Uploaded image for project: 'Jenkins Website'
  1. Jenkins Website
  2. WEBSITE-277

Add support for plugin warnings to plugin site

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Done (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: plugin-site
    • Labels:
      None
    • Similar Issues:

      Description

      We're adding "warnings" to the update sites that inform users (mostly) about security issues in core and plugins they're using.

      This should also show up on the plugins site.

      • Warnings can be issued for plugins that aren't currently being published
      • Warnings can be issued for past or current releases (the latter needing to be more visible, i.e. no fixed version)

      See https://github.com/jenkinsci/backend-update-center2/pull/96 for the current draft format. The resource file contents are a new top-level element in the update-site.json object with the key 'warnings'.

        Attachments

          Issue Links

            Activity

            Hide
            mmccaskill Michael McCaskill added a comment -

            PRs have been merged to develop.

            Show
            mmccaskill Michael McCaskill added a comment - PRs have been merged to develop.
            Hide
            mmccaskill Michael McCaskill added a comment - - edited

            Daniel Beck Ok sounds good. Thanks for the clarification. I am making a change to default to ".*" for the pattern if it's not given for a version range.

            Verified the pattern is always going to be there so need to account for setting a default.

            Show
            mmccaskill Michael McCaskill added a comment - - edited Daniel Beck Ok sounds good. Thanks for the clarification. I am making a change to default to ".*" for the pattern if it's not given for a version range. Verified the pattern is always going to be there so need to account for setting a default.
            Hide
            danielbeck Daniel Beck added a comment -

            Michael McCaskill No, use the pattern as much as possible, that's the relevant one also used e.g. in Jenkins when it only matters whether "this" version is affected. For active/not, you also have "this" version – the one you show as latest.

            First/last are not guaranteed to be there. If you want to be fancy and the pattern doesn't match current but it's still without first/last, call it "some versions" and move on

            Show
            danielbeck Daniel Beck added a comment - Michael McCaskill No, use the pattern as much as possible, that's the relevant one also used e.g. in Jenkins when it only matters whether "this" version is affected. For active/not, you also have "this" version – the one you show as latest. First/last are not guaranteed to be there. If you want to be fancy and the pattern doesn't match current but it's still without first/last, call it "some versions" and move on
            Hide
            mmccaskill Michael McCaskill added a comment -

            Daniel Beck Oh ok. Currently I am using the pattern to match against the current version of the plugin to determine if it's "active". But if first and last is missing then I can assume it is implicitly active?

            Show
            mmccaskill Michael McCaskill added a comment - Daniel Beck Oh ok. Currently I am using the pattern to match against the current version of the plugin to determine if it's "active". But if first and last is missing then I can assume it is implicitly active?
            Hide
            danielbeck Daniel Beck added a comment -

            Michael McCaskill first and last are optional and only for human consumption, only the regex pattern is used by Jenkins. Unless you can get a list of all versions and match that, first/last is the only useful info you can show. Note that a pattern with neither first nor last is probably .* indicating an issue in all releases.

            Show
            danielbeck Daniel Beck added a comment - Michael McCaskill first and last are optional and only for human consumption, only the regex pattern is used by Jenkins. Unless you can get a list of all versions and match that, first/last is the only useful info you can show. Note that a pattern with neither first nor last is probably .* indicating an issue in all releases.

              People

              Assignee:
              mmccaskill Michael McCaskill
              Reporter:
              danielbeck Daniel Beck
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: