Re: Next baseline shift

2022-12-01 Thread Basil Crow 
I released the first tranche of PRs in 4.52
. Next
week I will take a look at migrating from Jetty 9 to Jetty 10 in the plugin
build toolchain.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjr_DwOW1cQsd3oSjzCpdYNmg8oxynQiNQTbeHL0CoQK6g%40mail.gmail.com.

Re: Proposal to ensure new plugin hosting requests use Maven instead of Gradle

2022-12-07 Thread Basil Crow 
+1

On Wed, Dec 7, 2022 at 2:20 AM Alexander Brandes  wrote:
>
> Hey everyone,
>
> the Gradle JPI plugin lacks fundamental support of the jenkins.io 
> infrastructure.
> There's no support for automated releases (CD, JEP-229), missing metadata for 
> the plugin page and a few other limitations, which don't make it a great 
> experience using it.
>
> Additionally, worth to note, the components mentioned above aren't new. 
> People are proactively switching away from Gradle to Maven for better support 
> and acceptance of our tooling, see ivy-plugin/49 for example.
>
> For the reasons stated, I would like to propose, that new plugin hosting 
> requests use Maven, to have better toolchain support.
> I would be ready to lift this restriction again if the JPI plugin developers 
> provide the same scope of tools like we have for Maven.
>
> Best,
> Alexander Brandes, for the hosting team
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/jenkinsci-dev/bb8f56d3-727b-481a-9132-17bf5eddbbcdn%40googlegroups.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjq9xnyvJFoB33n07jORm7Hw6fSBf8FY5ho5FdGMDAiKug%40mail.gmail.com.

Re: Next baseline shift

2022-12-07 Thread Basil Crow 
On Thu, Dec 1, 2022 at 10:15 AM Basil Crow  wrote:
>
> Next week I will take a look at migrating from Jetty 9 to Jetty 10 in the
plugin build toolchain.

I released jenkins-test-harness 1912.v0cdf15450b_fb
<https://github.com/jenkinsci/jenkins-test-harness/releases/tag/1912.v0cdf15450b_fb>
with a Jetty 10 based JenkinsRule. jenkinsci/maven-hpi-plugin#409
<https://github.com/jenkinsci/maven-hpi-plugin/pull/409> covers the same
upgrade for mvn hpi:run.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpZpTmdi8ra81sfsLEKzfm3iGxKjdX3oEKAtCfTicQ1ag%40mail.gmail.com.

Re: JDK19 is now available on ci.jenkins.io

2022-12-08 Thread Basil Crow 
What Tim said. I am not the biggest fan of an edge label either as
this goes against the principle of reproducible builds. The Java 19
agent label can be deprecated in the agent documentation when Java 20
is released (which is minimal effort on the operational side). In
general consumers of non-LTS versions of Java should realize that by
signing up to consume a non-LTS version they will need to soon move to
the next non-LTS version soon or else risk being out of luck when
upstream drops support for that non-LTS version.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpYJKTE%3D-zZT3uUfDV2_vsEf40AUs9TaC2JG6D%2BSd40MA%40mail.gmail.com.

Revert of breadcrumb bar accessibility change

2022-12-09 Thread Basil Crow 
The Jenkins core maintainers aspire to deliver First Customer Ship (FCS)
 quality all the time on
the main branch . The
integration of jenkinsci/jenkins#6912
 has destabilized the main
branch, resulting in approximately a dozen pull requests to correct issues
with the initial integration. When the main branch is not in a stable
state, new problems are far more likely to be introduced, a timeless
phenomenon described by Jeff Bonwick as the Quality Death Spiral
. The overall quality of the
delivered software, not any one project, is what matters; therefore, I am
proposing a revert of jenkinsci/jenkins#6912
.

There is past precedent for this: when the Jetty 10 upgrade was integrated,
it destabilized the main branch. It was quickly reverted, then reintegrated
later when all known issues had been addressed. The revert of
jenkinsci/jenkins#6912  is
also intended to be temporary: once the issues caused by the original
change are addressed (including JENKINS-70169
 and
jenkinsci/design-library-plugin#182
), we fully
hope and expect for it to be reintegrated and delivered in its final form.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjoa96CRc6vQJO-hY9DPS2i2qtGtHVzTQYzML%2B6wYhw9-A%40mail.gmail.com.

Re: Revert of breadcrumb bar accessibility change

2022-12-09 Thread Basil Crow 
On Fri, Dec 9, 2022 at 9:21 AM Tim Jacomb  wrote:
> Jan has offered a partial reversion instead of a full one
> https://github.com/jenkinsci/jenkins/pull/6912#issuecomment-1331319966

It is unclear to me whether the partial revert would address both
JENKINS-70169  and
jenkinsci/design-library-plugin#182
. If it
addresses both issues and is completed prior to the release of 2.383, this
would address my concerns. If a partial revert does not address both issues
or if it is not completed prior to the release of 2.383, I would like to
proceed with a full revert for 2.383.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqFtxpG%2Bw-cDX69xuj-rqRTcjQvo%3DQopR6%3DaykCM_EPLQ%40mail.gmail.com.

Re: Solving “failing Parent Pom upgrade from 4.51 to 4.52 build” cheatsheet

2022-12-14 Thread Basil Crow 
On Wed, Dec 14, 2022 at 12:37 PM Ullrich Hafner
 wrote:
>
> I would suggest to always update the major version of our plugin-pom if we 
> make breaking changes. This is the second time that we deliver incompatible 
> changes with the same major version.

Perhaps; we do not officially use semantic versioning or any other
scheme where breaking changes are tied to the version number, nor did
we bump the major version number of Jenkins core itself when making
the breaking change to require Java 11 or newer there (a decision made
after discussion on this mailing list). I could see both sides to this
one: while a new major version number would have been a more clear
signal to consumers that adaptations are needed, it also might have
implied a major feature release (which was not the case). The last
major version number bump in the plugin parent POM (4.0) was done by
James Nord, and that _was_ a major feature release.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrf4J4yRvd8kHsaz-%2BnY4PnHu%2B%3DVNFAXUrSmA_iCkKyMA%40mail.gmail.com.

[Regression] JENKINS-70112 Pressing "Apply" in a configuration is considered a modification

2023-01-01 Thread Basil Crow 
jenkinsci/jenkins#7203  has
introduced a regression on the weekly line. JENKINS-70112
 contains the steps to
reproduce, expected result, and actual result. At the time of this
writing, jenkinsci/jenkins#7203
(comment)

remains unacknowledged.

This regression has not yet reached the stable (LTS) line, currently
scheduled to ship in about a month. To ensure that the next LTS release
ships without the issue, options include opening a pull request to resolve
the issue or reverting the original change.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqPa1%3D916ha7tXNkf8mSiTQJijXWzeYMqn4ALE8SEZgpw%40mail.gmail.com.

[Regression] JENKINS-70128 Dismiss button unreadable in old data monitor with dark theme

2023-01-01 Thread Basil Crow 
jenkinsci/jenkins#7364  has
introduced a regression on the weekly line. JENKINS-70128
 contains the steps to
reproduce, expected result, and actual result. At the time of this
writing, jenkinsci/jenkins#7364
(comment)

remains unacknowledged.

This regression has not yet reached the stable (LTS) line, currently
scheduled to ship in about a month. To ensure that the next LTS release
ships without the issue, options include opening a pull request to resolve
the issue or reverting the original change.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpeQYPD8de84nyWacdJNdSbeCHriPenjYunzXvGDJP5sw%40mail.gmail.com.

Re: JDK19 is now available on ci.jenkins.io

2023-01-04 Thread Basil Crow 
Many thanks to the infrastructure team for doing this. Fun fact: Java
19 test runs of Jenkins core are (on average) 20-25% faster than Java
11/17 test runs.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjoVcqzpRbY0pbXEm9V0%3DYyF1%2BaP67OJfRcX3EB%2Branx4g%40mail.gmail.com.

Re: Request info on Jenkins+JsonWebToken(JWT) re: CVE-2022-23529

2023-01-11 Thread Basil Crow 
Based on the output of "yarn info" it does not show up in the
dependency tree of Jenkins core.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpEx8RBSHDCUX4VHtt9hnbOsL8jZWsbqfHD7mbwaS15qw%40mail.gmail.com.

Plugin POM inheritance

2023-01-19 Thread Basil Crow 
Should jenkinsci/plugin-pom be made to inherit from jenkinsci/pom?
jenkinsci/plugin-pom duplicates a large amount of material from
jenkinsci/pom, and inheriting it instead would greatly ease
maintenance by allowing the duplicate material to be deleted. There
are only a few things in jenkinsci/pom that we do _not_ want to be
inherited by plugins:

- Top-level URL: This can simply be deleted from jenkinsci/pom after
verifying that all core components have it.

- Mailing lists, issue management, and CI management: These can simply
be moved to jenkinsci/jenkins or deleted.

- A managed dependency on a specific version of SpotBugs annotations:
this is inappropriate for plugins because they get their copy of
SpotBugs annotations via their Jenkins core dependency. This can
simply be deleted from jenkinsci/pom and inlined into core and core
components (if needed).

- FindSecBugs. Similarly, this can simply be deleted from
jenkinsci/pom and inlined into core and core components (if needed).

Altogether I think such a change, while not trivial, is likely
feasible. Does anyone have any opinions about whether or not we should
do this?

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjokzBBrX5r40EWG9WX%2BrPRmXhsxsY0bUwqQfZAnFnv8Uw%40mail.gmail.com.

Re: Plugin POM inheritance

2023-01-20 Thread Basil Crow 
Unfortunately the benefits of this idea are severely diminished
because Maven does not really support profile inheritance:

http://www.dashbay.com/2011/03/maven-profile-inheritance/
https://issues.apache.org/jira/browse/MNG-5127

So while we could deduplicate properties, managed dependencies, and
Maven plugin configuration that takes place outside a profile (around
200 lines of duplicate code), we would not be able to deduplicate
Maven plugin configuration that takes place inside a profile (about
250 lines of duplicate code). And there are other downsides: increased
complexity, more involved functional testing, and slower propagation
of updates, to say nothing of the effort it would take to implement.
Altogether I doubt the benefits are worth the costs.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpjL5caUn4VDEHE2GxHz6A-5Y0hy-fA0JXYwiUJDK4N9g%40mail.gmail.com.

Re: Removing inactive Core maintainers to reduce risk

2023-01-27 Thread Basil Crow 
On Fri, Jan 27, 2023 at 1:06 AM 'wfoll...@cloudbees.com' via Jenkins
Developers  wrote:
>
> For that reason we have decided to remove inactive contributors from the 
> ‘core’ team.

Thanks! Strongly agree that this is a great move.

> we decided

Was this decision made in concert with other core maintainers or unilaterally?

> one year without any activity in the affected repositories qualifies as 
> inactive

Is this one year without any _general_ activity (e.g., opening a PR)
or one year without any _maintainer_ activity (e.g., merging or
closing a PR)? Write permissions are needed for the latter but not the
former. Given the stated goal to reduce the number of people with
unnecessary write access, the latter definition makes more sense to
me.

Basil

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpzZrMVDjeVzoidVEji3JF7KvbaXrA9VEOFTEW%2B5Rk7_g%40mail.gmail.com.

Re: Removing inactive Core maintainers to reduce risk

2023-01-29 Thread Basil Crow 
On Sun, Jan 29, 2023 at 4:52 AM 'wfoll...@cloudbees.com' via Jenkins
Developers  wrote:
> Thanks for the positive feedback!

It was positive feedback about the intention, not necessarily the end result.

> [To] widen the discussion before the act did not seem necessary. Especially 
> when such a change can be reversed without problems.

By the same logic, we could dispense with core PR reviews because any
commit can be reverted without problems. Such an approach would appear
to go against the consensus-driven nature of the project.

> Concerning the activities, the remaining people did at least a PR review 
> during the last year.

That would make those people eligible to be members of the
core-pr-reviewers team, which has triage permissions but not write
permissions. Eligible members of the core team, which has write
permissions, would be those who have merged or closed a PR during the
last year. Can you see a flaw in my reasoning?

> This is not strictly requiring the write permission, but I don't want to do 
> something that could be seen as a witch hunt.

I do not see how it could be seen as that given the explicitly stated
goal (reducing the risk of security exposure), which has been
discussed transparently in this public thread.

> This kind of risk reduction was rarely done in the past, I don't want to be 
> too aggressive on that.

On the contrary, the fact that this kind of risk reduction was rarely
done in the past is all the more reason to act deliberately,
conciliarly, and thoroughly in the present: past precedent shows that
our decision is likely to stick for a long time.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjosGGbjxwCt8UXVO3L0HigGNjSOWrKyYX%3DXe7w7VY7mDw%40mail.gmail.com.

Re: Adoption of the GitLab Plugin which has been marked for adoption

2023-01-29 Thread Basil Crow 
+1 from me (former maintainer), thanks for helping out!

On Sun, Jan 29, 2023 at 6:26 AM Kris Stern  wrote:
>
> Hi everyone,
>
> I would like to adopt the GitLab Plugin which has been marked for adoption.
>
> Link of the plugin: https://github.com/jenkinsci/gitlab-plugin
> Status of the plugin: "For adoption"
> My GitHub username/id: krisstern
> My Jenkins infrastructure account id: krisstern
> Link to the "Repository Permission Updater" PR: 
> https://github.com/jenkins-infra/repository-permissions-updater/pull/3106
>
> Appreciate any help possible in this regard!
>
> Best,
> Kris
>
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/jenkinsci-dev/OS3P286MB143139C7B340C6C75DDAAB9CA1D29%40OS3P286MB1431.JPNP286.PROD.OUTLOOK.COM.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqFqjMMQs0DzStgvisdp-oN%2B5X0cCjErH4At7cRF5qeTw%40mail.gmail.com.

Re: Removing inactive Core maintainers to reduce risk

2023-01-30 Thread Basil Crow 
On Mon, Jan 30, 2023 at 3:19 AM 'wfoll...@cloudbees.com' via Jenkins
Developers  wrote:
> A PR merged in a release can be installed. A missing permission is not at 
> that kind of level of impact.

A compromised account with unnecessary commit access could very well
have that level of impact if it is used to introduce malicious content
into a release.

> To [make] explicit my thinking process there that will also reply to the 
> other comments.

I do not see how it could reply to the other comments, because my
point about membership in the core-pr-reviewers group being more
appropriate remains unaddressed.

> I do not want to put a clock ticking above the heads of any role, that would 
> notify you "hey you have not merged a PR since 11 months, in 30 days you will 
> be kicked". That's neither the goal nor the intent.

The stated goal and intent is to eliminate unnecessary
security-related exposure, accomplished by removing unneeded commit
access. Just as an individual who has not reviewed a PR in over a year
is creating unnecessary exposure by holding onto unneeded commit
access, so also an individual who has not merged or closed a PR in
over a year is creating unnecessary exposure by holding onto unneeded
commit access. Therefore, accomplishing the stated goal and intent
necessitates removing the unnecessary exposure created by both groups.

On Mon, Jan 30, 2023 at 3:27 AM 'Daniel Beck' via Jenkins Developers
 wrote:
> How would you feel if any of the folks Oleg listed suddenly started to merge 
> or close PRs? Would you really not be surprised, and "think this is fine"?

Since I often receive feedback from individuals who have not been
active in a long time and who decline to provide acknowledgement after
I address their feedback, nothing would surprise me at this point.

On Sun, Jan 29, 2023 at 6:15 AM Oleg Nenashev  wrote:
> it would be definitely nice to document explicit criteria in 
> https://github.com/jenkinsci/jenkins/blob/master/docs/MAINTAINERS.adoc#roles

On Mon, Jan 30, 2023 at 5:06 AM 'Daniel Beck' via Jenkins Developers
 wrote:
> We could even use a separate team to represent this

I agree that the criteria should be explicitly documented in
MAINTAINERS.adoc for the reasons explained in
https://producingoss.com/en/written-rules.html and that alumni should
be recognized in a separate team or web page in order to publicly
honor their past contributions. In the absence of documentation and an
alumni group, this endeavor lacks the thoroughness described in my
previous post.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpiD8_YACCW_GSz1mjv2C_gyoo%3DyDWS90ew1LRywr2VOA%40mail.gmail.com.

Re: Removing inactive Core maintainers to reduce risk

2023-01-31 Thread Basil Crow 
On Tue, Jan 31, 2023 at 7:24 AM 'wfoll...@cloudbees.com' via Jenkins
Developers  wrote:
> As it's about reducing the risk and not eliminating it

I do not see a reason why we should accept continued exposure.
Software supply chain attacks have been increasing in recent years,
highlighting the need for a thorough response. As industry leaders in
this space, we ought to be role models rather than doing the bare
minimum.

> from my PoV it's another topic with harder consensus to find.

I see no evidence that consensus would be hard to find. It would be
one thing if concrete objections had been raised in this discussion,
but so far nobody has provided a cogent counterargument to the points
made in my last post.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqQDRBwq8QRTVDj7UTr%2BfEOvOnfn73Oiq9L48xmHkUm_w%40mail.gmail.com.

Disambiguate and document the merge/close process

2023-02-09 Thread Basil Crow 
Over the past few months and especially during Hacktoberfest, I have
observed several cases where the Jenkins core contribution process did
not go as smoothly as it could have gone. After thinking deeply about
several examples, I concluded that the existing process contains
several ambiguities that, once disambiguated, would make the process
go more smoothly in the future. I distilled my thoughts into a
concrete process improvement in
https://github.com/jenkinsci/jenkins/pull/7516 and submitted my
proposal for review in December.

Response to this proposal has been mostly positive, with negative
feedback isolated to specific details of the proposal rather than the
overall concept. All feedback has been addressed at the present time.

I would like to bring this proposal to a conclusion by March. If any
active core maintainers have not yet considered the proposal, please
do so and express (in the pull request) your view — positive,
negative, or neutral — and the reason for that view. If anyone has
left feedback already, please confirm that it has been addressed in
the latest revision by approving the pull request.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrCS5nmvx_u9XUHrxFBQ_%2B3jgcTSm36LgbnsD0i35es9Q%40mail.gmail.com.

Re: *-api-plugin (tests downstream plugins)?

2023-02-21 Thread Basil Crow 
Yes, most library plugins do not have sufficient test coverage. They
should all have at least one smoke test based on RealJenkinsRule,
since JenkinsRule is not a realistic linkage environment. Testing
downstream consumers from a PR build is essentially the second half of
JENKINS-45047 and would be a welcome enhancement.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrCCKo_UaVboP8mnfCWEMSCR9Zmqbajy4hHy99YK62zyA%40mail.gmail.com.

Re: Disambiguate and document the merge/close process

2023-03-03 Thread Basil Crow 
On Thu, Feb 9, 2023 at 4:54 PM Basil Crow  wrote:
>
> I would like to bring this proposal to a conclusion by March.

https://github.com/jenkinsci/jenkins/pull/7516 has been approved; if
nobody objects by March 15, I'll assume lazy consensus and merge it.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjo2Yj%2Bv6mjv1fuHXpmZ5qwkMCWgcZh1qL7PFzEFB9Ps%2Bw%40mail.gmail.com.

