Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-63269

Jenkins WAR should not bundle JUnit and Hamcrest libraries

    XMLWordPrintable

    Details

    • Similar Issues:
    • Released As:
      jenkins-2.253

      Description

      While working on Jenkinsfile Runner, I have noticed that the Jenkins Core includes JUnit JAR and Hamcrest JARs as transitive dependencies. Looks like it was my mistake in 2017 when I was working on a custom patch for commons-httpclient with vulnerability fix backports. It leads to 350KB of extra libraries, and, which is worse, potentially messes up the classpaths for testing environments and plugins

      Dependency tree:

       [INFO] +- io.jenkins.jenkinsfile-runner:setup:jar:1.0-beta-16-SNAPSHOT:compile
      [INFO] | +- org.jenkins-ci.main:jenkins-core:jar:2.246:compile
      [INFO] | | +- org.jenkins-ci.plugins.icon-shim:icon-set:jar:1.0.5:compile
      [INFO] | | +- org.jenkins-ci.main:remoting:jar:4.5:compile
      ...
      [INFO] | | +- org.kohsuke.stapler:json-lib:jar:2.4-jenkins-2:compile
      [INFO] | | | \- net.sf.ezmorph:ezmorph:jar:1.0.6:compile
      [INFO] | | +- commons-httpclient:commons-httpclient:jar:3.1-jenkins-1:compile
      [INFO] | | | \- junit:junit:jar:4.13:compile
      [INFO] | | | \- org.hamcrest:hamcrest-core:jar:1.3:compile

      Screenshot of a jenkins.war:

        Attachments

          Activity

          oleg_nenashev Oleg Nenashev created issue -
          oleg_nenashev Oleg Nenashev made changes -
          Field Original Value New Value
          Component/s core [ 15593 ]
          Component/s core [ 21134 ]
          Key INFRA-2696 JENKINS-63269
          Workflow classic default workflow [ 245332 ] JNJira + In-Review [ 245333 ]
          Project Infrastructure [ 10301 ] Jenkins [ 10172 ]
          oleg_nenashev Oleg Nenashev made changes -
          Summary Jenkins WAr bundles JUnit and Hamcrest Jenkins WAR should not bundle JUnit and Hamcrest libraries
          oleg_nenashev Oleg Nenashev made changes -
          Assignee Oleg Nenashev [ oleg_nenashev ]
          oleg_nenashev Oleg Nenashev made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          oleg_nenashev Oleg Nenashev made changes -
          Remote Link This issue links to "https://github.com/jenkinsci/lib-commons-httpclient/pull/2 (Web Link)" [ 25408 ]
          timja Tim Jacomb made changes -
          Status In Progress [ 3 ] In Review [ 10005 ]
          Show
          oleg_nenashev Oleg Nenashev added a comment - https://github.com/jenkinsci/lib-commons-httpclient/releases/tag/commons-httpclient-3.1-jenkins-2  as a first leg of the fix
          Hide
          sparshev Sergei Parshev added a comment - - edited

          Hello Guys, jenkinsbro uses built-in junit library to execute jenkins automation tests. I see it's not available in jenkins-2.253 anymore (and still was here in jenkins-2.252).

          I think junit is very useful as built-in in jenkins, so why we have to remove it? Maybe it's possible to leave it in the core for self-testing purposes? Or some another simple framework to run the tests...

          Show
          sparshev Sergei Parshev added a comment - - edited Hello Guys, jenkinsbro uses built-in junit library to execute jenkins automation tests. I see it's not available in jenkins-2.253 anymore (and still was here in jenkins-2.252). I think junit is very useful as built-in in jenkins, so why we have to remove it? Maybe it's possible to leave it in the core for self-testing purposes? Or some another simple framework to run the tests...
          danielbeck Daniel Beck made changes -
          Released As jenkins-2.253
          Resolution Fixed [ 1 ]
          Status In Review [ 10005 ] Resolved [ 5 ]
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          Sergei Parshev The main risk is binary conflicts with testing tools like Jenkins Test Harness.

          Regarding jenkinsbro, I did not expect to see somebody actually using the libraries. Great to know about the project. Commonly projects use Jenkins test Harness if they want to test Jenkins runtime as a whitebox. Not sure whether it qualifies as a simple framework, but it works

          For this particular use-case in jenkinsbro it might be feasible to just pass the libraries through classpath so they do not need to be bundled. Would it work for you?

          Show
          oleg_nenashev Oleg Nenashev added a comment - Sergei Parshev The main risk is binary conflicts with testing tools like Jenkins Test Harness. Regarding jenkinsbro, I did not expect to see somebody actually using the libraries. Great to know about the project. Commonly projects use Jenkins test Harness if they want to test Jenkins runtime as a whitebox. Not sure whether it qualifies as a simple framework, but it works For this particular use-case in jenkinsbro it might be feasible to just pass the libraries through classpath so they do not need to be bundled. Would it work for you?
          Hide
          sparshev Sergei Parshev added a comment -

          So I actually moved jenkinsbro test module to use grab ( https://github.com/rabits/jenkinsbro/commit/ba9f7e6be50913df14e49d4b9054c52bf6962ea1 ) - hopefully it will be available in the future versions of Jenkins)

          Show
          sparshev Sergei Parshev added a comment - So I actually moved jenkinsbro test module to use grab ( https://github.com/rabits/jenkinsbro/commit/ba9f7e6be50913df14e49d4b9054c52bf6962ea1 ) - hopefully it will be available in the future versions of Jenkins)

            People

            Assignee:
            oleg_nenashev Oleg Nenashev
            Reporter:
            oleg_nenashev Oleg Nenashev
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: