Skip to content

Require Jenkins 2.479.3 or newer and Jakarta EE 9 #516

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
strangelookingnerd wants to merge 11 commits into
base: master
Choose a base branch
from
Open

Require Jenkins 2.479.3 or newer and Jakarta EE 9 #516

strangelookingnerd wants to merge 11 commits into from

Conversation

@strangelookingnerd
Copy link
Contributor

@strangelookingnerd strangelookingnerd commented Apr 24, 2025

Require Jenkins 2.479.3 or newer and Jakarta EE 9

Jenkins 2.479.3 provides Jakarta EE 9, Eclipse Jetty 12, Spring Security 6, and Java 17.

  • Update plugin pom and baseline
  • Remove deprecations
  • Use Java 17 language features
  • Minor cleanup

Testing done

mvn clean verify

Submitter checklist

  • Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
  • Ensure that the pull request title represents the desired changelog entry
  • Please describe what you did
  • Link to relevant issues in GitHub or Jira
  • Link to relevant pull requests, esp. upstream and downstream changes
  • Ensure you have provided tests - that demonstrates feature works or fixes the issue

@strangelookingnerd strangelookingnerd changed the title Migrate Require Jenkins 2.479.3 or newer and Jakarta EE 9 Apr 24, 2025
@rsandell rsandell added the chore label Apr 25, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 26, 2025
View reviewed changes
src/main/java/com/sonyericsson/hudson/plugins/gerrit/trigger/GerritManagement.java

@Override
public ContextMenu doContextMenu(StaplerRequest request, StaplerResponse response) throws Exception {
public ContextMenu doContextMenu(StaplerRequest2 request, StaplerResponse2 response) throws Exception {

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing POST/RequirePOST annotation Warning

Potential CSRF vulnerability: If GerritManagement#doContextMenu connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST
src/main/java/com/sonyericsson/hudson/plugins/gerrit/trigger/diagnostics/Diagnostics.java

@Override
public ContextMenu doChildrenContextMenu(StaplerRequest request, StaplerResponse response) throws Exception {
public ContextMenu doChildrenContextMenu(StaplerRequest2 request, StaplerResponse2 response) throws Exception {

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing POST/RequirePOST annotation Warning

Potential CSRF vulnerability: If Diagnostics#doChildrenContextMenu connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST
src/main/java/com/sonyericsson/hudson/plugins/gerrit/trigger/diagnostics/Diagnostics.java

@Override
public ContextMenu doChildrenContextMenu(StaplerRequest request, StaplerResponse response) throws Exception {
public ContextMenu doChildrenContextMenu(StaplerRequest2 request, StaplerResponse2 response) throws Exception {

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing permission check Warning

Potential missing permission check in Diagnostics#doChildrenContextMenu
src/main/java/com/sonyericsson/hudson/plugins/gerrit/trigger/diagnostics/Diagnostics.java

@Override
public ContextMenu doContextMenu(StaplerRequest request, StaplerResponse response) throws Exception {
public ContextMenu doContextMenu(StaplerRequest2 request, StaplerResponse2 response) throws Exception {

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing POST/RequirePOST annotation Warning

Potential CSRF vulnerability: If Diagnostics#doContextMenu connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST
src/main/java/com/sonyericsson/hudson/plugins/gerrit/trigger/diagnostics/Diagnostics.java

@Override
public ContextMenu doContextMenu(StaplerRequest request, StaplerResponse response) throws Exception {
public ContextMenu doContextMenu(StaplerRequest2 request, StaplerResponse2 response) throws Exception {

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing permission check Warning

Potential missing permission check in Diagnostics#doContextMenu
src/main/java/com/sonyericsson/hudson/plugins/gerrit/trigger/diagnostics/Diagnostics.java
* @see #isDebugMode()
*/
public void doTriggerDebugEvent(StaplerRequest request, StaplerResponse response) throws IOException {
public void doTriggerDebugEvent(StaplerRequest2 request, StaplerResponse2 response) throws IOException {

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing POST/RequirePOST annotation Warning

Potential CSRF vulnerability: If Diagnostics#doTriggerDebugEvent connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST
src/main/java/com/sonyericsson/hudson/plugins/gerrit/trigger/diagnostics/Diagnostics.java
* @see #isDebugMode()
*/
public void doTriggerDebugEvent(StaplerRequest request, StaplerResponse response) throws IOException {
public void doTriggerDebugEvent(StaplerRequest2 request, StaplerResponse2 response) throws IOException {

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing permission check Warning

Potential missing permission check in Diagnostics#doTriggerDebugEvent
@panicking
Copy link
Contributor

panicking commented Jul 25, 2025

@strangelookingnerd I have rebased here and add one patch #518

@rsandell
Copy link
Member

rsandell commented Sep 19, 2025

Cannot invoke "hudson.ExtensionList.isEmpty()" because "strategies" is null

I've seen this error someplace before, has to do with a bad mock I think.

@rsandell
Copy link
Member

rsandell commented Sep 19, 2025

The tests that are timing out seems to all have the same symptoms, perhaps something has changed that is making the ssh mock server not working?

@strangelookingnerd
Copy link
Contributor Author

strangelookingnerd commented Sep 29, 2025

@rsandell @panicking I have pushed some workarounds for the failing tests in 65ccdc6. I could not verify all of them locally, let's see what CI has to say about it.

@rsandell
Copy link
Member

rsandell commented Sep 30, 2025

The maven proxy had a hickup, rebuilding...

@rsandell
Copy link
Member

rsandell commented Sep 30, 2025

I am getting that bouncy castle download error on another plugin build as well.

@rsandell
Copy link
Member

rsandell commented Oct 4, 2025

bc download error fixed, test timeouts still happening though.

@strangelookingnerd
Copy link
Contributor Author

strangelookingnerd commented Oct 4, 2025

bc download error fixed, test timeouts still happening though.

I'll try and look into those as well.

rsandell
rsandell reviewed Oct 20, 2025
View reviewed changes
...in/java/com/sonyericsson/hudson/plugins/gerrit/trigger/gerritnotifier/model/BuildMemory.java
*/
public synchronized Entry[] getEntries() {
return list.toArray(new Entry[list.size()]);
return list.toArray(new Entry[0]);
Copy link
Member

@rsandell rsandell Oct 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why? Has something changed in the toArray calls to nmake the empty array arg be more efficient suddenly?

Copy link
Contributor Author

@strangelookingnerd strangelookingnerd Oct 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are two styles to convert a collection to an array:

* A pre-sized array, for example, c.toArray(new String[c.size()])

* An empty array, for example, c.toArray(new String[0])

In older Java versions, using a pre-sized array was recommended, as the reflection call necessary to create an array of proper size was quite slow.

However, since late updates of OpenJDK 6, this call was intrinsified, making the performance of the empty array version the same, and sometimes even better, compared to the pre-sized version. Also, passing a pre-sized array is dangerous for a concurrent or synchronized collection as a data race is possible between the size and toArray calls. This may result in extra nulls at the end of the array if the collection was concurrently shrunk during the operation.

https://www.jetbrains.com/help/inspectopedia/ToArrayCallWithZeroLengthArrayArgument.html

Copy link
Member

@rsandell rsandell Oct 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That dated me pretty bad 🤣

@rsandell
Copy link
Member

rsandell commented Oct 21, 2025
edited
Loading

I've fixed all tests and checkstyle warnings.
The problem with the test timeouts was because mina changed how it wanted to stop the server, and in all previous versions one of the commands where just hanging forever by design, that needed to be fixed.

@rsandell rsandell requested a review from panicking October 21, 2025 00:45
@rsandell
Copy link
Member

rsandell commented Oct 21, 2025

Ugh, it's one of those "works on my machine but not on CI" test problems 🤯 .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rsandell rsandell rsandell approved these changes

@panicking panicking Awaiting requested review from panicking

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

chore dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@strangelookingnerd @panicking @rsandell