Re: requireUpperBoundDeps issue after bom update to 1887.vda_d0ddb_c15c4

2023-03-06 Thread Basil Crow 
You can work around the problem as follows:

diff --git a/pom.xml b/pom.xml
index 67c2f7d..1c6265d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -51,7 +51,14 @@

io.jenkins.tools.bom
bom-2.361.x
-1836.vfe602c266c05
+1887.vda_d0ddb_c15c4
+import
+pom
+
+
+org.jetbrains.kotlin
+kotlin-bom
+1.8.10
import
pom

@@ -62,7 +69,6 @@

  org.jenkins-ci.plugins
  variant
-  59.vf075fe829ccb


  org.jenkins-ci.plugins
@@ -75,6 +81,13 @@
  github-branch-source
  1701.v00cc8184df93
  true
+  
+
+
+  org.apache.commons
+  commons-lang3
+
+  

  

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjosQYOsD-4Or8HvT2mDATxa50Fo%2BLLbMVu1GPkbPGWhCA%40mail.gmail.com.

Re: Duties of a plugin maintainer.

2023-03-07 Thread Basil Crow 
The main duty of a plugin maintainer from my perspective is to not
introduce regressions for users of the plugin.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjryykM2wvOCiQ9WY0Z9azQPpLKYQ1xapn6FL%3DXyhuQS5A%40mail.gmail.com.

Re: Duties of a plugin maintainer.

2023-03-08 Thread Basil Crow 
On Wed, Mar 8, 2023 at 5:13 AM Mark Waite  wrote:
> I made that mistake with a plugin that I adopted a few months ago.  It's last
> release had been done many years ago.  I adopted it and made the flawed
> assumption that the master branch was in good condition, ready to release.  I
> released a new version of the plugin from the master branch and was then
> dismayed to have reports from users that the new release included a
> regression.  I reverted most of the changes that had been made on the master
> branch in those intervening years and released a new version of the plugin
> without those regressions.

Worse, I once adopted a plugin whose previous maintainer had not merged a
security fix back to the main branch, meaning that releasing the main branch
would have reintroduced the security issue. Thankfully, I noticed that before
doing a release. In general, I would advise new maintainers to carefully review
the diff from the last release up until the current point in time to ensure that
they are prepared to deal with any regressions when doing the next release.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpP5fF61M_VvgsGEcZtCZbLWub_Tg1z2e8s35MPeND41Q%40mail.gmail.com.

Re: Jenkins Security Scan now generally available

2023-03-19 Thread Basil Crow 
Does the Jenkins Security Scan need to be adapted to use the artifact
caching proxy?

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjoTKMFFYR1WkC_f0xp5%3D5e2xAWO-%3Dz0HYhkUiA3XmVEkQ%40mail.gmail.com.

Re: Proposal to ensure new plugin hosting requests use Maven instead of Gradle

2023-03-22 Thread Basil Crow 
Here are the most popular plugins still using Gradle for their build:

gradle 232,746
multiple-scms 22,241
allure-jenkins-plugin 17,121
terraform 5,046
checkmarx 4,502
jira-trigger 3,996
blackduck-detect 2,838
npm-yarn-wrapper-steps 2,152
ez-templates 2,145
templating-engine 1,742
synopsys-coverity 1,480

Multiple SCMs is already deprecated. Gradle, Allure, Checkmarx, and
the Synopsys plugins appear to be maintained by corporate teams that
may have their own build system policies. Terraform, Jira Trigger, NPM
and Yarn Wrapper and Steps, EZ Templates, and Templating Engine appear
to be community-maintained.

I wonder if there is a way we could more clearly communicate to the
above parties that we offer only partial support for Gradle and full
support only for Maven.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjoXcdRte%3DXuUwp9XbTcFte_kiT4-CBqXqvgJzzRU98LcQ%40mail.gmail.com.

Re: Proposal to ensure new plugin hosting requests use Maven instead of Gradle

2023-03-28 Thread Basil Crow 
On Mon, Mar 27, 2023 at 7:27 AM 'Herve Le Meur' via Jenkins Developers <
jenkinsci-dev@googlegroups.com> wrote:
> For those using buildPluginWithGradle() from the shared pipeline library,
we could add a note about it in the logs.

This was done in jenkins-infra/pipeline-library#629
.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqOfVGV13p0HKr6GqHFEU7zv4-CHuAftFS2ap%2BK5XoYig%40mail.gmail.com.

Re: Prototype.js replacing JSON.stringify

2023-04-02 Thread Basil Crow 
https://issues.jenkins.io/browse/JENKINS-70906 FTR

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpahcDHFEpwNL_kmwd48kifgrKHG_68fnqKOcPgb6airw%40mail.gmail.com.

Re: Prototype.js replacing JSON.stringify

2023-04-02 Thread Basil Crow 
On Sat, Mar 11, 2023 at 3:37 PM Ullrich Hafner  wrote:
> But this JS code is so deeply nested in Jenkins UI code that I have no clue 
> on how to fix that...

You could open pull requests for one or more of the dozens of
currently unassigned subtasks in JENKINS-70906.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjoh7sJF5qXMvAJ_UQ4V%3Djg4yJ_YfvhYCCyLwCQ8--yhtQ%40mail.gmail.com.

[Regression] Non-unique IDs

2023-04-07 Thread Basil Crow 
jenkinsci/jenkins#5923 
introduced a regression concerning non-unique IDs, and
jenkinsci/jenkins#7631 
fixed the first regression but introduced a second regression, breaking
compatibility with multiple critical plugins in violation of the Compatibility
matters section of the Project Governance Document
. This
has caused disruption for end users, who are no longer able to upgrade past
2.390 to the latest weekly release.

This new regression has not yet reached the stable (LTS) line, currently
scheduled to ship in May. To ensure that the next LTS release ships without
this new regression, options include:

   - Rolling forward by adapting the known broken plugins to the change in
   behavior and releasing new versions, as well as doing a systematic search
   to verify no other plugins are affected
   - Rolling backward to the status quo as of 2.390 by reverting
   https://github.com/jenkinsci/jenkins/pull/7631
   - Rolling backward to the status quo as of 2.334 by reverting both
   https://github.com/jenkinsci/jenkins/pull/7631 and
   https://github.com/jenkinsci/jenkins/pull/5923

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrtgazO1K5aN5JPkC2teoZObu8Stdf27UZ-sJnwKZ31mA%40mail.gmail.com.

Re: Optional automated source code formatting - prep for JEP

2023-04-08 Thread Basil Crow 
https://github.com/jenkinsci/plugin-pom/pull/733 is a non-draft PR
that incorporates all previous feedback and reflects practical
experience in the Jenkins and Maven projects.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqQLd155%3DCx6YXg-k6TNn4voOqpj-puGGceHd4nOhMMbA%40mail.gmail.com.

Re: Moving ATH tests closer to the code under test

2023-04-10 Thread Basil Crow 
On Wed, May 11, 2022 at 7:32 AM Tim Jacomb  wrote:
> Recently both Jan and myself have hit a number of issues with HtmlUnit not
> supporting modern JavaScript. (You implement it and it works fine in the
> browser but then the PR test builder blows up and you need to re-implement
> it)

jenkinsci/jenkins-test-harness#569 (comment)

describes an idea I had recently:

Another solution would be to teach Can I use/Browserslist/Babel which
> features are (or are not) supported by HtmlUnit/Rhino. Then we could
> transpile our code to something that would run in JTH/HtmlUnit/Rhino with
> minimal modifications. This would be a modest amount of effort and would
> require upstream changes, but it seems relatively achievable in the medium
> term.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjq24pPTz3udwqXP1uZfi8g08EOozxigUb9v89C-C_7o7g%40mail.gmail.com.

Re: Optional automated source code formatting - prep for JEP

2023-04-11 Thread Basil Crow 
Thanks to everyone who has adopted the new Spotless configuration. I
am trying to get everyone who was already using Spotless migrated over
to the new configuration. Once that happens, I might even be able to
change the opt-in mechanism from the ugly .mvn_exec_spotless file to a
Maven property.

The next question is: do we want to do the same thing for core and
core components? And if so, do we want it to be opt-in or shall we
apply Spotless unconditionally for core and all core components? I can
do the work, but it would take some time to cover all components. The
question boils down to whether or not the other maintainers are
comfortable with this change.

The last time we did a large formatting change in core (adding
Prettier) the usual concerns were expressed regarding merge conflicts
in open PRs and difficulty of backports. I think we did a pretty good
job of resolving merge conflicts in open PRs, and we backported the
formatting change in order to address concerns from the security team.
We could adopt that (successful) strategy again in this case, assuming
the same concerns still apply.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpOAQR88KOyxCYzdqE9h5-80qkugm1tnBXyex-nrmVrEA%40mail.gmail.com.

Re: Optional automated source code formatting - prep for JEP

2023-04-12 Thread Basil Crow 
On Wed, Apr 12, 2023 at 6:06 AM 'jn...@cloudbees.com' via Jenkins
Developers  wrote:
> Please do not troll [sic] this out until 
> https://github.com/diffplug/spotless/issues/1559 is fixed

I am rejecting this request, as Spotless works fine on Windows in the
default configuration. Users of exotic configurations that are not
supported by Spotless on Windows should switch to the default
configuration or contribute support for their desired configuration to
Spotless rather than holding back others.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrw-Fv5CS%2BpksWy%2BwfwZZ97KcTLyLL-0-mkao9ha0Xp_Q%40mail.gmail.com.

Re: Jenkins Security Scan now generally available

2023-04-17 Thread Basil Crow 
On Sun, Mar 19, 2023 at 7:13 PM Basil Crow  wrote:
> Does the Jenkins Security Scan need to be adapted to use the artifact
> caching proxy?

Any answer to this question?

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqzy_z2d0Gg_H%3DDZoLn1PQs%2BDEb827DB%3DTif6cUMrDLVg%40mail.gmail.com.

