+0 Olivier has good feedback in favor of Jenkins but personally I am more worried about security risks with GitHub actions. Many exploits started from here because it’s not easy to secure. I don’t say it’s easier on Jenkins side but I feel it’s easier for attackers to target GHA which is more popular. In addition of it, they got their code recently stolen thus not sure if it won’t be used to find new vulnerabilities. Sometimes not using something mainstream has some advantages … even if they are small.
On Mon, Jun 1, 2026 at 21:30 Slawomir Jaranowski <[email protected]> wrote: > Hi, > > I see that many of our jobs at Jenkins [1] are unstable ... > Looks like software on jenkins agents are not updated without a > separate issue for the infra team. > Examples jenkins use > - Maven 3.9.11 - there is 3.9.16, > - JDK 11 in version 11.0.24 - there is 11.0.31 > and so on ... > > We use Jenkins to deploy a snapshot version of projects and publish > content for the main site. > > Jenkins can not be used for verification of PR from fork repo. > Jenkins build status requires authorization. > > We have more of our builds on GitHub with PR verification. > We have some automation jobs implemented on GitHub actions [2] > It looks like ATR [3] is also based on GitHub actions. > > So I would like to start discussion about switching all CI jobs to > GitHub Actions. > > It will be easier to maintain one environment. > > Next step we can ask infra for dedicated GitHub runners instead of > Jenkins runners to increase stability. > > [1] https://ci-maven.apache.org/job/Maven/job/maven-box/ > [2] https://github.com/apache/maven-gh-actions-shared > [3] https://release-test.apache.org/ > > -- > Sławomir Jaranowski > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
