Re: Request to be plugin co-maintainer of anchore-container-scanner-plugin

2020-03-26 Thread Oleg Nenashev 
Should be resolved now

On Tuesday, March 24, 2020 at 8:25:27 PM UTC+1, Marky Jackson wrote:
>
> This is an official request to be made a co-maintainer of the plugin 
> anchore-container-scanner-plugin 
> (https://github.com/jenkinsci/anchore-container-scanner-plugin) as part 
> of my job function.
> I have filed the following issue: 
> https://issues.jenkins-ci.org/browse/INFRA-2552
> I have opened the following PR: 
> https://github.com/jenkins-infra/repository-permissions-updater/pull/1473
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/d1576860-309f-45f9-8c05-0eea70152611%40googlegroups.com.

Re: Git plugin 5.0 require Jenkins 2.190.3

2020-03-26 Thread Tim Jacomb 
You aren’t breaking anything so I don’t know why you would need to break it.

On Thu, 26 Mar 2020 at 21:29, Mark Waite  wrote:

>
> On Thu, Mar 26, 2020 at 3:17 PM Jesse Glick  wrote:
>
>> On Thu, Mar 26, 2020 at 10:47 AM Mark Waite 
>> wrote:
>> > No breaking changes in API's in the transition from current git client
>> plugin to git client plugin 5.0.  No breaking changes in API's in the
>> transition from current git plugin to git plugin 5.0.
>>
>> So why bother bumping the major version to begin with?
>>
>>
> Good question.  I assumed (possibly incorrectly) that a change of required
> Jenkins version would best be handled by increasing the major number.
>
> Increasing the major number is also a chance to reduce the confusion
> caused when users mistakenly decide to use git plugin 3.x with git client
> plugin 3.x.
>
> Is it a general practice that we can change the minimum Jenkins version
> without updating the major number?
>
>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Jenkins Developers" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to jenkinsci-dev+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr035Sn9SKtVj9OE0JYvSYOx1oQE%3D9bg%3D6RxJYjem6N2wg%40mail.gmail.com
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/CAO49JtFjJ_HSWJxkvYJZ0Li8wWHUseFDczpBDd43wovjbQZ25w%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAH-3Biez6Z%2BREJWMgd%3Dd%3DV0UqkJkyU1eQmQbKTgE4%2B-_Y%2BpDrA%40mail.gmail.com.

Re: Git plugin 5.0 require Jenkins 2.190.3

2020-03-26 Thread Mark Waite 
On Thu, Mar 26, 2020 at 3:17 PM Jesse Glick  wrote:

> On Thu, Mar 26, 2020 at 10:47 AM Mark Waite 
> wrote:
> > No breaking changes in API's in the transition from current git client
> plugin to git client plugin 5.0.  No breaking changes in API's in the
> transition from current git plugin to git plugin 5.0.
>
> So why bother bumping the major version to begin with?
>
>
Good question.  I assumed (possibly incorrectly) that a change of required
Jenkins version would best be handled by increasing the major number.

Increasing the major number is also a chance to reduce the confusion caused
when users mistakenly decide to use git plugin 3.x with git client plugin
3.x.

Is it a general practice that we can change the minimum Jenkins version
without updating the major number?


> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr035Sn9SKtVj9OE0JYvSYOx1oQE%3D9bg%3D6RxJYjem6N2wg%40mail.gmail.com
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAO49JtFjJ_HSWJxkvYJZ0Li8wWHUseFDczpBDd43wovjbQZ25w%40mail.gmail.com.

Re: windows builds of core

2020-03-26 Thread Jesse Glick 
On Thu, Mar 26, 2020 at 2:03 PM Slide  wrote:
> Jesse was looking into this recently I believe, but I am not sure where that 
> ended up.

In failure:

https://github.com/jenkinsci/jenkins/pull/4447#issuecomment-589172726

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr32_2i%2BsmDYi-BNaSC%2BMryOzucG2n8W3WCcY-VxuBpPow%40mail.gmail.com.

Re: JSR-305

2020-03-26 Thread Jesse Glick 
The main obstacle was that the available annotations in the
`edu.umd.cs.findbugs.annotations` package were all `@Deprecated` and
told you to use `javax.annotation`, so we would be peppering the
source code with deprecation warnings. This seems to have been
resolved with

https://github.com/jenkinsci/jenkins/pull/4062

Note that JSR 305 is still pulled in as a dep of `spotbugs-annotations`, e.g.

@javax.annotation.Nonnull(when = When.MAYBE)

but perhaps you can exclude that dep without breaking any tools.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr1OVMcBdL34mmyL8Q5o2r_NJ%3DS%3DXvCdBA%3DSB17W3CUufw%40mail.gmail.com.

Re: Git plugin 5.0 require Jenkins 2.190.3

2020-03-26 Thread Jesse Glick 
On Thu, Mar 26, 2020 at 10:47 AM Mark Waite  wrote:
> No breaking changes in API's in the transition from current git client plugin 
> to git client plugin 5.0.  No breaking changes in API's in the transition 
> from current git plugin to git plugin 5.0.

So why bother bumping the major version to begin with?

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr035Sn9SKtVj9OE0JYvSYOx1oQE%3D9bg%3D6RxJYjem6N2wg%40mail.gmail.com.

Re: windows builds of core

2020-03-26 Thread Slide 
Jesse was looking into this recently I believe, but I am not sure where
that ended up. It was to get core building on the ACI agents I believe. If
there is something that needs to be fixed up on the ACI agents, I would be
happy to help get that done.

On Thu, Mar 26, 2020 at 10:19 AM James Nord  wrote:

> I'm trying to test a patch locally and well lets just say it does not look
> like Jenkins is healthy - even on master...
>
> Can we please add a windows stage back into the core CI build?
>
> If you need help with this I am happy to help out.
>
> /James
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/0e46ecbf-d3ab-428b-8c34-1cab3925512a%40googlegroups.com
> 
> .
>


-- 
Website: http://earl-of-code.com

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAPiUgVfjfPU4EbY5Yp_dtV2%2BZ9ihwj6SP%2BxwKigH40yyerwgdw%40mail.gmail.com.

windows builds of core

2020-03-26 Thread James Nord 
I'm trying to test a patch locally and well lets just say it does not look 
like Jenkins is healthy - even on master...

