Bump xmlunit-matchers from 2.9.0 to 2.9.1

.github/dependabot.yml

@@ -7,3 +7,7 @@ updates:
   open-pull-requests-limit: 10
   reviewers:
   - jglick
+- package-ecosystem: github-actions
+  directory: /
+  schedule:
+    interval: weekly

.github/release-drafter.yml

@@ -1,2 +1 @@
 _extends: .github
-tag-template: credentials-binding-$NEXT_MINOR_VERSION

.github/workflows/cd.yaml

@@ -0,0 +1,15 @@
+# Note: additional setup is required, see https://www.jenkins.io/redirect/continuous-delivery-of-plugins
+
+name: cd
+on:
+  workflow_dispatch:
+  check_run:
+    types:
+      - completed
+
+jobs:
+  maven-cd:
+    uses: jenkins-infra/github-reusable-workflows/.github/workflows/maven-cd.yml@v1
+    secrets:
+      MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
+      MAVEN_TOKEN: ${{ secrets.MAVEN_TOKEN }}

.gitignore

@@ -1,5 +1,5 @@
 target/
-work*/
+work/
 
 # IntelliJ project files 
 *.iml

.mvn/extensions.xml

@@ -2,6 +2,6 @@
   <extension>
     <groupId>io.jenkins.tools.incrementals</groupId>
     <artifactId>git-changelist-maven-extension</artifactId>
-    <version>1.0-beta-7</version>
+    <version>1.4</version>
   </extension>
 </extensions>

.mvn/maven.config

@@ -1,2 +1,3 @@
 -Pconsume-incrementals
 -Pmight-produce-incrementals
+-Dchangelist.format=%d.v%s

Jenkinsfile

@@ -1 +1,4 @@
-buildPlugin(useAci: true)
+buildPlugin(useContainerAgent: true, configurations: [
+  [platform: 'linux', jdk: '17', jenkins: '2.343'],
+  [platform: 'windows', jdk: '8'],
+])

README.md

@@ -46,14 +46,14 @@ withCredentials([usernamePassword(credentialsId: 'amazon', usernameVariable: 'US
 You should use a single quote (`'`) instead of a double quote (`"`) whenever you can. 
 This is particularly important in Pipelines where a statement may be interpreted by both the Pipeline engine and an external interpreter, such as a Unix shell (`sh`) or Windows Command (`bat`) or Powershell (`ps`). 
 This reduces complications with password masking and command processing. 
-The first step in the above example properly demonstrates this. 
-The next two steps use the basic Pipeline `echo` step. 
-The first one references the Groovy variable and needs no quotes. 
-The second one needs to use double quotes, so that the interpolation is performed in Groovy.
+The first step in the above example properly demonstrates this.
+It references an environment variable, so the single-quoted string passes its value unprocessed to the `sh` step, and the shell interprets `$PASSWORD`.
+The next two steps use the basic Pipeline `echo` step.
+The last one needs to use double quotes, so that the [string interpolation](https://en.wikipedia.org/wiki/String_interpolation) is performed by the Pipeline DSL.
 
 For more information, see the Pipeline step reference for [Credentials Binding Plugin](https://www.jenkins.io/doc/pipeline/steps/credentials-binding/).
 
 ## Changelog
 
-See [GitHub Releases](https://github.com/jenkinsci/credentials-binding-plugin/releases) for new releases,
-or the [old changelog](old-changelog.md) for history.
+See [GitHub Releases](https://github.com/jenkinsci/credentials-binding-plugin/releases) for new releases (version 1.20 and newer),
+or the [old changelog](old-changelog.md) for history (version 1.19 and earlier).

pom.xml

@@ -5,24 +5,20 @@
   <parent>
     <groupId>org.jenkins-ci.plugins</groupId>
     <artifactId>plugin</artifactId>
-    <version>4.15</version>
+    <version>4.48</version>
     <relativePath />
   </parent>
 
   <artifactId>credentials-binding</artifactId>
-  <version>${revision}${changelist}</version>
+  <version>${changelist}</version>
   <packaging>hpi</packaging>
 
   <name>Credentials Binding Plugin</name>
-  <description>Allows credentials to be bound to environment variables for use from miscellaneous build steps.
-  </description>
-  <url>https://github.com/jenkinsci/credentials-binding-plugin</url>
+  <url>https://github.com/jenkinsci/${project.artifactId}-plugin</url>
   <properties>
-    <revision>1.25</revision>
-    <changelist>-SNAPSHOT</changelist>
-    <jenkins.version>2.176.4</jenkins.version>
-    <java.level>8</java.level>
-    <workflow-step-api.version>2.23</workflow-step-api.version> <!-- TODO: Delete when in BOM -->
+    <changelist>999999-SNAPSHOT</changelist>
+    <jenkins.version>2.319.3</jenkins.version>
+    <gitHubRepo>jenkinsci/${project.artifactId}-plugin</gitHubRepo>
   </properties>
   <licenses>
     <license>
@@ -31,10 +27,10 @@
     </license>
   </licenses>
 
