Re: File Leak Detector

2022-02-28 Thread Tim Jacomb 
+1

On Tue, 1 Mar 2022 at 01:26, Mark Waite  wrote:

>
>
> On Monday, February 28, 2022 at 6:13:52 PM UTC-7 Basil Crow wrote:
>
>> kohsuke/file-leak-detector has not seen commits since 2018. There are
>> a number of open PRs that need to be processed and released, including
>> important PRs to add Java 11 support (see JENKINS-52308).
>>
>> We recently moved mock-javamail from Kohsuke's GitHub organization to
>> the Jenkins GitHub organization. In the process, I also modernized the
>> library and transferred release permissions to the core team.
>>
>> I would like to propose we do the same for kohsuke/file-leak-detector.
>> I am willing to do the modernization work, just as I did for
>> mock-javamail.
>>
>> Please let me know what you think. If there is consensus in favor of
>> this plan, I will open a GitHub issue and ping Kohsuke.
>
>
> +1 from me.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/72ca6c90-018e-414c-9f3e-c84eddbdd466n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAH-3BifNNeBWAVpaWxBAism1W7b%2BT4jG5YEzwJ3cyo72LWMh5A%40mail.gmail.com.

Flaky tests in Support Core CI

2022-02-28 Thread 'Allan Burdajewicz' via Jenkins Developers 
Hello Team,

There is some kind of flaky test in the Support Core project:

* 
https://github.com/jenkinsci/support-core-plugin/blob/support-core-2.81/src/test/java/com/cloudbees/jenkins/support/actions/SupportAbstractItemActionTest.java#L42-L44
* 
https://ci.jenkins.io/blue/organizations/jenkins/Plugins%2Fsupport-core-plugin/detail/master/250/tests/

The build sometimes - but not always and not locally of course :) - fails 
with the exception:

