# cico-workspace container upgrade

## Overview

We provide a [template](https://github.com/centosci/images/blob/master/cico-workspace/openshift/templates/centosci-workspace.yml) that is used to pre-deploy dedicated jenkins pod in our openshift setup.
It's using jenkins container maintained by Red Hat (RH catalog) and also a specific jenkins-agent container (called cico-workspace) that is spun up for each job that should run in that jenkins environment (dedicated per project/tenant in CI ocp infra)

All that is also discussed in the "Onboard Tenants" section.

## Updating cico-workspace image

The `cico-workspace` container image is available in dedicated [Quay.io](https://quay.io/repository/centosci/cico-workspace) repository.
That's the repositry/registry that ocp.ci cluster is using to spin up cico-workspace containers on demand, always verifying if there is a new one and then pulling :

```xml
  <image>quay.io/centosci/cico-workspace:latest</image>
  <privileged>false</privileged>
  <alwaysPullImage>true</alwaysPullImage>
```

The container (re)build process happens either through :

  * git commit/push in upstream [git repository](https://github.com/centosci/images)
  * a manual build trigger in quay.io

Some notes about what we provide in that cico-workspace image :

  * centos 7 updated container with jenkins agent (java)
  * ansible (from our own configmanagement SIG)
  * [python-cicoclient](https://github.com/CentOS/python-cicoclient/) rpm built through cbs.centos.org koji, and needed to interact easily with Duffy API when requesting  a node to run tests on

!!! note
    Worth knowing that `latest` tag is automatically applied on quay.io builds that are done automatically from the `master` branch on github. That means that pushing to `staging` branch (or else) would automatically create images tagged based on branch name. That permits us to test images before merging into main branch. Example : `podman pull quay.io/centosci/cico-workspace:staging` would pull staging image