Merge branch 'revamp-dropdowns' into revamp-dropdowns-2

janfaracik · Feb 29, 2024 · 02fd059 · 02fd059
2 parents 2799eab + 7e48e13
commit 02fd059
Show file tree

Hide file tree

Showing 199 changed files with 4,030 additions and 2,676 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -58,7 +58,7 @@ updates:
         versions: [">=7.0.0"]
   - package-ecosystem: "maven"
     directory: "/"
-    target-branch: "stable-2.426"
+    target-branch: "stable-2.440"
     labels:
       - "into-lts"
       - "needs-justification"

diff --git a/.github/workflows/announce-lts-rc.yml b/.github/workflows/announce-lts-rc.yml
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Post on Discourse
-        uses: roots/discourse-topic-github-release-action@fc9e50fa1a1ce6255ba4d03f104382845b79ad5f # v1.0.0
+        uses: roots/discourse-topic-github-release-action@c30dc233349b7c6f24f52fb1c659cc64f13b5474 # v1.0.1
         with:
           discourse-api-key: ${{ secrets.DISCOURSE_RELEASES_API_KEY }}
           discourse-base-url: https://community.jenkins.io/

diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml
@@ -24,7 +24,7 @@ jobs:
       # Drafts your next Release notes as Pull Requests are merged into "master"
       - name: Generate GitHub Release Draft
         id: release-drafter
-        uses: release-drafter/release-drafter@v5
+        uses: release-drafter/release-drafter@v6
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       # Generates a YAML changelog file using https://github.com/jenkinsci/jenkins-core-changelog-generator

diff --git a/.mvn/extensions.xml b/.mvn/extensions.xml
@@ -1,4 +1,4 @@
-<extensions xmlns="http://maven.apache.org/EXTENSIONS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/EXTENSIONS/1.0.0 http://maven.apache.org/xsd/core-extensions-1.0.0.xsd">
+<extensions xmlns="http://maven.apache.org/EXTENSIONS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/EXTENSIONS/1.0.0 https://maven.apache.org/xsd/core-extensions-1.0.0.xsd">
   <extension>
     <groupId>io.jenkins.tools.incrementals</groupId>
     <artifactId>git-changelist-maven-extension</artifactId>

diff --git a/.mvn/jvm.config b/.mvn/jvm.config
@@ -1 +1 @@
--Xmx1100m
+-Xmx1400m
diff --git a/bom/pom.xml b/bom/pom.xml
@@ -39,8 +39,8 @@ THE SOFTWARE.
 
   <properties>
     <asm.version>9.6</asm.version>
-    <slf4jVersion>2.0.10</slf4jVersion>
-    <stapler.version>1822.v120278426e1c</stapler.version>
+    <slf4jVersion>2.0.12</slf4jVersion>
+    <stapler.version>1839.ved17667b_a_eb_5</stapler.version>
     <groovy.version>2.4.21</groovy.version>
   </properties>
 
@@ -56,15 +56,15 @@ THE SOFTWARE.
       <dependency>
         <groupId>org.springframework</groupId>
         <artifactId>spring-framework-bom</artifactId>
-        <version>5.3.31</version>
+        <version>5.3.32</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
       <dependency>
         <!-- https://docs.spring.io/spring-security/site/docs/5.5.4/reference/html5/#getting-maven-no-boot -->
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-bom</artifactId>
-        <version>5.8.9</version>
+        <version>5.8.10</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
@@ -113,7 +113,7 @@ THE SOFTWARE.
       <dependency>
         <groupId>commons-codec</groupId>
         <artifactId>commons-codec</artifactId>
-        <version>1.16.0</version>
+        <version>1.16.1</version>
       </dependency>
       <dependency>
         <groupId>commons-collections</groupId>
@@ -188,7 +188,7 @@ THE SOFTWARE.
       <dependency>
         <groupId>org.apache.commons</groupId>
         <artifactId>commons-compress</artifactId>
-        <version>1.25.0</version>
+        <version>1.26.0</version>
       </dependency>
       <dependency>
         <groupId>org.codehaus.groovy</groupId>

