Changelog

Group steps with the `group` config option

We've added a new group pipeline step type so you can group steps together, set dependencies between them, reduce YAML repetition, and clean up your build pages πŸ—βœ¨

You can read more about it in the blog post, documentation, or on Twitter.

Libby

GraphQL API Allowed IP Addresses

API Access Tokens can be restricted to allow access only from specific Allowed IP Addresses. Those restrictions have been honoured by the REST API, but not by the GraphQL API β€” until now. We've made sure these restrictions are also applied to GraphQL requests.

API Access Token edit page showing GraphQL API and Allowed IP Address configuration options

Check out the API Access Token documentation and configure your tokens on the API Access Tokens page.

Samuel

Buildkite and Log4j CVE-2021-44228

Last week a serious vulnerability, CVE-2021-44228, was disclosed in the Java-based logging package Log4j. We’ve ensured that Buildkite internal systems, and our open source projects, are not vulnerable to this exploit.

We've performed an audit on our internal software and infrastructure, and we have no instances of Log4j in use directly or via dependencies, and therefore are not vulnerable to this exploit. Additionally we've reviewed our open source projects (including the Buildkite Agent and the Elastic CI Stack for AWS) and have verified they also don't have any use of Log4j and are not vulnerable to CVE-2021-44228.

We use a number of services from AWS and other cloud vendors, and are actively monitoring them to validate that they are not vulnerable and take any necessary mitigation.

If you haven't already, we also recommend updating any use of Log4j within your own build tooling.

If you have any further questions please contact support@buildkite.com.

Fred

AWS Elastic Stack v5.7.2 release

The 5.7.2 version of the AWS elastic stack is now available. πŸš€

This release includes:

  • Upgrade Docker for Linux (20.10.9) and Windows (20.10.7)
  • Upgrade docker-compose for Linux (1.29.2) and Windows (1.29.2)

It also fixes:

  • BuildkiteAgentTokenParameterStorePath support for AWS Secrets Manager SSM references

For full list of additions, changes, and fixes, see the elastic-ci-stack-for-aws changelog on GitHub.

Libby

Datadog CI Visibility Integration

For teams using Datadog, we've recently made it easier to send information about your Buildkite pipelines to Datadog’s Continuous Integration Visibility. This is a simple integration that any organization using both Datadog and Buildkite can enable to get insights into their pipeline’s performance over time. πŸ“ˆ

For more details on the integration check out the documentation πŸ“š

Libby

Elastic CI Stack for EC2 Mac

For teams that run Buildkite Pipelines and build Xcode based software projects for macOS, iOS, iPadOS, tvOS, and watchOS apps, you can now run your Buildkite Builds on AWS EC2 Mac instances using a CloudFormation template. πŸŽ‰

This experimental template creates an Auto Scaling group, launch template, and host resource group to launch a pool of EC2 Mac instances that run the Buildkite Agent.

πŸ“£ Big shoutout to Buildkite customer Oliver Koo for his early input into this feature πŸ™

πŸ“š For details on how to prepare and deploy this template to your AWS Account, checkout the Auto Scaling EC2 Mac documentation, or jump straight into Elastic CI Stack for EC2 Mac.

Libby

Test Analytics private beta

Identify, track, and fix problematic tests with ✨Test Analytics✨, now in private beta.

test-analytics_cover.png

πŸ” Identify flaky tests: See which tests are most disruptive with automatic flaky test identification and analysis over time.

πŸ‘€ Monitor speed & reliability: Get alerts when slow tests are introduced.

πŸ“ˆ Deeply analyze performance: First-class framework integrations provide in-depth performance analysis, helping you find external dependency bottlenecks and more.

🏎 View real-time results: Watch your test suite run in real-time and get immediate performance insights.

Learn more and join our waitlist at https://buildkite.com/test-analytics.

Michelle

BUILDBOX_* environment variables removed from Buildkite

In November 2018, we posted a changelog deprecating BUILDBOX_* environment variables from generating for new jobs.

From today, we no longer send BUILDBOX_* environment variables.

You can see our environment variable documentation for a complete list of current job environment variables.

Eleanor

Agent v3.33.3 and AWS Elastic Stack v5.7.0 release

The 3.33.3 version of the buildkite-agent and the 5.7.0 version of the AWS elastic stack are now available. πŸš€

The 3.33.3 Agent release has added:

  • Support for unset environment variables in Job Lifecycle Hooks

The 5.7.0 Elastic Stack release has added:

  • Support for storing builds, git-mirrors, and Docker data on NVMe Instance Storage
  • Retried login for ECR and generic Docker registries
  • Experimental CloudFormation service role, listing the IAM Actions required to create, update, and delete the template
  • A README feature matrix for Linux and Windows
  • qemu and binfmt hooks for cross-architecture Docker image builds
  • Support for AWS SSM sessions

For full list of additions, changes, and fixes, see the buildkite-agent changelog and the elastic-ci-stack-for-aws changelog on GitHub.

Libby

Job Priority Attribute for Pipeline Steps

For teams running a lot of jobs who want more control over what order their jobs run in, we've introduced the Job Priority attribute to specify its priority within its queue. πŸ™‹πŸ»β€β™€οΈ

It's a new attribute defined on a step in the pipeline configuration that changes how the dispatcher assigns work to agents. The higher the value you set for priority, the sooner a job will be prioritised. πŸ”

Our recently released Eager Concurrency feature can also be used in conjunction with Job Priority.

Libby

SCIM deprovisioning support for Okta and Azure AD

Enterprise teams using Okta or Azure AD for SSO with their Buildkite organization can now optionally enable SCIM to automatically deprovision users ⚑️

image.png

Okta and Azure AD SSO with SAML is still available to all users.

