From Bamboo to Jenkins, 2016 means continuously integrating

What’s new with Jenkins 2.0? Well, with the 2.0 release, one of the most notable changes is the installation wizard that walks new users through the basic configuration steps. Making it easier for newbies, Jenkins CI will now suggest a bundle of plugins for users to install, including popular and helpful tools like GitHub and Mercurial.

Speaking about the new 2.0 release, Jenkins community leader R. Tyler Croy saysthe batch of plugins that’s recommended by the wizard meets the needs of about 80% of use cases. Of course, Jenkins has made this plugin bundle optional to preserve the flexibility that the CI community likes. Developers can still choose to decline the suggested package and venture out on their own, choosing whatever plugins they prefer.

Croy revealed that one of the most noticeable updates to Jenkins 2.0 is the out of the box experience for new users. The austere screen that greeted users upon initial installation is a thing of the past. “It’s a fairly big departure from what we’ve had before. When Jenkins started out, there wasn’t a whole lot of stuff in the software industry that there is today. Now there are more than 1000 plugins. It’s always been easy to get started. If you have the Java Runtime, you can run a Jenkins instance. But people would download it and run it locally and get presented with a fairly blank screen. For users who don’t know much—or don’t know what they don’t know—this was a pretty empty experience. They had to go looking for plugins and patterns to get started.”

With version 2.0, users will be greeted by a wizard that walks them through a few simple steps. For example, Jenkins will now suggest a bundle of plugins for users to install, including popular and helpful tools like GitHub and Mercurial. According to Tyler, the batch of plugins that’s recommended by the wizard meets the needs of about 80% of use cases. Of course, Jenkins has made this plugin bundle optional to preserve the flexibility that the CI community likes. Developers can still choose to decline the suggested package and venture out on their own, choosing whatever plugins they prefer.

Atlassian adds scale and connectivity

While Jenkins addressed the new user experience, Atlassian brought attention to the other end of the CI evolution—when organizations start to outgrow their platform. The Bamboo team has added a new agent or slave tier for enterprises that need to scale CI or CD past the 100 mark all the way up to 250 agents. Sepideh Setayeshfar, Product Marketing Manager at Bamboo, said this upgrade was made in response to the challenges organizations face when their code base starts to grow. “Development teams need to be able to keep up with productivity and speed without losing quality. They need more agents to run the deployments by scaling up within the tool that they are using.”

Allison Huselid, Head of the Bamboo project, pointed to another improvement in the recent release. “Because we integrate heavily with other tools like our bucket server and JIRA software, we’ve created an improved integration UI that offers more insights into what it looks like when various tools are connected together. It helps users trouble shoot any issues that are happening from a connectivity perspective.”

Deployment is another area of refinement for Bamboo. According to Allison, “We’ve introduced a REST API that can be called from external systems like Chef and Puppet so you can create much more sophisticated triggers to point at projects from there. You get more refinement in how you orchestrate your deployment process.”

Both continuous integration systems are now more secure

Croy was excited to report that Jenkins is now enabling stronger security out of the box at the insistence of the community’s new security officer. “The 2.0 version is set up to require authentication as the default configuration.” This is a smart measure for today’s cloud-based development and deployment environments. “If you don’t set up authentication, running Jenkins on a public cloud can be dangerous. It has a specific look as far as an API profile that makes it easy for hackers to identify when scanning an EC2 or Azure subnet.” This type of security hole puts organizations at risk for cross-site scripting attacks and other threats.

Why has it taken so long to implement this change? Tyler pointed out that the organization has been trying to keep older users happy as long as possible. “We had a fervent desire to keep backward compatibility with previous versions. That’s why new security features defaulted to ‘off’. Upgraded users will still not have these features switched on automatically, but the Jenkins community is strongly encouraging existing users to accept the security features. Other than that, Croy said making the switch to 2.0 should be smooth sailing. “It’s like a normal upgrade. There’s no data migration that has to happen. You don’t have to worry about settings being changed or updating configurations. We didn’t rip things out that people are depending on.”

Allison pointed out that Atlassian’s CI has always required authentication out of the box. However, the Bamboo team is also taking control to a more refined level with additional administrative permissions. “We know that things can go crazy with big teams, so now you can lock down who can have access to add more repositories or projects. That way the configuration doesn’t get out of hand but assigned permissions also prevent requests from become bottlenecks.”

In the coming year, we can expect both popular Continuous Integration platforms to continue adding new features that allow the enterprise to scale, streamline, and secure their CI processes.