Provide a github action that will take care of updating plugins

[brokenpip3]

There are tools for that, see for example how we're doing it in jenkins-infra/docker-jenkins-lts and jenkins-infra/docker-jenkins-weekly, ex https://github.com/jenkins-infra/docker-jenkins-lts/blob/main/.github/workflows/update.yaml

Originally posted by @lemeurherve in #797 (comment)

The actions should:

• read the jenkins values inside the repo (supporting plain chart values or flux/argo derivation)
• Check if there is any updates for those plugins against the jenkins version specified in the repo
• If any update replace it in the values and create a PR

Will lives here in the repo and will be called like this:

       - name: Update Plugins
         uses: jenkinsci/kubernetes-operator@master
         with:
              value_type: plain
              values_path: prod/jenkins/values

[PrathamAditya]

@brokenpip3 hey are you working on this or i can go for this? please let me know

[brokenpip3]

Hi @PrathamAditya not a the moment, if you want to take a stab go ahead!
Let me know if the FR is clear or you need more explanations :)

[markjacksonfishing]

To create a GitHub action that updates plugins, you could try to create a new file called update-plugins.yml inside the .github/workflows directory.
I tested this code to the update-plugins.yml file:

name: Update Plugins
on:
  push:
    branches:
      - master
jobs:
  update-plugins:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Install dependencies
        run: |
          curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash -
          sudo apt-get install -y nodejs
          npm install -g @helm/chartsync

      - name: Update Plugins
        run: |
          chartsync update-values \
            --values-file ${{ github.workspace }}/${{ matrix.values_path }} \
            --set-values 'jenkins.master.plugins={{ matrix.updated_plugins }}' \
            --set-version 'jenkins={{ matrix.jenkins_version }}' \
            --chart-repo 'https://charts.jenkins.io' \
            --dry-run=false \
            --git-push=true \
            --git-commit-message='chore: update jenkins plugins' \
            --git-remote-origin='origin' \
            --helm-push=true \
            --helm-repo-name='jenkins' \
            --helm-repo-url='https://charts.jenkins.io'
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          CHARTSYNC_GIT_USERNAME: ${{ secrets.CHARTSYNC_GIT_USERNAME }}
          CHARTSYNC_GIT_EMAIL: ${{ secrets.CHARTSYNC_GIT_EMAIL }}
          HELM_REGISTRY_USERNAME: ${{ secrets.HELM_REGISTRY_USERNAME }}
          HELM_REGISTRY_PASSWORD: ${{ secrets.HELM_REGISTRY_PASSWORD }}
        strategy:
          matrix:
            values_path:
              - prod/jenkins/values
              - dev/jenkins/values
            updated_plugins: ${{ steps.check-updates.outputs.updated_plugins }}
            jenkins_version: ${{ steps.check-updates.outputs.jenkins_version }}

      - name: Check plugin updates
        id: check-updates
        uses: jenkinsci/plugin-compat-tester-action@v1
        with:
          chart-dir: jenkins
          chart-version: ${{ github.event.client_payload.chart_version }}

This code builds a GitHub action with a job called update-plugins that is triggered on a push event to the master branch.

The job has three steps:

1. Checkout code: This step checks out the code from your repository.
2. Install dependencies: This step installs the required dependencies, including @helm/chartsync.
3. Check plugin updates: This step checks for plugin updates using the jenkinsci/plugin-compat-tester-action GitHub action. It outputs two variables, updated_plugins and jenkins_version.
   The update-plugins job uses the chartsync update-values command to update the Jenkins values file with any new plugin versions. It sets the jenkins.master.plugins value to the updated_plugins variable and the jenkins version to the jenkins_version variable. It also specifies the values_path, chart_repo, git_push, git_commit_message, git_remote_origin, helm_push, helm_repo_name, and helm_repo_url options for the chartsync update-values command.

The update-plugins job uses a matrix to run the chartsync update-values command for two different values_path values, prod/jenkins/values and dev/jenkins/values.
The update-plugins job also sets the GITHUB_TOKEN, CHARTSYNC_GIT_USERNAME, CHARTSYNC_GIT_EMAIL, HELM_REGISTRY_USERNAME, and HELM_REGISTRY_PASSWORD environment variables.

To use this action, you can add the following code to your workflow file:

- name: Update Plugins
  uses: <username>/<repo>@<branch>
  with:
    value_type: plain
    values_path: prod/jenkins/values

Replace the name of your repository, and the branch you want to use, respectively. The value_type option specifies the type of values file, either plain or flux/argo.

With the above code, the GitHub action will run when you push to the master branch and update the plugins in the prod/jenkins/values file if there are any new plugin versions available. The GitHub action will create a pull request with the updated values file if it successfully updates the values.

I hope that helps! Let me know if you have any other questions or concerns.

[sonali-rajput]

Can I work on this?

[brokenpip3]

@markyjackson-taulia the plan looks good but

• there is no helm/chartsync npm package: https://www.npmjs.com/search?q=helm%2Fchartsync
• the update plugin actions should be run before the chart updates
• that update plugin action does not exist, there is only a jenkins plugin: https://github.com/jenkinsci/plugin-compat-tester
• the update part can just leverage of spawning a container with the jenkins lts version in the chart and use jenkins-plugin-cli to check the latest version of the plugins
• in our helm chart we have basePlugins: and plugins so the updater needs to update both
• we do not need this part (if chartsync exist):

            --helm-push=true \
            --helm-repo-name='jenkins' \
            --helm-repo-url='https://charts.jenkins.io

@sonali-rajput I don't know if the others that commented in the issue are already working actively on this, @markyjackson-taulia @PrathamAditya are you working on this issue perhaps? or @sonali-rajput can start to work on it?
Thanks

[markjacksonfishing]

I am not working on this. I was giving more of a generalist take on this in my comments and yes, none of this exists, it was more a talking point and, again, a generalist-type suggestion based on my previous experience. Was just trying to help.