Re: Revise "Bug" template fields on Jira

2023-04-17 Thread Basil Crow 
On Mon, Apr 17, 2023 at 2:01 AM Alexander Brandes  wrote:
>
> I would like to propose making the "Environment" and "Description" fields 
> mandatory for "Bug" type issues on Jira

+1 from me

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqd_b%3DTbxkqEDVC3%2B0GjX%2B1o_o3of_prDqfAPLQdOM8Tg%40mail.gmail.com.

Launchable in the Jenkins project

2023-04-17 Thread Basil Crow 
I have captured in writing everything I have learned so far about
Launchable and how to do model training in a way that is most
effective for the Jenkins project:

https://docs.google.com/document/d/12LdoAFA566P4LgHhu1L-fuOQuhipxk77tUDXQdNmhss/edit

Based on this document, we have three models to train, and training
each one requires collecting builds and collecting test results.
Collecting builds of BOM/PCT runs is the most complicated and will
likely require developing a new tool of some sort, so I will focus on
the other areas first.

Once models are trained, Launchable will be able to create subsets of
each of our three test suites. It is up to us as to how to use that
information to increase velocity, decrease costs, and/or shift left. I
provided several examples in the above document.

Hopefully the least controversial of those examples is running a
subset of Windows tests on core PR builds for a mild decrease in test
time and cost. I plan to implement this as soon as the model is
trained with a decent amount of data, likely about one month after
model training begins.

The other ideas mentioned above (feel free to suggest new ones in the
Google Document as well!) can be discussed further once the model is
trained and we can query Launchable for subsets and assess whether the
provided subsets are acceptable or not.

I am noting that BOM costs are unsustainable given budgetary
constraints, so regardless of the quality of the subsets, a change in
BOM maintenance practices will likely be needed one way or another.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpDzmQzYxS_Z0cgEN7U%2BLT_2fUNpUVafey%2BLYs%2BkZGX2g%40mail.gmail.com.

Re: Reimbursement for code signing certificate

2023-04-18 Thread Basil Crow 
On Tue, Apr 18, 2023 at 11:23 AM 'Gavin Mogan' via Jenkins Developers
 wrote:
> Shouldn't this be submitted via expensify and approved in the board
> mailing list?

>From JEP-15 (at revision b8bfe17), § 3.3.2 ("Use of donations"), lines
177-178:

> Budget requests should be submitted to the developer mailing list and
> discussed there, the Governance meeting will be doing a formal
> approval/rejection based on the community feedback.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpHawAfD7141y-_TxgOThzrMH_g7Z9x8To2p9vQHPM5Bw%40mail.gmail.com.

Re: Reimbursement for code signing certificate

2023-04-18 Thread Basil Crow 
On Tue, Apr 18, 2023 at 12:03 PM Tim Jacomb  wrote:
>
> +1

+1 from me as well

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrjdWvN8pJ72z1%2Bb8%2BAkM_rCu0u7CRqAso%3Dq1hGcpLr1w%40mail.gmail.com.

Re: Reimbursement for code signing certificate

2023-04-18 Thread Basil Crow 
On Tue, Apr 18, 2023 at 12:29 PM 'Gavin Mogan' via Jenkins Developers
 wrote:
> I would argue this discussion should happen before the spending not after.

FTR, from JEP-15 (at revision b8bfe17), § 3.3.4 ("Reimbursement process"), lines
193-194:

> Expenses should be pre-approved through the Jenkins developer mailing list and
> the link Governance meeting **BEFORE** the expense happens.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjoSxOZb7ZjeO0u3LPH7AW58_5otDeLgipNcOXoAn1aOHw%40mail.gmail.com.

Re: Jenkins 2.401 as next LTS baseline?

2023-04-21 Thread Basil Crow 
+1 for 2.401 as well

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpYT6DRtmhbY4UExV%2Bg0we9r2tSjiBn4vB2AaUS9WiSrA%40mail.gmail.com.

Re: Request for adoption of Job DSL and Docker plugins

2023-05-01 Thread Basil Crow 
Thank you for your quality contributions to other Jenkins plugins. We
appreciate it when a user of a plugin steps up to maintain it, because
such maintainers have a good idea of the testing that is required in
order to avoid regressions.

For plugins with a high user count, we typically want to see prior
contributions to that plugin and/or or prior experience maintaining
other Jenkins plugins. I would recommend you file some PRs to the
abovementioned plugins and/or start by maintaining some less popular
plugins to get some experience with the plugin development and release
process in order to ensure a smooth transition as you take on
maintainership.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrv7NZN97f0snA4J7BSKo9DXHu9%2BJVf-kj73P15mV%3DtMQ%40mail.gmail.com.

Re: Prototype.js replacing JSON.stringify

2023-05-05 Thread Basil Crow 
On Mon, Mar 13, 2023 at 3:27 PM 'Gavin Mogan' via Jenkins Developers
 wrote:
>
> I think the first steps would be to remove as many of those references from 
> core before detaching the plugin and making it optional

Detaching Prototype to a plugin might work, but it is also likely to
create problems in practice — plugins that update their core baseline
to one after the detach point won't necessarily get test failures once
Prototype is missing unless they have HtmlUnit tests for all portions
of their UI (unlikely) and so their maintainers are unlikely to notice
that they need to do anything until after the plugin is released and
users start complaining. There are about 50 plugins that use
Prototype, so I think the better solution is to proactively remove
Prototype usages from all of them and then remove Prototype from core.
This is a large amount of work, but it could be feasible if everyone
in this thread participated in the effort.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrxgJ589zG9k%2BbXSgt_OJrHWq%2B3nrAPWUtt%2BtwHs2RQYA%40mail.gmail.com.

Re: Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.10.1:javac: invalid flag: --release

2023-05-11 Thread Basil Crow 
Please read Jenkins plugin development requires Java 11 or newer
.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpB8Nw-XDUjQ46tgfY%3DGMYabDN4CwtgTUG%3Dt-c%3DqRQsFQ%40mail.gmail.com.

Re: Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.10.1:javac: invalid flag: --release

2023-05-11 Thread Basil Crow 
On Thu, May 11, 2023 at 8:55 AM 'Gavin Mogan' via Jenkins Developers
 wrote:
>
> I think the PR in question is doing exactly that 
> https://github.com/jenkinsci/bmc-cfa-plugin/pull/42/files#diff-e6ffa5dc854b843b3ee3c3c28f8eae2f436c2df2b1ca299cca1fa5982e390cf8R4-R5

Those lines were not present in the PR at the time of the original
post. They were just committed, presumably after reading the blog post
I mentioned.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjp9ziTungzxCWApmn6GZ-zZJNA-HqcAwNf%2BibE161%2BMdA%40mail.gmail.com.

Re: Prototype.js replacing JSON.stringify

2023-05-11 Thread Basil Crow 
I filed pull requests to remove Prototype.js from about 25 or so
plugins. Please review, merge, and release these.

Here are some more plugins I identified that are still using
Prototype.js. Please file pull requests to remove Prototype.js from
these plugins:

matrix-auth 264461
blueocean 64506
git-parameter 59223
metrics 51938
uno-choice 33501
ivy 23035
translation 21443
github-pullrequest 15538
cloudbees-disk-usage-simple 11259
atlassian-bitbucket-server-integration 7260
extra-columns 7165
gitlab-logo 5368
categorized-view 4510
fortify 4287
azure-ad 4019
release 2971
scm-sync-configuration 2810
dockerhub-notification 1808
pollscm 1764
jira-ext 1680
synopsys-coverity 1451
qtest 1270
openstack-cloud 940
azure-app-service 886
jclouds-jenkins 612
oracle-cloud-infrastructure-compute 494
chatwork 327
azure-vmss 223
qualys-was 183
html-audio-notifier 174
collabnet 156
nsiqcollector 144
mentor-questa-vrm 84
wxwork-notification 76
testabilityexplorer 65
depbuilder 49
simpleupdatesite 36
simplify-qa-connector 3
gamekins 0

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqxXk-MX1qVi90pSBfXjQPqdbjd7OJh7Q%3DqD16Q%3D%3Dwp0w%40mail.gmail.com.

Re: Prototype.js replacing JSON.stringify

2023-05-18 Thread Basil Crow 
2.406 is on track to ship without any usages of Prototype. I have
created a tracking
spreadsheet

to cover Prototype usages in plugins and filed issues for any affected
plugin with more than 100 installations. Please assign yourselves some of
these issues and file PRs so that we can get the plugin ecosystem updated.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjoa5fC6Lu7zCBzf%2Bvqv9W_pxybfiqV63N6wGdvLHyPWaw%40mail.gmail.com.

Re: GSoC 2023 Building jenkins.io with alternative tools project feedback solicitation

2023-05-18 Thread Basil Crow 
The calculus of this decision seems different when it comes to the
documentation portions of the site (e.g., the end user documentation
and developer documentation) vs the regular content (e.g., the blog,
changelogs, and other static content). I think there may be a sweet
spot in using Antora for the end user documentation and developer
documentation while using another tool for the blog, changelogs, and
other static content.

For the documentation portions of the site, Antora seems like a
perfect fit because it is specifically designed for documentation
sites and features first-class support for branching/versioning
documentation for multiple releases, combining multiple repositories
into a single site, etc. There has been a real need for versioned
documentation for multiple releases when working on e.g. Java Platform
support and other projects. I imagine the long-term maintenance cost
of Antora for the documentation portions of the site would be low:
just keeping the build running and keeping the templates up-to-date.
In contrast it seems that more effort would be required to use e.g.
Gatsby for a versioned/branched documentation site. Even with e.g. the
Rocketseat docs theme as a source of inspiration, it seems that Gatsby
offers less support for the versioned documentation use case
out-of-the-box and that custom code would need to be written and then
maintained in order to fully accommodate the versioned documentation
use case.

In contrast, Antora was not designed for blogs, and Antora issue #444
makes it clear that the maintainers do not intend to support blog-like
functionality in Antora. Using Antora for anything other than a
documentation site seems ill-advised, as this is not Antora's intended
use case.

While it might be possible to use e.g. Gatsby for everything
(including the blog and documentation portions of the site), my sense
is that the benefits of using Antora for the documentation portions of
the site (both from an initial development and maintenance
perspective) may be more compelling.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqHDVdiwDTLiUAEtYF-3Pw4mb_Go9JDg2Ts%2B5LG%3DW7yPQ%40mail.gmail.com.

Re: GSoC 2023 Building jenkins.io with alternative tools project feedback solicitation

2023-05-19 Thread Basil Crow 
On Fri, May 19, 2023 at 10:24 AM 'Gavin Mogan' via Jenkins Developers
 wrote:
> Having been around for a number of the GSOC projects, and a number of the
> migration projects. I'm very worried about half finished state that nobody
> finishes. And honestly spent a lot of time cleaning up content on jenkins.io
> (some were .html, some were .md, some were .txt)
> So to me, jenkins.io shouldn't be cut over to the new system, until the new
> system is fully populated.

I concur with Gavin. I have a strong preference for a more narrow project scope
that results in a complete migration in production rather than a more wide
project scope that fails to achieve a complete migration in production. The
reason for this strong preference is that for efforts that do not reach complete
migration in production, the value of the effort approaches zero as time
approaches infinity. A complete migration to production of even one component
achieves value immediately and is therefore preferable from my perspective.

> So my suggestion based on me trying to convert jenkins.io to gatsby a while
> ago and realizing its just too big
> 1) docs.jenkins.io (versioned, antora)
> 2) guides.jenkins.io (versioned, antora, but less likely to update?)
> 3) news.jenkins.io (out of scope of gsoc i think) aka blog. hook up a headless
> cms like netlifycms (all javascript + github), or maybe even strapi (really
> nice headless cms, we could have webhooks that update the repo)
> 4) Leave everything else on www.jenkins.io
[…]
> It also makes a clear migration plan. We can make docs/tutorials live when the
> content is fully pulled out. No half measures.

I concur with Gavin. I have a strong preference for factoring out the docs
content into a new Antora site and atomically cutting over the links from the
monolithic Awestruct site to the new Antora site, thus achieving complete
migration in production. The same process could be later followed for the blog.
What remains of the monolithic Awestruct site after the Antora and blog portions
have been factored out can then be dealt with on a case-by-case basis, but I
would rather not include this in the scope of GSoC. The reason for this is that
I fear it would introduce additional risk and delay progress on the Antora
portion of the effort, which is already significant in scope and risk in and of
itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjo5GQHZxetakv1kUzP7J4wsQQb1A2rz3kWHbjbJtjpwkg%40mail.gmail.com.

Re: GSoC 2023 Building jenkins.io with alternative tools project feedback solicitation

2023-05-19 Thread Basil Crow 
On Fri, May 19, 2023 at 10:24 AM 'Gavin Mogan' via Jenkins Developers
 wrote:
> Having been around for a number of the GSOC projects, and a number of the
> migration projects. I'm very worried about half finished state that nobody
> finishes. And honestly spent a lot of time cleaning up content on jenkins.io
> (some were .html, some were .md, some were .txt)
> So to me, jenkins.io shouldn't be cut over to the new system, until the new
> system is fully populated.

I concur with Gavin. I have a strong preference for a more narrow project scope
that results in a complete migration in production rather than a more wide
project scope that fails to achieve a complete migration in production. The
reason for this strong preference is that for efforts that do not reach complete
migration in production, the value of the effort approaches zero as time
approaches infinity. A complete migration to production of even one component
achieves value immediately and is therefore preferable from my perspective.

> So my suggestion based on me trying to convert jenkins.io to gatsby a while
> ago and realizing its just too big
> 1) docs.jenkins.io (versioned, antora)
> 2) guides.jenkins.io (versioned, antora, but less likely to update?)
> 3) news.jenkins.io (out of scope of gsoc i think) aka blog. hook up a headless
> cms like netlifycms (all javascript + github), or maybe even strapi (really
> nice headless cms, we could have webhooks that update the repo)
> 4) Leave everything else on www.jenkins.io
[…]
> It also makes a clear migration plan. We can make docs/tutorials live when the
> content is fully pulled out. No half measures.

I concur with Gavin. I have a strong preference for factoring out the docs
content into a new Antora site and atomically cutting over the links from the
monolithic Awestruct site to the new Antora site, thus achieving complete
migration in production. The same process could be later followed for the blog.
What remains of the monolithic Awestruct site after the Antora and blog portions
have been factored out can then be dealt with on a case-by-case basis, but I
would rather not include this in the scope of GSoC. The reason for this is that
I fear it would introduce additional risk and delay progress on the Antora
portion of the effort, which is already significant in scope and risk in and of
itself.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjr9JAMXMC46YX8fjsMrpH5L2ZFLj_ZseG%2BRxPn73tC9Xw%40mail.gmail.com.

Did Tippy.js add Popper2 to Jenkins core?

2023-05-22 Thread Basil Crow 
https://github.com/jenkinsci/bootstrap5-api-plugin/pull/213 (comment)
concerns me:

> Popper2 is now part of Jenkins core.

As far as I can tell the Popper dependency was added when replacing
YUI tooltips with Tippy in
https://github.com/jenkinsci/jenkins/pull/6408. Has this abstraction
now leaked as an implementation detail that plugins are starting to
depend on?

Any recent JavaScript dependencies of Jenkins core like Tippy and
Popper should be built and packaged in such a way that they are not
exposed to plugins. Plugins that want to use Popper should be using
the Popper plugin. Both should be able to coexist at the same time.
Ignoring this separation of concerns leads to maintenance problems in
the future.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpLEVif3Es6yJafE29zkW6gxSROTLH0dV-cJ5sBrr5Gzw%40mail.gmail.com.

Re: Maven 3.9.2: ready to roll?

2023-05-23 Thread Basil Crow 
+1

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjoFWBn-SR1D3v02bW2ep3XTXuk4-oux-jX9D-0Uw6vJRQ%40mail.gmail.com.

Re: Did Tippy.js add Popper2 to Jenkins core?

2023-05-23 Thread Basil Crow 
On Tue, May 23, 2023 at 12:28 AM Ullrich Hafner
 wrote:
> In JS and CSS and Jelly we have no concepts of encapsulation and APIs in the
> moment. Everything what is available in the browser is public by default. In
> JS this is even more complex to hide than in Java.

Can Webpack be made to build a library under a hidden (shaded) namespace, with
core consuming the private version?

> I think that users also will benefit from views that do not load the same
> library multiple times (loading time of a page). Also it duplicates the
> development effort if we create a plugin API for each JS library that we are
> using in core.

These are indeed benefits, but I think the maintenance costs of exposing core
libraries to plugins are higher. This is a serious problem in every modular
system that fails to hide its internal implementation details from consumers;
see, for example:

http://dtrace.org/blogs/wesolows/2014/04/10/libsunw_ssl-or-how-smartos-avoids-sadness/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjoeFbXySnWOXhXhDLbeksKQkxbbB%2B%2Bbpo_bBme1WkK%3D-Q%40mail.gmail.com.

Re: Did Tippy.js add Popper2 to Jenkins core?

2023-05-24 Thread Basil Crow 
On Tue, May 23, 2023 at 10:18 AM 'Gavin Mogan' via Jenkins Developers
 wrote:
> I tried accessing "Popper.createPopper" on ci.jenkins.io and it doesn't seem 
> to be defined, so I don't think its exposed?

Then why was https://github.com/jenkinsci/bootstrap5-api-plugin/pull/213 needed?

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqd2pooJbPtZkfeVKN%2Byu4xE%2Bf7ZD2w8aMVpyfS5hxEuw%40mail.gmail.com.

Re: Did Tippy.js add Popper2 to Jenkins core?

2023-05-24 Thread Basil Crow 
On Wed, May 24, 2023 at 2:50 PM Ullrich Hafner  wrote:
> Popper is now part of the Bootstrap plugin.

Yes, jenkinsci/bootstrap5-api-plugin@76fd031d8291a9a836264c34b630c8c273102c86
resolves the issue from my perspective.

On Wed, May 24, 2023 at 2:46 PM Ullrich Hafner  wrote:
> I understand that this is the best thing from an architectural view. But 
> sometimes you need to make tradeoffs otherwise development costs will 
> increase too much…

The development costs of committing to support a third-party API in
perpetuity are prohibitively expensive. But I understand the
frustration — maintaining library plugins is not a lot of fun.

You could gain back development velocity (at the cost of efficiency)
by using the static linking approach (typically with Webpack)
practiced by e.g. azure-ad, pipeline-graph-view, workflow-cps, etc.
That seems to be the way the Golang and Rust communities have evolved,
despite the inefficiency.

Unfortunately maintaining a correct and efficient dynamically-linked
system is just a huge amount of work, as demonstrated by the constant
effort that is needed to build and package software for operating
system distributions. The only thing I can think of that would make
this easier for you would be better documentation to hopefully inspire
others to assist with the burden of maintaining JavaScript Jenkins
library plugins.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjo51aHobd_Oswkika%2BwxB6kSB%3DqsMdS1yorKx59HwB06Q%40mail.gmail.com.

Re: Did Tippy.js add Popper2 to Jenkins core?

2023-05-24 Thread Basil Crow 
It occurs to me that the new Webpack 5 module federation feature could
be used to implement dynamic linking with Webpack builds:

https://webpack.js.org/concepts/module-federation/

Implementing the tooling for this in the Jenkins ecosystem would
likely be an ambitious project of similar scope to the one started
(but never completed) by Tom Fennelly several years back.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqpAasSLZymsn3uKAjaekUWvJzx_O5GsLLy1y123o--Mg%40mail.gmail.com.

Re: Did Tippy.js add Popper2 to Jenkins core?