diff --git a/cli/pom.xml b/cli/pom.xml
@@ -65,7 +65,7 @@
     <dependency>
       <groupId>org.glassfish.tyrus.bundles</groupId>
       <artifactId>tyrus-standalone-client-jdk</artifactId>
-      <version>2.1.4</version>
+      <version>2.1.5</version>
       <optional>true</optional>
     </dependency>
     <dependency>
@@ -119,7 +119,7 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-shade-plugin</artifactId>
-        <version>3.5.1</version>
+        <version>3.5.2</version>
         <executions>
           <execution>
             <goals>

diff --git a/cli/src/main/java/hudson/cli/CLI.java b/cli/src/main/java/hudson/cli/CLI.java
@@ -58,14 +58,13 @@
 import java.util.logging.Handler;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSession;
 import javax.net.ssl.TrustManager;
 import org.apache.commons.lang.StringUtils;
 import org.glassfish.tyrus.client.ClientManager;
 import org.glassfish.tyrus.client.ClientProperties;
+import org.glassfish.tyrus.client.SslEngineConfigurator;
 import org.glassfish.tyrus.container.jdk.client.JdkClientContainer;
 
 /**
@@ -134,6 +133,7 @@ public static int _main(String[] _args) throws Exception {
         String tokenEnv = System.getenv("JENKINS_API_TOKEN");
 
         boolean strictHostKey = false;
+        boolean noCertificateCheck = false;
 
         while (!args.isEmpty()) {
             String head = args.get(0);
@@ -179,17 +179,7 @@ public static int _main(String[] _args) throws Exception {
             }
             if (head.equals("-noCertificateCheck")) {
                 LOGGER.info("Skipping HTTPS certificate checks altogether. Note that this is not secure at all.");
-                SSLContext context = SSLContext.getInstance("TLS");
-                context.init(null, new TrustManager[]{new NoCheckTrustManager()}, new SecureRandom());
-                HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
-                // bypass host name check, too.
-                HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
-                    @Override
-                    @SuppressFBWarnings(value = "WEAK_HOSTNAME_VERIFIER", justification = "User set parameter to skip verifier.")
-                    public boolean verify(String s, SSLSession sslSession) {
-                        return true;
-                    }
-                });
+                noCertificateCheck = true;
                 args = args.subList(1, args.size());
                 continue;
             }
@@ -305,7 +295,7 @@ public boolean verify(String s, SSLSession sslSession) {
             LOGGER.warning("Warning: -user ignored unless using -ssh");
         }
 
-        CLIConnectionFactory factory = new CLIConnectionFactory();
+        CLIConnectionFactory factory = new CLIConnectionFactory().noCertificateCheck(noCertificateCheck);
         String userInfo = new URL(url).getUserInfo();
         if (userInfo != null) {
             factory = factory.basicAuth(userInfo);
@@ -361,6 +351,13 @@ public void beforeRequest(Map<String, List<String>> headers) {
 
         ClientManager client = ClientManager.createClient(JdkClientContainer.class.getName()); // ~ ContainerProvider.getWebSocketContainer()
         client.getProperties().put(ClientProperties.REDIRECT_ENABLED, true); // https://tyrus-project.github.io/documentation/1.13.1/index/tyrus-proprietary-config.html#d0e1775
+        if (factory.noCertificateCheck) {
+            SSLContext sslContext = SSLContext.getInstance("TLS");
+            sslContext.init(null, new TrustManager[] {new NoCheckTrustManager()}, new SecureRandom());
+            SslEngineConfigurator sslEngineConfigurator = new SslEngineConfigurator(sslContext);
+            sslEngineConfigurator.setHostnameVerifier((s, sslSession) -> true);
+            client.getProperties().put(ClientProperties.SSL_ENGINE_CONFIGURATOR, sslEngineConfigurator);
+        }
         Session session = client.connectToServer(new CLIEndpoint(), ClientEndpointConfig.Builder.create().configurator(new Authenticator()).build(), URI.create(url.replaceFirst("^http", "ws") + "cli/ws"));
         PlainCLIProtocol.Output out = new PlainCLIProtocol.Output() {
             @Override
@@ -386,8 +383,15 @@ public void close() throws IOException {
         }
     }
 
-    private static int plainHttpConnection(String url, List<String> args, CLIConnectionFactory factory) throws IOException, InterruptedException {
+    private static int plainHttpConnection(String url, List<String> args, CLIConnectionFactory factory)
+            throws GeneralSecurityException, IOException, InterruptedException {
         LOGGER.log(FINE, "Trying to connect to {0} via plain protocol over HTTP", url);
+        if (factory.noCertificateCheck) {
+            SSLContext sslContext = SSLContext.getInstance("TLS");
+            sslContext.init(null, new TrustManager[] {new NoCheckTrustManager()}, new SecureRandom());
+            HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
+            HttpsURLConnection.setDefaultHostnameVerifier((s, sslSession) -> true);
+        }
         FullDuplexHttpStream streams = new FullDuplexHttpStream(new URL(url), "cli?remoting=false", factory.authorization);
         try (ClientSideImpl connection = new ClientSideImpl(new PlainCLIProtocol.FramedOutput(streams.getOutputStream()))) {
             connection.start(args);

diff --git a/cli/src/main/java/hudson/cli/CLIConnectionFactory.java b/cli/src/main/java/hudson/cli/CLIConnectionFactory.java
@@ -10,6 +10,7 @@
  */
 public class CLIConnectionFactory {
     String authorization;
+    boolean noCertificateCheck;
 
     /**
      * For CLI connection that goes through HTTP, sometimes you need
@@ -21,6 +22,16 @@ public CLIConnectionFactory authorization(String value) {
         return this;
     }
 
+    /**
+     * Skip TLS certificate and hostname verification checks.
+     *
+     * @since TODO
+     */
+    public CLIConnectionFactory noCertificateCheck(boolean value) {
+        this.noCertificateCheck = value;
+        return this;
+    }
+
     /**
      * Convenience method to call {@link #authorization} with the HTTP basic authentication.
      * Currently unused.

diff --git a/core/src/main/java/hudson/ExtensionList.java b/core/src/main/java/hudson/ExtensionList.java
@@ -468,7 +468,7 @@ public static <T> ExtensionList<T> create(Jenkins jenkins, Class<T> type) {
      * @return the singleton instance of the given type in its list.
      * @throws IllegalStateException if there are no instances
      *
-     * @since TODO
+     * @since 2.435
      */
     public static @NonNull <U> U lookupFirst(Class<U> type) {
         var all = lookup(type);

diff --git a/core/src/main/java/hudson/FilePath.java b/core/src/main/java/hudson/FilePath.java
@@ -483,7 +483,6 @@ public int zip(OutputStream out, DirScanner scanner) throws IOException, Interru
      * @return The number of files/directories archived.
      *          This is only really useful to check for a situation where nothing
      */
-    @Restricted(NoExternalUse.class)
     public int zip(OutputStream out, DirScanner scanner, String verificationRoot, String prefix, OpenOption... openOptions) throws IOException, InterruptedException {
         ArchiverFactory archiverFactory = prefix == null ? ArchiverFactory.ZIP : ArchiverFactory.createZipWithPrefix(prefix, openOptions);
         return archive(archiverFactory, out, scanner, verificationRoot, openOptions);
@@ -515,7 +514,6 @@ public int archive(final ArchiverFactory factory, OutputStream os, final DirScan
      * @return The number of files/directories archived.
      *          This is only really useful to check for a situation where nothing
      */
-    @Restricted(NoExternalUse.class)
     public int archive(final ArchiverFactory factory, OutputStream os, final DirScanner scanner,
                        String verificationRoot, OpenOption... openOptions) throws IOException, InterruptedException {
         final OutputStream out = channel != null ? new RemoteOutputStream(os) : os;
@@ -762,7 +760,6 @@ public String invoke(File f, VirtualChannel channel) throws IOException {
         }
     }
 
-    @Restricted(NoExternalUse.class)
     public boolean hasSymlink(FilePath verificationRoot, OpenOption... openOptions) throws IOException, InterruptedException {
         return act(new HasSymlink(verificationRoot == null ? null : verificationRoot.remote, openOptions));
     }
@@ -783,7 +780,6 @@ public Boolean invoke(File f, VirtualChannel channel) throws IOException {
         }
     }
 
-    @Restricted(NoExternalUse.class)
     public boolean containsSymlink(FilePath verificationRoot, OpenOption... openOptions) throws IOException, InterruptedException {
         return !list(new SymlinkRetainingFileFilter(verificationRoot, openOptions)).isEmpty();
     }
@@ -2057,7 +2053,6 @@ public List<FilePath> list() throws IOException, InterruptedException {
      * @param openOptions the options to apply when opening.
      * @return Direct children of this directory.
      */
-    @Restricted(NoExternalUse.class)
     @NonNull
     public List<FilePath> list(FilePath verificationRoot, OpenOption... openOptions) throws IOException, InterruptedException {
         return list(new OptionalDiscardingFileFilter(verificationRoot, openOptions));
@@ -2222,7 +2217,6 @@ public InputStream read() throws IOException, InterruptedException {
         return read(null, new OpenOption[0]);
     }
 
-    @Restricted(NoExternalUse.class)
     public InputStream read(FilePath rootPath, OpenOption... openOptions) throws IOException, InterruptedException {
         String rootPathString = rootPath == null ? null : rootPath.remote;
         if (channel == null) {
@@ -2237,7 +2231,6 @@ public InputStream read(FilePath rootPath, OpenOption... openOptions) throws IOE
         return p.getIn();
     }
 
-    @Restricted(NoExternalUse.class)
     public static InputStream newInputStreamDenyingSymlinkAsNeeded(File file, String verificationRoot, OpenOption... openOptions) throws IOException {
         InputStream inputStream = null;
         try {
@@ -2254,7 +2247,6 @@ public static InputStream newInputStreamDenyingSymlinkAsNeeded(File file, String
         return inputStream;
     }
 
-    @Restricted(NoExternalUse.class)
     public static InputStream openInputStream(File file, OpenOption[] openOptions) throws IOException {
         return Files.newInputStream(fileToPath(file), stripLocalOptions(openOptions));
     }
@@ -2290,7 +2282,6 @@ private static void denyTmpDir(File file, String root, OpenOption... openOptions
         }
     }
 
-    @Restricted(NoExternalUse.class)
     public static boolean isSymlink(File file, String root, OpenOption... openOptions) {
         if (isNoFollowLink(openOptions)) {
             if (Util.isSymlink(file.toPath())) {
@@ -2306,7 +2297,6 @@ private static boolean isSymlink(VisitorInfo visitorInfo) {
         return isSymlink(visitorInfo.f, visitorInfo.verificationRoot, visitorInfo.openOptions);
     }
 
-    @Restricted(NoExternalUse.class)
     public static boolean isTmpDir(File file, String root, OpenOption... openOptions) {
         if (isIgnoreTmpDirs(openOptions)) {
             if (isTmpDir(file)) {
@@ -2318,7 +2308,6 @@ public static boolean isTmpDir(File file, String root, OpenOption... openOptions
         return false;
     }
 
-    @Restricted(NoExternalUse.class)
     public static boolean isTmpDir(String filename, OpenOption... openOptions) {
         if (isIgnoreTmpDirs(openOptions)) {
             return isTmpDir(filename);
@@ -2338,12 +2327,10 @@ private static boolean isTmpDir(String filename) {
         return filename.length() > WorkspaceList.TMP_DIR_SUFFIX.length() && filename.endsWith(WorkspaceList.TMP_DIR_SUFFIX);
     }
 
-    @Restricted(NoExternalUse.class)
     public static boolean isNoFollowLink(OpenOption... openOptions) {
         return Arrays.asList(openOptions).contains(LinkOption.NOFOLLOW_LINKS);
     }
 
-    @Restricted(NoExternalUse.class)
     public static boolean isIgnoreTmpDirs(OpenOption... openOptions) {
         return Arrays.asList(openOptions).contains(DisplayOption.IGNORE_TMP_DIRS);
     }
@@ -3713,7 +3700,6 @@ public ExplicitlySpecifiedDirScanner(Map<String, String> files) {
     /**
      * Wraps {@link FileVisitor} to ignore symlinks.
      */
-    @Restricted(NoExternalUse.class)
     public static FileVisitor ignoringSymlinks(final FileVisitor v, String verificationRoot, OpenOption... openOptions) {
         return validatingVisitor(FilePath::isNoFollowLink,
                 visitorInfo -> !isSymlink(visitorInfo),
@@ -3723,7 +3709,6 @@ public static FileVisitor ignoringSymlinks(final FileVisitor v, String verificat
     /**
      * Wraps {@link FileVisitor} to ignore tmp directories.
      */
-    @Restricted(NoExternalUse.class)
     public static FileVisitor ignoringTmpDirs(final FileVisitor v, String verificationRoot, OpenOption... openOptions) {
         return validatingVisitor(FilePath::isIgnoreTmpDirs,
                 visitorInfo -> !isTmpDir(visitorInfo),
@@ -3766,10 +3751,7 @@ private static File mkdirsE(File dir) throws IOException {
 
     /**
      * Check if the relative child is really a descendant after symlink resolution if any.
-     *
-     * TODO un-restrict it in a weekly after the patch
      */
-    @Restricted(NoExternalUse.class)
     public boolean isDescendant(@NonNull String potentialChildRelativePath) throws IOException, InterruptedException {
         return act(new IsDescendant(potentialChildRelativePath));
     }

diff --git a/core/src/main/java/hudson/Functions.java b/core/src/main/java/hudson/Functions.java
@@ -1909,7 +1909,7 @@ public static String joinPath(String... components) {
      * Computes the link to the console for the run for the specified executable, taking {@link ConsoleUrlProvider} into account.
      * @param executable the executable (normally a {@link Run})
      * @return the absolute URL for accessing the build console for the executable, or null if there is no build associated with the executable
-     * @since TODO
+     * @since 2.433
      */
     public static @CheckForNull String getConsoleUrl(Queue.Executable executable) {
         if (executable == null) {
@@ -2242,10 +2242,19 @@ public static boolean isWipeOutPermissionEnabled() {
         return SystemProperties.getBoolean("hudson.security.WipeOutPermission");
     }
 
+    @Deprecated
     public static String createRenderOnDemandProxy(JellyContext context, String attributesToCapture) {
         return Stapler.getCurrentRequest().createJavaScriptProxy(new RenderOnDemandClosure(context, attributesToCapture));
     }
 
+    /**
+     * Called from renderOnDemand.jelly to generate the parameters for the proxy object generation.
+     */
+    @Restricted(NoExternalUse.class)
+    public static StaplerRequest.RenderOnDemandParameters createRenderOnDemandProxyParameters(JellyContext context, String attributesToCapture) {
+        return Stapler.getCurrentRequest().createJavaScriptProxyParameters(new RenderOnDemandClosure(context, attributesToCapture));
+    }
+
     public static String getCurrentDescriptorByNameUrl() {
         return Descriptor.getCurrentDescriptorByNameUrl();
     }