Re: GitHub issues option in HOSTING

['Gavin Mogan' via Jenkins Developers]

I know there's no consensus in this yet, it should get added to governance
i think, but I'm fixing github issue ids in release notes

https://github.com/jenkins-infra/plugin-site-api/pull/92

On Wed, Jun 24, 2020 at 8:59 AM Tim Jacomb  wrote:

>
>
> On Wed, 24 Jun 2020 at 16:17, Radosław Antoniuk 
> wrote:
>
>>
>> Since now we know we have the GH issues templates... what do you think
>> about creating a central (i.e. pre-defined and shared across all plugins),
>> how about:
>> - creating a unified GH issue template for the whole jenkinsci
>> organisation (i.e. pre-defined template)
>> - push this template via PR to all the plugin repositories (regardless of
>> whether they use Jira or GH)
>> - automatically create new plugin repositories with this template
>> - (?) create a bot that would pull all "security" labelled issues into
>> Jira security project or wherever it may be
>>
>
> I agree it would be good to create the GitHub issue templates in the
> .github repository
> https://github.com/jenkinsci/.github
>
> Not sure why we would need to create a PR to all plugin repositories as
> GitHub will automatically use the central one if there isn't one in the
> repository
>
> There's a PR to archetypes which adds all of our standard files that make
> plugin maintenance easier:
> https://github.com/jenkinsci/archetypes/pull/155
>
> Thanks
> Tim
>
>
>
>>
>> Radek
>>
>> On Tue, Jun 23, 2020 at 1:20 PM 'Olblak' via Jenkins Developers <
>> jenkinsci-dev@googlegroups.com> wrote:
>>
>>> Hi,
>>>
>>> I think this mail discussion is a proof that we won't easily find a
>>> consensus any time soon.
>>> I just want to add that we started discussing with Linux foundation
>>> infra team to see if they could maintained a managed version of Jira for
>>> us, more information in this email
>>> .
>>>
>>> So please keep discussing about Jira and/or Github Issues here and
>>> things specific to how we maintain issues.jenkins-ci.org on the other
>>> thread.
>>>
>>> Cheers
>>>
>>> On Fri, Jun 19, 2020, at 12:58 PM, Radosław Antoniuk wrote:
>>>
>>> On Fri, Jun 19, 2020 at 12:30 PM Tim Jacomb 
>>> wrote:
>>>
>>> On Fri, 19 Jun 2020 at 10:36, Daniel Beck  wrote:
>>>
>>> Having a screen like
>>> https://github.com/jenkinsci/configuration-as-code-plugin/issues/new/choose
>>> could help here, but that's far from universal right now. Is this something
>>> that could be defined via .github? Having a screen similar to this would be
>>> the bare minimum for GH issue tracking already today.
>>>
>>>
>>> Yes that is possible, I've just tested it out:
>>> https://github.com/timja-org/.github/tree/master/.github/ISSUE_TEMPLATE
>>> https://github.com/timja-org/jenkins-scripted-test/issues/new/choose
>>>
>>> (I don't have the security file in my org but it would show up if it was
>>> configured)
>>>
>>>
>>> Nice, exactly that.
>>> So, security report via a template, that auto-adds "security" label,
>>> that can be pulled into (or referenced) a central security project.
>>>
>>> https://help.github.com/en/github/building-a-strong-community/manually-creating-a-single-issue-template-for-your-repository
>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Jenkins Developers" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to jenkinsci-dev+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/jenkinsci-dev/CAPe2pWgJKcz6nmLU9fR3-tYnrcermc%3DTNK7p9Et4LSA%2BmKtUYQ%40mail.gmail.com
>>> 
>>> .
>>>
>>>
>>> --
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "Jenkins Developers" group.
>>> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/jenkinsci-dev/haFTYlhp7h8/unsubscribe.
>>> To unsubscribe from this group and all its topics, send an email to
>>> jenkinsci-dev+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/jenkinsci-dev/016c48f3-1c26-4d43-9abb-897560659eab%40www.fastmail.com
>>> 
>>> .
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Jenkins Developers" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to jenkinsci-dev+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/jenkinsci-dev/CAPe2pWi%2BTORuHK%2BUS7mVeBSWsgLf%3DzzyK9B_N5K7oxT%2BgFDkAw%40mail.gmail.com
>> 

Re: GSoC 2020 Jenkins Custom Distribution Service Update Center Persistence Discussion

[Richard Bywater]

If the update centre data isn't persisted then if the service restarts then
you are relying on external infrastructure being available in order to
serve your own infrastructure. This seems to be not the best idea so
personally I'd do a bit of both - that is, persist the results but on
service start trigger a background job to go and refresh the update centre
data. This background refresh is then what can be re-used to keep the data
up-to-date over time while the service is running.

