Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove dependency on jenkins-js-modules #7827

Merged
merged 4 commits into from Apr 13, 2023
Merged

Remove dependency on jenkins-js-modules #7827

merged 4 commits into from Apr 13, 2023

Conversation

basil
Copy link
Member

@basil basil commented Apr 8, 2023
edited

Problem

The jenkins-js-modules dependency is a custom in-house library developed to load JavaScript and CSS from the client side. This is a source of significant complexity and has not been updated since 2016. This dependency is a liability.

Solution

Rewrite usages of <l:css> and <l:js> without this dependency and remove these tags from the layout library.

In core, usages were limited to the new job page, the plugin manager, and the system information page.

In plugins this is only used by dependency-track-plugin and servicenow-cicd-plugin (and referenced from design-library-plugin). Once this PR is approved, I will file PRs to update all three and wait for at least dependency-track-plugin and design-library-plugin to be released before this PR is merged.

Implementation

Rewrote this client-side behavior to be server-side by adding the relevant tags to the Jelly files corresponding to the dynamically generated tags from before. Since the dynamic generation had deduplication logic, I ensured the statically generated versions were also always present at most one time by adding them to the top-most level of Jelly files, the same level that invokes l:layout.

Testing done

Went to the new job page, the plugin manager, and the system information page. Exercised the relevant functionality and stepped through the code in the debugger to make sure the scripts were still being executed. Verified in the browser tools that the relevant CSS was still being loaded.

Proposed changelog entries

Simplify loading of JavaScript and CSS. Users of OWASP Dependency-Track must upgrade to 4.3.1 or later, and users of ServiceNow CI/CD must upgrade to 2.1 or later.

Proposed upgrade guidelines

Simplify loading of JavaScript and CSS. Users of OWASP Dependency-Track must upgrade to 4.3.1 or later, and users of ServiceNow CI/CD must upgrade to 2.1 or later.

Submitter checklist

  • The Jira issue, if it exists, is well-described.
  • The changelog entries and upgrade guidelines are appropriate for the audience affected by the change (users or developers, depending on the change) and are in the imperative mood (see examples).
    • Fill in the Proposed upgrade guidelines section only if there are breaking changes or changes that may require extra steps from users during upgrade.
  • There is automated testing or an explanation as to why this change has no tests.
  • New public classes, fields, and methods are annotated with @Restricted or have @since TODO Javadocs, as appropriate.
  • New deprecations are annotated with @Deprecated(since = "TODO") or @Deprecated(forRemoval = true, since = "TODO"), if applicable.
  • New or substantially changed JavaScript is not defined inline and does not call eval to ease future introduction of Content Security Policy (CSP) directives (see documentation).
  • For dependency updates, there are links to external changelogs and, if possible, full differentials.
  • For new APIs and extension points, there is a link to at least one consumer.

Desired reviewers

@mention

Maintainer checklist

Before the changes are marked as ready-for-merge:

  • There are at least two (2) approvals for the pull request and no outstanding requests for change.
  • Conversations in the pull request are over, or it is explicit that a reviewer is not blocking the change.
  • Changelog entries in the pull request title and/or Proposed changelog entries are accurate, human-readable, and in the imperative mood.
  • Proper changelog labels are set so that the changelog can be generated automatically.
  • If the change needs additional upgrade steps from users, the upgrade-guide-needed label is set and there is a Proposed upgrade guidelines section in the pull request title (see example).
  • If it would make sense to backport the change to LTS, a Jira issue must exist, be a Bug or Improvement, and be labeled as lts-candidate to be considered (see query).

@basil basil added the upgrade-guide-needed This changes might be breaking in rare circumstances, an entry in the LTS upgrade guide is needed label Apr 8, 2023
@basil basil mentioned this pull request Apr 8, 2023
Closed
14 tasks
This was referenced Apr 8, 2023
Merged
Merged
Merged
Merged
NotMyFault
NotMyFault approved these changes Apr 9, 2023
View reviewed changes
Copy link
Member

@NotMyFault NotMyFault left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, that's nice. Thanks for taking care of the steps to get a rid of jenkins-js-modules 👍

@basil
Copy link
Member Author

basil commented Apr 12, 2023

All downstream PRs have been merged. Still waiting on a release of Design Library and OWASP Dependency-Track.

@NotMyFault
Copy link
Member

All downstream PRs have been merged. Still waiting on a release of Design Library and OWASP Dependency-Track.

Design library has been released.

@sephiroth-j
Copy link
Member

OWASP Dependency-Track as well.

@basil
Copy link
Member Author

basil commented Apr 12, 2023

Thank you! I updated the text of the release notes and upgrade guide to mention the specific versions that were just released. From my perspective this PR is ready.

@NotMyFault
Copy link
Member

/label ready-for-merge

This PR is now ready for merge. We will merge it after ~24 hours if there is no negative feedback.
Please see the merge process documentation for more information about the merge process.
Thanks!

@comment-ops-bot comment-ops-bot bot added the ready-for-merge The PR is ready to go, and it will be merged soon if there is no negative feedback label Apr 12, 2023
@NotMyFault NotMyFault merged commit 6ca9b5e into jenkinsci:master Apr 13, 2023
16 checks passed
@NotMyFault NotMyFault added the removed This PR removes a feature or a public API label Apr 13, 2023
@NotMyFault
Copy link
Member

Thoughts on archiving the jenkins-js-modules repository, or at least putting a note in place outlining that it's no longer maintained?

@NotMyFault NotMyFault mentioned this pull request Apr 13, 2023
Open
@basil
Copy link
Member Author

basil commented Apr 13, 2023
edited

Yeah, core is no longer using this subsystem, and any plugins that are still using it are either suspended or deprecated, so I would think we could archive all three of these:

https://github.com/jenkinsci/js-libs
https://github.com/jenkinsci/js-modules
https://github.com/jenkinsci/js-samples

@basil basil deleted the remove-jenkins-js-modules branch April 13, 2023 23:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daniel-beck daniel-beck daniel-beck approved these changes

@NotMyFault NotMyFault NotMyFault approved these changes

@timja timja timja approved these changes

@janfaracik janfaracik janfaracik approved these changes

Assignees
No one assigned
Labels
ready-for-merge The PR is ready to go, and it will be merged soon if there is no negative feedback removed This PR removes a feature or a public API upgrade-guide-needed This changes might be breaking in rare circumstances, an entry in the LTS upgrade guide is needed
Projects
None yet
Milestone
No milestone
6 participants
@basil @NotMyFault @sephiroth-j @daniel-beck @timja @janfaracik