Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump io.jenkins.plugins:analysis-model-api from 11.6.0 to 11.13.0 #1619

Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 8, 2023

Bumps io.jenkins.plugins:analysis-model-api from 11.6.0 to 11.13.0.

Release notes

Sourced from io.jenkins.plugins:analysis-model-api's releases.

v11.13.0 🎁

💥 Breaking Changes

  • All Artifacts are deployed to Maven Central starting with this release. The deployment to the Jenkins Artifactory repository is discontinued. This has no effect for the users of the associated Jenkins plugin, this still will be deployed to Jenkins update site.

📦 Dependency Updates

v11.11.0 🎁

🐛 Bug Fixes

📝 Documentation

📦 Dependency Updates

🔧 Internal Changes

v11.10.0 🎁

🐛 Bug Fixes

v11.9.0 🎁

🐛 Bug Fixes

📦 Dependency Updates

v11.8.0 🎁

... (truncated)

Commits
  • a83e358 [maven-release-plugin] prepare release v11.13.0
  • a307584 Remove disable nexus step.
  • 6ef26ec [maven-release-plugin] prepare for next development iteration
  • 3374836 [maven-release-plugin] prepare release v11.12.0
  • 4469421 Use ossrh for deployments.
  • c8fd1cb Merge pull request #966 from jenkinsci/dependabot/maven/org.jsoup-jsoup-1.16.2
  • 04cf532 Merge pull request #967 from jenkinsci/dependabot/maven/edu.hm.hafner-codings...
  • 41cb607 Bump edu.hm.hafner:codingstyle-pom from 3.33.0 to 3.35.0
  • 4792183 Bump org.jsoup:jsoup from 1.16.1 to 1.16.2
  • 22debff Do not update net.javacrumbs.json-unit:json-unit-assertj (Java 17).
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [io.jenkins.plugins:analysis-model-api](https://github.com/jenkinsci/analysis-model) from 11.6.0 to 11.13.0.
- [Release notes](https://github.com/jenkinsci/analysis-model/releases)
- [Changelog](https://github.com/jenkinsci/analysis-model/blob/main/CHANGELOG.md)
- [Commits](jenkinsci/analysis-model@v11.6.0...v11.13.0)

---
updated-dependencies:
- dependency-name: io.jenkins.plugins:analysis-model-api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Update of dependencies java Pull requests that update Maven Java dependencies labels Nov 8, 2023
@ampuscas
Copy link

Hello @uhafner

I have looked into this test failure io.jenkins.plugins.analysis.warnings.steps.StepsITest.shouldRemoveConsoleLogNotesBeforeRemovingColorCodes

And I have found that the issue comes from [these lines](jenkinsci/analysis-model@v11.7.0...v11.13.0#:~:text=else%20if%20(line,%7D) which make the warnings-ng show 4 issues instead of 2 and thus failing with the below error message. When running the test I saw that the generated console log for the job is the same in both cases, and the Maven errors are the same (with and without these lines) , the difference is if they are shown or not in warnings-ng, and the choice of taking them into account or not is based on whether the goal is reset or not (goal = StringUtils.EMPTY; // reset goal after build)

So far, I see 2 possibilities:

  • adapt the test (just assert 4 issues found, instead of 2) - here or
  • remove/adapt these lines (which were introduced here)

Could I have your opinion on this please? What would be the best approach?
I am happy to propose a PR for the test change right away, but for adapting the code I'm afraid I am not confident on how to do it.

  <maven-warnings : 4 issues>
to be:
  <2>
but was:
  <4>

@uhafner
Copy link
Member

uhafner commented Nov 18, 2023

I have looked into this test failure io.jenkins.plugins.analysis.warnings.steps.StepsITest.shouldRemoveConsoleLogNotesBeforeRemovingColorCodes

Could I have your opinion on this please? What would be the best approach? I am happy to propose a PR for the test change right away, but for adapting the code I'm afraid I am not confident on how to do it.

  <maven-warnings : 4 issues>
to be:
  <2>
but was:
  <4>

The tests are wrong now, since the parser now correctly handles Maven errors as well. I fixed the test right now!

Copy link

codecov bot commented Nov 19, 2023

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (3c94786) 81.81% compared to head (acb5ee5) 81.81%.
Report is 4 commits behind head on master.

Additional details and impacted files
@@            Coverage Diff            @@
##             master    #1619   +/-   ##
=========================================
  Coverage     81.81%   81.81%           
  Complexity     1411     1411           
=========================================
  Files           249      249           
  Lines          5357     5357           
  Branches        397      397           
=========================================
  Hits           4383     4383           
  Misses          861      861           
  Partials        113      113           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@uhafner uhafner merged commit 3cc7095 into master Nov 19, 2023
34 checks passed
@uhafner uhafner deleted the dependabot/maven/io.jenkins.plugins-analysis-model-api-11.13.0 branch November 19, 2023 21:43
@batmat
Copy link
Member

batmat commented Nov 19, 2023

Thanks Ulli!

@ampuscas
Copy link

Thank you!

@ampuscas
Copy link

Hello @uhafner
Could you please perform a release of warnings-ng so this test fix is in a released version of plugin? I'm asking this to reduce the noise in security scans.
Thank you

@uhafner
Copy link
Member

uhafner commented Nov 27, 2023

Why does a security scan detect a problem in the warnings plugin? This PR just increases the minimum dependency for the analysis-model. This seems to be a bug of the security scanner?

@rsandell
Copy link
Member

There is a problem with the PCT messing up some test dependency when we purely try to bump analysis-model and/or warnings-ng but it works when we try to bump to a version of warnings-ng that has the correct analysis-model version as a dependency. I don't know the full magic behind the scenes that maven does here, maybe something to do with the parent inheritence model used in warnings-ng or something, but it would be very helpful if we could get a watrnings-ng release with the version dependency of analysis-model bumped.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Update of dependencies java Pull requests that update Maven Java dependencies
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants