Buildkite Changelog

You can now retry failed builds directly from the build view.

If any jobs fail while a build is running, you will now see a Retry failed jobs button in the build header. This allows you to retry all failed jobs at once rather than selecting Retry on individual jobs.

After a build finishes, the Retry failed jobs button now displays directly in the build header rather than under the Rebuild menu.

You can now search for tests by name, scope, and location from the Tests page.

You can now search for flaky tests by test name, scope, and location using the Test Analytics UI or API.

To learn more, check out the API documentation.

Users on our Pro and Enterprise plans can assign flaky tests to teams in their organization. Use flaky test assignment to signal to other teams that a flaky test is being worked on.

To learn more, check out the documentation.

Buildkite Teams can be accessed programmatically through the REST API, improving parity with our existing GraphQL API.

Explore further details and learn how to integrate with our API documentation.

You can now use Test Analytics to manage your Cypress test suites. With the JavaScript test collector configured, Cypress test results are automatically sent to Test Analytics to give you insights into your test suite.

Check out the docs to learn more about configuring Test Analytics with Cypress.

You can now go directly from jobs to agent details. When viewing a build, you'll see each job with its agent's name and a link to the agent details:

If you're using clusters, you'll see a link to the queue for the job while waiting for an agent to be assigned:

Once the job is assigned to an agent, you'll see the agent details alongside the queue:

Clusters will be enabled for all organizations on 26 February, 2024.

Clusters is a Buildkite feature used to manage and organize agents and queues, which:

• allows teams to self-manage their Buildkite agent pools,
• allows admins to create isolated sets of agents and pipelines within within a single Buildkite organization,
• helps make agents and queues more discoverable across your organization, and
• provides easily accessible queue metrics.

After the release all existing agents can be accessed through Unclustered grouping on the agents page.

Learn more about clusters

Access tokens for agents will now be limited to the lifetime of the job. There is now a unique BUILDKITE_AGENT_ACCESS_TOKEN for each job that is run, which will stop working once the job finishes. This reduces the period of impact to the lifetime of the job if a BUILDKITE_AGENT_ACCESS_TOKEN is leaked from the agent’s environment.

Ensure you are running Buildkite Agent version v3.39.0 or later to take advantage of these tokens and v3.62.0 for all the latest improvements.

For more details, see the documentation.

Today we’re shipping 30+ new features to Buildkite 🚀

Some of the features I’m most excited about are:

• 🗂 Pipeline Templates let you have a shared set of step definitions you can use across your pipelines, and better yet, you can lock down all your pipelines in the organization to only those templates. Great for security and control at scale.
• 📈 We’ve added metrics to your cluster queues. You’ll now be able to see how many agents are connected, how many jobs are running, and what the current scheduled wait time for a job is.
• 🔨 Building upon our local Agent Job API that we shipped in the last release, Agent hooks can be written in any language, not just Bash. This allows us to work towards a future where you can write your hooks once and run them anywhere.

Check out the rest of the release here: https://buildkite.com/releases/2023-06

I'd love to hear your feedback on the release, send me an email any time: keith@buildkite.com

Security is job zero, it’s important for organizations to harden their defenses against lost or leaked credentials. Buildkite’s token expiry policy will automatically revoke tokens that are no longer in use from accessing your organizational information

Set your token expiry policy to either 30, 60, 90, 180, or 365 days. After which if a token has not been used for that period of time it will expire and no longer have access to your organization.

Learn more about revoking tokens automatically

We’ve added a guide in the docs to help you migrate from Jenkins to Buildkite.

The new page:

• Provides a general approach for migration.
• Explains the key differences.
• Highlights the most important considerations.

We hope it makes the migration process more straightforward and transparent.

See Migrate from Jenkins to check it out. ✨

We've released a new way to run your Buildkite jobs in Kubernetes natively. The Agent Stack for Kubernetes will allow your Kubernetes cluster to orchestrate your Buildkite Pipeline steps as Kubernetes jobs.

Learn more about the Agent Kubernetes stack

Prompt your users to re-authorize when their origin changes.

With session IP address pinning enabled, authorized sessions can only come from the IP address that created the session. If another IP address attempts to access the organization, the session will be immediately revoked. By pairing IP pinning with SSO session durations, we're taking a proactive approach to combating stolen session cookies.

We're committed to keeping our customers' data secure and are constantly exploring new ways to enhance our security measures.

Learn more about session IP address pinning

Clusters allow you to organize agents into groups. These groups, or clusters, will enable the management of pipelines and queues within that cluster.

Clusters can be turned on by an admin by accessing pipeline settings in the organization settings tab. Note that once clusters is enabled, you will be unable to disable it.

Learn more about clusters

You can now request an OpenID Connect (OIDC) token from the Buildkite Agent 🔑

OIDC tokens are JWTs signed by Buildkite and decode into JSON which includes many attributes like the pipeline slug and the build branch. buildkite-agent oidc request-token will return a token representing the current job that can be exchanged with federated systems to authorize actions like deployments or allow access to context-sensitive information like secrets based on these attributes.

Learn more about OpenID Connect support from the Buildkite Agent

Explore organization change events in your existing AWS monitoring suite.

Enterprise customers can now route Buildkite Audit Log events via the AWS Event Bridge event bus.

Learn more about configuring Buildkite with AWS EventBridge

Restrict API access to IP addresses and CIDR block ranges you trust.

You can now easily create and manage a list of IP addresses and CIDR blocks that are authorized to access your organization via the Buildkite API, improving security and reducing the risk of unauthorized access.

Learn more about configuring IP/CIDR allowlist via the UI, API, or Terraform

Jobs that belong to group steps will now have access to information about their group with three new environment variables:

• BUILDKITE_GROUP_ID
• BUILDKITE_GROUP_KEY
• BUILDKITE_GROUP_LABEL

You could use these variables to upload steps to the same group, or alter the behaviour of jobs based on their group. These environment variables will be absent for jobs that do not belong to group steps.

Learn more about environment variables

Jobs can now be automatically retried based on the signal received by the command process that caused it to exit, in addition to the job's exit code.

This is particularly useful in catching terminated agent hosts, such as you'd see when using EC2 Spot Instances:

  - label: "Tests"
    command: "tests.sh"
    retry:
      automatic:
        # Catch cleanly-terminated instances
        - limit: 2
          signal_reason: "agent_stop"
        # Catch timed-out agents
        - limit: 2
          exit_status: -1
          signal_reason: none

Learn more about the new attributes