Upgrade parent, plugin dependencies (#247)

* Upgrade parent pom to 4.40 and associated fixes

Rebaseline Jenkins to the current recommendation.
Spotbugs now runs with the new parent pom, breaking until the included
fixes were applied.

* Favor try-with-resources

* Replace #printStackTrace with WARNING-level logs

Update catch statements in accordance with spotbugs.

* Rely on plugins bom for versions

* chore: Touch Jenkinsfile for a trusted revision

* Update pom.xml

Co-authored-by: Alexander Brandes <[email protected]>

* Update pom.xml

Co-authored-by: Alexander Brandes <[email protected]>

Co-authored-by: Alexander Brandes <[email protected]>
Co-authored-by: Alexander Brandes <[email protected]>

pom.xml

@@ -3,7 +3,7 @@
 	<parent>
 		<groupId>org.jenkins-ci.plugins</groupId>
 		<artifactId>plugin</artifactId>
-		<version>3.2</version>
+		<version>4.40</version>
                 <relativePath />
 	</parent>
 
@@ -45,6 +45,26 @@
 		<tag>${scmTag}</tag>
 	</scm>
 
+	<dependencyManagement>
+		<dependencies>
+			<dependency>
+				<groupId>org.jenkins-ci.main</groupId>
+				<artifactId>jenkins-bom</artifactId>
+				<version>${jenkins.version}</version>
+				<scope>import</scope>
+				<type>pom</type>
+			</dependency>
+
+			<dependency>
+				<groupId>io.jenkins.tools.bom</groupId>
+				<artifactId>bom-2.319.x</artifactId>
+				<version>1409.v7659b_c072f18</version>
+				<scope>import</scope>
+				<type>pom</type>
+			</dependency>
+		</dependencies>
+	</dependencyManagement>
+
 	<dependencies>
 		<dependency>
 			<groupId>org.jenkins-ci.plugins</groupId>
@@ -56,13 +76,13 @@
 		<dependency>
 			<groupId>org.jenkins-ci.plugins</groupId>
 			<artifactId>junit</artifactId>
-			<version>1.11</version>
 		</dependency>
 
 		<dependency>
 			<groupId>org.jenkins-ci.plugins</groupId>
 			<artifactId>envinject</artifactId>
-			<version>1.90</version>
+			<!-- 1.90 and earlier vulnerable: https://www.jenkins.io/security/advisory/2018-02-26/ -->
+			<version>1.91</version>
 		</dependency>
 
 		<dependency>
@@ -74,20 +94,23 @@
 		<dependency>
 			<groupId>org.jenkins-ci.plugins</groupId>
 			<artifactId>token-macro</artifactId>
-			<version>1.10</version>
 		</dependency>
 
 		<dependency>
 			<groupId>org.jenkins-ci.plugins</groupId>
 			<artifactId>mailer</artifactId>
-			<version>1.13</version>
 		</dependency>
 
 		<dependency>
 			<groupId>org.jenkins-ci.main</groupId>
 			<artifactId>maven-plugin</artifactId>
-			<version>2.6</version>
+			<!-- 3.3 and earlier vulnerable: https://www.jenkins.io/security/advisory/2019-07-31/ -->
+			<version>3.4</version>
 			<exclusions>
+				<exclusion>
+					<groupId>org.apache.commons</groupId>
+					<artifactId>commons-lang3</artifactId>
+				</exclusion>
 				<exclusion>
 					<groupId>org.apache.httpcomponents</groupId>
 					<artifactId>httpclient</artifactId>
@@ -110,7 +133,8 @@
 		<dependency>
 			<groupId>org.jenkins-ci.plugins</groupId>
 			<artifactId>copyartifact</artifactId>
-			<version>1.31</version>
+			<!-- 1.43.1 and earlier vulnerable: https://www.jenkins.io/security/advisory/2020-05-06/ -->
+			<version>1.44</version>
 			<optional>true</optional>
 		</dependency>
 