Richard.

On Mon, 27 Jul 2020 at 09:23, martinda  wrote:

> Hi Tim,
>
> I see two use cases: an on-line community service, and behind a firewall.
> We're just not sure whether the update centre data should be 1) persistent
> when the service is stopped and restarted  (thus we need a persistent
> docker volume along with the two docker containers), or 2) downloaded every
> time it starts.
>
> For the hourly update, that can work on top of either one.
>
> Maybe I am complicating something that is simple.
>
> Martin
>
> On Thursday, July 23, 2020 at 2:36:54 PM UTC-4, Tim Jacomb wrote:
>>
>> Could you have a background job that updates it every hour?
>>
>> On Thu, 23 Jul 2020 at 19:35, Sladyn Nunes  wrote:
>>
>>> Hi all,
>>>
>>> This discussion thread pertains to the [GSoC 2020]  Custom Distribution
>>> Service Project feature implementation decision that the GsoC team would
>>> like feedback on. Basically the problem right now is that the update
>>> center.json is quite a big file and making an api call to it takes a
>>> minimum of 30 seconds, therefore we would like to know out of the below two
>>> designs which one would users prefer:
>>>
>>> a) We download the update-center.json and store it in a temporary
>>> folder, every time the service is started and thus for the entire duration
>>> of the running of the service we would be able to make use of this file. On
>>> exit or shutdown of this service the temporary folder is deleted.
>>>
>>> b) We persist the update-center.json and store it only when the service
>>> is started for the first time and on every subsequent run thereafter we
>>> would not make any api call. Instead we would provide the user with a
>>> button on the UI saying that "Hey the update center has not been updated
>>> for x amount of time would you like to pull in the latest changes"
>>>
>>> Would love to get some feedback on this thread
>>>
>>> Thanks and Cheers
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Jenkins Developers" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to jenkin...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/jenkinsci-dev/1bf950ef-edee-47c6-bbdd-a95566778891o%40googlegroups.com
>>> 
>>> .
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/f2a4ec44-30f6-4b18-a7bf-e893f5988547o%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAAy0hwctnpV-1BQr1UBrHGYTmDX_18Wfcq2KFDqD1O-dMYsXQQ%40mail.gmail.com.

Re: GSoC 2020 Jenkins Custom Distribution Service Update Center Persistence Discussion

[martinda]

Hi Tim,

I see two use cases: an on-line community service, and behind a firewall. 
We're just not sure whether the update centre data should be 1) persistent 
when the service is stopped and restarted  (thus we need a persistent 
docker volume along with the two docker containers), or 2) downloaded every 
time it starts.

For the hourly update, that can work on top of either one.

Maybe I am complicating something that is simple.

Martin

On Thursday, July 23, 2020 at 2:36:54 PM UTC-4, Tim Jacomb wrote:
>
> Could you have a background job that updates it every hour?
>
> On Thu, 23 Jul 2020 at 19:35, Sladyn Nunes  > wrote:
>
>> Hi all, 
>>
>> This discussion thread pertains to the [GSoC 2020]  Custom Distribution 
>> Service Project feature implementation decision that the GsoC team would 
>> like feedback on. Basically the problem right now is that the update 
>> center.json is quite a big file and making an api call to it takes a 
>> minimum of 30 seconds, therefore we would like to know out of the below two 
>> designs which one would users prefer:
>>
>> a) We download the update-center.json and store it in a temporary folder, 
>> every time the service is started and thus for the entire duration of the 
>> running of the service we would be able to make use of this file. On exit 
>> or shutdown of this service the temporary folder is deleted.
>>
>> b) We persist the update-center.json and store it only when the service 
>> is started for the first time and on every subsequent run thereafter we 
>> would not make any api call. Instead we would provide the user with a 
>> button on the UI saying that "Hey the update center has not been updated 
>> for x amount of time would you like to pull in the latest changes"
>>
>> Would love to get some feedback on this thread
>>
>> Thanks and Cheers
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Jenkins Developers" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to jenkin...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/jenkinsci-dev/1bf950ef-edee-47c6-bbdd-a95566778891o%40googlegroups.com
>>  
>> 
>> .
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/f2a4ec44-30f6-4b18-a7bf-e893f5988547o%40googlegroups.com.

Re: Can't update net.sourceforge.htmlunit to latest due to JDK7 enforcer

[tzach solomon]

Wow, big thanks Mark :)

I'll follow your links and advice
Again, big thanks :)

Tzach

On Sun, Jul 26, 2020 at 9:12 PM Mark Waite 
wrote:

> Usually the best technique is to accept that users who update plugins to
> newer releases are also users who update their Jenkins versions.
>
> Plugin installation statistics can help with your decision of the minimum
> Jenkins version you should support.  See
> https://stats.jenkins.io/pluginversions/bitbucket.html for the summary of
> the installation statistics of the bitbucket plugin.  My reading of it is:
>
>- Over 80% of installations of Bitbucket plugin 1.11.0 are running
>Jenkins 2.204.1 or newer
>- Over 60% of *all* installations of Bitbucket plugin are running
>Jenkins 2.204.1 or newer
>
> I chose 2.204.1 as the new basis for the git plugin and git client plugin
> on the assumption that if they are not updating Jenkins, they probably
> won't update the plugin even if I release it.  If they are updating
> Jenkins, then they will probably also update to a new version of the plugin.
>
> Choosing a new Jenkins minimum version is not a breaking change.  Users
> running older Jenkins versions won't be offered the new release.
>
> You may also find it helpful as a new plugin maintainer to enable the
> plugin BOM to help manage dependency versions and to enable Dependabot and
> Release Drafter to remove some of the "rote work" of maintaining
> dependencies.  Dependency management
> 
> is a good beginning, continuing in plugin BOM
>  ,
>  Dependabot (video ). and
> Release Drafter (video ).
>
> Mark Waite
>
> On Sun, Jul 26, 2020 at 11:53 AM tzach solomon 
> wrote:
>
>> I've found the property you talked about, java.level.
>> I've set it to 8 and now it's working fine :)
>>
>> But, I'm still afraid this is a breaking update.
>> I mean, it requires the jenkins to be with JDK 8 while Jenkins 1.6+ only
>> requires JDK 7.
>>
>> Can someone please help?
>>
>>
>> On Sun, Jul 26, 2020 at 8:47 PM 'Gavin Mogan' via Jenkins Developers <
>> jenkinsci-dev@googlegroups.com> wrote:
>>
>>> Not sure what to tell you. Check your effective pom. The compiler error
>>> says your including jdk8 compiled classes but are compiling with jdk7
>>>
>>> On Sun, Jul 26, 2020 at 10:38 AM tzach solomon 
>>> wrote:
>>>
 Gavin Mogan, Thanks for the quick response :)
 Are you referring to maven.compiler.target property? If so i've set it
 to 1.8 but still, I get the same error

 Thanks,
 Tzach

 On Sun, Jul 26, 2020 at 8:32 PM 'Gavin Mogan' via Jenkins Developers <
 jenkinsci-dev@googlegroups.com> wrote:

> Update your plugin to use jdk 8. The default pom let's you set that by
> using a java.level property
>
> Recommended just updating the base plugin pom which does most things
> for you.
>
> On Sun., Jul. 26, 2020, 10:24 a.m. tzach@gmail.com, <
> tzach.solo...@gmail.com> wrote:
>
>> Hi All,
>>
>> According to GitHub Advisory Database, I should update
>> *net.sourceforge.htmlunit* to at least* 2.37.0* in order to fix
>> *CVE-2020-5529*.
>>
>> My problem is once I do that and run mvn compile, maven enforcer
>> blocks due to:
>>
>> *[INFO] Restricted to JDK 1.7 yet
>> net.sourceforge.htmlunit:neko-htmlunit:jar:2.42.0:compile contains
>> net/sourceforge/htmlunit/cyberneko/filters/DefaultFilter.class targeted 
>> to
>> JDK 1.8*
>> Should I fix the security issue? If so, how should I proceed?
>>
>> Thanks,
>> Tzach
>>
>> --
>> You received this message because you are subscribed to the Google
>> Groups "Jenkins Developers" group.
>> To unsubscribe from this group and stop receiving emails from it,
>> send an email to jenkinsci-dev+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/jenkinsci-dev/f5938e1c-77c3-4852-a7fd-5712771a016an%40googlegroups.com
>> 
>> .
>>
> --
> You received this message because you are subscribed to the Google
> Groups "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/CAG%3D_DuvicoasLWB8HLRUmOcSbEk8CmK6SHrn6%2B_u21_3iZUiPQ%40mail.gmail.com
> 
> .
>
 --
 You received this message 

Jenkins Plugin Development: Help for a new bee developer.

[Tapas Mishra]

All, 

I am a new bee in Plugin development area and started with a simple plugin 
development with an intention to print a message in Console log of jobs. 
The requirement is to configure the plugin in the Global Configuration and 
if the "globalEnabled" is check then it should print the configured message 
in the console log of the all jobs. I have the code in my Github 
repository for your kind 
review. 

Currently I am testing the plugin on FreeStyle jobs and able to print the 
message if the plugin is enabled. But I am not getting how to force it even 
though it's not enabled in the job configuration level. 

Please let me know if anything unclear in my question. 

Sorry I don't l don't know the process/ standards of the group. Please help 
me. 

Regards,
- Tapas

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/a4d7565b-bb7a-4a07-ba6c-bbfb9015b5c3o%40googlegroups.com.

Re: Can't update net.sourceforge.htmlunit to latest due to JDK7 enforcer

[Mark Waite]

Usually the best technique is to accept that users who update plugins to
newer releases are also users who update their Jenkins versions.

Plugin installation statistics can help with your decision of the minimum
Jenkins version you should support.  See
https://stats.jenkins.io/pluginversions/bitbucket.html for the summary of
the installation statistics of the bitbucket plugin.  My reading of it is:

   - Over 80% of installations of Bitbucket plugin 1.11.0 are running
   Jenkins 2.204.1 or newer
   - Over 60% of *all* installations of Bitbucket plugin are running
   Jenkins 2.204.1 or newer

I chose 2.204.1 as the new basis for the git plugin and git client plugin
on the assumption that if they are not updating Jenkins, they probably
won't update the plugin even if I release it.  If they are updating
Jenkins, then they will probably also update to a new version of the plugin.

Choosing a new Jenkins minimum version is not a breaking change.  Users
running older Jenkins versions won't be offered the new release.

You may also find it helpful as a new plugin maintainer to enable the
plugin BOM to help manage dependency versions and to enable Dependabot and
Release Drafter to remove some of the "rote work" of maintaining
dependencies.  Dependency management

is a good beginning, continuing in plugin BOM
 ,
 Dependabot (video ). and
Release Drafter (video ).

Mark Waite

On Sun, Jul 26, 2020 at 11:53 AM tzach solomon 
wrote:

> I've found the property you talked about, java.level.
> I've set it to 8 and now it's working fine :)
>
> But, I'm still afraid this is a breaking update.
> I mean, it requires the jenkins to be with JDK 8 while Jenkins 1.6+ only
> requires JDK 7.
>
> Can someone please help?
>
>
> On Sun, Jul 26, 2020 at 8:47 PM 'Gavin Mogan' via Jenkins Developers <
> jenkinsci-dev@googlegroups.com> wrote:
>
>> Not sure what to tell you. Check your effective pom. The compiler error
>> says your including jdk8 compiled classes but are compiling with jdk7
>>
>> On Sun, Jul 26, 2020 at 10:38 AM tzach solomon 
>> wrote:
>>
>>> Gavin Mogan, Thanks for the quick response :)
>>> Are you referring to maven.compiler.target property? If so i've set it
>>> to 1.8 but still, I get the same error
>>>
>>> Thanks,
>>> Tzach
>>>
>>> On Sun, Jul 26, 2020 at 8:32 PM 'Gavin Mogan' via Jenkins Developers <
>>> jenkinsci-dev@googlegroups.com> wrote:
>>>
 Update your plugin to use jdk 8. The default pom let's you set that by
 using a java.level property

 Recommended just updating the base plugin pom which does most things
 for you.

 On Sun., Jul. 26, 2020, 10:24 a.m. tzach@gmail.com, <
 tzach.solo...@gmail.com> wrote:

> Hi All,
>
> According to GitHub Advisory Database, I should update
> *net.sourceforge.htmlunit* to at least* 2.37.0* in order to fix
> *CVE-2020-5529*.
>
> My problem is once I do that and run mvn compile, maven enforcer
> blocks due to:
>
> *[INFO] Restricted to JDK 1.7 yet
> net.sourceforge.htmlunit:neko-htmlunit:jar:2.42.0:compile contains
> net/sourceforge/htmlunit/cyberneko/filters/DefaultFilter.class targeted to
> JDK 1.8*
> Should I fix the security issue? If so, how should I proceed?
>
> Thanks,
> Tzach
>
> --
> You received this message because you are subscribed to the Google
> Groups "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/f5938e1c-77c3-4852-a7fd-5712771a016an%40googlegroups.com
> 
> .
>
 --
 You received this message because you are subscribed to the Google
 Groups "Jenkins Developers" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to jenkinsci-dev+unsubscr...@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/jenkinsci-dev/CAG%3D_DuvicoasLWB8HLRUmOcSbEk8CmK6SHrn6%2B_u21_3iZUiPQ%40mail.gmail.com
 
 .