Can we please add a windows stage back into the core CI build?

If you need help with this I am happy to help out.

/James

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/0e46ecbf-d3ab-428b-8c34-1cab3925512a%40googlegroups.com.

Re: Plugin Adoption Request - docker-java-api-plugin

2020-03-26 Thread Oleg Nenashev 
Update here: We do not need to wait for a 2week response timeoout.
Nicolas has confirmed adoption of the most of his plugins last 
February: https://groups.google.com/d/msg/jenkinsci-dev/BLIfRisUyag/NRfv7QzdBAAJ
I reached out to him in a PM, and he confirmed that the approval in this 
message is still a case. I will mark all listed plugins for adoption.

Regarding this request, I am +1 for it.
Taking the API notion of this plugin, I suggest to wait until tomorrow 
before transferring the permissions so that more people can share their 
feedback.



On Thursday, March 26, 2020 at 3:08:28 PM UTC+1, Oleg Nenashev wrote:
>
> CCed Nicolas to follow the process
>
> On Thu, Mar 26, 2020 at 3:07 PM Marky Jackson  
> wrote:
>
>> +1 from me
>>
>> On Mar 26, 2020, at 7:05 AM, Oleg Nenashev  
>> wrote:
>>
>> Nicolas De loof has stepped down as a maintainer of all plugins in 
>> Autumn, so I do not see it as a problem
>>
>> On Tuesday, March 24, 2020 at 5:50:23 PM UTC+1, Eric Citaire wrote:
>>>
>>> Hi all,
>>>
>>> It seems that docker-java-api-plugin does not have any active maintainer
>>> anymore.
>>>
>>> I would like to become one, if possible.
>>>
>>> * Plugin repo : https://github.com/jenkinsci/docker-java-api-plugin
>>> * Pending PR : jenkinsci/docker-java-api-plugin#5
>>> * My GitHub ID : ericcitaire (https://github.com/ericcitaire)
>>> * My Jenkins infrastructure ID : ericcitaire (
>>> https://issues.jenkins-ci.org/secure/ViewProfile.jspa?name=ericcitaire)
>>>
>>> Thanks in advance.
>>>
>>> Best Regards,
>>> Eric.
>>>
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Jenkins Developers" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to jenkinsci-dev+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/jenkinsci-dev/d2c70f21-3a29-4211-a012-9b99d7810543%40googlegroups.com
>>  
>> 
>> .
>>
>>
>> -- 
>> You received this message because you are subscribed to a topic in the 
>> Google Groups "Jenkins Developers" group.
>> To unsubscribe from this topic, visit 
>> https://groups.google.com/d/topic/jenkinsci-dev/KpNOqLLW9b8/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to 
>> jenkinsci-dev+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/jenkinsci-dev/000FF93C-3C5F-46EF-ACC3-F626469C9B04%40gmail.com
>>  
>> 
>> .
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/29ad08ed-f8fe-4911-bc21-a810a203a207%40googlegroups.com.

Re: JSR-305

2020-03-26 Thread James Nord 
Seems like we already include jcip annotations in core 

 so 
I am leaning towards using jcip (the licence seems to be ok (CC-by-A and we 
list licences in the about screen)

As for the 3 Nonnegative annotations - I'm going to remove them - let's 
have some conversation in the soon to be submitted PR :)

/James

On Thursday, 26 March 2020 11:38:48 UTC, James Nord wrote:
>
> Hi all,
>
> its been on my TODO list for a while to remove JSR-305 annotations from 
> core.
>
> the reason behind this is 
> 1) the framework is deader than a dodo
> 2) the annotations have a questionable licence
> 3) the annotations are in the reserved javax namespace and there is no 
> public release of the spec (nor is there ever likely to be see point 1).
>
> The natural replacement is SpotBugs, however there are a couple of missing 
> annotations that have no mapping.
>
>
>- 
>- javax.annotation.concurrent.GuardedBy  (14 occurrences)
>- javax.annotation.concurrent.Immutable   (2 occurrences)
>- javax.annotation.Nonnegative  (3 occurrences)
>
>
> The first 2 annotations have some possible replacements in Checker 
> Framework, Error Prone, and JCIP annotations.  
> The last only appears to have a replacement in Checker Framework, or in 
> java Beans validation.
>
> The licence of JCIP annotations means we are likely not able to use it, 
> whilst there is a Clean room implementation by Stephen Connolly I recall 
> finding a bug in it the other week as it was not up to date.
>
> So there are a few possibilities, use annotations from error-prone and 
> ignore the non negative, include annotations from checker-framework.
>
> If we start using either error prone or checker framework annotations the 
> existing spotbugs tooling will not report on any violations - (they support 
> jcip only today). 
>
> So as I see it we have a few alternatives
>
> 1) do nothing (I do not think this is wise due to the points at the start 
> of this mail)
> 2) use an alternative annotation which is not checked and for 
> documentation only
> 3) use an alternative annotation and checking framework (unclear if there 
> is a replacement for findsec-bugs)
>
> What do people think?
>
> /James
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/2baf38d8-74d5-4e29-9e8e-de4393096009%40googlegroups.com.

Re: Git plugin 5.0 require Jenkins 2.190.3

2020-03-26 Thread Francisco Javier Fernandez 
After seeing the stats, I'd go for the 2.204

El jueves, 26 de marzo de 2020, 15:57:31 (UTC+1), Mark Waite escribió:
>
>
>
> On Thu, Mar 26, 2020 at 8:37 AM Robert Sandell  > wrote:
>
>> I think 2.204.x is the current favorite, but I don't think there is 
>> anything against 2.190 more than age.
>>
>>
> Thanks for that insight.  I hadn't reviewed the deployment statistics when 
> I sent my proposal for 2.190.x.
>
> Based on deployment statistics, it seems like 2.204 or 2.204.1 are a 
> better choice than 2.190.3.  Stats show:
>
>- Almost 10x more installations of git client plugin on Jenkins 
>2.204.2 than any other single release (over 40 000 installations)
>- 53% of git client plugin installations are running 3.0.0 or newer
>- Almost 10x more installations of git plugin on Jenkins 2.204.2 than 
>any other single release (over 40 000 installations)
>- 48% of git plugin installations are running 4.0.0 or newer
>
> I interpret that to mean that half the users are "staying current" with at 
> least Jenkins 2.204.  That half of users are also the most likely to update 
> to git plugin 5.0 and git client plugin 5.0.
>
> I think the proposal should be revised to base on Jenkins 2.204.1 with a 
> 1-2 month beta period (instead of 18 months).
>
> Are there significant negatives to choosing 2.204.1 instead of 2.190.3?
>
> Mark Waite
>  
>
>> /B
>>
>> On Thursday, March 26, 2020 at 2:43:45 PM UTC+1, Mark Waite wrote:
>>>
>>> The git plugin and git client plugin currently require Jenkins 2.138.4.  
>>> I chose that Jenkins version almost 18 months ago while working on the 
>>> transition from JGit 4 to JGIt 5.
>>>
>>> I think it is time to switch the minimum Jenkins version for the git 
>>> plugin and the git client plugin.  I propose that the minimum Jenkins 
>>> version for git plugin 5.0 and git client plugin 5.0 will be Jenkins 
>>> 2.190.3.
>>>
>>> We can still release versions of the git plugin and git client plugin 
>>> for Jenkins releases older than 2.190.3 by basing those releases on earlier 
>>> branches.
>>>
>>> I frequently test the git plugin and git client plugin with the current 
>>> Jenkins LTS line.  I sometimes test with the prior Jenkins LTS line.  
>>> Choosing 2.190.3 seems conservative enough to me and is much closer to what 
>>> I'm actually testing than Jenkins 2.138.4.
>>>
>>> Are there pitfalls or problems that I have not considered in making the 
>>> Jenkins version required by git plugin 5.0 be Jenkins 2.190.3?
>>>
>>> Fran and Bobby, what do you think of the idea?
>>>
>>> Thanks,
>>> Mark Waite
>>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Jenkins Developers" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to jenkin...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/jenkinsci-dev/dff7cc14-6220-4e1d-bc4d-0cb8de893c98%40googlegroups.com
>>  
>> 
>> .
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/216b5d83-1e1a-481a-b367-7aae17b2%40googlegroups.com.

Re: Git plugin 5.0 require Jenkins 2.190.3

2020-03-26 Thread Mark Waite 
On Thu, Mar 26, 2020 at 8:37 AM Robert Sandell 
wrote:

> I think 2.204.x is the current favorite, but I don't think there is
> anything against 2.190 more than age.
>
>
Thanks for that insight.  I hadn't reviewed the deployment statistics when
I sent my proposal for 2.190.x.

Based on deployment statistics, it seems like 2.204 or 2.204.1 are a better
choice than 2.190.3.  Stats show:

   - Almost 10x more installations of git client plugin on Jenkins 2.204.2
   than any other single release (over 40 000 installations)
   - 53% of git client plugin installations are running 3.0.0 or newer
   - Almost 10x more installations of git plugin on Jenkins 2.204.2 than
   any other single release (over 40 000 installations)
   - 48% of git plugin installations are running 4.0.0 or newer

I interpret that to mean that half the users are "staying current" with at
least Jenkins 2.204.  That half of users are also the most likely to update
to git plugin 5.0 and git client plugin 5.0.

I think the proposal should be revised to base on Jenkins 2.204.1 with a
1-2 month beta period (instead of 18 months).

Are there significant negatives to choosing 2.204.1 instead of 2.190.3?

Mark Waite


> /B
>
> On Thursday, March 26, 2020 at 2:43:45 PM UTC+1, Mark Waite wrote:
>>
>> The git plugin and git client plugin currently require Jenkins 2.138.4.
>> I chose that Jenkins version almost 18 months ago while working on the
>> transition from JGit 4 to JGIt 5.
>>
>> I think it is time to switch the minimum Jenkins version for the git
>> plugin and the git client plugin.  I propose that the minimum Jenkins
>> version for git plugin 5.0 and git client plugin 5.0 will be Jenkins
>> 2.190.3.
>>
>> We can still release versions of the git plugin and git client plugin for
>> Jenkins releases older than 2.190.3 by basing those releases on earlier
>> branches.
>>
>> I frequently test the git plugin and git client plugin with the current
>> Jenkins LTS line.  I sometimes test with the prior Jenkins LTS line.
>> Choosing 2.190.3 seems conservative enough to me and is much closer to what
>> I'm actually testing than Jenkins 2.138.4.
>>
>> Are there pitfalls or problems that I have not considered in making the
>> Jenkins version required by git plugin 5.0 be Jenkins 2.190.3?
>>
>> Fran and Bobby, what do you think of the idea?
>>
>> Thanks,
>> Mark Waite
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/dff7cc14-6220-4e1d-bc4d-0cb8de893c98%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAO49JtGWk7-fjL16fDkTBGjCXhQgD79uB_Qft1oggAC6TMm4_w%40mail.gmail.com.

Re: Git plugin 5.0 require Jenkins 2.190.3

2020-03-26 Thread Mark Waite 
On Thu, Mar 26, 2020 at 8:30 AM Daniel Beck wrote:

>
>
> > On 26. Mar 2020, at 14:43, Mark Waite wrote:
> >
> > Are there pitfalls or problems that I have not considered in making the
> Jenkins version required by git plugin 5.0 be Jenkins 2.190.3?
>
> 2.190.x requires the BOM (-Duse-jenkins-bom) otherwise it won't compile
> out of the box. At least that's how I solved it for matrix-auth.
>
>
If that is needed, I think that would be reasonable.  The git plugin and
git client plugin are using the plugin bom to simplify their management of
dependencies (for workflow tests among others).


> 2.190.x seems like a solid choice at the moment, and also won't have
> implied dependencies as of today. But if the beta cycle is as long as it
> was for the previous major line, I'd recommend going with a more recent
> baseline; 2.138.x was a bad choice by the time Git Plugin 4.0.0 was finally
> released: obsolete for almost a year, two implied dependencies on newest
> releases, and its update center was retired just a month later.
>
>
I don't intend to have an 18 month beta cycle ever again.  That was a bad
experience for everyone.

