Merge branch 'master' into add-experimental-plugin-manager

Author: janfaracik

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,17 +1,15 @@
 <!-- Comment:
 A great PR typically begins with the line below.
-Replace XXXXX with the numeric part of the issue ID you created in Jira.
-Note that if you want your changes backported into LTS, you need to create a Jira issue. See https://www.jenkins.io/download/lts/#backporting-process for more information.
+Replace <issue-number> with the issue number.
 -->
 
-See [JENKINS-XXXXX](https://issues.jenkins.io/browse/JENKINS-XXXXX).
+Fixes #<issue-number>
 
 <!-- Comment:
-If the issue is not fully described in Jira, add more information here (justification, pull request links, etc.).
+If the issue is not fully described in the issue tracker, add more information here (justification, pull request links, etc.).
 
- * We do not require Jira issues for minor improvements.
- * Bug fixes should have a Jira issue to facilitate the backporting process.
- * Major new features should have a Jira issue.
+ * We do not require an issue for minor improvements.
+ * Major new features should have an issue created.
 -->
 
 ### Testing done
@@ -34,8 +32,8 @@ For refactoring and code cleanup changes, exercise the code before and after the
 The changelog entry should be in the imperative mood; e.g., write "do this"/"return that" rather than "does this"/"returns that".
 For examples, see: https://www.jenkins.io/changelog/
 
-Do not include the Jira issue in the changelog entry.
-Include the Jira issue in the description of the pull request so that the changelog generator can find it and include it in the generated changelog.
+Do not include the issue in the changelog entry.
+Include the issue in the description of the pull request so that the changelog generator can find it and include it in the generated changelog.
 
 You may add multiple changelog entries if applicable by adding a new entry to the list, e.g.
 - First changelog entry
@@ -82,7 +80,7 @@ The changelog generator relies on the presence of the upgrade guidelines section
 
 ### Submitter checklist
 
-- [ ] The Jira issue, if it exists, is well-described.
+- [ ] The issue, if it exists, is well-described.
 - [ ] The changelog entries and upgrade guidelines are appropriate for the audience affected by the change (users or developers, depending on the change) and are in the imperative mood (see [examples](https://github.com/jenkins-infra/jenkins.io/blob/master/content/_data/changelogs/weekly.yml)). Fill in the **Proposed upgrade guidelines** section only if there are breaking changes or changes that may require extra steps from users during upgrade.
 - [ ] There is automated testing or an explanation as to why this change has no tests.
 - [ ] New public classes, fields, and methods are annotated with `@Restricted` or have `@since TODO` Javadocs, as appropriate.
@@ -108,4 +106,4 @@ Before the changes are marked as `ready-for-merge`:
 - [ ] Changelog entries in the pull request title and/or **Proposed changelog entries** are accurate, human-readable, and in the imperative mood.
 - [ ] Proper changelog labels are set so that the changelog can be generated automatically.
 - [ ] If the change needs additional upgrade steps from users, the `upgrade-guide-needed` label is set and there is a **Proposed upgrade guidelines** section in the pull request title (see [example](https://github.com/jenkinsci/jenkins/pull/4387)).
-- [ ] If it would make sense to backport the change to LTS, a Jira issue must exist, be a _Bug_ or _Improvement_, and be labeled as `lts-candidate` to be considered (see [query](https://issues.jenkins.io/issues/?filter=12146)).
+- [ ] If it would make sense to backport the change to LTS, be a _Bug_ or _Improvement_, and either the issue or pull request must be labeled as `lts-candidate` to be considered.

