Bump plugin from 4.51 to 4.53

[dependabot]

Bumps plugin from 4.51 to 4.53.

Release notes

Sourced from plugin's releases.

4.53

📦 Dependency updates

• Bump maven-hpi-plugin from 3.37 to 3.38 (#659) @​dependabot
• Bump jenkins-test-harness from 1910.1903.vf505ecb_63589 to 1912.v0cdf15450b_fb (#658, #656) @​dependabot
• Bump access-modifier-checker from 1.29 to 1.30 (#657) @​dependabot

4.52

💥 Breaking changes

• JENKINS-68568: Require Java 11 or newer (#478) @​basil

This release of the plugin build toolchain requires Java 11 or newer and Jenkins 2.361 or newer. Update jenkins.version in pom.xml to 2.361 or newer as described in the developer documentation, and adjust your Jenkinsfile to remove any Java 8 configurations. Note that in the absence of an explicit set of configurations, the default set of configurations still includes Java 8. The recommended set of configurations can be found in the archetype. Also note that pending JENKINS-46795 any changes to a repository's Jenkinsfile require write access to take effect in the PR build.

If you neglect to update jenkins.version to 2.361 or later, you will receive the following error:

This version of maven-hpi-plugin requires Jenkins 2.361 or later.

If you neglect to adjust your Jenkinsfile to remove any Java 8 configurations (or try to build locally with Java 8), you will receive a low-level class version error.

🚨 Removed

• Remove Animal Sniffer (#478) @​basil

As part of the transition to Java 11, Animal Sniffer has been removed from the plugin parent POM. If you require the use of Animal Sniffer, ensure that you include it in your own POM.

📦 Dependency updates

• Bump maven-dependency-plugin from 3.3.0 to 3.4.0 (#651) @​dependabot
• Bump maven-hpi-plugin from 3.35 to 3.36 (#650) @​dependabot
• Bump jenkins-test-harness from 1894.v471a_047124ce to 1900.v9e128c991ef4 (#649) @​dependabot

Commits

• bd659b1 [maven-release-plugin] prepare release plugin-4.53
• ae96031 Bump maven-hpi-plugin from 3.37 to 3.38 (#659)
• 3f48663 Bump jenkins-test-harness (#658)
• 4747a17 Bump access-modifier-checker from 1.29 to 1.30 (#657)
• 1a6b694 Bump jenkins-test-harness (#656)
• 684e3d9 [maven-release-plugin] prepare for next development iteration
• f4b1eea [maven-release-plugin] prepare release plugin-4.52
• 1abb634 Bump maven-hpi-plugin from 3.36 to 3.37 (#655)
• cedb8a8 Bump jenkins-test-harness from 1900.v9e128c991ef4 to 1903.vf505ecb_63589 (#654)
• adc397a Bump maven-stapler-plugin from 1.20 to 1.21 (#653)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @MarkEWaite.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[MarkEWaite]

@dependabot merge

[dependabot]

One of your CI runs failed on this pull request, so Dependabot won't merge it.

Dependabot will still automatically merge this pull request if you amend it and your tests pass.

[MarkEWaite]

@dependabot squash and merge

[gounthar]

We have a compilation error in the security scan:

COMPILATION ERROR : 
  [2022-12-14 13:00:41] [build-stdout] [2022-12-14 13:00:41] [autobuild] [INFO] -------------------------------------------------------------
  Error: 2-14 13:00:41] [build-stdout] [2022-12-14 13:00:41] [autobuild] [ERROR] /home/runner/work/gitlab-plugin/gitlab-plugin/src/test/java/com/dabsquared/gitlabjenkins/connection/GitLabConnectionConfigSSLTest.java:[96,46] error: SslContextFactory is abstract; cannot be instantiated
  Error: 2-14 13:00:41] [build-stdout] [2022-12-14 13:00:41] [autobuild] [ERROR] /home/runner/work/gitlab-plugin/gitlab-plugin/src/test/java/com/dabsquared/gitlabjenkins/connection/GitLabConnectionConfigSSLTest.java:[124,37] error: incompatible types: SslContextFactory cannot be converted to Server
  [2022-12-14 13:00:41] [build-stdout] [2022-12-14 13:00:41] [autobuild] [INFO] 2 errors 
  [2022-12-14 13:00:41] [build-stdout] [2022-12-14 13:00:41] [autobuild] [INFO] -------------------------------------------------------------
  [2022-12-14 13:00:41] [build-stdout] [2022-12-14 13:00:41] [autobuild] [INFO] ------------------------------------------------------------------------
  [2022-12-14 13:00:41] [build-stdout] [2022-12-14 13:00:41] [autobuild] [INFO] BUILD FAILURE
  [2022-12-14 13:00:41] [build-stdout] [2022-12-14 13:00:41] [autobuild] [INFO] ------------------------------------------------------------------------
  [2022-12-14 13:00:41] [build-stdout] [2022-12-14 13:00:41] [autobuild] [INFO] Total time:  01:54 min
  [2022-12-14 13:00:41] [build-stdout] [2022-12-14 13:00:41] [autobuild] [INFO] Finished at: 2022-12-14T13:00:41Z
  [2022-12-14 13:00:41] [build-stdout] [2022-12-14 13:00:41] [autobuild] [INFO] ------------------------------------------------------------------------
  Error: 2-14 13:00:41] [build-stdout] [2022-12-14 13:00:41] [autobuild] [ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.10.1:testCompile (default-testCompile) on project gitlab-plugin: Compilation failure: Compilation failure: 
  Error: 2-14 13:00:41] [build-stdout] [2022-12-14 13:00:41] [autobuild] [ERROR] /home/runner/work/gitlab-plugin/gitlab-plugin/src/test/java/com/dabsquared/gitlabjenkins/connection/GitLabConnectionConfigSSLTest.java:[96,46] error: SslContextFactory is abstract; cannot be instantiated
  Error: 2-14 13:00:41] [build-stdout] [2022-12-14 13:00:41] [autobuild] [ERROR] /home/runner/work/gitlab-plugin/gitlab-plugin/src/test/java/com/dabsquared/gitlabjenkins/connection/GitLabConnectionConfigSSLTest.java:[124,37] error: incompatible types: SslContextFactory cannot be converted to Server
  Error: 2-14 13:00:41] [build-stdout] [2022-12-14 13:00:41] [autobuild] [ERROR] -> [Help 1]
  [2022-12-14 13:00:41] [build-stdout] [2022-12-14 13:00:41] [autobuild] org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.10.1:testCompile (default-testCompile) on project gitlab-plugin: Compilation failure

[MarkEWaite]

Compilation error is also visible in the regular development. Thanks for catching it. Jetty 9 to Jetty 10 transition in Jenkins parent pom exposes an API change that was made in that transition. The SslContextFactory became an abstract class in Jetty 10. Compilation fix looks minor, but then the test fails

[gounthar]

Thanks a lot, let me have a look at the test failure.

[gounthar]

Using maven 3.8.6 locally, I still have to use this command to build the plugin:

mvn -ntp clean verify -Denforcer.skip=true

A lot of the tests errors I get are about timeout

PipelineBuildActionTest>Object.wait:328->Object.wait:-2 » TestTimedOut test timed out after 180 seconds+

and about Signing service is not available

🤔

MergeRequestHookTriggerHandlerImplTest.mergeRequest_do_not_build_when_closed:200->doHandle:417->doHandle:431 » ServiceUnavailable Signing service is not available

In the GItHub check, we see different errors/warning as this one:

WARNING o.e.jetty.server.HttpChannel#handleException: handleException /gitlab/api/v3/user org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI

I don't know if this has to do with our issue, but I read:

Know that SNI itself has restrictions:

• localhost is not allowed
• IP Address Literals are not allowed (eg: 192.168.1.215 or fe80::3831:400c:dc07:7c40)
• All SNI HostNames must contain at least 1 . in it's name (so don't use shorthand host/domain names, use fully qualified canonical host/domain names)

I have to dig, but I think we're using localhost.

[MarkEWaite]

That's surprising. I see the same error locally as is failing in the CI jobs. The error I see is:

[ERROR] Tests run: 2, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 16.656 s <<< FAILURE! - in com.dabsquared.gitlabjenkins.connection.GitLabConnectionConfigSSLTest
[ERROR] com.dabsquared.gitlabjenkins.connection.GitLabConnectionConfigSSLTest.doCheckConnection_ignoreCertificateErrors  Time elapsed: 0.714 s  <<< FAILURE!
java.lang.AssertionError:

Expected: is "Success"
     but: was "Client error: HTTP 400 Bad Request"
        at org.hamcrest.MatcherAssert.assertThat(MatcherAssert.java:20)
        at org.hamcrest.MatcherAssert.assertThat(MatcherAssert.java:6)
        at com.dabsquared.gitlabjenkins.connection.GitLabConnectionConfigSSLTest.doCheckConnection_ignoreCertificateErrors(GitLabConnectionConfigSSLTest.java:168)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:59)
        at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
        at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:56)
        at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
        at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
        at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306)
        at org.junit.runners.BlockJUnit4ClassRunner$1.evaluate(BlockJUnit4ClassRunner.java:100)
        at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:366)
        at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:103)
        at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:63)
        at org.junit.runners.ParentRunner$4.run(ParentRunner.java:331)
        at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79)
        at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:329)
        at org.junit.runners.ParentRunner.access$100(ParentRunner.java:66)
        at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:293)
        at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
        at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
        at org.jvnet.hudson.test.JenkinsRule$1.evaluate(JenkinsRule.java:608)
        at org.junit.internal.runners.statements.FailOnTimeout$CallableStatement.call(FailOnTimeout.java:299)
        at org.junit.internal.runners.statements.FailOnTimeout$CallableStatement.call(FailOnTimeout.java:293)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at java.base/java.lang.Thread.run(Thread.java:829)

[INFO]
[INFO] Results:
[INFO]
[ERROR] Failures:
[ERROR]   GitLabConnectionConfigSSLTest.doCheckConnection_ignoreCertificateErrors:168
Expected: is "Success"
     but: was "Client error: HTTP 400 Bad Request"
[INFO]
[ERROR] Tests run: 2, Failures: 1, Errors: 0, Skipped: 0

If time allows tomorrow or later this week, I may perform an interactive test of the scenario that the automated test is trying to duplicate. I assume that Jetty 9 and Jetty 10 will behave the same in both cases. If that is what happens, that would provide more argument that the test failure is purely a test artifact, not a failure of production code.

[gounthar]

I guess that, one more time, the platform I use is not the correct one (Debian on top of (through?) WSL2). 🤔
I will retry that on a real Linux machine.

[gounthar]

I'm also using JDK17. 🤦
That may explain one or two things...
On a standard Linux machine, the master branch builds fine, but not this one, with the same error you get. 🤗
Now, we're even. 👍