jenkins-bootstrap-shared VS jervis

You can capture plugins and Jenkins versions using the script console to provision a second pristine Jenkins for additional testing like upgrade testing. I go deeper into this with complete immutable Jenkins infrastructure with jenkins-bootstrap-shared.

I recommend capturing your plugin versions. You can do it via maven or gradle. You could use the script console scripts on Jenkins. For testing upgrades you would need other means.

Jenkins as immutable infra

You can do this by script console yourself and use the community docker image. Alternately, you can try out jenkins-bootstrap-shared project I made which pulls Jenkins into a JKD8 container (I plan to upgrade it to OpenJKD11 since Jenkins now supports that).

Here's how I have it scripted. (documentation : https://github.com/samrocketman/jenkins-bootstrap-shared/tree/main/scripts/upgrade )

Clone my jervis project which has some java-based encryption

I have some open licensed code for vault and AppRole client management you can draw inspiration from if you wanted to create your own client for devs or even directly copy (following its license/attribution/etc).

If you wanted to learn more about SBOMs the DependencyTrack website has great videos on the subject by Steve Springett. If you wanted to try DependencyTrack from your laptop I have it integrated in my open source project along with sonarqube. https://github.com/samrocketman/jervis/tree/main/dependencytrack

In my groovy project, VSCode is integrated with the source code within the same repository. A local instance of SonarQube (for code coverage and static analysis), DependencyTrack (security scanning of dependencies), and HashiCorp Vault for my Vault API client for development. It has several tasks for generating documentation, running codenarc, submitting code coverage reports, etc.

README

Hopefully my description is specific enough that others can replicate it easily. Currently, working on building out GitHub App support for cloneable so that you need only grant readonly access to all repositories to be backed up using service credentials. The backend API client I wrote is called Jervis.

My pet project named Jervis. This is an example of VSCode dev containers integrated directly with the project source code. This VSCode dev container is for Groovy/Java development. It also provisions sonarqube for static analysis and code coverage metrics. It provisions DependencyTrack for dependency vulnerability scanning. Can set breakpoints for Java debugging and Groovy Console for REPL.

Are you referring to a CI/CD environment? I built one out based on Jenkins called Jervis where it focuses on ephemeral agents, CI code in repositories, self service onboarding, and isolation. I currently run it in AWS.