java.lang.RuntimeException: Could not retrieve XPath 
>//input[lower-case(@type)='radio' and @name='tab-group-164609608']< on 
HtmlPage(http://localhost:35383/jenkins/)@2134068100
at 
com.gargoylesoftware.htmlunit.html.xpath.XPathHelper.getByXPath(XPathHelper.java:93)
at com.gargoylesoftware.htmlunit.html.DomNode.getByXPath(DomNode.java:1585)
at 
com.gargoylesoftware.htmlunit.html.HtmlRadioButtonInput.setCheckedForPage(HtmlRadioButtonInput.java:181)
at 
com.gargoylesoftware.htmlunit.html.HtmlRadioButtonInput.setChecked(HtmlRadioButtonInput.java:139)
at 
com.gargoylesoftware.htmlunit.html.HtmlRadioButtonInput.onAddedToPage(HtmlRadioButtonInput.java:279)
at 
com.gargoylesoftware.htmlunit.html.HtmlPage.notifyNodeAdded(HtmlPage.java:1771)
at 
com.gargoylesoftware.htmlunit.html.DomNode.fireAddition(DomNode.java:1061)
at com.gargoylesoftware.htmlunit.html.DomNode.appendChild(DomNode.java:956)
at 
com.gargoylesoftware.htmlunit.html.parser.neko.HtmlUnitNekoDOMBuilder.addNodeToRightParent(HtmlUnitNekoDOMBuilder.java:473)
at 
com.gargoylesoftware.htmlunit.html.parser.neko.HtmlUnitNekoDOMBuilder.startElement(HtmlUnitNekoDOMBuilder.java:357)
at org.apache.xerces.parsers.AbstractSAXParser.startElement(Unknown Source)
at 
com.gargoylesoftware.htmlunit.html.parser.neko.HtmlUnitNekoDOMBuilder.startElement(HtmlUnitNekoDOMBuilder.java:289)
at org.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement(Unknown 
Source)
at 
net.sourceforge.htmlunit.cyberneko.HTMLTagBalancer.startElement(HTMLTagBalancer.java:812)
at 
net.sourceforge.htmlunit.cyberneko.filters.DefaultFilter.startElement(DefaultFilter.java:140)
at 
net.sourceforge.htmlunit.cyberneko.filters.NamespaceBinder.startElement(NamespaceBinder.java:278)
at 
net.sourceforge.htmlunit.cyberneko.HTMLScanner$ContentScanner.scanStartElement(HTMLScanner.java:2811)
at 
net.sourceforge.htmlunit.cyberneko.HTMLScanner$ContentScanner.scan(HTMLScanner.java:2131)
at 
net.sourceforge.htmlunit.cyberneko.HTMLScanner.scanDocument(HTMLScanner.java:937)
at 
net.sourceforge.htmlunit.cyberneko.HTMLConfiguration.parse(HTMLConfiguration.java:443)
at 
net.sourceforge.htmlunit.cyberneko.HTMLConfiguration.parse(HTMLConfiguration.java:394)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at 
com.gargoylesoftware.htmlunit.html.parser.neko.HtmlUnitNekoDOMBuilder.parse(HtmlUnitNekoDOMBuilder.java:758)
at 
com.gargoylesoftware.htmlunit.html.parser.neko.HtmlUnitNekoHtmlParser.parse(HtmlUnitNekoHtmlParser.java:204)
at 
com.gargoylesoftware.htmlunit.DefaultPageCreator.createHtmlPage(DefaultPageCreator.java:298)
at 
com.gargoylesoftware.htmlunit.DefaultPageCreator.createPage(DefaultPageCreator.java:218)
at 
org.jvnet.hudson.test.HudsonPageCreator.createPage(HudsonPageCreator.java:54)
at 
com.gargoylesoftware.htmlunit.WebClient.loadWebResponseInto(WebClient.java:686)
at 
com.gargoylesoftware.htmlunit.WebClient.loadDownloadedResponses(WebClient.java:2528)
at 
com.gargoylesoftware.htmlunit.html.HtmlFormUtil.submit(HtmlFormUtil.java:82)
at org.jvnet.hudson.test.JenkinsRule$WebClient.login(JenkinsRule.java:2451)
at org.jvnet.hudson.test.JenkinsRule$WebClient.login(JenkinsRule.java:2318)
at org.jvnet.hudson.test.JenkinsRule$WebClient.login(JenkinsRule.java:2463)
at 
com.cloudbees.jenkins.support.SupportTestUtils.testPermissionToSeeAction(SupportTestUtils.java:267)
at 
com.cloudbees.jenkins.support.actions.SupportAbstractItemActionTest.onlyAdminCanSeeAction(SupportAbstractItemActionTest.java:42)

So it fails on wc.login 
.
 
I am not sure if this is caused by the way the test is written ? Maybe 
because I am passing a JenkinsRule around in those methods ? Any hints or 
advice would be appreciated.

Thanks in advance!

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/119f7db0-b3de-4310-b1aa-65a0cf827794n%40googlegroups.com.

Re: File Leak Detector

2022-02-28 Thread Mark Waite 


On Monday, February 28, 2022 at 6:13:52 PM UTC-7 Basil Crow wrote:

> kohsuke/file-leak-detector has not seen commits since 2018. There are 
> a number of open PRs that need to be processed and released, including 
> important PRs to add Java 11 support (see JENKINS-52308). 
>
> We recently moved mock-javamail from Kohsuke's GitHub organization to 
> the Jenkins GitHub organization. In the process, I also modernized the 
> library and transferred release permissions to the core team. 
>
> I would like to propose we do the same for kohsuke/file-leak-detector. 
> I am willing to do the modernization work, just as I did for 
> mock-javamail. 
>
> Please let me know what you think. If there is consensus in favor of 
> this plan, I will open a GitHub issue and ping Kohsuke.


+1 from me. 

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/72ca6c90-018e-414c-9f3e-c84eddbdd466n%40googlegroups.com.

File Leak Detector

2022-02-28 Thread Basil Crow 
kohsuke/file-leak-detector has not seen commits since 2018. There are
a number of open PRs that need to be processed and released, including
important PRs to add Java 11 support (see JENKINS-52308).