2023-05-24 Thread Basil Crow 
I meant that Hafner-style JavaScript library Jenkins plugins could be
made to export a federated module instead of (or in addition to) a
Stapler adjunct. That would allow those libraries to be consumed from
other Jenkins plugins with a Webpack build (e.g., pipeline-graph-view)
but without the overhead of static linking. In other words, there
could be a third option that blends the two existing options
(consuming Hafner-style libraries via Stapler adjuncts, and static
linking with Webpack). Core would still have to hide its dependencies
from plugins.

On Wed, May 24, 2023 at 10:24 PM 'Gavin Mogan' via Jenkins Developers
 wrote:
> those that want to be able to do custom logic, should include their own 
> dependencies via a bundler.

Sure, that is the static linking approach already in use by many
plugins. But this suffers from the inefficiency problem described
above (as well as making it more difficult to roll out security
fixes).

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqwN2QZ6jnQDjoyMQfgm9Qy2rYrP98JVOV6pm4LOiinXA%40mail.gmail.com.

Re: Did Tippy.js add Popper2 to Jenkins core?

2023-05-25 Thread Basil Crow 
On Thu, May 25, 2023 at 5:24 AM Ullrich Hafner  wrote:
> Rather than reinventing the wheel we should use more of those rock-solid 
> component [sic] that are already on the market.

Indeed, and I suspect this was the fatal flaw behind Tom Fennelly's
effort several years back: his homegrown dynamic linker never reached
critical adoption. In contrast, Webpack module federation is a general
component that is already on the market and widely deployed.

> it does not make sense to create our own version of ECharts, or Bootstrap, etc

It _does_ make sense to package third-party libraries (either Java or
JavaScript) as Jenkins library plugins in order to facilitate dynamic
linking. This is a consequence of the fact that we maintain a
homegrown plugin distribution, installation, and loading system (and
it is far too late to distribute, install, and load Jenkins plugins
through some generalized method).

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqRuWnhC9XecYF%2Bpo80rrz3q5fYg_X6QR%2BEwmwP4kJRjg%40mail.gmail.com.

Re: Proposal to ensure new plugin hosting requests use Maven instead of Gradle

2023-05-25 Thread Basil Crow 
In addition to what Mark wrote, I would want to see some of our top
open-source Gradle-based Jenkins plugins (e.g., Gradle, Terraform,
Checkmarx, Jira Trigger, etc.) upgraded to use the latest
gradle-jpi-plugin toolchain, a recent LTS release as the Jenkins core
baseline, and a recent plugin Bill of Materials (BOM) and inspect the
resulting JPI that is produced to ensure it is up to parity with a JPI
produced with the maven-hpi-plugin toolchain (e.g., equivalent
manifest entries, equivalent compiler options, etc). Right now, most
of the abovementioned plugins are using an ancient Jenkins core
baseline and an ancient plugin Bill of Materials (BOM), which does not
speak to the viability of the gradle-jpi-plugin toolchain.

In general the gradle-jpi-plugin toolchain needs to be at feature
parity with the maven-hpi-plugin toolchain before we could accept new
plugin hosting requests. That means, in addition to what Mark
described, that every feature in jenkinsci/plugin-pom and
jenkinsci/maven-hpi-plugin should have an equivalent in
gradle-jpi-plugin, including Java 11/17 support for running unit
tests, integration with the latest versions of JUnit/Mockito/Hamcrest
out-of-the-box, opt-in code formatting using our project-wide Spotless
configuration, equivalents to our Maven Enforcer rules, etc. Since I
am constantly adding new features to plugin-pom/maven-hpi-plugin, this
implies a commitment to proactively follow such development and
sideport the same features to the gradle-jpi-plugin toolchain as they
are introduced.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqW5tWqrOGTzmLc5641Q%2BCm19-xzzrzB13K09j5rtzkJA%40mail.gmail.com.

Re: Prototype.js replacing JSON.stringify

2023-05-29 Thread Basil Crow 
On Mon, May 29, 2023 at 3:33 PM 'Rahul Somasunderam' via Jenkins
Developers  wrote:
> I tested out uno-choice from the spreadsheet - it doesn't depend on prototype.
> I think it's a false positive

No. Active Choices calls Prototype's Ajax.Request. It is not a false positive.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjoe71HgF69CktvzbAfGPQ-dem_-A1XrmQ2yF5EnWDY%3D-w%40mail.gmail.com.

Re: Prototype.js replacing JSON.stringify

2023-05-29 Thread Basil Crow 
On Mon, May 29, 2023 at 3:40 PM 'Rahul Somasunderam' via Jenkins
Developers  wrote:
>
> Will that be a problem?

It will be. See https://github.com/jenkinsci/stapler/pull/452.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjoGKH2RzABnxnZzmeJYYzw4O%2BHcHFebYDyRe8kLcmunpA%40mail.gmail.com.

Requesting admin access to the jenkinsci GitHub organization

2023-06-05 Thread Basil Crow 
I would like to become an organization administrator of the jenkinsci
GitHub organization. This would facilitate various efforts I am
involved with, such as repository transfers.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrowSCSU9%2B5P3zuGtHDH2sxKoy4FL9zUCUAG4WydqXdoA%40mail.gmail.com.

Re: Backporting for LTS 2.401.2 has started

2023-06-09 Thread Basil Crow 
That makes sense to me, and I think an exception is justified for
time-sensitive areas, such as EOL notifications. The feature has been
in weeklies without any reports of regression.

On Fri, Jun 9, 2023 at 8:34 AM Mark Waite  wrote:
> I would like to inform users earlier about end of life operating systems, if 
> that difference from the standard LTS backporting rules would be allowed.
>
> Specifically, we would backport:
>
> Warn when operating system end of life is approaching - 
> https://github.com/jenkinsci/jenkins/pull/7913 (Jenkins 2.407)
> Fix Fedora 38 date in operating system end of life warning - 
> https://github.com/jenkinsci/jenkins/pull/8082 (Jenkins 2.409)
>
> That would make the operating system end of life warning visible to LTS users 
> 8 weeks before it would naturally become visible.
>
> This is backporting a feature, so I am also just fine if this is rejected, 
> since it is not according to the standard backporting rules where we rarely 
> backport features to an LTS line.
>
> I would revise the blog post that announces the end of life operating system 
> warning to state that the warning is available to LTS users in 2.401.2
>
> Mark Waite

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjoEguYDuOAuw2yxJ82HnT1WOvtvDaN8-0O5XdTvwyUKuw%40mail.gmail.com.

Re: Did Tippy.js add Popper2 to Jenkins core?

2023-06-12 Thread Basil Crow 
On Wed, May 24, 2023 at 2:50 PM Ullrich Hafner  wrote:
>
> Popper is now part of the Bootstrap plugin. (So somehow in my own Jenkins UI 
> "core“ to create rich user interfaces without hassle.)

Then 
https://github.com/jenkinsci/jenkins/blob/c886642632d81091c17d93f16b50c97ffb04d146/war/pom.xml#L406-L412
needs to be adjusted.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjo8mdkqZx2AiQ9TyZeXgVzjACZcbJ9yeM0ufsYHesbxMQ%40mail.gmail.com.

Re: Drop 2.375.x support from plugin bom

2023-06-26 Thread Basil Crow 
No strong feeling one way or another from me. When we began requiring
2.361.x or newer, there was a strong technical reason; namely, it was
prohibitively difficult to support Java 11 as a first-class citizen in
the toolchain alongside Java 8. There is no similar technical
justification in this case, since the relevant changes to bring the
2.375.x BOM line up to feature parity with the 2.387.x BOM line with
regard to the plugin parent POM and test harness (i.e., the HtmlUnit
migration) could be backported if desired. So the question comes down
to whether we feel the benefit justifies the cost. If I were doing
this work myself, I would try to retain support for 2.375.x since
there is some minor inconvenience in dropping support for 2.375.x and
since I think the cost of backporting is relatively low. But since I
believe the people doing the work should make the decisions, it is not
up to me.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjoCH9orjtO1NaA94gFzF5gz7AuEKa-Kn4RNP50yBqyJYw%40mail.gmail.com.

Re: Jenkins 2.413 as next LTS baseline?

2023-07-12 Thread Basil Crow 
2.414 does have some benefits, like a Prototype fix and an
optimization to the End of Life subsystem. The only risky portion is
the Safe Restart change, but as Mark mentioned, this could always be
patched or backed out if necessary. I audited the Safe Restart change,
and it seems safe (no pun intended) to me. So my vote is for 2.414.
But I don't feel strongly either way.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjprw-o3PbFsUroNNg_STNkVeehYqodwhDLLtvxyJ-XT8g%40mail.gmail.com.

Re: Jenkins 2.413 as next LTS baseline?

2023-07-17 Thread Basil Crow 
There do not appear to be any known user-visible regressions in production
code in 2.414, but jenkinsci/jenkins#7872
 implies a change in Login
Theme (3,757 installations) which has not yet been completed (tracked in
JENKINS-71238 ) and
jenkinsci/jenkins#7942 
implies a change in Calendar View (1,866 installations) which has not yet
been completed (tracked in JENKINS-71663
). If these tasks are not
completed by the time 2.414 LTS ships, they should be documented as known
defects in the release notes.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrXi2EDDmc6qJht%3DeOmTgLsN8DYAKJOgz3nHbZWem-1JA%40mail.gmail.com.

Re: Removing inactive CERT members to reduce risk

2023-07-17 Thread Basil Crow 
On Fri, Jul 14, 2023 at 6:55 AM 'wfoll...@cloudbees.com' via Jenkins
Developers  wrote:
>
> This email is a continuation of 
> https://groups.google.com/g/jenkinsci-dev/c/8cy8w7ZqyB8/m/eZfaenQzEAAJ.

Is it a continuation if the last post to that thread remains unacknowledged?

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjoyQ7RH8zhWTVdKkK1L_oW-bdiyK4b_eNvycTWAAh0NWg%40mail.gmail.com.

Re: Did Tippy.js add Popper2 to Jenkins core?

2023-07-17 Thread Basil Crow 
On Mon, Jun 12, 2023 at 10:39 AM Basil Crow  wrote:
>
> Then
https://github.com/jenkinsci/jenkins/blob/c886642632d81091c17d93f16b50c97ffb04d146/war/pom.xml#L406-L412
> needs to be adjusted.

JENKINS-71666 <https://issues.jenkins.io/browse/JENKINS-71666> FTR

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrev6_AbRXZpgf_%3Dx6iRU%2Bwo2eAicsWY-iiUTihBBGoww%40mail.gmail.com.

Re: Did Tippy.js add Popper2 to Jenkins core?

2023-07-17 Thread Basil Crow 
On Mon, Jul 17, 2023 at 1:05 PM Ullrich Hafner  wrote:
>
> Is there a reason that we are still bundling the JUnit plugin in our war? It 
> has been removed from core quite some years ago...

AFAICT it is so that plugins whose required core is 1.577 or earlier
will continue to work if installed on a clean installation. There are
343 such plugins. Once releases are created whose required core is
1.578 or later (or the plugin(s) formally deprecated in the Update
Center) then we can stop bundling the JUnit plugin in the WAR.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpJKT58AqwWMaCNv%2BeBvVqrw%2Bhqta1A_OeYhDg9yt-Ykw%40mail.gmail.com.

Re: Did Tippy.js add Popper2 to Jenkins core?

2023-07-17 Thread Basil Crow 
On Mon, Jul 17, 2023 at 3:58 PM Basil Crow  wrote:
>
> AFAICT it is so that plugins whose required core is 1.577 or earlier
> will continue to work if installed on a clean installation. There are
> 343 such plugins. Once releases are created whose required core is
> 1.578 or later (or the plugin(s) formally deprecated in the Update
> Center) then we can stop bundling the JUnit plugin in the WAR.

I forgot to mention that not all of those 343 plugins are necessarily
actually consuming the JUnit plugin, just the older version of Jenkins
core. If it can be determined, e.g. through the usage-in-plugins tool,
that one of those old plugins is not consuming the JUnit plugin, then
that plugin can be crossed off the list.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpMOec8a1sxG2d1Sn0XNEz_qXSbZ2AYdPPeiRNgBMtcNw%40mail.gmail.com.

Re: Removing inactive CERT members to reduce risk

2023-07-18 Thread Basil Crow 
On Tue, Jul 18, 2023 at 1:05 AM 'wfoll...@cloudbees.com' via Jenkins
Developers  wrote:
> Your proposal about a more extreme approach was discussed and rejected.

But not with a valid justification.

> that discussion seemed to be sterile from my PoV

I fail to see how that discussion is sterile. Neither of the arguments
in my last post to that thread had been raised previously.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjoQwckBSX%3DuR%2B6KQihLw2erbznrbF5ccrvOiuVC8ZyEOw%40mail.gmail.com.

Re: Removing inactive CERT members to reduce risk

2023-07-18 Thread Basil Crow 
On Tue, Jul 18, 2023 at 10:56 AM 'wfoll...@cloudbees.com' via Jenkins
Developers  wrote:
>
> I prefer to have an incremental approach that provides value right now 
> instead of waiting on a larger effort that will provide value only later in 
> the future.

Why not proceed on both fronts concurrently?

> I would suggest you to start a new thread, as it's beyond the original scopes 
> of the existing ones.

The essence of my argument is that the scope of the current effort is
too limited. I suggest you expand the scope of the current effort as
described.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqieTCixwJutUJ2-PYATVwKCxgjvbBW8rKfWif04Ow6QA%40mail.gmail.com.

Re: Prototype.js replacing JSON.stringify

2023-07-18 Thread Basil Crow 
Many thanks to everyone who has contributed PRs to remove usages of
Prototype.

I did a more thorough search for usages of Prototype, this time scanning
every .jelly and .js file in the Update Center. I updated the spreadsheet

.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrFD19B877mMhRQ7yM934fUMxXdBm382ScRcY2Vu2wX5Q%40mail.gmail.com.

Re: Jenkins 2.413 as next LTS baseline?

2023-07-21 Thread Basil Crow 
On Fri, Jul 21, 2023 at 10:42 AM 'jn...@cloudbees.com' via Jenkins
Developers  wrote:
> 2.414 has a regression in the plugin manager.
> I would be -1 on this unless that is fixed (currently missing a Jenkins bug 
> but has been the cause of a lot of ATH failures)
> https://github.com/jenkinsci/acceptance-test-harness/issues/1284 for the 
> current status/investigation, I will file a Jenkins bug on Monday to track.

Thanks for starting to investigate this. As I wrote in the discussion
at jenkinsci/acceptance-test-harness#1284, I was able to definitively
implicate jenkinsci/jenkins#8025 as the cause of the ATH test failure
by widening the race window with some sleeps, and I may have been able
to chase away the ATH test failure and/or fix the bug by removing the
asynchrony from the original change.

Since jenkinsci/jenkins#8025 was the last commit in 2.414 and since
2.414 contains some other changes that we want, I would like to
propose that we keep 2.414 as the next LTS baseline but simply revert
jenkinsci/jenkins#8025 from the stable branch before shipping. (An
equally plausible alternative would be to choose 2.413 and backport
the other changes that we want.)

As far as the main branch is concerned, now that I have come up with a
way to reproduce the original problem, I would like to propose that we
give folks a limited amount of time (say, a week) to come up with a
solution and otherwise revert jenkinsci/jenkins#8025 on the main
branch as well to restore stability to the ATH test suite.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpCWAkp6nfB07z3wc9bMqaFs091tbGWyW3CVMQZm8dFmw%40mail.gmail.com.

Re: JSON license

2023-07-25 Thread Basil Crow 
Ought to be made into a library plugin I think.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrGMWc1S7GN8PNQR5qVaWe%2BmhU8V3%2Be208vbQxc4go%2Brg%40mail.gmail.com.

Re: Jenkins 2.413 as next LTS baseline?

2023-08-01 Thread Basil Crow 
On Mon, Jul 17, 2023 at 8:41 AM Basil Crow  wrote:

> There do not appear to be any known user-visible regressions in production
> code in 2.414, but jenkinsci/jenkins#7872
> <https://github.com/jenkinsci/jenkins/pull/7872> implies a change in
> Login Theme (3,757 installations) which has not yet been completed (tracked
> in JENKINS-71238 <https://issues.jenkins.io/browse/JENKINS-71238>) and
> jenkinsci/jenkins#7942 <https://github.com/jenkinsci/jenkins/pull/7942>
> implies a change in Calendar View (1,866 installations) which has not yet
> been completed (tracked in JENKINS-71663
> <https://issues.jenkins.io/browse/JENKINS-71663>). If these tasks are not
> completed by the time 2.414 LTS ships, they should be documented as known
> defects in the release notes.
>

How close are we to completing these tasks? It is not desirable to ship an
LTS release with known defects. If our users upgrade and encounter
regressions, they will lose trust in our software.

In addition to the above, jenkinsci/jenkins#7951
<https://github.com/jenkinsci/jenkins/pull/7951> implies a change in Global
Build Stats (6,641 installations) which has not yet been completed (tracked
in JENKINS-71741 <https://issues.jenkins.io/browse/JENKINS-71741>). If this
task is not completed by the time 2.414.1 LTS ships, this should be
documented as a known defect in the release notes.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrLYTJhnKSZDkX_kRiXJMAs0bKS4%2Bee01NZic8AgRFOfw%40mail.gmail.com.

Re: [ci.jenkins.io] JDK21 availability

2023-08-11 Thread Basil Crow 
Thanks! This was already very helpful as it enabled me to file JENKINS-71805
.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrM_aLAG3GSVzo_Z90ig7dWE7DvTLpJ9oPPt09ZhdmkoQ%40mail.gmail.com.

Re: [ci.jenkins.io] JDK21 availability

2023-08-11 Thread Basil Crow 
On Fri, Aug 11, 2023 at 1:11 PM Basil Crow  wrote:

> Thanks! This was already very helpful as it enabled me to file
> JENKINS-71805 <https://issues.jenkins.io/browse/JENKINS-71805>.
>

I meant JENKINS-71800 <https://issues.jenkins.io/browse/JENKINS-71800>.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrhwzH8YFzsfaUgiB76ZS_n5kzdO4ObAygdHJEjuaBDxg%40mail.gmail.com.

Re: remove j-interop and jcifs from core?

2023-09-18 Thread Basil Crow 
On Mon, Sep 18, 2023 at 4:19 AM 'jn...@cloudbees.com' via Jenkins
Developers  wrote:
>
> What do you think?

I think this is a great idea. I am doing something similar for the old XML
Pull Parser 3rd Edition libraries in jenkinsci/jenkins#8503
.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpxLtc2DFyGUWtTcBiYdirQ3btwTU1NRPcXhh8X9ZuX3w%40mail.gmail.com.

Re: Proposal: Kris Stern to join the release team

2023-10-02 Thread Basil Crow 
+1

On Mon, Oct 2, 2023 at 5:06 AM Hervé  wrote:

> FWIW, +1 from me too!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/CAE1M8%2B9yQf3YzbEPkv%3DnAEQyPFoihRJL5cWGi6myVzwqM9EzZQ%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjr3h1gnWGTSP0hfwVHd0-VWWA%3DYW_fnvQLr5VAume03Nw%40mail.gmail.com.

Re: 2.426 as Nov 15, 2023 LTS baseline?

2023-10-04 Thread Basil Crow 
+1

We'll likely need to backport the fix for JENKINS-71937.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpVnas%2BsRLfP1BPW02vCu%3DF97_My6KyVP55%2B0Mc-TH_ZQ%40mail.gmail.com.