>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Jenkins Developers" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to jenkinsci-dev+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> 

Re: Can't update net.sourceforge.htmlunit to latest due to JDK7 enforcer

[tzach solomon]

I've found the property you talked about, java.level.
I've set it to 8 and now it's working fine :)

But, I'm still afraid this is a breaking update.
I mean, it requires the jenkins to be with JDK 8 while Jenkins 1.6+ only
requires JDK 7.

Can someone please help?


On Sun, Jul 26, 2020 at 8:47 PM 'Gavin Mogan' via Jenkins Developers <
jenkinsci-dev@googlegroups.com> wrote:

> Not sure what to tell you. Check your effective pom. The compiler error
> says your including jdk8 compiled classes but are compiling with jdk7
>
> On Sun, Jul 26, 2020 at 10:38 AM tzach solomon 
> wrote:
>
>> Gavin Mogan, Thanks for the quick response :)
>> Are you referring to maven.compiler.target property? If so i've set it to
>> 1.8 but still, I get the same error
>>
>> Thanks,
>> Tzach
>>
>> On Sun, Jul 26, 2020 at 8:32 PM 'Gavin Mogan' via Jenkins Developers <
>> jenkinsci-dev@googlegroups.com> wrote:
>>
>>> Update your plugin to use jdk 8. The default pom let's you set that by
>>> using a java.level property
>>>
>>> Recommended just updating the base plugin pom which does most things for
>>> you.
>>>
>>> On Sun., Jul. 26, 2020, 10:24 a.m. tzach@gmail.com, <
>>> tzach.solo...@gmail.com> wrote:
>>>
 Hi All,

 According to GitHub Advisory Database, I should update
 *net.sourceforge.htmlunit* to at least* 2.37.0* in order to fix
 *CVE-2020-5529*.

 My problem is once I do that and run mvn compile, maven enforcer blocks
 due to:

 *[INFO] Restricted to JDK 1.7 yet
 net.sourceforge.htmlunit:neko-htmlunit:jar:2.42.0:compile contains
 net/sourceforge/htmlunit/cyberneko/filters/DefaultFilter.class targeted to
 JDK 1.8*
 Should I fix the security issue? If so, how should I proceed?

 Thanks,
 Tzach

 --
 You received this message because you are subscribed to the Google
 Groups "Jenkins Developers" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to jenkinsci-dev+unsubscr...@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/jenkinsci-dev/f5938e1c-77c3-4852-a7fd-5712771a016an%40googlegroups.com
 
 .

>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Jenkins Developers" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to jenkinsci-dev+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/jenkinsci-dev/CAG%3D_DuvicoasLWB8HLRUmOcSbEk8CmK6SHrn6%2B_u21_3iZUiPQ%40mail.gmail.com
>>> 
>>> .
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Jenkins Developers" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to jenkinsci-dev+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/jenkinsci-dev/CAC19wgLr%2B2Tz0HH_bk2t2fE6OoX%3Dia89-722L5270n4rdJ8p6g%40mail.gmail.com
>> 
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/CAG%3D_DuuoEVBKpXhXEe8H0%2BWB2FOYJtu%2BMZ6v8c7CmOe7cuFqJA%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAC19wg%2BxuKCL6bgFaMy3OZL%3D5kkEeRZ68WS336h%3DCNziycgZYQ%40mail.gmail.com.

Re: Can't update net.sourceforge.htmlunit to latest due to JDK7 enforcer

['Gavin Mogan' via Jenkins Developers]

Not sure what to tell you. Check your effective pom. The compiler error
says your including jdk8 compiled classes but are compiling with jdk7

On Sun, Jul 26, 2020 at 10:38 AM tzach solomon 
wrote:

