Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-74301

[image-gallery] Migrate legacy checkUrl attribute in org/jenkinsci/plugins/imagegallery/comparative/InFolderComparativeArchivedImagesGallery/config.jelly

XMLWordPrintable

      Note

      While testing this plugin, evaluate whether the third-party libraries in src/main/webapp are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.

      Problem

      == Legacy checkUrl
Line: 7
----
checkUrl="'${rootURL}/publisher/ImageGalleryRecorder/checkMandatory?value='+escape(this.value)"
----

      Solution

      https://www.jenkins.io/doc/developer/security/csp/#legacy-javascript-checkurl-validation

          [JENKINS-74301] [image-gallery] Migrate legacy checkUrl attribute in org/jenkinsci/plugins/imagegallery/comparative/InFolderComparativeArchivedImagesGallery/config.jelly

          Bruno P. Kinoshita added a comment -

          Hi basil , is this an automated issue? I got 24 emails, each seem to be for a separate issue about checkUrl?

          Bruno P. Kinoshita added a comment - Hi basil , is this an automated issue? I got 24 emails, each seem to be for a separate issue about checkUrl?

          Basil Crow added a comment -

          kinow Sorry for the spam. I filed one Jira ticket per file, as each file generally represents a different Jelly view and thus represents a different (manual) testing task. In my experience working on this project, trying to tackle too many Jelly views in one ticket/PR makes it challenging to keep track of what was manually tested and what was not and thus increases the risk of regression.

          Basil Crow added a comment - kinow Sorry for the spam. I filed one Jira ticket per file, as each file generally represents a different Jelly view and thus represents a different (manual) testing task. In my experience working on this project, trying to tackle too many Jelly views in one ticket/PR makes it challenging to keep track of what was manually tested and what was not and thus increases the risk of regression.

          Bruno P. Kinoshita added a comment -

          >  In my experience working on this project, trying to tackle too many Jelly views in one ticket/PR makes it challenging to keep track of what was manually tested and what was not and thus increases the risk of regression.

          I see that point, but on the other hand, there's no way I'll track all these issues. Even though there are 24, I will tackle this someday in one big go, and either update one of the Jira issues, or create a separate one. Otherwise, the little spare time I have would have to have a big chunk saved for updating each issue which is not very practical.

          Not saying one single issue would be better, as your point stands as a good one too IMHO, just that perhaps instead of spam vs. a single ticket that's not easy to test, we could test subissues or tasks of issues (last I used Jira in a company someone used it in a project), or suggest moving to GitHub with checklists (not sure if that's available now in JIRA), etc.

          Bruno P. Kinoshita added a comment - >  In my experience working on this project, trying to tackle too many Jelly views in one ticket/PR makes it challenging to keep track of what was manually tested and what was not and thus increases the risk of regression. I see that point, but on the other hand, there's no way I'll track all these issues. Even though there are 24, I will tackle this someday in one big go, and either update one of the Jira issues, or create a separate one. Otherwise, the little spare time I have would have to have a big chunk saved for updating each issue which is not very practical. Not saying one single issue would be better, as your point stands as a good one too IMHO, just that perhaps instead of spam vs. a single ticket that's not easy to test, we could test subissues or tasks of issues (last I used Jira in a company someone used it in a project), or suggest moving to GitHub with checklists (not sure if that's available now in JIRA), etc.

          Basil Crow added a comment -

          Thanks for the feedback kinow. A single parent issue with subtasks would work too, though I decided against that approach to keeps a flat structure which was easy for me to track in this spreadsheet. Ultimately project management is a fairly subjective endeavor and it is up to each maintainer to decide how to manage issues. A different maintainer also complained about the large number of tickets and consolidated them into a single one, which is perfectly fine with me. BTW in case you haven't heard, Alpha-Omega is funding work on this project for two more months, so you may see some contributions to fix these issues (although we likely won't get to image-gallery because it is installed on so few controllers, though Active Choices might be on the list). While it ultimately doesn't matter much either way, keeping the tickets as-is would be the least-friction approach as the project team goes through the spreadsheet linked above.

          Basil Crow added a comment - Thanks for the feedback kinow . A single parent issue with subtasks would work too, though I decided against that approach to keeps a flat structure which was easy for me to track in this spreadsheet . Ultimately project management is a fairly subjective endeavor and it is up to each maintainer to decide how to manage issues. A different maintainer also complained about the large number of tickets and consolidated them into a single one, which is perfectly fine with me. BTW in case you haven't heard, Alpha-Omega is funding work on this project for two more months, so you may see some contributions to fix these issues (although we likely won't get to image-gallery because it is installed on so few controllers, though Active Choices might be on the list). While it ultimately doesn't matter much either way, keeping the tickets as-is would be the least-friction approach as the project team goes through the spreadsheet linked above.

          Bruno P. Kinoshita added a comment -

          Sounds good Basil! Thanks for accommodating to how maintainers choose to work, and thanks for taking care of this. Even though I'm ranting about the number of issues, I'd rather have this or any kind of notification than only learn about it when trying to update the Jenkins version Really appreciate!

          Bruno P. Kinoshita added a comment - Sounds good Basil! Thanks for accommodating to how maintainers choose to work, and thanks for taking care of this. Even though I'm ranting about the number of issues, I'd rather have this or any kind of notification than only learn about it when trying to update the Jenkins version Really appreciate!

            Unassigned Unassigned
            basil Basil Crow
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: