Merge branch 'master' into new-buttons-1-dashboard

.github/dependabot.yml

@@ -1,3 +1,4 @@
+---
 version: 2
 updates:
   - package-ecosystem: "github-actions"
@@ -9,36 +10,56 @@ updates:
     schedule:
       interval: "daily"
     ignore:
-      # see https://github.com/jenkinsci/jenkins/pull/5112#issuecomment-744429487 and https://github.com/jenkinsci/jenkins/pull/5116#issuecomment-744526638
-      # it would be good to update it at some point, but requires significant testing
+      # Exclusions in this section have been triaged and determined to be
+      # permanent. We do not anticipate removing exclusions from this section.
+
+      # Provided by Jetty and should be aligned with the version provided by the
+      # version of Jetty we deliver. See:
+      # https://github.com/jenkinsci/jenkins/pull/5211
+      - dependency-name: "javax.servlet:javax.servlet-api"
+
+      # Jetty Maven Plugin and Winstone should be upgraded in lockstep in order
+      # to keep their corresponding Jetty versions aligned.
+      - dependency-name: "org.eclipse.jetty:jetty-maven-plugin"
+      - dependency-name: "org.jenkins-ci:winstone"
+
+      # Log4j 1.2.17 is the final 1.x release.
+      - dependency-name: "log4j:log4j"
+
+
+      # Here lies technical debt. Exclusions in this section have been triaged
+      # and determined to be temporary. Exclusions should be removed from this
+      # section once the remaining action items have been completed.
+
+      # Fails test automation; needs further investigation.
+      - dependency-name: "com.google.inject:guice-bom"
+
+      # Requires Java 11 starting with version 10.0.
+      - dependency-name: "com.puppycrawl.tools:checkstyle"
+        versions: [">=10.0"]
+
+      # Contains incompatible API changes and needs compatibility work.
+      - dependency-name: "jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api"
+
+      # This is a banned dependency, and we have a redundant trick in our POM to
+      # prevent it from being pulled in. If and when the reference is removed in
+      # our POM, this exclusion can also be removed.
+      - dependency-name: "javax.servlet:servlet-api"
+
+      # Needs significant testing. See:
+      # https://github.com/jenkinsci/jenkins/pull/5112#issuecomment-744429487
+      # https://github.com/jenkinsci/jenkins/pull/5116#issuecomment-744526638
       - dependency-name: "org.codehaus.groovy:groovy-all"
         versions: [">=2.5.0"]
-      # see https://github.com/jenkinsci/jenkins/pull/5184 should be updated with groovy-all
+
+      # Consumed by Groovy and should be updated in lockstep with Groovy. See:
+      # https://github.com/jenkinsci/jenkins/pull/5184
       - dependency-name: "org.fusesource.jansi:jansi"
-      # see https://github.com/jenkinsci/jenkins/pull/5144#pullrequestreview-559661934
-      # will require source code changes to replace javax.mail with jakarta.mail 
-      # and some handling for plugins that depend on javax.mail being provided by Jenkins core.
-      - dependency-name: "com.sun.mail:jakarta.mail"
-      # this is a banned dependency, we have a hack in our pom to prevent anyone else pulling it in
-      - dependency-name: "javax.servlet.servlet-api"
-      # needs a jakarta upgrade project, imports changed
-      - dependency-name: "jakarta.servlet.jsp.jstl.jakarta.servlet.jsp.jstl-api"
-      # Starting with version 2.0.2, this library requires Java 11
+
+      # Requires Java 11 starting with version 2.0.2.
       - dependency-name: "org.glassfish.tyrus.bundles:tyrus-standalone-client-jdk"
         versions: [">=2.0.2"]
-      # see https://github.com/jenkinsci/jenkins/pull/4224 can't be updated without breaking api
+
+      # Contains incompatible API changes and needs compatibility work. See:
+      # https://github.com/jenkinsci/jenkins/pull/4224
       - dependency-name: "org.jfree:jfreechart"
-      # the dependency is actually provided by the Web container, hence it is aligned with Jetty. See https://github.com/jenkinsci/jenkins/pull/5211
-      - dependency-name: "javax.servlet:javax.servlet-api"
-      # log4j 1.2.17 is the final 1.x release
-      - dependency-name: "log4j:log4j"
-      # using a newer version clashes in RequireUpperBoundDeps with plugins using a valid script-security dependency
-      - dependency-name: "org.jenkins-ci:symbol-annotation"
-      # Must remain within jetty 9.x until Java 8 support is removed, ignore jetty 10.x and jetty 11.x updates
-      - dependency-name: "org.eclipse.jetty:jetty-maven-plugin"
-        versions: [">=10.0.0"]
-      # Winstone upgrades require multiple changes in pom.xml.  See https://github.com/jenkinsci/jenkins/pull/5439#discussion_r616418468
-      - dependency-name: "org.jenkins-ci:winstone"
-      # Starting with version 10.0, this library requires Java 11
-      - dependency-name: "com.puppycrawl.tools:checkstyle"
-        versions: [">=10.0"]

Jenkinsfile

@@ -5,14 +5,7 @@
  * It makes assumptions about plugins being installed, labels mapping to nodes that can build what is needed, etc.
  */
 
-def buildNumber = BUILD_NUMBER as int; if (buildNumber > 1) milestone(buildNumber - 1); milestone(buildNumber) // JENKINS-43353 / JENKINS-58625
-
 def failFast = false
-// Same memory sizing for both builds and ATH
-def javaOpts = [
-  'JAVA_OPTS=-Xmx1536m -Xms512m',
-  'MAVEN_OPTS=-Xmx1536m -Xms512m',
-]
 
 properties([
   buildDiscarder(logRotator(numToKeepStr: '50', artifactNumToKeepStr: '3')),
@@ -43,7 +36,7 @@ for (i = 0; i < buildTypes.size(); i++) {
         // First stage is actually checking out the source. Since we're using Multibranch
         // currently, we can use "checkout scm".
         stage('Checkout') {
-          checkout scm
+          infra.checkoutSCM()
         }
 
         def changelistF = "${pwd tmp: true}/changelist"
@@ -68,7 +61,7 @@ for (i = 0; i < buildTypes.size(); i++) {
                 'clean',
                 'install',
               ]
-              infra.runMaven(mavenOptions, jdk.toString(), javaOpts, null, true)
+              infra.runMaven(mavenOptions, jdk)
               if (isUnix()) {
                 sh 'git add . && git diff --exit-code HEAD'
               }
@@ -127,7 +120,7 @@ for (i = 0; i < buildTypes.size(); i++) {
             dir(m2repo) {
               archiveArtifacts(
                   artifacts: "**/*$changelist/*$changelist*",
-                  excludes: '**/*.lastUpdated,**/jenkins-test*/',
+                  excludes: '**/*.lastUpdated,**/jenkins-coverage*/,**/jenkins-test*/',
                   allowEmptyArchive: true, // in case we forgot to reincrementalify
                   fingerprint: true
                   )
@@ -155,7 +148,7 @@ builds.ath = {
         'war',
         'package',
       ]
-      infra.runMaven(mavenOptions, '11', javaOpts, null, true)
+      infra.runMaven(mavenOptions, 11)
       dir('war/target') {
         fileUri = 'file://' + pwd() + '/jenkins.war'
       }

README.md

@@ -1,4 +1,9 @@
-[![][ButlerImage]][website] 
+<a href="https://jenkins.io">
+  <picture>
+    <source width="400" media="(prefers-color-scheme: dark)" srcset="https://www.jenkins.io/images/jenkins-logo-title-dark.svg">
+    <img width="400" src="https://www.jenkins.io/images/jenkins-logo-title.svg">
+  </picture>
+</a>
 
 # About
 
@@ -68,9 +73,6 @@ See [adopters](https://www.jenkins.io/project/adopters/) for the list of Jenkins
 # License
 Jenkins is **licensed** under the **[MIT License]**.
 
-
-[ButlerImage]: https://www.jenkins.io/sites/default/files/jenkins_logo.png
 [MIT License]: https://github.com/jenkinsci/jenkins/blob/master/LICENSE.txt
-[Mirrors]: http://mirrors.jenkins-ci.org
 [GitHub]: https://github.com/jenkinsci/jenkins
 [website]: https://www.jenkins.io/

bom/pom.xml

@@ -40,7 +40,7 @@ THE SOFTWARE.
   <properties>
     <asm.version>9.3</asm.version>
     <slf4jVersion>1.7.36</slf4jVersion>
-    <stapler.version>1669.v95a_4b_919a_b_a_2</stapler.version>
+    <stapler.version>1685.v3b_5035c4ce05</stapler.version>
     <groovy.version>2.4.21</groovy.version>
   </properties>
 
@@ -56,15 +56,15 @@ THE SOFTWARE.
       <dependency>
         <groupId>org.springframework</groupId>
         <artifactId>spring-framework-bom</artifactId>
-        <version>5.3.19</version>
+        <version>5.3.20</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
       <dependency>
         <!-- https://docs.spring.io/spring-security/site/docs/5.5.4/reference/html5/#getting-maven-no-boot -->
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-bom</artifactId>
-        <version>5.6.3</version>
+        <version>5.7.1</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
@@ -239,7 +239,7 @@ THE SOFTWARE.
       <dependency>
         <groupId>org.jenkins-ci</groupId>
         <artifactId>symbol-annotation</artifactId>
-        <version>1.1</version>
+        <version>1.23</version>
       </dependency>
       <dependency>
         <groupId>org.jenkins-ci</groupId>
@@ -261,31 +261,6 @@ THE SOFTWARE.
         <artifactId>instance-identity</artifactId>
         <version>2.2</version>
       </dependency>
-      <dependency>
-        <groupId>org.jenkins-ci.modules</groupId>
-        <artifactId>launchd-slave-installer</artifactId>
-        <version>1.2</version>
-      </dependency>
-      <dependency>
-        <groupId>org.jenkins-ci.modules</groupId>
-        <artifactId>slave-installer</artifactId>
-        <version>1.7</version>
-      </dependency>
-      <dependency>
-        <groupId>org.jenkins-ci.modules</groupId>
-        <artifactId>systemd-slave-installer</artifactId>
-        <version>1.1</version>
-      </dependency>
-      <dependency>
-        <groupId>org.jenkins-ci.modules</groupId>
-        <artifactId>upstart-slave-installer</artifactId>
-        <version>1.1</version>
-      </dependency>
-      <dependency>
-        <groupId>org.jenkins-ci.modules</groupId>
-        <artifactId>windows-slave-installer</artifactId>
-        <version>2.0</version>
-      </dependency>
       <dependency>
         <groupId>org.jfree</groupId>
         <artifactId>jfreechart</artifactId>

core/pom.xml

@@ -832,7 +832,7 @@ THE SOFTWARE.
             <artifactId>maven-surefire-plugin</artifactId>
             <configuration>
               <!-- Make sure to keep the directives in test/pom.xml and war/pom.xml in sync with these. -->
-              <argLine>@{jacocoSurefireArgs} --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED</argLine>
+              <argLine>@{jacocoSurefireArgs} --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.desktop/com.sun.beans.introspect=ALL-UNNAMED</argLine>
             </configuration>
           </plugin>
         </plugins>

core/src/main/java/hudson/ClassicPluginStrategy.java

@@ -717,5 +717,5 @@ protected URL findResource(String name) {
     }
 
     @SuppressFBWarnings(value = "MS_SHOULD_BE_FINAL", justification = "Accessible via System Groovy Scripts")
-    public static /* not final */ boolean useAntClassLoader = SystemProperties.getBoolean(ClassicPluginStrategy.class.getName() + ".useAntClassLoader", true);
+    public static /* not final */ boolean useAntClassLoader = SystemProperties.getBoolean(ClassicPluginStrategy.class.getName() + ".useAntClassLoader");
 }

core/src/main/java/hudson/Functions.java

@@ -73,6 +73,7 @@
 import hudson.security.csrf.CrumbIssuer;
 import hudson.slaves.Cloud;
 import hudson.slaves.ComputerLauncher;
+import hudson.slaves.JNLPLauncher;
 import hudson.slaves.NodeProperty;
 import hudson.slaves.NodePropertyDescriptor;
 import hudson.slaves.RetentionStrategy;
@@ -134,6 +135,7 @@
 import java.util.SortedMap;
 import java.util.TimeZone;
 import java.util.TreeMap;
+import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicLong;
 import java.util.function.Predicate;
 import java.util.logging.Level;
@@ -698,6 +700,13 @@ public static String getUserTimeZonePostfix() {
         return tz.getDisplayName(tz.observesDaylightTime(), TimeZone.SHORT);
     }
 