> Gavin Mogan, Thanks for the quick response :)
> Are you referring to maven.compiler.target property? If so i've set it to
> 1.8 but still, I get the same error
>
> Thanks,
> Tzach
>
> On Sun, Jul 26, 2020 at 8:32 PM 'Gavin Mogan' via Jenkins Developers <
> jenkinsci-dev@googlegroups.com> wrote:
>
>> Update your plugin to use jdk 8. The default pom let's you set that by
>> using a java.level property
>>
>> Recommended just updating the base plugin pom which does most things for
>> you.
>>
>> On Sun., Jul. 26, 2020, 10:24 a.m. tzach@gmail.com, <
>> tzach.solo...@gmail.com> wrote:
>>
>>> Hi All,
>>>
>>> According to GitHub Advisory Database, I should update
>>> *net.sourceforge.htmlunit* to at least* 2.37.0* in order to fix
>>> *CVE-2020-5529*.
>>>
>>> My problem is once I do that and run mvn compile, maven enforcer blocks
>>> due to:
>>>
>>> *[INFO] Restricted to JDK 1.7 yet
>>> net.sourceforge.htmlunit:neko-htmlunit:jar:2.42.0:compile contains
>>> net/sourceforge/htmlunit/cyberneko/filters/DefaultFilter.class targeted to
>>> JDK 1.8*
>>> Should I fix the security issue? If so, how should I proceed?
>>>
>>> Thanks,
>>> Tzach
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Jenkins Developers" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to jenkinsci-dev+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/jenkinsci-dev/f5938e1c-77c3-4852-a7fd-5712771a016an%40googlegroups.com
>>> 
>>> .
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Jenkins Developers" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to jenkinsci-dev+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/jenkinsci-dev/CAG%3D_DuvicoasLWB8HLRUmOcSbEk8CmK6SHrn6%2B_u21_3iZUiPQ%40mail.gmail.com
>> 
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/CAC19wgLr%2B2Tz0HH_bk2t2fE6OoX%3Dia89-722L5270n4rdJ8p6g%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAG%3D_DuuoEVBKpXhXEe8H0%2BWB2FOYJtu%2BMZ6v8c7CmOe7cuFqJA%40mail.gmail.com.

Re: LTS next week to change repo signing keys

[Mark Waite]

https://github.com/jenkins-infra/jenkins.io/pull/3563 is the pull request
that combines the blog post, the Jenkins 2.235.3 changelog, and the Jenkins
2.235.3 upgrade guide.

I'd love to have more suggestions for "Frequently Asked Questions" that
could be answered in the blog post.

On Thu, Jul 23, 2020 at 12:41 PM Mark Waite 
wrote:

>
>
> On Thu, Jul 23, 2020 at 12:51 AM Oliver Gondža  wrote:
>
>> I like the idea of dry-running the release procedure with no fixes
>> included. Also, thanks Mark and Olivier for working around you schedules
>> to get this implemented sooner rather than later.
>>
>> Do I understand correctly that you suggest to otherwise continue with
>> 2.235 line as it was planned, 2.235.4 RC on 29th of July and 2.235.4
>> Release on 12th of August?
>>
>>
> Yes, that's what I intended.  Sorry that I didn't state it directly.  I
> think a 2.235.4 RC on July 29 and a 2.235.4 release on August 12 is exactly
> the right thing to do.
>
>
>> Are there any objections to Mark's proposal?
>>
>> On 22/07/2020 22.16, Vlad Silverman wrote:
>> > Thank you Mark for issuing this proposal and clarifying the steps.
>> > +1 from me as well.
>> >
>> > Please don’t hesitate to ask if any help is needed.
>> >
>> > Thx, Vlad
>> >
>> >> On Jul 22, 2020, at 12:58 PM, Tim Jacomb > >> > wrote:
>> >>
>> >> +1 would be great to do one release while Olivier is around.
>> >>
>> >> Would be good to have at least one user facing change in it, but I
>> >> guess not required.
>> >>
>> >> Thanks
>> >> Tim
>> >>
>> >> On Wed, 22 Jul 2020 at 20:29, Mark Waite > >> > wrote:
>> >>
>> >> The core release automation process has been used to deliver
>> >> weekly releases since mid-April.  It was used to deliver the
>> >> weekly security release recently.  We are ready to deliver the
>> >> Long Term Support (LTS) releases with core release automation.
>> >>
>> >> Olivier Vernin has been the lead implementer of core release
>> >> automation work.  He'll be unavailable in August.  We'd like to
>> >> deliver an LTS next week, while he is still available.  We'll use
>> >> that delivery to train others and verify the release process
>> >> documentation.  We'll then run future core releases entirely from
>> >> the core release automation.
>> >>
>> >> *Proposal:*
>> >>
>> >> Create Jenkins 2.235.3 LTS release the week of July 27 using core
>> >> release automation.  We'll use the current tip of the stable-2.235
>> >> branch.  build the same code as was used for Jenkins 2.235.2 with
>> >> a single .  The changes between 2.235.2 and 2.235.3 would be:
>> >>
>> >>   * Increment the version number from 2.235.2 to 2.235.3
>> >>   * Use the new repository signing key for the Debian/Ubuntu, Red
>> >> Hat/CentOS, and OpenSUSE repositories
>> >>   * Use acceptance test harness version as committed on the
>> >> stable-2.235 branch
>> >>
>> >> We've been using the new repository signing keys with weekly
>> >> builds for the last several months.  It is now time to switch to
>> >> the new repository signing keys for the long term support releases.
>> >>
>> >> *Proposed steps:*
>> >>
>> >>   * Oliver Gondza approve the plan (as release officer)
>> >>   * Mark Waite prepare a blog post announcing the change of
>> >> repository signing keys and the steps administrators must take
>> >> to install the new repository keys
>> >>   * Mark Waite prepare the changelog and upgrade guide for Jenkins
>> >> 2.235.3 with instructions for administrators to install the
>> >> new repository keys
>> >>   * Olivier Vernin and Mark Waite generate the 2.235.3 LTS build
>> >> July 27, 28, or 29 using the core release automation based on
>> >> the current contents of the stable-2.235 branch
>> >>
>> >> Comments, concerns, questions?
>> >>
>> >> Thanks,
>> >> Mark Waite
>> >>
>> >> --
>> >> You received this message because you are subscribed to the Google
>> >> Groups "Jenkins Developers" group.
>> >> To unsubscribe from this group and stop receiving emails from it,
>> >> send an email to jenkinsci-dev+unsubscr...@googlegroups.com
>> >> .
>> >> To view this discussion on the web visit
>> >>
>> https://groups.google.com/d/msgid/jenkinsci-dev/53818c9b-b9b6-462a-9dcf-9a320fed192en%40googlegroups.com
>> >> <
>> https://groups.google.com/d/msgid/jenkinsci-dev/53818c9b-b9b6-462a-9dcf-9a320fed192en%40googlegroups.com?utm_medium=email_source=footer
>> >.
>> >>
>> >>
>> >> --
>> >> You received this message because you are subscribed to the Google
>> >> Groups "Jenkins Developers" group.
>> >> To unsubscribe from this group and stop receiving emails from it, send
>> >> an email to jenkinsci-dev+unsubscr...@googlegroups.com
>> >> 

