Modernize to Jenkins 2.479 and Jakarta EE 9

* Adapter methods are added for old overrides.
* Switch to JUnit 5 for tests

Author: mtughan

pom.xml

@@ -4,8 +4,7 @@
   <parent>
     <groupId>org.jenkins-ci.plugins</groupId>
     <artifactId>plugin</artifactId>
-    <version>4.86</version>
-    <relativePath/>
+    <version>5.3</version>
   </parent>
 
   <artifactId>git-server</artifactId>
@@ -17,7 +16,8 @@
 
   <properties>
     <changelist>999999-SNAPSHOT</changelist>
-    <jenkins.version>2.440.3</jenkins.version>
+    <jenkins.baseline>2.479</jenkins.baseline>
+    <jenkins.version>${jenkins.baseline}.1</jenkins.version>
     <gitHubRepo>jenkinsci/${project.artifactId}-plugin</gitHubRepo>
   </properties>
 
@@ -40,8 +40,8 @@
     <dependencies>
       <dependency>
         <groupId>io.jenkins.tools.bom</groupId>
-        <artifactId>bom-2.440.x</artifactId>
-        <version>3234.v5ca_5154341ef</version>
+        <artifactId>bom-${jenkins.baseline}.x</artifactId>
+        <version>3696.vb_b_4e2d1a_0542</version>
         <scope>import</scope>
         <type>pom</type>
       </dependency>
@@ -65,7 +65,7 @@
     <dependency>
       <groupId>org.eclipse.jgit</groupId>
       <artifactId>org.eclipse.jgit.ssh.apache</artifactId>
-      <version>6.9.0.202403050737-r</version>
+      <version>7.0.0.202409031743-r</version>
       <scope>test</scope>
     </dependency>
     <dependency>

src/main/java/org/jenkinsci/plugins/gitserver/CSRFExclusionImpl.java

@@ -3,18 +3,18 @@
 import hudson.Extension;
 import hudson.security.csrf.CrumbExclusion;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ReadListener;
-import javax.servlet.ServletException;
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ReadListener;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletInputStream;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.Collections;
 import java.util.Enumeration;
 import java.util.Map;
-import java.util.Vector;
+import java.util.Set;
 
 /**
  * CSRF exclusion for git-upload-pack.
@@ -24,9 +24,10 @@
  * because of the dynamic nature of the URL structure, this doesn't guarantee
  * that we have no leak.
  *
+ * <p>
  * So to further protect Jenkins, we pass through a fake {@link HttpServletRequest}
  * that masks the values of the submission.
- * 
+ *
  * <p>
  * If the fake request is routed to {@link HttpGitRepository}, which is
  * the only legitimate destination of the request, we'll unwrap this fake request
@@ -40,48 +41,51 @@
  */
 @Extension
 public class CSRFExclusionImpl extends CrumbExclusion {
+    private static final Set<String> ALLOWED_CONTENT_TYPES = Set.of(
+            "application/x-git-receive-pack-request",
+            "application/x-git-upload-pack-request"
+    );
+    private static final String BOGUS = "bogus";
 
+    @Override
     public boolean process(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
-        if (!"application/x-git-receive-pack-request".equals(request.getHeader("Content-Type")))
+        String contentType = request.getHeader("Content-Type");
+        if (contentType == null || !ALLOWED_CONTENT_TYPES.contains(contentType))
             return false;
 
-//        String path = request.getPathInfo();
-//        if(!path.contains("/repo.git/") || !path.endsWith("/git-receive-pack"))
-//            return false;
-
         HttpServletRequestWrapper w = new HttpServletRequestWrapper(request) {
             @Override
             public String getQueryString() {
-                return "bogus";
+                return BOGUS;
             }
 
             @Override
             public String getParameter(String name) {
-                return "bogus";
+                return BOGUS;
             }
 
             @Override
-            public Map getParameterMap() {
+            public Map<String, String[]> getParameterMap() {
                 return Collections.emptyMap();
             }
 
             @Override
-            public Enumeration getParameterNames() {
-                return new Vector().elements();
+            public Enumeration<String> getParameterNames() {
+                return Collections.emptyEnumeration();
             }
 