+    @Restricted(NoExternalUse.class)
+    public static long getHourLocalTimezone() {
+        // Work around JENKINS-68215. When JENKINS-68215 is resolved, this logic can be moved back to Jelly.
+        TimeZone tz = TimeZone.getDefault();
+        return TimeUnit.MILLISECONDS.toHours(tz.getRawOffset() + tz.getDSTSavings());
+    }
+
     /**
      * Finds the given object in the ancestor list and returns its URL.
      * This is used to determine the "current" URL assigned to the given object,
@@ -1866,9 +1875,12 @@ public static String toEmailSafeString(String projectName) {
     /**
      * Obtains the host name of the Hudson server that clients can use to talk back to.
      * <p>
-     * This is primarily used in {@code jenkins-agent.jnlp.jelly} to specify the destination
+     * This was primarily used in {@code jenkins-agent.jnlp.jelly} to specify the destination
      * that the agents talk to.
+     *
+     * @deprecated use {@link JNLPLauncher#getInboundAgentUrl}
      */
+    @Deprecated
     public String getServerName() {
         // Try to infer this from the configured root URL.
         // This makes it work correctly when Hudson runs behind a reverse proxy.
@@ -2289,12 +2301,17 @@ public static Icon tryGetIcon(String iconGuess) {
             return null;
         }
 
-        StaplerRequest currentRequest = Stapler.getCurrentRequest();
-        currentRequest.getWebApp().getDispatchValidator().allowDispatch(currentRequest, Stapler.getCurrentResponse());
         Icon iconMetadata = IconSet.icons.getIconByClassSpec(iconGuess);
 
+        // `iconGuess` must be class names if it contains a whitespace.
+        //  It may contains extra css classes unrelated to icons.
+        // Filter classes with `icon-` prefix.
+        if (iconMetadata == null && iconGuess.contains(" ")) {
+            iconMetadata = IconSet.icons.getIconByClassSpec(filterIconNameClasses(iconGuess));
+        }
+
         if (iconMetadata == null) {
-            // Icon could be provided as a simple iconFileName e.g. "settings.png"
+            // Icon could be provided as a simple iconFileName e.g. "help.svg"
             iconMetadata = IconSet.icons.getIconByClassSpec(IconSet.toNormalizedIconNameClass(iconGuess) + " icon-md");
         }
 
@@ -2306,6 +2323,12 @@ public static Icon tryGetIcon(String iconGuess) {
         return iconMetadata;
     }
 
+    private static @NonNull String filterIconNameClasses(@NonNull String classNames) {
+        return Arrays.stream(StringUtils.split(classNames, ' '))
+            .filter(className -> className.startsWith("icon-"))
+            .collect(Collectors.joining(" "));
+    }
+
     @Restricted(NoExternalUse.class)
     public static String extractPluginNameFromIconSrc(String iconSrc) {
         if (iconSrc == null) {

core/src/main/java/hudson/PluginManager.java

@@ -1412,16 +1412,6 @@ public HttpResponse doPluginsSearch(@QueryParameter String query, @QueryParamete
                     if (plugin.isForNewerHudson()) {
                         jsonObject.put("newerCoreRequired", Messages.PluginManager_coreWarning(plugin.requiredCore));
                     }
-                    if (plugin.isForNewerJava()) {
-                        jsonObject.put("newerJavaRequired", Messages.PluginManager_javaWarning(plugin.minimumJavaVersion));
-                    }
-                    if (plugin.isNeededDependenciesForNewerJava()) {
-                        VersionNumber javaVersion = plugin.getNeededDependenciesMinimumJavaVersion();
-                        if (javaVersion == null) {
-                            throw new IllegalStateException("java version cannot be null here");
-                        }
-                        jsonObject.put("dependenciesNewerJava", Messages.PluginManager_depJavaWarning(javaVersion.toString()));
-                    }
                     if (plugin.hasWarnings()) {
                         JSONObject unresolvedSecurityWarnings = new JSONObject();
                         unresolvedSecurityWarnings.put("text", Messages.PluginManager_securityWarning());
@@ -2057,9 +2047,6 @@ private void logPluginWarnings(Map.Entry<String, VersionNumber> requestedPlugin,
         if (toInstall.isForNewerHudson()) {
             LOGGER.log(WARNING, "{0}@{1} was built for a newer Jenkins", new Object[] {toInstall.name, toInstall.version});
         }
-        if (toInstall.isForNewerJava()) {
-            LOGGER.log(WARNING, "{0}@{1} was built for a newer Java", new Object[] {toInstall.name, toInstall.version});
-        }
     }
 
     /**