Upgrade to badge-plugin 2.x #81
Conversation
* new baseline 2.440.x
Match with Jenkins plugin archetype https://www.jenkins.io/doc/developer/publishing/new-plugin/
The dependee plugin binary causes lots of noise when the JenkinsRule test is starting. The noise includes many reports of plugins that cannot be loaded because they require newer dependencies, even though the newest dependencies are already included as test scoped dependencies in the pom file. I assume that is due to the ancient Jenkins version that is referenced in the dependee plugin binary. The dependee plugin was built in 2013 and is not part of the Jenkins update center. Use the script security plugin instead because it is already a dependency and does not require separate script approval. Detected the test noise while evaluating pull request: * jenkinsci#81 The test was passing but was generating many failure messages because badge plugin 1.13 could not be loaded. Those messages no longer happen with this test change. Adds more assertions on the BadgeAction object for good measure.
The dependee plugin binary causes lots of noise when the JenkinsRule test is starting. The noise includes many reports of plugins that cannot be loaded because they require newer dependencies, even though the newest dependencies are already included as test scoped dependencies in the pom file. I assume that is due to the ancient Jenkins version that is referenced in the dependee plugin binary. The dependee plugin was built in 2013 and is not part of the Jenkins update center. Use the script security plugin instead because it is already a dependency and does not require separate script approval. Detected the test noise while evaluating pull request: * #81 The test was passing but was generating many failure messages because badge plugin 1.13 could not be loaded. Those messages no longer happen with this test change. Adds more assertions on the BadgeAction object for good measure.
|
Thanks for the pull request. I've successfully compared the results of the badge methods:
I've successfully compared the results of the build method steps:
The Badge 1.13Pipeline: Build page containing the summary:
Badge 2.1Same Pipeline script: Build page containing the summary:
The hyperlink is not rendered as a hyperlink in the new code and the image is rendered as a gif instead of being converted to an SVG. If I switch the markup formatter in the new code from "Plain text" to "Safe HTML", then the hyperlink is shown the same in 2.1 as it was in 1.13. |
|
The use of the Jenkins markup formatter in the new code allows me to install the Markdown formatter plugin and use Markdown in my summaries instead of using HTML. I'm not sure what fraction of users are already using the safe HTML markup formatter on the Jenkins controller where they use Is it feasible to have a compatibility mode that renders HTML in summaries as HTML rather than breaking user summaries on controllers that are using the plain text markup formatter? |
|
Another minor difference that I've detected is visible when hovering over the badge in the build history. The hover text from badge 1.13 fits the text while the hover text for badge 2.1 has an additional empty line inside it. Badge 1.13
Badge 2.1
The difference seems to be purely cosmetic, but since I detected it, I thought that I should note it here. |
To me the behavior of the 1.x version is highly questionable in terms of security as it would allow to completely bypass HTML sanitation. Which was the main reason why I wanted to remove it. I could imagine something like „if plaintext formatter is configured but safe html formatter is available use it if a configuration is set“ - but that would involve manual tasks (setting a environment flag, configuration, and the likes) which by the end would be similar to changing Jenkins global markup formatter. So I guess what I’m trying to say that it would definitely not be impossible but it goes against so many principles of software security that I can not bring myself to like the idea 😅 Maybe there is another approach? |
That’s odd, I will look into it. |
Compatible with badge plugin 2.1 as part of * jenkinsci/groovy-postbuild-plugin#81 Needs more testing.
I can not reproduce this on my end using Jenkins 2.440.3 and 2.462.2 with neither Firefox, Chrome or Edge. |
Thanks for trying. I cannot duplicate it either. I recreated my installation from the git repository where I'm tracking its details and the problem is no longer visible to me. The screenshots are real, but I don't have the steps that will duplicate the issue. Let's ignore that cosmetic issue until I find a way to duplicate it. |
I'm not aware of any security issue with the 1.x version, but I understand the desire to use an existing, standard component to process the HTML markup instead of using something that is specific to the Badge plugin.
Would it be enough if we added documentation to the README that describes the alternatives that are now available thanks to this change? I think there are multiple scenarios that we need to describe:
|
Sounds reasonable to me, I will write something up for the Release Notes / Readme. |
|
该插件什么时候可以正常工作 |
The plugin will work properly if you install badge plugin 1.13 instead of badge plugin 2.1. Use the Jenkins plugin manager "Advanced Settings" to upload badge plugin 1.13 from the URL: If you must have badge plugin 2.1, then you'll need to use the pre-release build that is available from the "Incrementals Publisher" section of the GitHub checks. That is also a great way for you to help test the pre-release of the plugin. If you'd rather wait for others to test the pre-release of the plugin, then you'll need to downgrade the badge plugin to 1.13. |
Thank you for the great work 👍🏻 i installed the pre release version and it works great so far |
I updated the release notes( linked in the README), adding a section for troubleshooting: https://github.com/jenkinsci/badge-plugin/releases/tag/badge-2.0 Once this PR is merged and released I'd also add the version compatibility information. |
|
Just wanted to p0st about a broken |
Can you confirm that the pull request build addresses the issue and does not cause unexpected harm? |
Co-authored-by: Basil Crow <me@basilcrow.com>
|
While comparing previous behavior and new behavior, I found a case where a Pipeline job previously included an icon and with the new code the icon is unavailable / broken. PipelineBadge 1.13 and postbuild 228.vcdb_cf7265066
Badge 2.2 and postbuild from this pull request
|
|
@strangelookingnerd I'm at the point where I've found inconsistencies but not major incompatibilities. I think it is time to release the groovy postbuild plugin with the updated documentation that is included in this pull request and accept that users will likely report additional issues that need further changes. Do you agree? |
|
I may have found a workaround for some of the cases of gif image quality. Several of the images from the original list of gif images have a matching SVG image in the /images/svgs/ directory.
The following gif images do not have an obvious replacement from the svgs directory:
I think that the groovy-postbuild plugin could detect references to those known gif images and replace them with SVG references. Does that seem reasonable? |
Sorry for the late response. Yes I think it would be best to ship the changes now and wait for feedback in case there is more to fix. |
I was already thinking of doing that for the badge-plugin itself. Usage of SVG / symbols should be preferred in any case. |
MarkEWaite
added
breaking
Include details of the markup formatters that have been tested and a warning to existing users that they may need to enable the safe HTML formatter.
|
I've added documentation for markup formatters and have enabled auto-merge. It should merge and release once the CI job passes. |
Restores compatibility with latest
badge-pluginversion. See discussion in jenkinsci/badge-plugin#189This also updates the baseline to 2.440.x
Testing done
Ran existing tests without issue. I did only try a limited set of manual UI tests, a second pair of eyes would be appreciated.
Submitter checklist