New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove dependency on jenkins-js-modules
#7827
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, that's nice. Thanks for taking care of the steps to get a rid of jenkins-js-modules 👍
All downstream PRs have been merged. Still waiting on a release of Design Library and OWASP Dependency-Track. |
Design library has been released. |
OWASP Dependency-Track as well. |
Thank you! I updated the text of the release notes and upgrade guide to mention the specific versions that were just released. From my perspective this PR is ready. |
/label ready-for-merge This PR is now ready for merge. We will merge it after ~24 hours if there is no negative feedback. |
Thoughts on archiving the |
Yeah, core is no longer using this subsystem, and any plugins that are still using it are either suspended or deprecated, so I would think we could archive all three of these: https://github.com/jenkinsci/js-libs |
Problem
The
jenkins-js-modules
dependency is a custom in-house library developed to load JavaScript and CSS from the client side. This is a source of significant complexity and has not been updated since 2016. This dependency is a liability.Solution
Rewrite usages of
<l:css>
and<l:js>
without this dependency and remove these tags from the layout library.In core, usages were limited to the new job page, the plugin manager, and the system information page.
In plugins this is only used by
dependency-track-plugin
andservicenow-cicd-plugin
(and referenced fromdesign-library-plugin
). Once this PR is approved, I will file PRs to update all three and wait for at leastdependency-track-plugin
anddesign-library-plugin
to be released before this PR is merged.Implementation
Rewrote this client-side behavior to be server-side by adding the relevant tags to the Jelly files corresponding to the dynamically generated tags from before. Since the dynamic generation had deduplication logic, I ensured the statically generated versions were also always present at most one time by adding them to the top-most level of Jelly files, the same level that invokes
l:layout
.Testing done
Went to the new job page, the plugin manager, and the system information page. Exercised the relevant functionality and stepped through the code in the debugger to make sure the scripts were still being executed. Verified in the browser tools that the relevant CSS was still being loaded.
Proposed changelog entries
Simplify loading of JavaScript and CSS. Users of OWASP Dependency-Track must upgrade to 4.3.1 or later, and users of ServiceNow CI/CD must upgrade to 2.1 or later.
Proposed upgrade guidelines
Simplify loading of JavaScript and CSS. Users of OWASP Dependency-Track must upgrade to 4.3.1 or later, and users of ServiceNow CI/CD must upgrade to 2.1 or later.
Submitter checklist
@Restricted
or have@since TODO
Javadocs, as appropriate.@Deprecated(since = "TODO")
or@Deprecated(forRemoval = true, since = "TODO")
, if applicable.eval
to ease future introduction of Content Security Policy (CSP) directives (see documentation).Desired reviewers
@mention
Maintainer checklist
Before the changes are marked as
ready-for-merge
:upgrade-guide-needed
label is set and there is a Proposed upgrade guidelines section in the pull request title (see example).lts-candidate
to be considered (see query).