Re: 2.426 as Nov 15, 2023 LTS baseline?

2023-10-04 Thread Basil Crow 
On Wed, Oct 4, 2023 at 11:49 AM Mark Waite  wrote:
> I think that we'll also need to backport the fix for JENKINS-72026, though a 
> fix pull request has not been submitted yet.

AFAICT the fix for JENKINS-72026 is to add jenkins-table__link to the
class list of the anchor tags in
https://github.com/jenkinsci/branch-api-plugin/blob/fe580db4ea71e6a2ce440d8d79d55d8c1c6a4b93/src/main/resources/jenkins/branch/ItemColumn/column.jelly
which would not require a core PR or backport.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjoMpW2VhtqDSLjD%3DDmy%2BOH5Uvwnn42yp%2BsWJvnytVH1ew%40mail.gmail.com.

Re: Backporting for LTS 2.414.3 has started

2023-10-18 Thread Basil Crow 
That is the ideal technique, but it might be a lot of effort for the
release team for minimal gain. In practice I think it would suffice to
simply upgrade Remoting to the regular 3160.vd76b_9ddd10cc release on
the LTS line. Yes this is pulling in a few unrelated changes, but as
long as they are shipping in weeklies I don't see a big risk here. If
the release team wants to go through the extra effort, I would not
stop them, either.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqC0yELqdQmnG%3Dn749i5Yz1gE_s8FqDCNtS4K-huB37jA%40mail.gmail.com.

Re: 2.426 as Nov 15, 2023 LTS baseline?

2023-10-18 Thread Basil Crow 
On Fri, Oct 6, 2023 at 12:56 AM Jan Meiswinkel 
wrote:
>
> I would appreciate if PR-7056 would make it into the next LTS, if that is
possible without any downsides.

One downside is that jenkinsci/jenkins#7056
 causes JENKINS-72181
.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjoCnVaRKGPa2fyrJ9uFtVAhdtRyygzgAnN5NwP-5XL8xg%40mail.gmail.com.

Re: Request to adopt AccuRev plugin (up for adoption)

2023-10-26 Thread Basil Crow 
+1, thank you for stepping up to maintain this plugin.

This plugin's build has not been updated in a long time, so you should
expect to modernize some portions of the build before being able to do
a release. See the tutorial here:

https://www.jenkins.io/doc/developer/tutorial-improve/

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjq_qi1yb-JvcZwZK8tYV5T%2BcptJT3QVjv5k_7xgiwd8xw%40mail.gmail.com.

Re: auto release form branch or manual release of multimodule project

2023-10-26 Thread Basil Crow 
On Thu, Oct 26, 2023 at 7:04 AM Jiri Vanek  wrote:
>
> I was fiddling with 
> https://github.com/jenkinsci/report-jtreg-plugin/blob/master/pom.xml#L27  
> (mostly reset to jenkinsci but it did not did the 
> job.

Just replace  with .

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpysG0nokQ31G5T9joyu9aqGXMpw%2BU60GheWPj%3DYqDPXg%40mail.gmail.com.

Re: Partially released plugin due to 403

2023-10-31 Thread Basil Crow 
Have you read the instructions at
https://www.jenkins.io/doc/developer/publishing/releasing-manually/
which include making sure your plugin uses a reasonably up-to-date
parent POM? I created
https://github.com/jenkinsci/aws-codepipeline-plugin/pull/4 to try to
help with that. That document has two other pieces of troubleshooting
advice for 403 errors. If you still have problems after going through
all of that then you can create an issue at
https://github.com/jenkins-infra/helpdesk for an Artifactory
administrator to check your permissions.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjp2PGKrDCOEpDF1GMfNqpLtvA8vMDpCPsE%2BbEbN3Ni9CQ%40mail.gmail.com.

JEP template improvements

2023-11-01 Thread Basil Crow 
Not a JEP in and of itself, but some improvements to the JEP template:

- https://github.com/jenkinsci/jep/pull/401 Improve section order and
add clarity to existing sections
- https://github.com/jenkinsci/jep/pull/402 Add work estimate section
to template
- https://github.com/jenkinsci/jep/pull/403 Add migration section to template

I also intend, as time permits, to create a fourth PR to break up the
monolithic "Reasoning" section into distinct "Evaluation" and
"Solution" sections, as well as to retroactively file a JEP for the
completed Prototype removal project.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjor6th9xjCD2zZ05u%2BptK35fAtHNKu75cFPCmYesgBxrA%40mail.gmail.com.

Re: Backporting for 2.426.1 has started

2023-11-02 Thread Basil Crow 
On Sat, Oct 28, 2023 at 9:49 PM Mark Waite  wrote:
> If there are other issues that you would like to see backported to 2.426.1, 
> please add the lts-candidate label to the issue so that it can be reviewed.

As described in JENKINS-70994, SnakeYAML plugin
1.33-95.va_b_a_e3e47b_fa_4 is still bundled in the Jenkins WAR as a
detached plugin, which trips up security scanners. I recommend this be
upgraded to the latest version.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrCFaxYhMYWexarNJCJRYNoRaQc1bX5-sMaD%3Deg0_p-4w%40mail.gmail.com.

Re: Backporting for 2.426.1 has started

2023-11-02 Thread Basil Crow 
I created https://github.com/jenkinsci/jenkins/pull/8674 to get this
into a weekly release.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrW2JmurtfbCAF83tVa11cEXFGvCbsj3Ra7OFNCA0XR5A%40mail.gmail.com.

Re: DescriptorImpl which is not public static inside the parent class

2023-11-07 Thread Basil Crow 
On Tue, Nov 7, 2023 at 7:31 AM tzach@gmail.com
 wrote:
>
> can I create a class which will function as DescriptorImpl but not reside 
> inside the parent class as public static class?

What problem are you trying to solve that leads you to this question?

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqzroXLwof3PHfqiZeiKu1%3D5fyMK4bG49tSYqQkLZJ1vQ%40mail.gmail.com.

Re: Tests are failing with Unable to inject class hudson.model.UserIdMapper after upgrading the build from java 8 to java 11

2023-11-08 Thread Basil Crow 
It looks like most of this was taken care of already in
https://github.com/jenkinsci/fortify-plugin/pull/72. I created
https://github.com/jenkinsci/fortify-plugin/pull/74 with some minor
cleanup on top of that.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrTbdOXORgS99K6b4bQvwd97z%3DF3%3D0MXzTF3vUc7kefmA%40mail.gmail.com.

Re: How to implement writing to console log in pipeline?

2023-11-20 Thread Basil Crow 
On Sun, Nov 19, 2023 at 2:50 AM tzach@gmail.com
 wrote:
> I'm developing a new plugin and I was able to write to log in FreeStyleJob  
> but it does not work in pipeline.

See 
https://www.jenkins.io/doc/developer/plugin-development/pipeline-integration/
for more information: Pipeline builds are instances of WorkflowRun and
therefore ParameterValue#createBuildWrapper(AbstractBuild) does not
apply to them. It is difficult to give a concrete suggestion without
seeing your code, but you may wish to refer to the tests in the
Pipeline plugins for examples.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjonx6X1ZFDybdmFe6DM2M7P2dY3Lvmi6-0O91rEbKS2vQ%40mail.gmail.com.

License for library plugins

2023-12-11 Thread Basil Crow 
Library plugins are inconsistently licensed: sometimes, they adopt the
license of the wrapped library, while in other cases, they follow the
MIT license as normally used by Jenkins plugins. Does anybody have a
preference as to what we should recommend?

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrSPdWJFoJpxx3YtyqKuQ7r49Cai30mfvXg1yUP2CcFQw%40mail.gmail.com.

Re: Artifactory brownout Wed 6 Dec 2023 1:00 PM UTC - 3:00 PM UTC

2023-12-11 Thread Basil Crow 
+1, I think we have done all the preparation we can for this change.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjr3%2B1WQBapy009WaAbAqjcYxE26KmfYNwQWVOhPGLxryA%40mail.gmail.com.

Re: License for library plugins

2023-12-12 Thread Basil Crow 
This is a subjective question, but I feel that when the only thing in
src/main is src/main/resources/index.jelly the wrapper should be
licensed the same way as the library being wrapped, because our own
contribution to production code is de minimis. It seems strange to use
a different license when our unique contribution is just build/test
code. In cases where our contribution to src/main is nontrivial then I
am fine with applying our own MIT license to the plugin.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqrkUMMeCyb662wYdSsBiA1YQv0npYvCUUr2dk0ufkU8A%40mail.gmail.com.

Re: License for library plugins

2023-12-12 Thread Basil Crow 
I proposed a (soft) recommendation to the documentation in
https://github.com/jenkins-infra/jenkins.io/pull/6936.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqBVmOuVpQgGM8c85Sn_Xju5tAYo7-GVCwr%3DJ7kGkYGMg%40mail.gmail.com.

Re: Banned dependencies error compiling SAML plugin PR

2023-12-12 Thread Basil Crow 
As of v6.x, pac4j requires Java 17 or newer. The Jenkins plugin
development toolchain will not accept Java 17 bytecode as long as
Jenkins core still supports Java 11. You will need to stay on v5.x of
pac4j until around fall of next year when Jenkins requires Java 17 or
newer.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjrCoZb186jw%2BOOXtF2JzBVw7X%2BUZw_LT2D0r7ngYdxeOQ%40mail.gmail.com.

Re: JSON license

2023-12-14 Thread Basil Crow 
We have also explicitly clarified that public domain dedications and
public-domain-equivalent licenses are acceptable in the project
governance document.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjoZW2uaZY-cmhZZ30N19h4SGLCu7AQMMjceJtno9UG-Uw%40mail.gmail.com.

<    1   2   3   4   >