This beta cycle should be no more than 1-2 months because it does not
require changes from other plugins like the git client plugin 3.x change
required.  No breaking changes in API's in the transition from current git
client plugin to git client plugin 5.0.  No breaking changes in API's in
the transition from current git plugin to git plugin 5.0.


> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/3282626D-CB14-4C9E-BBAC-1C3F3E440A20%40beckweb.net
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAO49JtE6ZD0TOucWpHZC8_pYzVcKYLD7Y6uw1Vv95zU2G_qn4Q%40mail.gmail.com.

Re: Git plugin 5.0 require Jenkins 2.190.3

2020-03-26 Thread Mark Waite 
On Thu, Mar 26, 2020 at 8:18 AM James Nord  wrote:

> > Are there pitfalls or problems that I have not considered in making the
> Jenkins version required by git plugin 5.0 be Jenkins 2.190.3?
>
> did you think of potential security issues and the need to to backport to
> the 4.x line so that older (commercially supported) LTS lines can upgrade?
>
>
I think we've resolved that for older LTS lines by releasing security fixes
simultaneously on multiple branches.  For example, SECURITY-1723 was
released simultaneously in git plugin 4.2.1, git plugin 4.0.1, git plugin
3.12.2, and git plugin 3.10.0.1.  That was a lot of work, but it assured
users of those specific plugin versions that they could increment from
their current version to current version plus security fix.

That pattern can continue as needed.


> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/e3a200be-8901-4071-8398-fb6baea987e4%40googlegroups.com
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAO49JtGGwzKXsfxst1WzQwjtonPtYHJMqQu76BAxC%2BT9AGs%2BSA%40mail.gmail.com.

Re: plugin parent 4.0

2020-03-26 Thread Jeff Thompson 

+1

I don't remember if I've pushed any commits that use the beta parent, 
but I've tried it out on a variety of different plugins I've 
investigated. I've found it to work better than any of the other earlier 
versions and can't think of any issues I've encountered.


Jeff

On 3/26/20 3:20 AM, Tim Jacomb wrote:

I've been using it on a few plugins, no issues

On Thu, 26 Mar 2020 at 09:11, James Nord > wrote:


Hi Oleg et al.

is it time to move the plugin parent out of beta?

have not seen any negative feedback (or positive door that matter)
but I've been using it for numerous proprietary plugins with no issue.

/James

-- 
You received this message because you are subscribed to the Google

Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to jenkinsci-dev+unsubscr...@googlegroups.com
.
To view this discussion on the web visit

https://groups.google.com/d/msgid/jenkinsci-dev/5d4104be-2fbc-428f-8992-91b11e41344b%40googlegroups.com.

--
You received this message because you are subscribed to the Google 
Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to jenkinsci-dev+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAH-3BifrNfcECRgZ7A2fxros_vT1S0AezDr6C5HGFGPMgormdQ%40mail.gmail.com 
.


--
You received this message because you are subscribed to the Google Groups "Jenkins 
Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/545f5189-e38e-2147-d166-e6f8933916e4%40cloudbees.com.

Re: Git plugin 5.0 require Jenkins 2.190.3

2020-03-26 Thread Robert Sandell 
I think 2.204.x is the current favorite, but I don't think there is 
anything against 2.190 more than age.

/B

On Thursday, March 26, 2020 at 2:43:45 PM UTC+1, Mark Waite wrote:
>
> The git plugin and git client plugin currently require Jenkins 2.138.4.  I 
> chose that Jenkins version almost 18 months ago while working on the 
> transition from JGit 4 to JGIt 5.
>
> I think it is time to switch the minimum Jenkins version for the git 
> plugin and the git client plugin.  I propose that the minimum Jenkins 
> version for git plugin 5.0 and git client plugin 5.0 will be Jenkins 
> 2.190.3.
>
> We can still release versions of the git plugin and git client plugin for 
> Jenkins releases older than 2.190.3 by basing those releases on earlier 
> branches.
>
> I frequently test the git plugin and git client plugin with the current 
> Jenkins LTS line.  I sometimes test with the prior Jenkins LTS line.  
> Choosing 2.190.3 seems conservative enough to me and is much closer to what 
> I'm actually testing than Jenkins 2.138.4.
>
> Are there pitfalls or problems that I have not considered in making the 
> Jenkins version required by git plugin 5.0 be Jenkins 2.190.3?
>
> Fran and Bobby, what do you think of the idea?
>
> Thanks,
> Mark Waite
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/dff7cc14-6220-4e1d-bc4d-0cb8de893c98%40googlegroups.com.

Re: Git plugin 5.0 require Jenkins 2.190.3

2020-03-26 Thread Daniel Beck 



> On 26. Mar 2020, at 14:43, Mark Waite  wrote:
> 
> Are there pitfalls or problems that I have not considered in making the 
> Jenkins version required by git plugin 5.0 be Jenkins 2.190.3?

2.190.x requires the BOM (-Duse-jenkins-bom) otherwise it won't compile out of 
the box. At least that's how I solved it for matrix-auth.

2.190.x seems like a solid choice at the moment, and also won't have implied 
dependencies as of today. But if the beta cycle is as long as it was for the 
previous major line, I'd recommend going with a more recent baseline; 2.138.x 
was a bad choice by the time Git Plugin 4.0.0 was finally released: obsolete 
for almost a year, two implied dependencies on newest releases, and its update 
center was retired just a month later.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/3282626D-CB14-4C9E-BBAC-1C3F3E440A20%40beckweb.net.

Git plugin 5.0 require Jenkins 2.190.3

2020-03-26 Thread James Nord 
> Are there pitfalls or problems that I have not considered in making the 
> Jenkins version required by git plugin 5.0 be Jenkins 2.190.3?

did you think of potential security issues and the need to to backport to the 
4.x line so that older (commercially supported) LTS lines can upgrade?

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/e3a200be-8901-4071-8398-fb6baea987e4%40googlegroups.com.

Re: Plugin Adoption Request - docker-java-api-plugin

2020-03-26 Thread Oleg Nenashev 
CCed Nicolas to follow the process

On Thu, Mar 26, 2020 at 3:07 PM Marky Jackson 
wrote:

> +1 from me
>
> On Mar 26, 2020, at 7:05 AM, Oleg Nenashev  wrote:
>
> Nicolas De loof has stepped down as a maintainer of all plugins in Autumn,
> so I do not see it as a problem
>
> On Tuesday, March 24, 2020 at 5:50:23 PM UTC+1, Eric Citaire wrote:
>>
>> Hi all,
>>
>> It seems that docker-java-api-plugin does not have any active maintainer
>> anymore.
>>
>> I would like to become one, if possible.
>>
>> * Plugin repo : https://github.com/jenkinsci/docker-java-api-plugin
>> * Pending PR : jenkinsci/docker-java-api-plugin#5
>> * My GitHub ID : ericcitaire (https://github.com/ericcitaire)
>> * My Jenkins infrastructure ID : ericcitaire (
>> https://issues.jenkins-ci.org/secure/ViewProfile.jspa?name=ericcitaire)
>>
>> Thanks in advance.
>>
>> Best Regards,
>> Eric.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/d2c70f21-3a29-4211-a012-9b99d7810543%40googlegroups.com
> 
> .
>
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Jenkins Developers" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/jenkinsci-dev/KpNOqLLW9b8/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/000FF93C-3C5F-46EF-ACC3-F626469C9B04%40gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAPfivLDU8XcQixGhaSajn0qoYxrUmK6MELXoLOGDmqOK6D5v4w%40mail.gmail.com.

Re: Plugin Adoption Request - docker-java-api-plugin

2020-03-26 Thread Marky Jackson 
+1 from me

> On Mar 26, 2020, at 7:05 AM, Oleg Nenashev  wrote:
> 
> Nicolas De loof has stepped down as a maintainer of all plugins in Autumn, so 
> I do not see it as a problem
> 
> On Tuesday, March 24, 2020 at 5:50:23 PM UTC+1, Eric Citaire wrote:
> Hi all,
> 
> It seems that docker-java-api-plugin does not have any active maintainer
> anymore.
> 
> I would like to become one, if possible.
> 
> * Plugin repo : https://github.com/jenkinsci/docker-java-api-plugin 
> 
> * Pending PR : jenkinsci/docker-java-api-plugin#5
> * My GitHub ID : ericcitaire (https://github.com/ericcitaire 
> )
> * My Jenkins infrastructure ID : ericcitaire 
> (https://issues.jenkins-ci.org/secure/ViewProfile.jspa?name=ericcitaire 
> )
> 
> Thanks in advance.
> 
> Best Regards,
> Eric.
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to jenkinsci-dev+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/jenkinsci-dev/d2c70f21-3a29-4211-a012-9b99d7810543%40googlegroups.com
>  
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/000FF93C-3C5F-46EF-ACC3-F626469C9B04%40gmail.com.

Re: Plugin Adoption Request - docker-java-api-plugin

2020-03-26 Thread Oleg Nenashev 
Nicolas De loof has stepped down as a maintainer of all plugins in Autumn, 
so I do not see it as a problem

On Tuesday, March 24, 2020 at 5:50:23 PM UTC+1, Eric Citaire wrote:
>
> Hi all,
>
> It seems that docker-java-api-plugin does not have any active maintainer
> anymore.
>
> I would like to become one, if possible.
>
> * Plugin repo : https://github.com/jenkinsci/docker-java-api-plugin
> * Pending PR : jenkinsci/docker-java-api-plugin#5
> * My GitHub ID : ericcitaire (https://github.com/ericcitaire)
> * My Jenkins infrastructure ID : ericcitaire (
> https://issues.jenkins-ci.org/secure/ViewProfile.jspa?name=ericcitaire)
>
> Thanks in advance.
>
> Best Regards,
> Eric.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/d2c70f21-3a29-4211-a012-9b99d7810543%40googlegroups.com.

Git plugin 5.0 require Jenkins 2.190.3

2020-03-26 Thread Mark Waite 
The git plugin and git client plugin currently require Jenkins 2.138.4.  I 
chose that Jenkins version almost 18 months ago while working on the 
transition from JGit 4 to JGIt 5.

I think it is time to switch the minimum Jenkins version for the git plugin 
and the git client plugin.  I propose that the minimum Jenkins version for 
git plugin 5.0 and git client plugin 5.0 will be Jenkins 2.190.3.

We can still release versions of the git plugin and git client plugin for 
Jenkins releases older than 2.190.3 by basing those releases on earlier 
branches.

I frequently test the git plugin and git client plugin with the current 
Jenkins LTS line.  I sometimes test with the prior Jenkins LTS line.  
Choosing 2.190.3 seems conservative enough to me and is much closer to what 
I'm actually testing than Jenkins 2.138.4.

Are there pitfalls or problems that I have not considered in making the 
Jenkins version required by git plugin 5.0 be Jenkins 2.190.3?

Fran and Bobby, what do you think of the idea?

Thanks,
Mark Waite

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/35aace60-ecbc-4251-a539-bb3c7cb5ec9e%40googlegroups.com.

Re: Jenkins Release Automation project: Jenkins Code Signing Certificate

2020-03-26 Thread Tracy Miranda 
Super happy to hear this! Thanks Olivier

On Thu, Mar 26, 2020 at 3:26 AM Olblak  wrote:

