/
Migration Analysis Report: Jenkins to GitHub Actions

Migration Analysis Report: Jenkins to GitHub Actions

Overview

The migration replaces legacy Jenkins Job Builder (JJB) templates with GitHub Actions (GHA). This transition improves reliability and developer feedback loops, and leverages the Linux Foundation’s (LF) standardized reusable workflow library.

Investigation & Technical Comparison

Our analysis confirms that Maven-based templates map directly to the LF-IT Compose workflows. However, Go support and Release Staging are currently absent from the central LF repository and are marked as Blocked.

Job Type

Jenkins JJB Template

GHA Reusable Workflow

Status

Job Type

Jenkins JJB Template

GHA Reusable Workflow

Status

Verify

gerrit-maven-verify

gerrit-verify-maven.yaml

Ready

Merge

gerrit-maven-merge

gerrit-merge-maven.yaml

Ready

Go

gerrit-go-verify

Awaiting LF-IT support

Blocked

Stage

gerrit-maven-stage

Awaiting LF-IT support

Blocked

Security

gerrit-nexus-iq-clm

Awaiting LF-IT support

Blocked

Metadata

gerrit-info-yaml-verify

gerrit-verify-info.yaml

Ready

Component Strategy & Grouping

We will migrate in the following order:

Group 1: Infrastructure (Priority 1)

  • Repos: policy/parent, policy/common, policy/models

  • Status: Ready. Java 21 is supported. These must be migrated first to ensure downstream PDPs can resolve dependencies in Nexus.

Group 2: PDP Engines & Apps (Priority 2)

  • Repos: api, pap, apex-pdp, drools-pdp, xacml-pdp, distribution, clamp (ACM - Headless), drools-applications

  • Status: Ready. These will follow the standard Maven+Docker build pattern.

Group 3: OPA-PDP & Docker (Priority 3)

  • Repos: policy/opa-pdp, policy/docker

  • Status: On-Hold (Blocked). Pending LF-IT implementation of Go-based and multi-arch Docker workflows.

Migration Plan

Step 1: Environment Alignment

  • Action: Ensure all workflows specify java-version: "21".

  • Action: Verify GitHub Runners (ubuntu-latest) are utilized to support Java 21 and Docker BuildX.

Step 2: Workflow Deployment (Per Repo)

  • Create .github/workflows/gerrit-verify.yaml (PR triggers).

  • Create .github/workflows/gerrit-merge.yaml (Push triggers to Nexus).

Step 3: Staging and Go Implementation (opa-pdp)

  • On hold.

Jira Task & Subtask Structure

EPIC: [POLICY-12345] Migration to GitHub Actions

  • Task 1: Foundation Migration (Parent/Common/Models)

    • Subtask: Update policy-parent to Java 21 GHA workflows.

    • Subtask: Verify Nexus Snapshot deployment for policy-common.

  • Task 2: PDP & Application Rollout

    • Subtask: Port api, pap, and clamp to Java 21 Maven+Docker workflows.

    • Subtask: Port apex, drools, xacml, and distribution.

  • Task 3: [BLOCKED] Go Pilot Migration (OPA-PDP)

    • Monitor LF-IT for support.

  • Task 4: [BLOCKED] Staging & Release Implementation

    • Monitor LF-IT for support.

Next Steps

  • Initial Review: Raise the review for policy-parent to establish the template for the migration.

  • Secret Verification: Confirm with LF-IT that LFIT_NEXUS secrets are active for the Policy Framework GitHub organization.

  • LF-IT Engagement: Reach out to the LF-IT Releng team to get a timeline for the Go and Staging workflow releases.

  • Parallel Running: Keep Jenkins active for Go and Staging jobs while GHA takes over Java Verify/Merge tasks.