A step-by-step guide to enabling SCIM support is available in our Single Sign-On with Okta and Azure AD documentation πŸ“š

Harriet

Eager Concurrency

Traditionally, concurrency groups enforce strict ordering of the jobs within them. Concurrent jobs will be limited to the number set for the group, and will only start executing in the order they were created. πŸ“

However, sometimes you only need the limit, and it's fine for eligible jobs to run in whatever order their dependencies allow. πŸƒπŸ»β€β™€οΈ

Which is why we've added a concurrency_method step attribute you can set to 'eager'. This will allow any job, up to the concurrency limit, to start as soon as it's eligible, regardless of creation order. πŸ”€

As an example:

1
2
3
4
5
steps:
  - command: echo "Using a limited resource, only 10 at a time, but we don't care about order"
    concurrency_group: saucelabs
    concurrency: 10
    concurrency_method: eager

For more information, check out our guide to Controlling Concurrency.

Libby

Agent v3.32.3 and AWS Elastic Stack v5.6.0 release

The 3.32.3 version of the buildkite-agent and the 5.6.0 version of the AWS elastic stack are now available.

The 3.32.3 Agent release has added:

  • Support for cross-region artifact buckets
  • Improved error logging around AWS Credentials
  • Logging to the artifact upload command to say where artifacts are being sent

The 5.6.0 Elastic Stack release has added:

  • Cross-region secrets bucket support to git-credentials-s3-secrets
  • AssumeRole support in the ECR Login plug-in

For full list of additions, changes, and fixes, see the buildkite-agent changelog and the elastic-ci-stack-for-aws changelog on GitHub.

Libby

New Build Artifact Retention Limits

From 1 October 2021, build artifacts hosted by Buildkite will be retained for six months from time of upload, after which they will be deleted. Artifacts uploaded before 1 April 2021 will also be deleted at this time.

Previously, build artifacts were retained indefinitely, which means we're currently storing over 7PB of data πŸ€―πŸ“ˆ

Custom-hosted build artifacts are not affected by this change, and remain available to any customer who wants more control over their retention.

As always, you can reach out to us with any questions about this change.

Paul

Elastic CI Stack for AWS v5.5.0 released ☁️

We've released v5.5.0 of the Elastic Stack CI for AWS ☁️

Included in this release:

  • Template validation rules for the Buildkite Agent token
  • Secret redaction in build logs
  • Support for the pre-bootstrap Buildkite Agent lifecycle hook

You can read the full release notes on the v5.5.0 release on GitHub.

Fred

Agent v3.32.0 released πŸ¦ΎπŸ€–

We've released v3.32.0 of the Buildkite Agent πŸ¦ΎπŸ€–

The release adds a new pre-bootstrap lifecycle hook which can accept or reject jobs before environment variables are loaded, providing an additional layer of security and control over your Buildkite agents. See the documentation on lifecycle hooks for details on how to use it.

You can read the full release notes on the v3.32.0 release on GitHub. To upgrade, follow the instructions in the Agent docs.

Fred

One-shot agents with the acquire-job flag

For teams running their own compute scheduler or those needing single-use agents, we've added the --acquire-job flag to the Buildkite Agent 🧰

With this flag, agents are mapped 1:1 with jobs. This makes them perfect for folks using a system like Kubernetes, Nomad, or ECS, or anyone who wants a clean-room environment.

acquire-job.gif

To get started, pass the --acquire-job flag with the job ID to the buildkite agent start command. When you start an agent with this flag it will run the job then exit rather than polling for more work.

You can use acquire-job with agents v3.17.0 and above, anywhere that the agent can run πŸƒπŸ»βœ¨

For details on how to use the flag, see the agent cli documentation on Running a single job.

Harriet

HMAC signed webhooks

For teams wanting to add an extra layer of security to their webhooks, we have just added the option to include HMAC signatures with your Webhook Notification services πŸ”

You'll find the HMAC signature option under the Token section when editing or creating Webhook Notifications.

image.png

For more information on verifying webhook signatures and defending against replay attacks, see our Webhook API documentation.

Harriet

Buildkite CLI v1.2.0

We've released v1.2.0 of the Buildkite CLI πŸ“ŽπŸ’ͺ🏼πŸͺŸ

Included in this release:

  • The bk build create command now has a --meta-data argument, for setting Build Meta-Data when creating a build
  • Running local builds (via bk local run) now works on Windows
  • An improved GitHub authentication flow

You can read full release notes on the v1.2.0 release on GitHub

To upgrade, if you're using Homebrew on a Mac run brew upgrade bk, otherwise download the latest release for your platform from the GitHub release page.

Libby

Conditional webhooks

For complete control over when to trigger builds, use conditional expressions to filter incoming webhooks πŸ“₯

image.png

Build filtering with conditionals is available with any repository provider. You can add a conditional on your Pipeline Settings page or via the REST API πŸ”€

For more information on supported conditionals, check out our guide to Using Conditionals.

Harriet

Start turning complexity into an advantage

Create an account to get started with a 30-day free trial. No credit card required.

Buildkite Pipelines

Platform

  1. Pipelines
  2. Pipeline templates
  3. Public pipelines
  4. Test Engine
  5. Package Registries
  6. Mobile Delivery Cloud
  7. Pricing

Hosting options

  1. Self-hosted agents
  2. Mac hosted agents
  3. Linux hosted agents

Resources

  1. Docs
  2. Blog
  3. Changelog
  4. Webinars
  5. Plugins
  6. Case studies
  7. Events

Company

  1. About
  2. Careers
  3. Press
  4. Brand assets
  5. Contact

Solutions

  1. Replace Jenkins
  2. Workflows for AI/ML
  3. Testing at scale
  4. Monorepo mojo

Support

  1. System status
  2. Forum