We recently moved mock-javamail from Kohsuke's GitHub organization to
the Jenkins GitHub organization. In the process, I also modernized the
library and transferred release permissions to the core team.

I would like to propose we do the same for kohsuke/file-leak-detector.
I am willing to do the modernization work, just as I did for
mock-javamail.

Please let me know what you think. If there is consensus in favor of
this plan, I will open a GitHub issue and ping Kohsuke.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjoBM7TRH_0kAroNsc-LB4sBgPDJnEFT42ZsJi7UqGc59Q%40mail.gmail.com.

Re: Governance meeting Feb 23, 2022

2022-02-28 Thread 'Gavin Mogan' via Jenkins Developers 
> With that in mind, How about the second part just being a counter, roughly 
> but not exactly corresponding to week-of-year?

Yea that's more or less what we talked about, 23.01 -> 23.99. 23.52
would be approximate end of year, but not absolutely end of the year.
The nice win is for when doing support with people, you don't have to
do drastic math to figure out how old something is, 22.30 is mid this
year, we don't need to know what week 30 is, so gives us wiggle room
to have re-releases and CI failures and stuff.

On Mon, Feb 28, 2022 at 3:53 PM 'Daniel Beck' via Jenkins Developers
 wrote:
>
>
>
> On Thu, Feb 24, 2022 at 11:27 PM 'Gavin Mogan' via Jenkins Developers 
>  wrote:
>>
>> > Or format as a date, like 2022.02.23, so we can issue up to one release a 
>> > day. Or drop MRP and use CD versions…
>>
>> how would lts work? 2022.02.23.1? I think that'll confuse a lot of
>> version parsers.
>
>
>
> Re versions, please keep the current model of 2 section weeklies and 3 
> section LTS. I expect quite some stuff to break otherwise.
>
> With that in mind, How about the second part just being a counter, roughly 
> but not exactly corresponding to week-of-year?
>
> 23.1 is the first weekly release of 2023, followed by 23.2, 23.3, … , through 
> 23.55 or so, and then 24.1.
>
> LTS might be 23.8.x, then 23.20.x, 23.34.x, etc.
>
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/jenkinsci-dev/CAMo7PtKbTgZYH8BSy8-08USp_afn3_3hEcH4mQ_%3Dxea%3DAh7xrQ%40mail.gmail.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAG%3D_Dusiwk44kHsrgNzUD3nd4K5LhW-n1_D2Ek_SXv7Wf-TDHg%40mail.gmail.com.

Re: Governance meeting Feb 23, 2022

2022-02-28 Thread 'Daniel Beck' via Jenkins Developers 
On Thu, Feb 24, 2022 at 11:27 PM 'Gavin Mogan' via Jenkins Developers <
jenkinsci-dev@googlegroups.com> wrote:

> > Or format as a date, like 2022.02.23, so we can issue up to one release
> a day. Or drop MRP and use CD versions…
>
> how would lts work? 2022.02.23.1? I think that'll confuse a lot of
> version parsers.
>


Re versions, please keep the current model of 2 section weeklies and 3
section LTS. I expect quite some stuff to break otherwise.

With that in mind, How about the second part just being a counter, roughly
but not exactly corresponding to week-of-year?

23.1 is the first weekly release of 2023, followed by 23.2, 23.3, … ,
through 23.55 or so, and then 24.1.

LTS might be 23.8.x, then 23.20.x, 23.34.x, etc.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAMo7PtKbTgZYH8BSy8-08USp_afn3_3hEcH4mQ_%3Dxea%3DAh7xrQ%40mail.gmail.com.

Re: Jenkins 2.332.1 LTS RC testing started

2022-02-28 Thread 'Daniel Beck' via Jenkins Developers 
On Fri, Feb 25, 2022 at 2:19 PM Tim Jacomb  wrote:

> It'll be update center dynamic update sites most likely.
>

Correct:


$ curl -IL https://updates.jenkins.io/update-center.json?version=2.332.1
HTTP/1.1 302 Found
Date: Mon, 28 Feb 2022 23:45:56 GMT
Server: Apache/2.4.29 (Ubuntu)
Location:
https://updates.jenkins.io/dynamic-stable-2.319.3/update-center.json
Content-Type: text/html; charset=iso-8859-1

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAMo7PtKX97B_S8--GcqfXVsvbNM2tzyjWEgENtZaZLSZjOxGvg%40mail.gmail.com.

