Merge branch 'master' into use-github-logo

.editorconfig

@@ -9,3 +9,7 @@ insert_final_newline = true
 
 [*.md]
 trim_trailing_whitespace = false
+
+[*.java]
+ij_continuation_indent_size = 8
+indent_size = 4

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @jenkinsci/github-branch-source-plugin-developers

.mvn/extensions.xml

@@ -2,6 +2,6 @@
   <extension>
     <groupId>io.jenkins.tools.incrementals</groupId>
     <artifactId>git-changelist-maven-extension</artifactId>
-    <version>1.6</version>
+    <version>1.7</version>
   </extension>
 </extensions>

Jenkinsfile

@@ -1,4 +1,10 @@
-buildPlugin(useContainerAgent: true, configurations: [
-  [platform: 'linux', jdk: 17],
-  [platform: 'windows', jdk: 11],
+/*
+ See the documentation for more options:
+ https://github.com/jenkins-infra/pipeline-library/
+*/
+buildPlugin(
+  useContainerAgent: true, // Set to `false` if you need to use Docker for containerized tests
+  configurations: [
+    [platform: 'linux', jdk: 21],
+    [platform: 'windows', jdk: 17],
 ])

pom.xml

@@ -4,7 +4,7 @@
   <parent>
     <groupId>org.jenkins-ci.plugins</groupId>
     <artifactId>plugin</artifactId>
-    <version>4.66</version>
+    <version>4.79</version>
     <relativePath />
   </parent>
 
@@ -33,7 +33,7 @@
     <changelist>999999-SNAPSHOT</changelist>
     <gitHubRepo>jenkinsci/${project.artifactId}-plugin</gitHubRepo>
     <hpi.compatibleSinceVersion>2.2.0</hpi.compatibleSinceVersion>
-    <jenkins.version>2.387.3</jenkins.version>
+    <jenkins.version>2.414.3</jenkins.version>
     <useBeta>true</useBeta>
     <spotless.check.skip>false</spotless.check.skip>
   </properties>
@@ -42,8 +42,8 @@
     <dependencies>
       <dependency>
         <groupId>io.jenkins.tools.bom</groupId>
-        <artifactId>bom-2.387.x</artifactId>
-        <version>2163.v2d916d90c305</version>
+        <artifactId>bom-2.414.x</artifactId>
+        <version>2718.v7e8a_d43b_3f0b_</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
@@ -70,8 +70,6 @@
     <dependency>
       <groupId>io.jenkins.plugins</groupId>
       <artifactId>okhttp-api</artifactId>
-      <!--Remove once this version is in the bom-->
-      <version>4.10.0-136.v1d8ce1b_1db_72</version>
     </dependency>
     <dependency>
       <groupId>org.jenkins-ci.plugins</groupId>
@@ -88,7 +86,7 @@
     <dependency>
       <groupId>com.github.tomakehurst</groupId>
       <artifactId>wiremock-jre8-standalone</artifactId>
-      <version>2.35.0</version>
+      <version>2.35.1</version>
       <scope>test</scope>
     </dependency>
     <dependency>

src/main/java/org/jenkinsci/plugins/github_branch_source/ForkPullRequestDiscoveryTrait.java

@@ -39,7 +39,6 @@
 import jenkins.scm.api.trait.SCMHeadAuthority;
 import jenkins.scm.api.trait.SCMHeadAuthorityDescriptor;
 import jenkins.scm.api.trait.SCMSourceContext;
-import jenkins.scm.api.trait.SCMSourceRequest;
 import jenkins.scm.api.trait.SCMSourceTrait;
 import jenkins.scm.api.trait.SCMSourceTraitDescriptor;
 import jenkins.scm.impl.ChangeRequestSCMHeadCategory;
@@ -83,6 +82,12 @@ public class ForkPullRequestDiscoveryTrait extends SCMSourceTrait {
      * @param trust the authority to use.
      */
     @DataBoundConstructor
+    public ForkPullRequestDiscoveryTrait(int strategyId, @NonNull GitHubForkTrustPolicy trust) {
+        this.strategyId = strategyId;
+        this.trust = trust;
+    }
+
+    @Deprecated
     public ForkPullRequestDiscoveryTrait(
             int strategyId,
             @NonNull
@@ -236,17 +241,23 @@ public List<SCMHeadAuthorityDescriptor> getTrustDescriptors() {
         }
     }
 
+    /** Trust policy for forked pull requests.
+     * <p>
+     * This reduces generics in the DataBoundConstructor signature as a workaround for JENKINS-26535.
+     */
+    public abstract static class GitHubForkTrustPolicy
+            extends SCMHeadAuthority<GitHubSCMSourceRequest, PullRequestSCMHead, PullRequestSCMRevision> {}
+
     /** An {@link SCMHeadAuthority} that trusts nothing. */
-    public static class TrustNobody
-            extends SCMHeadAuthority<SCMSourceRequest, PullRequestSCMHead, PullRequestSCMRevision> {
+    public static class TrustNobody extends GitHubForkTrustPolicy {
 
         /** Constructor. */
         @DataBoundConstructor
         public TrustNobody() {}
 