.github/workflows/changelog.yml

@@ -44,7 +44,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository_owner == 'jenkinsci'
     steps:
-      - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
+      - uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0
         id: generate-token
         with:
           app-id: ${{ secrets.JENKINS_CHANGELOG_UPDATER_APP_ID }}

.github/workflows/publish-release-artifact.yml

@@ -18,7 +18,7 @@ jobs:
     steps:
       - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
       - name: Set up JDK 21
-        uses: actions/setup-java@46c56d6f92c88cf540acf95a12a4a41197499222 #v 5.0.0
+        uses: actions/setup-java@4e7e684fbb6e33f88ecb2cf1e6b3797739cf499b #v 5.0.0
         with:
           distribution: "temurin"
           java-version: 21

.github/workflows/run-since-updater.yml

@@ -29,7 +29,7 @@ jobs:
         id: run_script
         shell: bash
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: Fill in since annotations

CONTRIBUTING.md

@@ -18,8 +18,8 @@ This page provides information about contributing code to the Jenkins core codeb
 
 If you want to contribute to Jenkins, or just learn about the project,
 you can start by fixing some easier issues.
-In the Jenkins issue tracker we mark such issues as `newbie-friendly`.
-You can find them by using this query (check the link) for [newbie friendly issues](<https://issues.jenkins.io/issues/?jql=project%20%3D%20JENKINS%20AND%20status%20in%20(Open%2C%20%22In%20Progress%22%2C%20Reopened)%20AND%20component%20%3D%20core%20AND%20labels%20in%20(newbie-friendly)>).
+In the Jenkins issue tracker we mark such issues as `good first issue`.
+You can find them by using this query (check the link) for [good first issues](https://github.com/jenkinsci/jenkins/issues?q=is%3Aissue%20is%3Aopen%20label%3A%22good%20first%20issue%22).
 
 ## Building and Debugging
 
@@ -261,4 +261,4 @@ just submit a pull request.
 - [Jenkins Contribution Landing Page](https://www.jenkins.io/participate/)
 - [Jenkins Chat Channels](https://www.jenkins.io/chat/)
 - [Beginners Guide To Contributing](https://www.jenkins.io/participate/)
-- [List of newbie-friendly issues in the core](<https://issues.jenkins.io/issues/?jql=project%20%3D%20JENKINS%20AND%20status%20in%20(Open%2C%20%22In%20Progress%22%2C%20Reopened)%20AND%20component%20%3D%20core%20AND%20labels%20in%20(newbie-friendly)>)
+- [List of good first issues in core](<https://github.com/jenkinsci/jenkins/issues?q=is%3Aissue%20is%3Aopen%20label%3A%22good%20first%20issue%22)

Jenkinsfile

@@ -14,12 +14,12 @@ properties([
 
 def axes = [
   platforms: ['linux', 'windows'],
-  jdks: [17, 21, 25],
+  jdks: [21, 25],
 ]
 
 stage('Record build') {
   retry(conditions: [kubernetesAgent(handleNonKubernetes: true), nonresumable()], count: 2) {
-    node('maven-17') {
+    node('maven-21') {
       infra.checkoutSCM()
 
       /*

core/src/main/java/hudson/markup/MarkupFormatter.java

@@ -35,11 +35,8 @@
 import java.io.Writer;
 import java.util.Collections;
 import java.util.Map;
-import java.util.function.Function;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import java.util.stream.Collectors;
-import java.util.stream.Stream;
 import jenkins.util.SystemProperties;
 import org.kohsuke.accmod.Restricted;
 import org.kohsuke.accmod.restrictions.NoExternalUse;
@@ -133,7 +130,7 @@ public HttpResponse doPreviewDescription(@QueryParameter String text) throws IOE
         translate(text, w);
         Map<String, String> extraHeaders = Collections.emptyMap();
         if (PREVIEWS_SET_CSP) {
-            extraHeaders = Stream.of("Content-Security-Policy", "X-WebKit-CSP", "X-Content-Security-Policy").collect(Collectors.toMap(Function.identity(), v -> "default-src 'none';"));
+            extraHeaders = Map.of("Content-Security-Policy", "default-src 'none';");
         }
         return html(200, w.toString(), extraHeaders);
     }

core/src/main/java/hudson/model/ComputerSet.java

@@ -44,6 +44,7 @@
 import hudson.util.FormApply;
 import hudson.util.FormValidation;
 import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.File;
 import java.io.IOException;
 import java.lang.reflect.InvocationTargetException;
@@ -281,6 +282,12 @@ public synchronized void doCreateItem(StaplerRequest2 req, StaplerResponse2 rsp,
         final Jenkins app = Jenkins.get();
         app.checkPermission(Computer.CREATE);
 