             @Override
             public String[] getParameterValues(String name) {
-                return new String[]{"bogus"};
+                return new String[]{BOGUS};
             }
 
             @Override
             public String getMethod() {
-                return "BOGUS";
+                return BOGUS.toUpperCase();
             }
 
             @Override
-            public ServletInputStream getInputStream() throws IOException {
+            public ServletInputStream getInputStream() {
                 return new ServletInputStream() {
                     @Override
                     public boolean isFinished() {
@@ -94,7 +98,7 @@ public boolean isReady() {
                     }
 
                     @Override
-                    public int read() throws IOException {
+                    public int read() {
                         return -1;
                     }
 
@@ -106,7 +110,7 @@ public void setReadListener(ReadListener readListener) {
             }
         };
         w.setAttribute(ORIGINAL_REQUEST,request);
-        
+
         chain.doFilter(w,response);
         return true;
     }

src/main/java/org/jenkinsci/plugins/gitserver/ChannelTransport.java

@@ -1,7 +1,6 @@
 package org.jenkinsci.plugins.gitserver;
 
 import hudson.FilePath;
-import hudson.FilePath.FileCallable;
 import hudson.remoting.Pipe;
 import hudson.remoting.VirtualChannel;
 import jenkins.MasterToSlaveFileCallable;
@@ -56,6 +55,7 @@ public FetchConnection openFetch() throws NotSupportedException, TransportExcept
         } catch (IOException e) {
             throw new TransportException("Failed to open a fetch connection",e);
         } catch (InterruptedException e) {
+            Thread.currentThread().interrupt();
             throw new TransportException("Failed to open a fetch connection",e);
         }
 
@@ -99,15 +99,13 @@ public GitFetchTask(Pipe l2r, Pipe r2l) {
         }
 
         public Void invoke(File f, VirtualChannel channel) throws IOException, InterruptedException {
-            Repository repo = new FileRepositoryBuilder().setWorkTree(f).build();
-            try {
+            try (Repository repo = new FileRepositoryBuilder().setWorkTree(f).build()) {
                 final UploadPack rp = new UploadPack(repo);
                 rp.upload(new BufferedInputStream(l2r.getIn()), new BufferedOutputStream(r2l.getOut()), null);
                 return null;
             } finally {
                 IOUtils.closeQuietly(l2r.getIn());
                 IOUtils.closeQuietly(r2l.getOut());
-                repo.close();
             }
         }
     }
@@ -122,15 +120,13 @@ public GitPushTask(Pipe l2r, Pipe r2l) {
         }
 
         public Void invoke(File f, VirtualChannel channel) throws IOException, InterruptedException {
-            Repository repo = new FileRepositoryBuilder().setWorkTree(f).build();
-            try {
+            try (Repository repo = new FileRepositoryBuilder().setWorkTree(f).build()) {
                 final ReceivePack rp = new ReceivePack(repo);
                 rp.receive(new BufferedInputStream(l2r.getIn()), new BufferedOutputStream(r2l.getOut()), null);
                 return null;
             } finally {
                 IOUtils.closeQuietly(l2r.getIn());
                 IOUtils.closeQuietly(r2l.getOut());
-                repo.close();
             }
         }
     }

src/main/java/org/jenkinsci/plugins/gitserver/FileBackedHttpGitRepository.java

@@ -1,7 +1,7 @@
 package org.jenkinsci.plugins.gitserver;
 
+import jakarta.servlet.http.HttpServletRequest;
 import jenkins.model.Jenkins;
-import org.acegisecurity.Authentication;
 import org.eclipse.jgit.api.AddCommand;
 import org.eclipse.jgit.api.CommitCommand;
 import org.eclipse.jgit.api.Git;
@@ -11,19 +11,19 @@
 import org.eclipse.jgit.lib.PersonIdent;
 import org.eclipse.jgit.lib.Repository;
 import org.eclipse.jgit.storage.file.FileRepositoryBuilder;
-import org.eclipse.jgit.transport.PostReceiveHook;
-import org.eclipse.jgit.transport.ReceiveCommand;
 import org.eclipse.jgit.transport.ReceivePack;
 import org.eclipse.jgit.transport.UploadPack;
 import org.eclipse.jgit.transport.resolver.ServiceNotAuthorizedException;
 import org.eclipse.jgit.transport.resolver.ServiceNotEnabledException;
+import org.springframework.security.core.Authentication;
 
