM_IMAGE=registry.redhat.io/openshift4/ose-jenkins:v4.10.0-202305170515.p0.g2988625.assembly.stream
+JENKINS_MASTER_BASE_FROM_IMAGE=registry.redhat.io/ocp-tools-4/jenkins-rhel8:v4.14.0-1706517686
 
 # Dockerfile to use for Jenkins master.
 # Use "Dockerfile.ubi8" for both OpenShift 3.11 and 4  (UBI8 base image)
@@ -201,16 +198,12 @@ JENKINS_MASTER_DOCKERFILE_PATH=Dockerfile.ubi8
 
 # Base image for Jenkins agent base.
 # For UBI8-based images (OpenShift 4):
-# - RHEL variant: https://catalog.redhat.com/software/containers/openshift4/ose-jenkins-agent-base/5cdd8e2fbed8bd5717d66e77
-# -      Example: registry.redhat.io/openshift4/ose-jenkins-agent-base:v4.6
-# -      Last tested: registry.redhat.io/openshift4/ose-jenkins:v4.10.0-202305170515.p0.g2988625.assembly.stream
+# - RHEL variant: https://catalog.redhat.com/software/containers/ocp-tools-4/jenkins-agent-base-rhel8/6241e3457847116cf8577aea
+# -      Example: registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8:v4.14.0
+# -      Last tested: registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8:v4.14.0-1706516367
 # - Community variant: https://quay.io/repository/openshift/origin-jenkins-agent-base?tab=tags
 # -           Example: quay.io/openshift/origin-jenkins-agent-base:4.6
-# For RHEL7-based images (OpenShift 3.11):
-# - Available tags listed at: https://catalog.redhat.com/software/containers/openshift3/jenkins-slave-base-rhel7/581d2f3f00e5d05639b6515b.
-# - Example: registry.access.redhat.com/openshift3/jenkins-slave-base-rhel7:v3.11
-# - Latest tested tag: v3.11.248 (v3.11 is a moving target)
-JENKINS_AGENT_BASE_FROM_IMAGE=registry.redhat.io/openshift4/ose-jenkins-agent-base:v4.10.0-202305170515.p0.g2988625.assembly.stream
+JENKINS_AGENT_BASE_FROM_IMAGE=registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8:v4.14.0-1706516367
 
 # Dockerfile to use for Jenkins agents.
 # Use "Dockerfile.ubi8" for both OpenShift 3.11 and 4  (UBI8 base image)
@@ -219,25 +212,25 @@ JENKINS_AGENT_DOCKERFILE_PATH=Dockerfile.ubi8
 # Snyk CLI binary distribution url
 # Leave empty to avoid installing Snyk.
 # Releases are published at https://github.com/snyk/snyk/releases.
-# Latest tested version is v1.1097.0.
-JENKINS_AGENT_BASE_SNYK_DISTRIBUTION_URL=https://github.com/snyk/snyk/releases/download/v1.1097.0/snyk-linux
+# Latest tested version is v1.1284.0.
+JENKINS_AGENT_BASE_SNYK_DISTRIBUTION_URL=https://github.com/snyk/snyk/releases/download/v1.1284.0/snyk-linux
 
 # AquaSec CLI binary distribution url
 # Leave empty to avoid installing AquaSec.
 # Releases are published at https://download.aquasec.com/scanner
 # Check Aqua versions backward compatibility at https://docs.aquasec.com/docs/version-compatibility-of-components#section-backward-compatibility-across-two-major-versions
 # To Download the aquaSec scanner cli and check their documentaion requires a valid account on aquasec.com
-# Latest tested version is 2022.4.460
-# Example: https://<USER>:<PASSWORD>@download.aquasec.com/scanner/2022.4.460/scannercli
+# Latest tested version is 2022.4.517
+# Example: https://<USER>:<PASSWORD>@download.aquasec.com/scanner/2022.4.517/scannercli
 JENKINS_AGENT_BASE_AQUASEC_SCANNERCLI_URL=
 
 # Repository of shared library
 # You may also point to repository underneath REPO_BASE.
 SHARED_LIBRARY_REPOSITORY=https://github.com/opendevstack/ods-jenkins-shared-library.git
 
-####################
-# OpenShift (3.11) #
-####################
+#############
+# OpenShift #
+#############
 