Re: Jenkins Security Scan now generally available

2022-02-28 Thread 'Daniel Beck' via Jenkins Developers 
On Mon, Feb 28, 2022 at 8:00 PM Basil Crow  wrote:

> After upgrading a dozen or so plugins to Security Scan v2, the Jenkins
> Security Scan workflow on the main branch failed with:
>
> Called workflows cannot be queued onto self-hosted runners across
> organisations/enterprises. Failed to queue this job. Labels:
> 'ubuntu-latest'.
>

Interesting, I haven't seen this during development and that includes repos
in jenkinsci.

Some searching indicates you're being rate-limited:
https://github.community/t/called-workflows-cannot-be-queued-onto-self-hosted-runners-across-organisations-enterprises-failed-to-queue-this-job-labels-ubuntu-latest/229355/10
(which got a GH team response, they seem to be looking into this).

If you pushed out the changes to the YAML files in quick succession, that
might explain it? It looks like you were particularly active around 18:10.

Looks like I'll need to look into adding this to the pipeline library
sooner rather than later :-)

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAMo7PtLzWF16%3DODcY%2Bds4zNWojCeceyXAGWGVRYNtQmgxZEyYQ%40mail.gmail.com.

Re: Jenkins 2.332.1 LTS RC testing started

2022-02-28 Thread 'Cathy Chan' via Jenkins Developers 
Hi everyone,

Please note that a new RC is now available at 
https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/main/jenkins-war/2.332.1-rc32022.8a_f94228cfb_c/jenkins-war-2.332.1-rc32022.8a_f94228cfb_c.war.

Thanks.

- Cathy.


On Friday, February 25, 2022 at 4:30:45 PM UTC-5 Mark Waite wrote:

> On Friday, February 25, 2022 at 6:19:30 AM UTC-7 Tim Jacomb wrote:
>
>> It'll be update center dynamic update sites most likely.
>> We've had similar issues before from what I remember with RCs
>>
>>
> Thanks.  I've confirmed that support core plugin 2.81 loads into 
> 2.332.1-rc correctly 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/7bb9eef3-7fb8-4522-b830-0f2b71076f8an%40googlegroups.com.

Re: Jenkins Security Scan now generally available

2022-02-28 Thread Basil Crow 
After upgrading a dozen or so plugins to Security Scan v2, the Jenkins
Security Scan workflow on the main branch failed with:

Called workflows cannot be queued onto self-hosted runners across
organisations/enterprises. Failed to queue this job. Labels:
'ubuntu-latest'.

List of example plugins below:

https://github.com/jenkinsci/database-sqlite-plugin
https://github.com/jenkinsci/email-ext-plugin
https://github.com/jenkinsci/emailext-template-plugin
https://github.com/jenkinsci/exclusion-plugin
https://github.com/jenkinsci/git-bisect-plugin
https://github.com/jenkinsci/gitlab-oauth-plugin
https://github.com/jenkinsci/http-request-plugin
https://github.com/jenkinsci/jakarta-activation-api-plugin
https://github.com/jenkinsci/jakarta-mail-api-plugin
https://github.com/jenkinsci/javax-activation-api-plugin

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpwnUSLQaqZ%3DvSME_vhjFucEbGk0xcytB9NfHk2aJKn%3Dw%40mail.gmail.com.

Re: Jenkins Security Advisories - UX Improvement Suggestions

2022-02-28 Thread 'FredG' via Jenkins Developers 
Sorry to resurrect this thread from the dead. 
More than one year later, the security advisories still suffer from the 
same issues.

Especially security advisories for a large number of plugins like 
https://www.jenkins.io/security/advisory/2022-02-15/ are hard to read, when 
the severity is only mentioned in a list at end.

