Use Matrix Project Plugin in Security914Test, not Credentials Plugin

[MarkEWaite]

Use Matrix Project Plugin in Security914Test, not Credentials Plugin

Fixes issue:

• Security914Test fails due to recent credentials plugin changes #26088

The user interface update to the Credentials plugin in pull request:

• Remove breadcrumb context menu credentials-plugin#990

removed the image that this test used for its initial configuration.

The change was released in Credentials plugin:

• https://github.com/jenkinsci/credentials-plugin/releases/tag/1460.v48765a_c7d849

The new release of the Credentials plugin was included in Jenkins core 2.545 with pull request:

• Update dependency org.jenkins-ci.plugins:credentials to v1460 #26046

This change switches from the Credentials plugin to the Matrix Project plugin as the base for the test. The assumption is that user interface changes are less likely to the Matrix Project plugin.

Testing done

• Confirmed that the tests fail on Windows without this change
• Confirmed that the tests pass on Windows with this change

Test also passes on Linux, but I did not want to change the platform assumption for the test.

Proposed changelog entries

• N/A

Proposed changelog category

/label skip-changelog

Proposed upgrade guidelines

N/A

Submitter checklist

• The issue, if it exists, is well-described.
• The changelog entries and upgrade guidelines are appropriate for the audience affected by the change (users or developers, depending on the change) and are in the imperative mood (see examples). Fill in the Proposed upgrade guidelines section only if there are breaking changes or changes that may require extra steps from users during upgrade.
• There is automated testing or an explanation as to why this change has no tests.
• New public classes, fields, and methods are annotated with @Restricted or have @since TODO Javadocs, as appropriate.
• New deprecations are annotated with @Deprecated(since = "TODO") or @Deprecated(forRemoval = true, since = "TODO"), if applicable.
• UI changes do not introduce regressions when enforcing the current default rules of Content Security Policy Plugin. In particular, new or substantially changed JavaScript is not defined inline and does not call eval to ease future introduction of Content Security Policy (CSP) directives (see documentation).
• For dependency updates, there are links to external changelogs and, if possible, full differentials.
• For new APIs and extension points, there is a link to at least one consumer.

Desired reviewers

@Wadeck

Before the changes are marked as ready-for-merge:

Maintainer checklist

• There are at least two (2) approvals for the pull request and no outstanding requests for change.
• Conversations in the pull request are over, or it is explicit that a reviewer is not blocking the change.
• Changelog entries in the pull request title and/or Proposed changelog entries are accurate, human-readable, and in the imperative mood.
• Proper changelog labels are set so that the changelog can be generated automatically.
• If the change needs additional upgrade steps from users, the upgrade-guide-needed label is set and there is a Proposed upgrade guidelines section in the pull request title (see example).
• If it would make sense to backport the change to LTS, be a Bug or Improvement, and either the issue or pull request must be labeled as lts-candidate to be considered.

[MarkEWaite]

Test failure is visible on the master branch. Other merges to the master branch are blocked by the test failures. Let's merge this one as soon as we see that it passes tests.

[Wadeck]

Not manually tested but your rationale and changes seem to be good enough 👍 Thanks Mark!

[daniel-beck]

Thanks!

[daniel-beck]

How come we have a release if this has been failing since 4120c28? Why was the PR even merged with security test failures? Is this a Smart Tests issue?

[MarkEWaite]

How come we have a release if this has been failing since 4120c28?

The test only fails on Windows. Release builds are run on Linux. The test with the pull request change passes on my Linux computer when I remove the assumeTrue(isWindows). I didn't make that change in this pull request because I didn't want to distract from the primary purpose of the pull request, fix the master branch.

Why was the PR even merged with security test failures? Is this a Smart Tests issue?

I have not investigated, but I suspect that Smart Tests did not run the test on the pull request build. The test has been passing for a very long time, so it would have very little reason to choose to run it.

If that is correct, then this is only the second time we've had a failure arrive on the master branch due to Smart Tests selecting tests. I think the cost savings are worth a few failures in the long time we've had Smart Tests enabled.

Smart Tests seems to have skipped that test on the pull request build of:

• Fix category headers showing as raw HTML on New Item page #26056

The GitHub checks for that pull request show that 890 tests were run on Windows JDK 25, while 25325 tests were run Linux JDK 25