I saw Jenkins is working on using the Github checks API:
I’ve created a Github App and installed it to our Jenkins instance. However, it appears this can only be used with the Multibranch pipelines. Those require a Jenkinsfile inside the repo.
That means we essentially need to rewrite all our jobs. That isn’t the worst, since we still have quite a few jobs that are written in the old flow style. My concerns are with repetition and secrets.
Repetition can be dealt with by creating a shared library.
Secrets are not needed for most jobs. However, it does mean we need to properly scope the current secrets we have so they can’t be used outside of a select group of jobs.
One of the possible benefits is that developers are no longer tied to making changes in foreman-infra, which is a painful workflow. It’s hard make changes that you haven’t tested. A Jenkinsfile allows for a lot more experimentation.
I’d also like to discuss this in our next SIG meeting, but by posting this early I hope everyone can come prepared.