 # Internal docker registry host and port - this is used
 # for pulling the agent images in jenkins.
diff --git a/jenkins/agent-base/Dockerfile.ubi8 b/jenkins/agent-base/Dockerfile.ubi8
index 9744e93e2..ce82a754e 100644
--- a/jenkins/agent-base/Dockerfile.ubi8
+++ b/jenkins/agent-base/Dockerfile.ubi8
@@ -6,12 +6,12 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 ENV SONAR_SCANNER_VERSION=4.8.1.3023 \
     CNES_REPORT_VERSION=4.2.0 \
     TAILOR_VERSION=1.3.4 \
-    SOPS_VERSION=3.7.3 \
-    HELM_VERSION=3.11.3 \
-    HELM_PLUGIN_DIFF_VERSION=3.8.1 \
-    HELM_PLUGIN_SECRETS_VERSION=4.2.2 \
-    GIT_LFS_VERSION=3.3.0 \
-    TRIVY_VERSION=0.42.0 \
+    SOPS_VERSION=3.8.1 \
+    HELM_VERSION=3.14.3 \
+    HELM_PLUGIN_DIFF_VERSION=3.9.5 \
+    HELM_PLUGIN_SECRETS_VERSION=4.6.0 \
+    GIT_LFS_VERSION=3.5.1 \
+    TRIVY_VERSION=0.50.1 \
     JAVA_GC_OPTS="-XX:+UseParallelGC -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90"
 
 ARG APP_DNS
@@ -22,6 +22,7 @@ ARG AQUASEC_SCANNERCLI_URL
 COPY yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo
 
 COPY ensure_java_jre_is_adequate.sh /usr/local/bin/
+
 RUN cd /etc/yum.repos.d && rm -f localdev-* ci-rpm-mirrors.repo \
     && ensure_java_jre_is_adequate.sh \
     && yum -y install make glibc-langpack-en openssl \
@@ -72,7 +73,7 @@ RUN cd /tmp \
 
 # Install Helm.
 RUN cd /tmp \
-    && dnf install -y https://github.com/mozilla/sops/releases/download/v${SOPS_VERSION}/sops-${SOPS_VERSION}-1.x86_64.rpm \
+    && dnf install -y https://github.com/mozilla/sops/releases/download/v${SOPS_VERSION}/sops-${SOPS_VERSION}.x86_64.rpm \
     && mkdir -p /tmp/helm \
     && curl -sSLO https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz \
     && tar -zxvf helm-v${HELM_VERSION}-linux-amd64.tar.gz -C /tmp/helm \
diff --git a/jenkins/master/Dockerfile.ubi8 b/jenkins/master/Dockerfile.ubi8
index c0dc5a460..1e6e95e38 100644
--- a/jenkins/master/Dockerfile.ubi8
+++ b/jenkins/master/Dockerfile.ubi8
@@ -1,6 +1,6 @@
 FROM quay.io/openshift/origin-jenkins
 
-ENV JAVA_HOME /usr/lib/jvm/jre
+ENV JAVA_HOME /usr/lib/jvm/jre-11
 
 # ODS defaults, available to use within pipelines.
 ARG ODS_NAMESPACE
diff --git a/jenkins/master/plugins.ubi8.txt b/jenkins/master/plugins.ubi8.txt
index f5371c143..33385ed79 100644
--- a/jenkins/master/plugins.ubi8.txt
+++ b/jenkins/master/plugins.ubi8.txt
@@ -1,16 +1,14 @@
-commons-lang3-api:3.12.0-36.vd97de6465d5b_
 greenballs:1.15.1
-email-ext:2.97
-sonar:2.15
-audit-trail:333.vb_e1b_b_0f1238c
-ansicolor:1.0.2
-blueocean:1.27.4
-blueocean-display-url:2.4.2
-junit:1202.v79a_986785076
-parameterized-trigger:2.45
-pipeline-rest-api:2.32
-token-macro:359.vb_cde11682e0c
-openshift-sync:1.1.0.790.v2051fca_5ed8d
-kubernetes-credentials:0.10.0
-kubernetes-client-api:6.4.1-215.v2ed17097a_8e9
-kubernetes:3923.v294a_d4250b_91
\ No newline at end of file
+sonar:2.17.2
+blueocean:1.27.9
+email-ext:2.104
+ansicolor:1.0.4
+kubernetes-credentials:0.11
+kubernetes-client-api:6.10.0-240.v57880ce8b_0b_2
+kubernetes:4186.v1d804571d5d4
+junit:1259.v65ffcef24a_88
+audit-trail:361.v82cde86c784e
+credentials:1337.v60b_d7b_c7b_c9f
+workflow-multibranch:773.vc4fe1378f1d5
+git:5.2.1
+openshift-sync:1.1.0.802.v45585f8cdc07
\ No newline at end of file