Replace JSR-305 annotations with spotbugs annotations #71
Conversation
Annotations for Nonnull, CheckForNull, and several others were proposed for Java as part of dormant Java specification request JSR-305. The proposal never became a part of standard Java. Jenkins plugins should switch from using JSR-305 annotations to use Spotbugs annotations that provide the same semantics. The [mailing list discussion](https://groups.google.com/g/jenkinsci-dev/c/uE1wwtVi1W0/m/gLxdEJmlBQAJ) from James Nord describes the affected annotations and why they should be replaced with annotations that are actively maintained. The ["Improve a plugin" tutorial](https://www.jenkins.io/doc/developer/tutorial-improve/replace-jsr-305-annotations/) provides instructions to perform this change. An [OpenRewrite recipe](https://docs.openrewrite.org/recipes/jenkins/javaxannotationstospotbugs) is also available and is even better than the tutorial. Confirmed that automated tests pass on Linux with Java 21.
Blue Ocean enhancements have stopped. In the future, Blue Ocean will be removed from ci.jenkins.io. Better to prepare for that removal now. https://www.jenkins.io/doc/book/blueocean/ says: Blue Ocean status Blue Ocean will not receive further functionality updates. Blue Ocean will continue to provide easy-to-use Pipeline visualization, but it will not be enhanced further. It will only receive selective updates for significant security issues or functional defects. Alternative options for Pipeline visualization, such as the Pipeline: Stage View and Pipeline Graph View plugins, are available and offer some of the same functionality. While not complete replacements for Blue Ocean, contributions are encouraged from the community for continued development of these plugins. The Pipeline syntax snippet generator assists users as they define Pipeline steps with their arguments. It is the preferred tool for Jenkins Pipeline creation, as it provides online help for the Pipeline steps available in your Jenkins controller. It uses the plugins installed on your Jenkins controller to generate the Pipeline syntax. Refer to the Pipeline steps reference page for information on all available Pipeline steps.
|
@asimell is there more that needs to be done in order to merge this pull request? For example, if you'd prefer that I rebase it to remove my mistakes from the history, I'm happy to do that. |
|
@MarkEWaite no, but since this introduces quite a big backwards compatibility issue with Java and Jenkins version requirements we're going to release this as a major release after our holidays. Before that we'll focus on potential bug fixes and keep this PR sitting here. Don't worry, we have a schedule to merge and release this, but for now it shall wait a moment. Sorry for not communicating this earlier and I hope you understand our decision. |
|
Thanks @asimell. I appreciate very much the care that you provide for users of the plugin. The installation statistics page shows that 95% of installations of the 3.5.1 release are already running Jenkins 2.414.3 or newer. 3.5.1 is the most installed of any of the releases and was released 3 months ago. It also shows that 89% of installations of the 3.5.0 release are already running Jenkins 2.414.3 or newer. 3.5.0 is installed on about 10% of all installations and was released 4 months ago. Most of the users of robot plugin that are upgrading the plugin have already upgraded their Jenkins controller to require Java 11 and to use at least Jenkins 2.414.3. SECURITY-3314 is a very good reason to upgrade to Jenkins 2.426.3 or newer and it appears that robot plugin users who upgrade the plugin are already upgrading their controller. I think that users who are not willing to upgrade robot plugin will not be affected and users who are willing to upgrade robot plugin are already running Java 11 and Jenkins 2.414.3 or newer. I fully support that you as a maintainer are exactly the right person to decide when or if you merge a change. I share the data in case that helps your decision. Thanks again for maintaining the plugin! |
Replace JSR-305 annotations with spotbugs annotations
Annotations for Nonnull, CheckForNull, and several others were proposed for Java as part of dormant Java specification request JSR-305. The proposal never became a part of standard Java.
Jenkins plugins should switch from using JSR-305 annotations to use Spotbugs annotations that provide the same semantics.
The mailing list discussion from James Nord describes the affected annotations and why they should be replaced with annotations that are actively maintained.
The "Improve a plugin" tutorial provides instructions to perform this change.
An OpenRewrite recipe is also available and is even better than the tutorial.
Include another pull request to allow ci.jenkins.io tests to pass:
Also includes changes to significantly reduce the size of the plugin hpi file. The previous release included many unnecessary dependencies.
Previously the plugin included multiple jar files:
Now the plugin includes a single jar file:
Testing done
Confirmed that automated tests pass on Linux with Java 21.
Submitter checklist