> That really is great news, the release pipeline does LTS as well?
>
>
> It should and we want to use the release environment for every release but
> we didn't test it yet.
>
> Basically we can provide a release profile configuration, defined here
> , and it
> defines which git repository we are going to use for the release, it could
> be jenkinsci/jenkins, jenkinsci-cert/jenkins, currently it's set to
> olblak/jenkins as long as the credential can push commits to the targetted
> repository. We also specify the maven repository where we publish generated
> artifacts.
>
> During the packaging, we specify from which maven repository we want to
> fetch the war file and we generate packages as described here
> 
> .
>
> Because the release process involves pushing commits to jenkinsci/jenkins,
> we can't have both release process running on the master branch, so we now
> have to run the latest tests on my jenkins fork before switching to
> jenkinsci/jenkins
>
>
> ---
> gpg --keyserver keys.gnupg.net --recv-key 52210D3D
> ---
>
>
> On Thu, Mar 26, 2020, at 7:03 AM, Raihaan Shouhell wrote:
>
> That really is great news, the release pipeline does LTS as well?
>
> Great job, and thanks for all your efforts.
>
> Cheers,
> Raihaan
>
> On Thu, Mar 26, 2020 at 4:47 AM Jeff Thompson 
> wrote:
>
> This is great news!
> On 3/25/20 2:09 PM, Olblak wrote:
>
> Hello,
>
> I am happy to share that I received a code signing certificate for the
> Jenkins project, so the next step is to update the release environment with
> the right code signing certificate and the right gpg key, verify that they
> are in a safe location (both on Azure Key vault) and then finalize the
> publishing part.
>
> Quick reminder on the current state of this project.
>
> I deployed a specific Jenkins instance in the vpn, it's called
> release.ci.jenkins.io. This instance is configured with two jobs one to
> trigger release and a second one to trigger packaging for a specific
> release for debian,redhat,suse, msi
>
> release.ci.jenkins.io configuration is defined on jenkins-infra/charts
> 
> .
>
> I created a new repository  named "github.com/jenkins-infra/release"
> , where that repository
> contains scripts, Jenkinsfiles and pod template definition used by
> release.ci.jenkins.io
>
> Finally, I reused and adapted scripts from jenkinsci/packaging, with the
> last PR located here,  I
> wish I had the time to refactor more those scripts to reduce the dependency
> on pkg.jenkins.io but I'll probably have to take some shortcut.
>
> Today people that I consider who should be able to trigger a job from
> release.ci.jenkins.io are
> olblak, danielbeck, olivergondza, oleg_nenashev, anybody else will have
> read-only access from the vpn.
>
> Feel free to ask if you have any questions, or just suggestions.
>
> Cheers
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/0e4fac96-0039-487d-a267-f6e7df04cdc9%40www.fastmail.com
> 
> .
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/7f7b0251-f868-5789-cb2a-3a7993246fd4%40cloudbees.com
> 
> .
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/CAFoxvgxGtRW5pFaq2%3DhegXtnD%2BMyDBgDEpEMcPsgnedbM2UQgA%40mail.gmail.com
> 
> .
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe

JSR-305

2020-03-26 Thread James Nord 
Hi all,

its been on my TODO list for a while to remove JSR-305 annotations from 
core.

the reason behind this is 
1) the framework is deader than a dodo
2) the annotations have a questionable licence
3) the annotations are in the reserved javax namespace and there is no 
public release of the spec (nor is there ever likely to be see point 1).

The natural replacement is SpotBugs, however there are a couple of missing 
annotations that have no mapping.


   - 
   - javax.annotation.concurrent.GuardedBy  (14 occurrences)
   - javax.annotation.concurrent.Immutable   (2 occurrences)
   - javax.annotation.Nonnegative  (3 occurrences)


The first 2 annotations have some possible replacements in Checker 
Framework, Error Prone, and JCIP annotations.  
The last only appears to have a replacement in Checker Framework, or in 
java Beans validation.

The licence of JCIP annotations means we are likely not able to use it, 
whilst there is a Clean room implementation by Stephen Connolly I recall 
finding a bug in it the other week as it was not up to date.

So there are a few possibilities, use annotations from error-prone and 
ignore the non negative, include annotations from checker-framework.

If we start using either error prone or checker framework annotations the 
existing spotbugs tooling will not report on any violations - (they support 
jcip only today). 

So as I see it we have a few alternatives

1) do nothing (I do not think this is wise due to the points at the start 
of this mail)
2) use an alternative annotation which is not checked and for documentation 
only
3) use an alternative annotation and checking framework (unclear if there 
is a replacement for findsec-bugs)

What do people think?

/James

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/b052e461-fddc-4392-924c-0521a01c91e6%40googlegroups.com.

Re: GitHub Team Discussions in jenkinsci GH Org

2020-03-26 Thread Radosław Antoniuk 
On Thu, Mar 26, 2020 at 8:30 AM Oleg Nenashev 
wrote:

> I agree about the public vs. private notion. Team conversations are hard
> to access for GitHub org members, and they are basically inaccessible to
> external contributors and visitors. My recommendation would be to use
> public channels where it is possible, and I am -1 for GitHub Team
> Discussion as a general communication channel. Alternatives I would
> recommend:
>
>- GitHub Issues: Actually they work pretty well as a public forum.
>Ideas/proposals/questions can be labeled accordingly, and it is possible to
>configure automation around them
>- Chats: There are many Gitter channels for plugins, and this approach
>seems to be okay. Not everyone likes Gitter (me neither), but at the moment
>it looks to be the most convenient way
>
> For me the only use-case for GitHub Team Discussions is private
> communications: coordinating security fixes, resolving escalations and
> disputes, etc. I hope plugin maintainers have too much traffic of such kind.
>

I agree with Oleg's approach. GH Issues are fine for me too. My usecases
for the team discussions where e.g.:
-  "when shall we release X" - coordination
- project type work, like discussion about migrating from JIRA to GH Issues

but indeed both of those could be tracked in Issues - it just feels that's
not really the exact place for them to be but transparency sounds like a
good argument.

I am against chats as they neither have visibility or transparency. The
work in the plugins is often happening on the "when i have time level" and
then tracking multiple discussions/subjects, their goals and what was
agreed or not - in chat is impossible.

Thanks a lot for all input, that was really worth it learning about the
decision path!

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAPe2pWj8QBuh4pY4%2BFOL1Qy9o7FrSv7wjfs6mcNND5Ts68ubyw%40mail.gmail.com.

Re: GitHub issues option in HOSTING

2020-03-26 Thread Radosław Antoniuk 
I used this one: https://github.com/warden/jira-issues-importer

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAPe2pWjopjvpX%2B_oRKZ%2BW6PCsDaJj5NpUtRnj-YdJGY0t1zrdg%40mail.gmail.com.

Re: plugin patent 4.0

2020-03-26 Thread Tim Jacomb 
I've been using it on a few plugins, no issues

On Thu, 26 Mar 2020 at 09:11, James Nord  wrote:

> Hi Oleg et al.
>
> is it time to move the plugin parent out of beta?
>
> have not seen any negative feedback (or positive door that matter) but
> I've been using it for numerous proprietary plugins with no issue.
>
> /James
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/5d4104be-2fbc-428f-8992-91b11e41344b%40googlegroups.com
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAH-3BifrNfcECRgZ7A2fxros_vT1S0AezDr6C5HGFGPMgormdQ%40mail.gmail.com.

plugin patent 4.0

2020-03-26 Thread James Nord 
Hi Oleg et al.

is it time to move the plugin parent out of beta?

have not seen any negative feedback (or positive door that matter) but I've 
been using it for numerous proprietary plugins with no issue.

/James

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/5d4104be-2fbc-428f-8992-91b11e41344b%40googlegroups.com.

Re: findsecbugs in spotbugs

2020-03-26 Thread James Nord 
> James, you're talking about the plugin parent pom, right? The current PR is 
> for the Jenkins pom, which is currently at 1.55-SNAPSHOT.


yes you are completely correct, my apologies.

> Any idea when we'll move forward to the 4.0 release of the plugin pom?

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/268c03b4-7a62-42a9-8a7d-3ddb68bdb1a2%40googlegroups.com.

Re: GitHub issues option in HOSTING

2020-03-26 Thread Tim Jacomb 
That's cool Radek, was this what you used to migrate them?
https://github.com/parcelLab/jira-to-github

Or something else?

On Wed, 25 Mar 2020 at 16:27, Radek Antoniuk 
wrote:

> I would like to vote +1 for GitHub Issues.
>
> I tried migration via the API for jira plugin and the only thing that we
> would lose is the original reporter (it would be noted in the comment but
> not the issue creator) - I think that this can be lived with.
> See https://github.com/warden/jira-plugin/issues for examples (those were
> all automated via API).
>
> With the fact that we're not using fixVersion field and release
> process/board in JIRA (I don't think we need it TBH), I think that GH
> Issues would be more than enough.
> Additionally:
> - we could use GH Actions for automated label management, releases etc...
> - the users to use GH SSO only and not create special account in Jenkins
> - we lose performance problems with JIRA infra
> - we have a single and _automated_ code-to-issue linking on code-level even
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/94e85849-653a-4789-92a3-d84a7ca3e2ac%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAH-3BieGFRtA9YKg_yLPE9N06%2BW2TTLz7XJJ%2B7swmyrC65B4sw%40mail.gmail.com.

Re: GitHub Team Discussions in jenkinsci GH Org

2020-03-26 Thread Oleg Nenashev 
I agree about the public vs. private notion. Team conversations are hard to 
access for GitHub org members, and they are basically inaccessible to 
external contributors and visitors. My recommendation would be to use 
public channels where it is possible, and I am -1 for GitHub Team 
Discussion as a general communication channel. Alternatives I would 
recommend:

   - GitHub Issues: Actually they work pretty well as a public forum. 
   Ideas/proposals/questions can be labeled accordingly, and it is possible to 
   configure automation around them
   - Chats: There are many Gitter channels for plugins, and this approach 
   seems to be okay. Not everyone likes Gitter (me neither), but at the moment 
   it looks to be the most convenient way

For me the only use-case for GitHub Team Discussions is private 
communications: coordinating security fixes, resolving escalations and 
disputes, etc. I hope plugin maintainers have too much traffic of such kind.

Would be great to get more feedback from plugin maintainers

Best regards,
Oleg
 


On Thursday, March 26, 2020 at 12:45:25 AM UTC+1, slide wrote:
>
> I concur with Daniel. The conversations should be in the open.
>
> On Wed, Mar 25, 2020 at 4:17 PM Daniel Beck  > wrote:
>
>>
>>
>> > On 25. Mar 2020, at 17:34, Radek Antoniuk > > wrote:
>> > 
>> > Tim Jacomb mentioned that the reason for this is that the teams were 
>> often re-created in the past, but I think that:
>> > - if we assume that each plugin "automatically" has a long-lived team 
>> that is called "-admins" or "-maintainers" and that this one is 
>> not deleted, but only members are changing
>> > 
>> > then I would propose to re-enable GH Team Discussions and let the 
>> plugin maintainers decide if they would like to use it or not.
>>
>> Tim is mostly correct -- While it's not a regular occurrence, we delete 
>> teams whenever we feel like it (or at least I do). For example, if a plugin 
>> repo gets renamed, the names no longer match: 'old-name Developers' grants 
>> permissions to 'new-name'. If we've granted permissions in the mean time, 
>> there might even be multiple teams related to the repo: old-name 
>> Developers, and new-name Developers. Nuking and adding permissions again, 
>> if needed, is easier than manually trying to merge them.
>>
>> I've also had some fun conversations with GitHub support who cannot 
>> believe our per-repo team model. It seems the way we're using teams is 
>> _very_ unusual. I've wanted to get rid of them for quite some time, 
>> replacing them with external collaborators and some automation around it 
>> for org membership, but it looks like this never seems to make the cut.
>>
>> So when GitHub introduced team conversations and the option to disable 
>> them, I did just that -- to not unnecessarily complicate administrative 
>> actions, eliminate the potential for accidental data loss by deleting teams 
>> with conversations, and allow for an easier migration away from teams.
>>
>> Personally I would rather see discussions in issues or pull requests in 
>> the open, than in private in teams. Since there's a 1:1 relationship 
>> between repos and most teams, most notably the ones you're discussing here, 
>> what's the benefit of team conversations over GH issues or PRs?
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Jenkins Developers" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to jenkin...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/jenkinsci-dev/B2A2C585-DD52-4221-A644-D0D858F0C7F9%40beckweb.net
>> .
>>
>
>
> -- 
> Website: http://earl-of-code.com
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/e8d28a77-1a4b-4848-a05e-ebae729b5375%40googlegroups.com.

Re: Jenkins Release Automation project: Jenkins Code Signing Certificate

2020-03-26 Thread Olblak 
> That really is great news, the release pipeline does LTS as well?