@@ -123,28 +147,39 @@
 		<dependency>
 			<groupId>org.jenkins-ci.plugins</groupId>
 			<artifactId>matrix-project</artifactId>
-			<version>1.7.1</version>
 			<optional>true</optional>
 		</dependency>
 		<!-- Workflow plugin imports are used to test compatibility -->
 		<dependency>
 			<groupId>org.jenkins-ci.plugins.workflow</groupId>
 			<artifactId>workflow-job</artifactId>
-			<version>${workflow.version}</version>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.jenkins-ci.plugins.workflow</groupId>
 			<artifactId>workflow-cps</artifactId>
-			<version>${workflow.version}</version>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.jenkins-ci.plugins.workflow</groupId>
 			<artifactId>workflow-basic-steps</artifactId>
-			<version>${workflow.version}</version>
 			<scope>test</scope>
 		</dependency>
+		<!--
+			this is here to resolve a RequireUpperBoundDeps failure
+			between maven-plugin (3.6) and jenkins-test-harness (3.8)
+		 -->
+		 <dependency>
+			<groupId>org.jenkins-ci.main</groupId>
+			<artifactId>jenkins-test-harness</artifactId>
+			<scope>test</scope>
+			<exclusions>
+				<exclusion>
+					<groupId>commons-net</groupId>
+					<artifactId>commons-net</artifactId>
+				</exclusion>
+			</exclusions>
+		 </dependency>
 
 	</dependencies>
 
@@ -251,9 +286,7 @@
 
 	<properties>
 		<findbugs.failOnError>false</findbugs.failOnError>
-				<workflow.version>1.6</workflow.version>
-                <jenkins.version>2.120</jenkins.version>
-		<java.level>8</java.level>
+                <jenkins.version>2.319.1</jenkins.version>
 		<changelist>999999-SNAPSHOT</changelist>
 	</properties>
 

src/main/java/com/tikal/jenkins/plugins/multijob/FileBuildParameters.java

@@ -13,6 +13,7 @@
 import hudson.model.TaskListener;
 
 import java.io.IOException;
+import java.io.InputStream;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -36,7 +37,11 @@ public Action getAction(AbstractBuild<?,?> build, TaskListener listener, Abstrac
         EnvVars env = build.getEnvironment(listener);
 
         String resolvedPropertiesFile = env.expand(propertiesFile);
-        FilePath f = build.getWorkspace().child(resolvedPropertiesFile);
+        FilePath workspace = build.getWorkspace();
+        if (workspace == null) {
+            return null;
+        }
+        FilePath f = workspace.child(resolvedPropertiesFile);
         if (!f.exists()) {
             listener
                     .getLogger()
@@ -50,7 +55,9 @@ public Action getAction(AbstractBuild<?,?> build, TaskListener listener, Abstrac
         String s = f.readToString();
         s = env.expand(s);
         Properties p = new Properties();
-        p.load(new StringInputStream(s));
+        try (StringInputStream is = new StringInputStream(s)) {
+            p.load(is);
+        }
 
         List<ParameterValue> values = new ArrayList<ParameterValue>();
         for (Map.Entry<Object, Object> entry : p.entrySet()) {

src/main/java/com/tikal/jenkins/plugins/multijob/MultiJobBuild.java

@@ -326,10 +326,7 @@ public String toString() {
         @CheckForNull
 		public Run<?,?> getBuild() {
             if (buildID != null) {
-                Run<?, ?> build = Run.fromExternalizableId(buildID);
-                if (build instanceof Run) {
-                    return (Run) build;
-                }
+                return Run.fromExternalizableId(buildID);
             } // else null if loaded from historical data prior to JENKINS-49328
 			return null;
 		}

src/main/java/com/tikal/jenkins/plugins/multijob/MultiJobBuildSelector.java

@@ -1,5 +1,6 @@
 package com.tikal.jenkins.plugins.multijob;
 
+import java.util.Optional;
 import java.util.logging.Logger;
 
 import hudson.matrix.MatrixRun;
@@ -49,7 +50,7 @@ public MultiJobBuildSelector() { }
                 }
                 UpstreamCause upstreamCause = (UpstreamCause)cause;
                 Job upstreamJob = Jenkins.getInstance().getItemByFullName(upstreamCause.getUpstreamProject(), Job.class);
-                Run upstreamRun = upstreamJob.getBuildByNumber(upstreamCause.getUpstreamBuild());
+                Run upstreamRun = Optional.ofNullable(upstreamJob).map(j -> j.getBuildByNumber(upstreamCause.getUpstreamBuild())).orElse(null);
 
                 if (upstreamRun != null && upstreamRun instanceof MultiJobBuild) {
                     multiJobBuild = (MultiJobBuild)upstreamRun;