         /** {@inheritDoc} */
         @Override
-        public boolean checkTrusted(@NonNull SCMSourceRequest request, @NonNull PullRequestSCMHead head) {
+        public boolean checkTrusted(@NonNull GitHubSCMSourceRequest request, @NonNull PullRequestSCMHead head) {
             return false;
         }
 
@@ -270,8 +281,7 @@ public boolean isApplicableToOrigin(@NonNull Class<? extends SCMHeadOrigin> orig
     }
 
     /** An {@link SCMHeadAuthority} that trusts contributors to the repository. */
-    public static class TrustContributors
-            extends SCMHeadAuthority<GitHubSCMSourceRequest, PullRequestSCMHead, PullRequestSCMRevision> {
+    public static class TrustContributors extends GitHubForkTrustPolicy {
         /** Constructor. */
         @DataBoundConstructor
         public TrustContributors() {}
@@ -303,8 +313,7 @@ public boolean isApplicableToOrigin(@NonNull Class<? extends SCMHeadOrigin> orig
     }
 
     /** An {@link SCMHeadAuthority} that trusts those with write permission to the repository. */
-    public static class TrustPermission
-            extends SCMHeadAuthority<GitHubSCMSourceRequest, PullRequestSCMHead, PullRequestSCMRevision> {
+    public static class TrustPermission extends GitHubForkTrustPolicy {
 
         /** Constructor. */
         @DataBoundConstructor
@@ -347,15 +356,14 @@ public boolean isApplicableToOrigin(@NonNull Class<? extends SCMHeadOrigin> orig
     }
 
     /** An {@link SCMHeadAuthority} that trusts everyone. */
-    public static class TrustEveryone
-            extends SCMHeadAuthority<SCMSourceRequest, PullRequestSCMHead, PullRequestSCMRevision> {
+    public static class TrustEveryone extends GitHubForkTrustPolicy {
         /** Constructor. */
         @DataBoundConstructor
         public TrustEveryone() {}
 
         /** {@inheritDoc} */
         @Override
-        protected boolean checkTrusted(@NonNull SCMSourceRequest request, @NonNull PullRequestSCMHead head) {
+        protected boolean checkTrusted(@NonNull GitHubSCMSourceRequest request, @NonNull PullRequestSCMHead head) {
             return true;
         }
 

src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubAppCredentials.java

@@ -123,7 +123,7 @@ public Secret getPrivateKey() {
     }
 
     /**
-     * Owner of this installation, i.e. a user or organisation, used to differeniate app installations
+     * Owner of this installation, i.e. a user or organisation, used to differentiate app installations
      * when the app is installed to multiple organisations / users.
      *
      * <p>If this is null then call listInstallations and if there's only one in the list then use
@@ -323,6 +323,11 @@ public String getUsername() {
         return appID;
     }
 
+    @Override
+    public boolean isUsernameSecret() {
+        return false;
+    }
+
     @NonNull
     public synchronized GitHubAppCredentials withOwner(@NonNull String owner) {
         if (this.owner != null) {
@@ -692,6 +697,21 @@ public FormValidation doTestConnection(
             gitHubAppCredential.setOwner(owner);
 
             try {
+                // If no owner is specified, check if the app has multiple installations.
+                if (owner == null || owner.isEmpty()) {
+                    GitHub gitHubApp = TokenProvider.createTokenRefreshGitHub(
+                            appID, privateKey, gitHubAppCredential.actualApiUri());
+                    List<GHAppInstallation> appInstallations =
+                            gitHubApp.getApp().listInstallations().toList();
+                    if (appInstallations.size() > 1) {
+                        // Just pick the owner of the first installation, so we have a valid
+                        // owner to create an access token for testing the connection.
+                        String anyInstallationOwner =
+                                appInstallations.get(0).getAccount().getLogin();
+                        gitHubAppCredential.setOwner(anyInstallationOwner);
+                    }
+                }
+
                 GitHub connect = Connector.connect(apiUri, gitHubAppCredential);
                 try {
                     return FormValidation.ok("Success, Remaining rate limit: "

src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java

@@ -38,6 +38,7 @@
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import hudson.AbortException;
 import hudson.Extension;
+import hudson.ExtensionList;
 import hudson.RestrictedSince;
 import hudson.Util;
 import hudson.console.HyperlinkNote;
@@ -62,7 +63,6 @@
 import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import javax.inject.Inject;
 import jenkins.model.Jenkins;
 import jenkins.plugins.git.traits.GitBrowserSCMSourceTrait;
 import jenkins.scm.api.SCMNavigator;
@@ -127,6 +127,12 @@ public class GitHubSCMNavigator extends SCMNavigator {
     @CheckForNull
     private String credentialsId;
     /** The behavioural traits to apply. */
+
+    /**
+     * Whether to enable the retrieval of the Organization avatar. If false, then the default GitHub logo will be used.
+     */
+    private Boolean enableAvatar;
+
     @NonNull
     private List<SCMTrait<? extends SCMTrait<?>>> traits;
 
@@ -301,6 +307,27 @@ public void setCredentialsId(@CheckForNull String credentialsId) {
         this.credentialsId = Util.fixEmpty(credentialsId);
     }
 