Re: Can't update net.sourceforge.htmlunit to latest due to JDK7 enforcer

[tzach solomon]

Gavin Mogan, Thanks for the quick response :)
Are you referring to maven.compiler.target property? If so i've set it to
1.8 but still, I get the same error

Thanks,
Tzach

On Sun, Jul 26, 2020 at 8:32 PM 'Gavin Mogan' via Jenkins Developers <
jenkinsci-dev@googlegroups.com> wrote:

> Update your plugin to use jdk 8. The default pom let's you set that by
> using a java.level property
>
> Recommended just updating the base plugin pom which does most things for
> you.
>
> On Sun., Jul. 26, 2020, 10:24 a.m. tzach@gmail.com, <
> tzach.solo...@gmail.com> wrote:
>
>> Hi All,
>>
>> According to GitHub Advisory Database, I should update
>> *net.sourceforge.htmlunit* to at least* 2.37.0* in order to fix
>> *CVE-2020-5529*.
>>
>> My problem is once I do that and run mvn compile, maven enforcer blocks
>> due to:
>>
>> *[INFO] Restricted to JDK 1.7 yet
>> net.sourceforge.htmlunit:neko-htmlunit:jar:2.42.0:compile contains
>> net/sourceforge/htmlunit/cyberneko/filters/DefaultFilter.class targeted to
>> JDK 1.8*
>> Should I fix the security issue? If so, how should I proceed?
>>
>> Thanks,
>> Tzach
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Jenkins Developers" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to jenkinsci-dev+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/jenkinsci-dev/f5938e1c-77c3-4852-a7fd-5712771a016an%40googlegroups.com
>> 
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/CAG%3D_DuvicoasLWB8HLRUmOcSbEk8CmK6SHrn6%2B_u21_3iZUiPQ%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAC19wgLr%2B2Tz0HH_bk2t2fE6OoX%3Dia89-722L5270n4rdJ8p6g%40mail.gmail.com.

Re: Can't update net.sourceforge.htmlunit to latest due to JDK7 enforcer

['Gavin Mogan' via Jenkins Developers]

Update your plugin to use jdk 8. The default pom let's you set that by
using a java.level property

Recommended just updating the base plugin pom which does most things for
you.

On Sun., Jul. 26, 2020, 10:24 a.m. tzach@gmail.com, <
tzach.solo...@gmail.com> wrote:

> Hi All,
>
> According to GitHub Advisory Database, I should update
> *net.sourceforge.htmlunit* to at least* 2.37.0* in order to fix
> *CVE-2020-5529*.
>
> My problem is once I do that and run mvn compile, maven enforcer blocks
> due to:
>
> *[INFO] Restricted to JDK 1.7 yet
> net.sourceforge.htmlunit:neko-htmlunit:jar:2.42.0:compile contains
> net/sourceforge/htmlunit/cyberneko/filters/DefaultFilter.class targeted to
> JDK 1.8*
> Should I fix the security issue? If so, how should I proceed?
>
> Thanks,
> Tzach
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/f5938e1c-77c3-4852-a7fd-5712771a016an%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAG%3D_DuvicoasLWB8HLRUmOcSbEk8CmK6SHrn6%2B_u21_3iZUiPQ%40mail.gmail.com.

Can't update net.sourceforge.htmlunit to latest due to JDK7 enforcer

[tzach....@gmail.com]

Hi All,

According to GitHub Advisory Database, I should update 
*net.sourceforge.htmlunit* to at least* 2.37.0* in order to fix 
*CVE-2020-5529*.

My problem is once I do that and run mvn compile, maven enforcer blocks due 
to:

*[INFO] Restricted to JDK 1.7 yet 
net.sourceforge.htmlunit:neko-htmlunit:jar:2.42.0:compile contains 
net/sourceforge/htmlunit/cyberneko/filters/DefaultFilter.class targeted to 
JDK 1.8*
Should I fix the security issue? If so, how should I proceed?

Thanks,
Tzach

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/f5938e1c-77c3-4852-a7fd-5712771a016an%40googlegroups.com.

build blocker disable queue scan feature not working

[AbS]

In Queue.java, just after bulildables are assigned executors(and state is 
changed to pending) using Mapping.execute(WorkUnitContext), I tried to see 
if nodes start executing buildable right away by adding:
executor.getCurrentWorkUnit().work.getOwnerTask()

Not surprisingly in latest releases, the assigned executor prints the job 
that was just assigned by adding above line, but in earlier releases(e.g. 
1.580.1), no executor used to show this buildable task.(all printed null 
with above cmd).
What has changed here?

This feature is actually used in build blocker plugin to block builds and 
ignore queued job(if disabled queue checking), but due to this change, now 
even if queue is disabled, the queue is being checked.
Any help here please?

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/9e8c3eaa-3d99-4d7f-b7e9-4efc58ea15fcn%40googlegroups.com.

Re: Adding to project based security, and where to store data?

[Michael Carter]

Managed to find my own answers.   So posting here for completeness for 
anyone searching.

Seems to add entries to the security area you just need these somewhere.

import hudson.security.Permission;
import hudson.security.PermissionGroup;
import hudson.security.PermissionScope;
import hudson.Extension;
import jenkins.model.Jenkins;
import org.jenkinsci.Symbol;

@Extension
@Symbol("myPermissions")
public class MyPermissions  {


public static final PermissionGroup PERMISSION_GROUP =
new PermissionGroup(MyPermissions.class,  
Messages._PermissionGroup_Title());


public static final Permission MANUAL_SYNC_PERMISSION =
new Permission(PERMISSION_GROUP, 
   "ManualSync",
   Messages._PermissionManualSync_Description(), 
   Jenkins.ADMINISTER,
   PermissionScope.JENKINS);


public static final Permission UPLOAD_MAP_PERMISSION =
new Permission(PERMISSION_GROUP, 
   "UploadMap",
   Messages._PermissionUploadMap_Description(), 
   Jenkins.ADMINISTER,
   PermissionScope.JENKINS);


}


As for storing arbitrary data, this is doing my trick:

https://plugins.jenkins.io/database-sqlite/

import org.jenkinsci.plugins.database.Database;
import org.jenkinsci.plugins.database.GlobalDatabaseConfiguration;
import org.jenkinsci.plugins.database.BasicDataSource2;
import javax.sql.DataSource;


import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.ResultSetMetaData;
import java.sql.PreparedStatement;
import java.sql.Statement;
import java.sql.SQLException;


...


  private GlobalDatabaseConfiguration globalDatabaseConfiguration;
  private Database database;
  private DataSource datasource;


...


  this.globalDatabaseConfiguration = GlobalDatabaseConfiguration.get();
  this.database   = this.globalDatabaseConfiguration.getDatabase();
  this.datasource = this.database.getDataSource();
  CreateTables();




On Saturday, July 25, 2020 at 11:18:49 AM UTC-4, Michael Carter wrote:
>
> Two questions this morning.
>
> Want to add my own options to the:
>  Project-based Matrix Authorization Strategy
>
> area of the Global Security Screen.   Where do I find a clear example on 
> how to do that or the documentation?
>
> Also, I want to store data with Jenkins that's not tied to a job/build.  
> What's the best way to go about it or just bounce out to some DB?   This is 
> rolling in a few ideas, but one is system test data.  No point running the 
> deploy if all the target servers are offline or have problems.   Basically 
> want to offer a screen in the admin area where someone could look to see if 
> anything in their path is offline. 
>
> Thanks,
> Michael
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/e9188523-0d1e-48ca-af98-cd476e026a5co%40googlegroups.com.