+        String requestContentType = req.getContentType();
+
+        boolean isXmlSubmission = requestContentType != null
+                && (requestContentType.startsWith("application/xml")
+                || requestContentType.startsWith("text/xml"));
+
         if (mode != null && mode.equals("copy")) {
             name = checkName(name);
 
@@ -319,6 +326,22 @@ public synchronized void doCreateItem(StaplerRequest2 req, StaplerResponse2 rsp,
             // send the browser to the config page
             rsp.sendRedirect2(result.getNodeName() + "/configure");
         } else {
+            if (isXmlSubmission) {
+                final Node newNode = (Node) Jenkins.XSTREAM2.fromXML(req.getInputStream());
+                name = Util.fixEmptyAndTrim(name);
+
+                if (name != null) {
+                    newNode.setNodeName(name);
+                }
+
+                if (app.getNode(newNode.getNodeName()) != null) {
+                    throw new Failure("Node '" + newNode.getNodeName() + "' already exists");
+                }
+
+                app.addNode(newNode);
+                rsp.setStatus(HttpServletResponse.SC_OK);
+                return;
+            }
             // proceed to step 2
             if (mode == null) {
                 throw new Failure("No mode given");

core/src/main/java/hudson/model/DirectoryBrowserSupport.java

@@ -64,6 +64,7 @@
 import jenkins.security.MasterToSlaveCallable;
 import jenkins.security.ResourceDomainConfiguration;
 import jenkins.security.ResourceDomainRootAction;
+import jenkins.security.csp.CspHeader;
 import jenkins.util.SystemProperties;
 import jenkins.util.VirtualFile;
 import org.apache.commons.io.IOUtils;
@@ -398,13 +399,14 @@ private void serveFile(StaplerRequest2 req, StaplerResponse2 rsp, VirtualFile ro
                 rsp.sendRedirect(302, ResourceDomainRootAction.get().getRedirectUrl(resourceToken, req.getRestOfPath()));
             } else {
                 if (!ResourceDomainConfiguration.isResourceRequest(req)) {
-                    // if we're serving this from the main domain, set CSP headers
+                    // If we're serving this from the main domain, set CSP headers. These override the default CSP headers.
                     String csp = SystemProperties.getString(CSP_PROPERTY_NAME, DEFAULT_CSP_VALUE);
                     if (!csp.trim().isEmpty()) {
                         // allow users to prevent sending this header by setting empty system property
-                        for (String header : new String[]{"Content-Security-Policy", "X-WebKit-CSP", "X-Content-Security-Policy"}) {
-                            rsp.setHeader(header, csp);
-                        }
+                        rsp.setHeader(CspHeader.ContentSecurityPolicy.getHeaderName(), csp);
+                    } else {
+                        // Clear the header value if configured by the user.
+                        rsp.setHeader(CspHeader.ContentSecurityPolicy.getHeaderName(), null);
                     }
                 }
                 InputStream in;

core/src/main/java/hudson/model/Job.java

@@ -1119,12 +1119,15 @@ public long getEstimatedDuration() {
      *
      * @return never null
      */
+    @SuppressWarnings("deprecation")
     public PermalinkList getPermalinks() {
         PeepholePermalink.initialized();
         // TODO: shall we cache this?
         PermalinkList permalinks = new PermalinkList(Permalink.BUILTIN);
-        for (PermalinkProjectAction ppa : getActions(PermalinkProjectAction.class)) {
-            permalinks.addAll(ppa.getPermalinks());
+        for (var action : getActions()) {
+            if (action instanceof PermalinkProjectAction ppa) {
+                permalinks.addAll(ppa.getPermalinks());
+            }
         }
         return permalinks;
     }