Hopefully the format/structure of the security advisories can be improved 
in the near future. TIA

Regards,

Fred

On Thursday, January 14, 2021 at 8:00:15 PM UTC+1 FredG wrote:

> Thanks Daniel!
>
> I think I'll wait for the human-readable version. :D
>
> On Thursday, January 14, 2021 at 7:55:55 PM UTC+1 Daniel Beck wrote:
>
>>
>>
>> > On 14. Jan 2021, at 17:58, 'FredG' via Jenkins Developers <
>> jenkin...@googlegroups.com> wrote:
>> > 
>> > I'd suggest to add the severity to each issue's description to avoid 
>> the scrolling. If there is no added value in the separate severity section, 
>> than maybe getting rid of it entirely makes sense as well.
>>
>> Thanks for the feedback, I'll do that. I'm pretty sure I even have some 
>> work in progress for this somewhere, and then I wanted to move 
>> affected/fixed components too, but that ended up being more difficult, and 
>> I didn't do either in the end... Time to restart this!
>>
>> (Meanwhile, as a workaround, you could view the page source. Unlike most 
>> jenkins.io stuff, the page is basically generated from front matter 
>> (metadata) using the page template. So if you can read YAML somewhat well, 
>> that is already grouped like you expect.)
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/a1b288ab-1dd4-4dea-992e-395d08065131n%40googlegroups.com.

Digital Ocean Kubernetes cluster added to ci.jenkins.io

2022-02-28 Thread 'Herve Le Meur' via Jenkins Developers 
Hello fellow contributors!

About 10 days ago a Digital Ocean Kubernetes cluster has been added to the
available agents for ci.jenkins.io build jobs. (More details here:
jenkins-infra/helpdesk#2651
)

For the more curious, you can check on which kubernetes cluster your jobs
are running by consulting the full console output in Jenkins UI.
In the first lines of the logs there should be a section describing the pod
created. We've added the cluster name in its metadata labels, ex:

ci.jenkins.io/job/Core/job/jenkins/job/PR-6317/1/consoleFull

17:35:20  Agent jnlp-maven-11-bh99z is provisioned from template jnlp-maven-11
17:35:20  ---
17:35:20  apiVersion: "v1"
17:35:20  kind: "Pod"
17:35:20  metadata:
17:35:20labels:
17:35:20  jenkins: "slave"
17:35:20  jenkins/label-digest: "25a08295458738d4af47a3e71f274bebae57766b"
17:35:20  jenkins/label: "container_kubernetes_doks_maven-11_jdk11"
17:35:20name: "jnlp-maven-11-bh99z"

We can see here "doks" in "jenkins/label", meaning this job is running on
Digital Ocean.
If it were running on AWS, it would have been "cik8s" instead.

The specs of this cluster nodes are similar to the existing ones on AWS,
there shouldn't be any major changes, except decreasing our AWS billing
notes.

Have you seen or felt a difference in your builds in terms of execution
time or error rates since?

Please don't hesitate to let us know if you encountered any problem or if
you have any remark and/or question.

Kind regards,

Hervé Le Meur for the Jenkins Infra Team

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAL-LwjzcMP980iUe4XLLZzbbg9J1KzhSbdpaTTf-px80bwz_gA%40mail.gmail.com.

Re: Jenkins Security Scan now generally available

2022-02-28 Thread 'Daniel Beck' via Jenkins Developers 
On Fri, Feb 25, 2022 at 11:49 AM Daniel Beck  wrote:

>
> It looks like GitHub's action can do what I cannot because it uses an
> undocumented API.
>
>
> I'll update this thread once it works, meanwhile you can watch
> https://github.com/jenkins-infra/jenkins-security-scan/issues/3
>

I've updated the workflow to properly work with pull requests from forks.

The result with the now used GH action to upload the scan result differs
from the scan result upload API's, so I've decided to increase the version
of the workflow to v2. v1 still works as before, but you need v2 for full
PR support.
https://github.com/jenkins-infra/jenkins-security-scan/releases/tag/v2

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAMo7PtLRqSqf6s-9ddmY00gzyhu8-iarZZtLrKPeTAtRip6Grw%40mail.gmail.com.