It should and we want to use the release environment for every release but we 
didn't test it yet.

Basically we can provide a release profile configuration, defined here 
, and it 
defines which git repository we are going to use for the release, it could be 
jenkinsci/jenkins, jenkinsci-cert/jenkins, currently it's set to olblak/jenkins 
as long as the credential can push commits to the targetted repository. We also 
specify the maven repository where we publish generated artifacts.

During the packaging, we specify from which maven repository we want to fetch 
the war file and we generate packages as described here 
.

Because the release process involves pushing commits to jenkinsci/jenkins, we 
can't have both release process running on the master branch, so we now have to 
run the latest tests on my jenkins fork before switching to jenkinsci/jenkins 


---
gpg --keyserver keys.gnupg.net --recv-key 52210D3D
---


On Thu, Mar 26, 2020, at 7:03 AM, Raihaan Shouhell wrote:
> That really is great news, the release pipeline does LTS as well?
> 
> Great job, and thanks for all your efforts.
> 
> Cheers,
> Raihaan
> 
> On Thu, Mar 26, 2020 at 4:47 AM Jeff Thompson  wrote:
>> This is great news!

>> On 3/25/20 2:09 PM, Olblak wrote:
>>> Hello,
>>> 
>>> I am happy to share that I received a code signing certificate for the 
>>> Jenkins project, so the next step is to update the release environment with 
>>> the right code signing certificate and the right gpg key, verify that they 
>>> are in a safe location (both on Azure Key vault) and then finalize the 
>>> publishing part.
>>> 
>>> Quick reminder on the current state of this project.
>>> 
>>> I deployed a specific Jenkins instance in the vpn, it's called 
>>> release.ci.jenkins.io. This instance is configured with two jobs one to 
>>> trigger release and a second one to trigger packaging for a specific 
>>> release for debian,redhat,suse, msi
>>> 
>>> release.ci.jenkins.io configuration is defined on jenkins-infra/charts 
>>> .
>>> 
>>> I created a new repository named "github.com/jenkins-infra/release", where 
>>> that repository contains scripts, Jenkinsfiles and pod template definition 
>>> used by release.ci.jenkins.io
>>> 
>>> Finally, I reused and adapted scripts from jenkinsci/packaging, with the 
>>> last PR located here,  I 
>>> wish I had the time to refactor more those scripts to reduce the dependency 
>>> on pkg.jenkins.io but I'll probably have to take some shortcut.
>>> 
>>> Today people that I consider who should be able to trigger a job from 
>>> release.ci.jenkins.io are 
>>> olblak, danielbeck, olivergondza, oleg_nenashev, anybody else will have 
>>> read-only access from the vpn.
>>> 
>>> Feel free to ask if you have any questions, or just suggestions.
>>> 
>>> Cheers 
>>> --
>>>  You received this message because you are subscribed to the Google Groups 
>>> "Jenkins Developers" group.
>>>  To unsubscribe from this group and stop receiving emails from it, send an 
>>> email to jenkinsci-dev+unsubscr...@googlegroups.com.
>>>  To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/jenkinsci-dev/0e4fac96-0039-487d-a267-f6e7df04cdc9%40www.fastmail.com
>>>  
>>> .
>> 

>> --
>>  You received this message because you are subscribed to the Google Groups 
>> "Jenkins Developers" group.
>>  To unsubscribe from this group and stop receiving emails from it, send an 
>> email to jenkinsci-dev+unsubscr...@googlegroups.com.
>>  To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/jenkinsci-dev/7f7b0251-f868-5789-cb2a-3a7993246fd4%40cloudbees.com
>>  
>> .
> 

> --
>  You received this message because you are subscribed to the Google Groups 
> "Jenkins Developers" group.
>  To unsubscribe from this group and stop receiving emails from it, send an 
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
>  To view this discussion on the web visit 
> https://groups.google.com/d/msgid/jenkinsci-dev/CAFoxvgxGtRW5pFaq2%3DhegXtnD%2BMyDBgDEpEMcPsgnedbM2UQgA%40mail.gmail.com
>  
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it,

Re: Jenkins Release Automation project: Jenkins Code Signing Certificate

2020-03-26 Thread Raihaan Shouhell 
That really is great news, the release pipeline does LTS as well?

Great job, and thanks for all your efforts.

Cheers,
Raihaan

On Thu, Mar 26, 2020 at 4:47 AM Jeff Thompson 
wrote:

> This is great news!
> On 3/25/20 2:09 PM, Olblak wrote:
>
> Hello,
>
> I am happy to share that I received a code signing certificate for the
> Jenkins project, so the next step is to update the release environment with
> the right code signing certificate and the right gpg key, verify that they
> are in a safe location (both on Azure Key vault) and then finalize the
> publishing part.
>
> Quick reminder on the current state of this project.
>
> I deployed a specific Jenkins instance in the vpn, it's called
> release.ci.jenkins.io. This instance is configured with two jobs one to
> trigger release and a second one to trigger packaging for a specific
> release for debian,redhat,suse, msi
>
> release.ci.jenkins.io configuration is defined on jenkins-infra/charts
> 
> .
>
> I created a new repository  named "github.com/jenkins-infra/release"
> , where that repository
> contains scripts, Jenkinsfiles and pod template definition used by
> release.ci.jenkins.io
>
> Finally, I reused and adapted scripts from jenkinsci/packaging, with the
> last PR located here,  I
> wish I had the time to refactor more those scripts to reduce the dependency
> on pkg.jenkins.io but I'll probably have to take some shortcut.
>
> Today people that I consider who should be able to trigger a job from
> release.ci.jenkins.io are
> olblak, danielbeck, olivergondza, oleg_nenashev, anybody else will have
> read-only access from the vpn.
>
> Feel free to ask if you have any questions, or just suggestions.
>
> Cheers
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/0e4fac96-0039-487d-a267-f6e7df04cdc9%40www.fastmail.com
> 
> .
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/7f7b0251-f868-5789-cb2a-3a7993246fd4%40cloudbees.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFoxvgxGtRW5pFaq2%3DhegXtnD%2BMyDBgDEpEMcPsgnedbM2UQgA%40mail.gmail.com.