+    /**
+     * Return if the avatar retrieval is enabled.
+     *
+     * @return true is enabled, false otherwise
+     */
+    @NonNull
+    @SuppressWarnings("unused") // stapler
+    public boolean isEnableAvatar() {
+        return Boolean.TRUE.equals(enableAvatar);
+    }
+
+    /**
+     * Enable retrieval of the organization avatar.
+     *
+     * @param enableAvatar true to enable, false to disable
+     */
+    @DataBoundSetter
+    public void setEnableAvatar(boolean enableAvatar) {
+        this.enableAvatar = enableAvatar;
+    }
+
     /**
      * Gets the name of the owner who's repositories will be navigated.
      *
@@ -364,6 +391,9 @@ private Object readResolve() {
         if (scanCredentialsId != null) {
             credentialsId = scanCredentialsId;
         }
+        if (enableAvatar == null) {
+            enableAvatar = Boolean.TRUE;
+        }
         if (traits == null) {
             boolean buildOriginBranch = this.buildOriginBranch == null || this.buildOriginBranch;
             boolean buildOriginBranchWithPR = this.buildOriginBranchWithPR == null || this.buildOriginBranchWithPR;
@@ -1530,7 +1560,7 @@ public List<Action> retrieveActions(
                 Connector.lookupScanCredentials((Item) owner, getApiUri(), credentialsId, repoOwner);
         GitHub hub = Connector.connect(getApiUri(), credentials);
         Connector.configureLocalRateLimitChecker(listener, hub);
-        boolean privateMode = determinePrivateMode(apiUri);
+        boolean privateMode = !isEnableAvatar() || determinePrivateMode(apiUri);
         try {
             GHUser u = hub.getUser(getRepoOwner());
             String objectUrl = u.getHtmlUrl() == null ? null : u.getHtmlUrl().toExternalForm();
@@ -1685,9 +1715,6 @@ public static class DescriptorImpl extends SCMNavigatorDescriptor implements Ico
         @RestrictedSince("2.2.0")
         public static final boolean defaultBuildForkPRHead = false;
 
-        @Inject
-        private GitHubSCMSource.DescriptorImpl delegate;
-
         /** {@inheritDoc} */
         @Override
         public String getPronoun() {
@@ -1863,7 +1890,8 @@ public boolean test(SCMTraitDescriptor<?> scmTraitDescriptor) {
         @SuppressWarnings("unused") // jelly
         @NonNull
         public List<SCMTrait<? extends SCMTrait<?>>> getTraitsDefaults() {
-            return new ArrayList<>(delegate.getTraitsDefaults());
+            return new ArrayList<>(ExtensionList.lookupSingleton(GitHubSCMSource.DescriptorImpl.class)
+                    .getTraitsDefaults());
         }
 
         static {

src/main/resources/org/jenkinsci/plugins/github_branch_source/GitHubAppCredentials/help-owner.html

@@ -1,6 +1,7 @@
 <p>
     The organisation or user that this app is to be used for.
-    Only required if this app is installed to multiple organisations.
+    Only required if this app is installed to multiple organisations and connections
+    should be restricted to a single organisation.
     May be omitted in case credentials are used from GitHub multibranch projects
     (in that case the account is determined from the branch source where the credentials are used).
 </p>

src/main/resources/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator/config.jelly

@@ -19,6 +19,9 @@
   <f:entry title="${%Owner}" field="repoOwner">
     <f:textbox/>
   </f:entry>
+  <f:entry title="${%Enable Avatar}" field="enableAvatar">
+    <f:checkbox/>
+  </f:entry>
   <f:entry title="${%Behaviours}">
     <scm:traits field="traits"/>
   </f:entry>

src/main/resources/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator/help-enableAvatar.html

@@ -0,0 +1,4 @@
+<div>
+    <p>Whether to use the <strong>GitHub Organization</strong> or <strong>GitHub User Account</strong> avatar as icon (only possible if private mode is disabled).</p>
+    <p>Note: this consumes an anonymous call to check if private mode is enabled. Although the result of this check is cached for some time (20 hours by default), this can block operations in some environments. See <a href="https://issues.jenkins.io/browse/JENKINS-72030">JENKINS-72030</a></p>
+</div>

src/main/resources/org/jenkinsci/plugins/github_branch_source/Messages.properties

@@ -13,7 +13,7 @@ ForkPullRequestDiscoveryTrait.nobodyDisplayName=Nobody
 GitHubBranchFilter.DisplayName=GitHub Branch Jobs Only
 
 GitHubBuildStatusNotification.CommitStatus.Good=This commit looks good
-GitHubBuildStatusNotification.CommitStatus.Unstable=This commit has test failures
+GitHubBuildStatusNotification.CommitStatus.Unstable=This commit failed tests or other validations
 GitHubBuildStatusNotification.CommitStatus.Failure=This commit cannot be built
 GitHubBuildStatusNotification.CommitStatus.Aborted=The build of this commit was aborted
 GitHubBuildStatusNotification.CommitStatus.Other=Something is wrong with the build of this commit