-import javax.servlet.http.HttpServletRequest;
 import java.io.File;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.io.StringWriter;
-import java.util.Collection;
+import java.nio.file.FileAlreadyExistsException;
+import java.nio.file.Files;
+import java.nio.file.Path;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -39,19 +39,27 @@ public abstract class FileBackedHttpGitRepository extends HttpGitRepository {
      * Directory of the local workspace on the controller.
      * There will be "./.git" that hosts the actual repository.
      */
-    public final File workspace;
+    public final Path workspace;
 
-    protected FileBackedHttpGitRepository(File workspace) {
+    protected FileBackedHttpGitRepository(Path workspace) {
         this.workspace = workspace;
-        if (!workspace.exists() && !workspace.mkdirs()) {
-            LOGGER.log(Level.WARNING, "Cannot create a workspace in {0}", workspace);
+        try {
+            Files.createDirectory(workspace);
+        } catch (FileAlreadyExistsException ignored) {
+            // don't need to worry about this; if it already exists, we don't care!
+        } catch (IOException e) {
+            LOGGER.log(Level.WARNING, e, () -> "Cannot create a workspace in " + workspace);
         }
     }
 
+    protected FileBackedHttpGitRepository(File workspace) {
+        this(workspace.toPath());
+    }
+
     @Override
     public Repository openRepository() throws IOException {
         checkPullPermission();
-        Repository r = new FileRepositoryBuilder().setWorkTree(workspace).build();
+        Repository r = new FileRepositoryBuilder().setWorkTree(workspace.toFile()).build();
 
         // if the repository doesn't exist, create it
         if (!r.getObjectDatabase().exists()) {
@@ -63,6 +71,7 @@ public Repository openRepository() throws IOException {
     /**
      * Called when there's no .git directory to create one.
      *
+     * <p>
      * This implementation also imports whatever currently in there into the repository.
      */
     protected void createInitialRepository(Repository r) throws IOException {
@@ -80,14 +89,15 @@ protected void createInitialRepository(Repository r) throws IOException {
             co.setMessage("Initial import of the existing contents");
             co.call();
         } catch (GitAPIException e) {
-            LOGGER.log(Level.WARNING, "Initial import of "+workspace+" into Git repository failed",e);
+            LOGGER.log(Level.WARNING, e, () -> "Initial import of "+workspace+" into Git repository failed");
         }
     }
 
     /**
      * This default implementation allows read access to anyone
      * who can access the HTTP URL this repository is bound to.
      *
+     * <p>
      * For example, if this object is used as a project action,
      * and the project isn't readable to Alice, then Alice won't be
      * able to pull from this repository (think of a POSIX file system
@@ -103,7 +113,7 @@ public UploadPack createUploadPack(HttpServletRequest context, Repository db) th
      */
     @Override
     public ReceivePack createReceivePack(HttpServletRequest context, Repository db) throws ServiceNotEnabledException, ServiceNotAuthorizedException {
-        Authentication a = Jenkins.getAuthentication();
+        Authentication a = Jenkins.getAuthentication2();
 
         ReceivePack rp = createReceivePack(db);
 
@@ -118,15 +128,13 @@ public ReceivePack createReceivePack(Repository db) {
         ReceivePack rp = new ReceivePack(db);
 
         // update userContent after the push
-        rp.setPostReceiveHook(new PostReceiveHook() {
-            public void onPostReceive(ReceivePack rp, Collection<ReceiveCommand> commands) {
-                try {
-                    updateWorkspace(rp.getRepository());
-                } catch (Exception e) {
-                    StringWriter sw = new StringWriter();
-                    e.printStackTrace(new PrintWriter(sw));
-                    rp.sendMessage("Failed to update workspace: "+sw);
-                }
+        rp.setPostReceiveHook((rp1, commands) -> {
+            try {
+                updateWorkspace(rp1.getRepository());
+            } catch (Exception e) {
+                StringWriter sw = new StringWriter();
+                e.printStackTrace(new PrintWriter(sw));
+                rp1.sendMessage("Failed to update workspace: "+sw);
             }
         });
         return rp;