2020 A Year Like No Other

Some of the key highlights:

This year there were many activities around Jenkins user experience and long-anticipated user interface changes.
This is a coordinated effort being led by the User Experience SIG, and by many contributors to the project.
Key project highlights:

In May we also organized a Jenkins UI/UX hackfest where we worked on some key stories improving user experience.

In 2020 the Jenkins security team has released 19 advisories for the Jenkins core, plugins and other components.
In total 198 vulnerabilities were fixed, and 72 plugin vulnerabilities were announced without a fix at the time of advisory publishing.
As a project, we are receiving a continuous flow of new reports and continue to provide corrections.
Cross-site scripting (XSS) vulnerabilities were the most popular type this year, followed by unprotected credentials.

There have also been developer tooling improvements,
including GitHub CodeQL evaluation for targeted security issues search
and Find-Sec-Bugs adoption for static analysis of the plugin and Jenkins core code.
Along with wider adoption of Dependabot and automated dependency scanning on GitHub.

Jenkins Documentation SIG is working on creating more documentation for Jenkins on different platforms,
including cloud platforms.
Jenkins on Kubernetes was one of the key stories this year for the SIG,
along with documentation migration to jenkins.io and wider adoption of Documentation-as-code in plugins.
95% of the 200 most installed Jenkins plugins have moved to “documentation as code” or have a pending pull request with updates.
In total, almost 600 plugins have already been migrated.
There were major updates in Jenkins documentation on jenkins.io, with a lot of content being moved from the old Jenkins Wiki.

2020 was the first year when Jenkins participated in Google Season of Docs (GSoD).
This program brings together open-source and technical writers communities for the benefit of both.
This year’s student, Zainab Abubakar,
did an amazing job documenting Jenkins on Kubernetes.
Now Jenkins users can find official documentation about deploying and scaling Jenkins in Kubernetes.
See the project report by Zainab here.

The Jenkins project has delivered weekly and long term support releases since it was formed in 2011.
Those releases were delivered by Kohsuke Kawaguchi from his release infrastructure.

Beginning in April 2020, those releases are delivered by the new release automation setup.
It is hosted within the Jenkins’ Kubernetes cluster, with fully automated management and continuous delivery of services within the setup.
We transitioned to new build processes, new code signing certificates, and new release automation jobs.
Thanks to Olivier Vernin and all Infrastructure sub-project contributors for the successful completion of the release automation project!

Moreover, there is ongoing work on continuous delivery of Jenkins plugins (JEP-229) and on re-designing other Jenkins instances within the project (infra-ci, trusted-ci, and ci.jenkins.io for plugins).
In the next few months these stories should provide Jenkins contributors with a modern environment for CI and CD of all Jenkins components.

Since July, we have officially replaced the old “master” terminology with the “controller” term.
It is a follow-up to the “agent” terminology introduced in 2016.
We have also deprecated usages of the “blacklist/whitelist” terminology in all components.
Currently the community is working on the cleanup of the remaining occurrences in the codebase and documentation, and we invite everyone to contribute.

As a part of the terminology cleanup, last spring we announced the renaming of the official Docker images for Jenkins agents.
As a reminder, it does not have any immediate impact on Jenkins users, but they are expected to gradually upgrade their instances.

See more information about terminology updates here and here.

This year the Advocacy and Outreach SIG started the “Jenkins is the Way” initiative which focuses on promoting user success stories.
Over the year, the team published 54 user stories and six case studies on https://jenkinsistheway.io/ as well as a significant amount of community marketing.
We also published a number of testimonial videos advertising user stories,
including this Introduction to “Jenkins is the Way” video.

See all the stories HERE

Jenkins is the first project to graduate in the CD Foundation.
In August the project announced that the Jenkins project has achieved the graduated status in the Continuous Delivery Foundation (CDF).
Thanks to all contributors who made our graduation possible!
Below you can find a few key changes we have applied during the graduation process:

More information can be found HERE, and HERE.

The Jenkins project now has a public, community-driven project roadmap. Roadmap items are major initiatives and are considered as official plans.
The roadmap aggregates key initiatives in all areas of the project.

Many of the 2020 released roadmap items are mentioned elsewhere in this document, including release automation, Core Infrastructure Initiative (CII) certification,
user interface improvements, read-only configuration pages,
and Google Summer of Code projects like the GitHub Checks API or External Fingerprint Storage.

Other roadmap items include mirror infrastructure improvements, a new Windows installer,
and preview releases of pluggable storage for external fingerprints, build logs, and unit test results.

In October-December the Jenkins community held the regular elections.
This year we were electing for 2 governance board members and for all five officer positions, namely: Security, Events, Release, Infrastructure, and Documentation. These roles are an essential part of Jenkins’ community governance and well-being. We thank all candidates and voters who participated this year.

Key results:

Full election results: https://www.jenkins.io/blog/2020/12/03/election-results/