Within our deployment pipeline, we have a need to deploy to multiple customer environments, and manage secrets specifically in a way that integrates well with AWS, Kubernetes Secrets, Terraform and our pipelines ourselves.

Jenkins offered us the ability to choose one of a number of credentials/secrets management approaches, and models secrets as a more dynamic concept that GitHub Actions provided.

Additionally, we are operating Jenkins within our development Kubernetes cluster as a kind of system-wide orchestrator, allowing us to use Kubernetes pods as build agents, avoiding the ongoing direct costs associated with GitHub Actions minutes / per-user pricing. Obviously as a consequence we take on the indirect costs of maintain Jenkins itself, patching it, upgrading etc. However our experience with managing Jenkins via Kubernetes and declarative Jenkins configuration has led us to believe that this cost is small, particularly as the majority of actual building and testing is handled inside docker containers and Kubernetes, alleviating the need for less supported plugins that may make Jenkins administration more difficult.