-  <scm>
-    <connection>scm:git:git://github.com/jenkinsci/${project.artifactId}-plugin.git</connection>
-    <developerConnection>scm:git:git@github.com:jenkinsci/${project.artifactId}-plugin.git</developerConnection>
-    <url>https://github.com/jenkinsci/${project.artifactId}-plugin</url>
+  <scm child.scm.connection.inherit.append.path="false" child.scm.developerConnection.inherit.append.path="false" child.scm.url.inherit.append.path="false">
+    <connection>scm:git:https://github.com/${gitHubRepo}</connection>
+    <developerConnection>scm:git:https://github.com/${gitHubRepo}</developerConnection>
+    <url>https://github.com/${gitHubRepo}</url>
     <tag>${scmTag}</tag>
   </scm>
 
@@ -55,8 +51,8 @@
     <dependencies>
       <dependency>
         <groupId>io.jenkins.tools.bom</groupId>
-        <artifactId>bom-2.176.x</artifactId>
-        <version>16</version>
+        <artifactId>bom-2.319.x</artifactId>
+        <version>1643.v1cffef51df73</version>
         <scope>import</scope>
         <type>pom</type>
       </dependency>
@@ -74,7 +70,6 @@
     <dependency>
       <groupId>org.jenkins-ci.plugins.workflow</groupId>
       <artifactId>workflow-step-api</artifactId>
-      <version>${workflow-step-api.version}</version>
     </dependency>
     <dependency>
       <groupId>org.jenkins-ci.plugins</groupId>
@@ -113,7 +108,6 @@
     <dependency>
       <groupId>org.jenkins-ci.plugins.workflow</groupId>
       <artifactId>workflow-step-api</artifactId>
-      <version>${workflow-step-api.version}</version>
       <classifier>tests</classifier>
       <scope>test</scope>
     </dependency>
@@ -131,13 +125,13 @@
     <dependency>
       <groupId>org.jenkins-ci.plugins</groupId>
       <artifactId>authorize-project</artifactId>
-      <version>1.3.0</version>
+      <version>1.4.0</version>
       <scope>test</scope>
     </dependency>
     <dependency>
       <groupId>org.xmlunit</groupId>
       <artifactId>xmlunit-matchers</artifactId>
-      <version>2.8.2</version>
+      <version>2.9.1</version>
       <scope>test</scope>
       <exclusions>
         <exclusion>

src/main/java/org/jenkinsci/plugins/credentialsbinding/Binding.java

@@ -26,6 +26,8 @@
 
 import com.cloudbees.plugins.credentials.common.StandardCredentials;
 
+import edu.umd.cs.findbugs.annotations.NonNull;
+import edu.umd.cs.findbugs.annotations.Nullable;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import hudson.FilePath;
 import hudson.Launcher;
@@ -34,9 +36,6 @@
 import hudson.model.BuildListener;
 import java.io.IOException;
 
-import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
-
 import hudson.model.Run;
 import hudson.model.TaskListener;
 import java.util.Collections;
@@ -93,7 +92,7 @@ public interface Environment {
 
     @Deprecated
     @SuppressWarnings("rawtypes")
-    public Environment bind(@Nonnull final AbstractBuild build, final Launcher launcher, final BuildListener listener) throws IOException, InterruptedException {
+    public Environment bind(@NonNull final AbstractBuild build, final Launcher launcher, final BuildListener listener) throws IOException, InterruptedException {
         final SingleEnvironment e = bindSingle(build, build.getWorkspace(), launcher, listener);
         return new Environment() {
             @Override public String value() {
@@ -113,10 +112,10 @@ public Environment bind(@Nonnull final AbstractBuild build, final Launcher launc
      * @param listener The task listener. Cannot be null.
      * @return The configured {@link SingleEnvironment}
      */
-    public /* abstract */SingleEnvironment bindSingle(@Nonnull Run<?,?> build,
+    public /* abstract */SingleEnvironment bindSingle(@NonNull Run<?,?> build,
                                                       @Nullable FilePath workspace,
                                                       @Nullable Launcher launcher,
-                                                      @Nonnull TaskListener listener) throws IOException, InterruptedException {
+                                                      @NonNull TaskListener listener) throws IOException, InterruptedException {
         if (Util.isOverridden(Binding.class, getClass(), "bind", AbstractBuild.class, Launcher.class, BuildListener.class) && build instanceof AbstractBuild && listener instanceof BuildListener) {
             Environment e = bind((AbstractBuild) build, launcher, (BuildListener) listener);
             return new SingleEnvironment(e.value(), new UnbinderWrapper(e));
@@ -134,29 +133,29 @@ private static class UnbinderWrapper implements Unbinder {
         UnbinderWrapper(Environment e) {
             this.e = e;
         }
-        @Override public void unbind(@Nonnull Run<?, ?> build,
+        @Override public void unbind(@NonNull Run<?, ?> build,
                                      @Nullable FilePath workspace,
                                      @Nullable Launcher launcher,
-                                     @Nonnull TaskListener listener) throws IOException, InterruptedException {
+                                     @NonNull TaskListener listener) throws IOException, InterruptedException {
             e.unbind();
         }
     }
 
 
-    @Override public final MultiEnvironment bind(@Nonnull Run<?,?> build,
+    @Override public final MultiEnvironment bind(@NonNull Run<?,?> build,
                                                  @Nullable FilePath workspace,
                                                  @Nullable Launcher launcher,
-                                                 @Nonnull TaskListener listener) throws IOException, InterruptedException {
+                                                 @NonNull TaskListener listener) throws IOException, InterruptedException {
         SingleEnvironment single = bindSingle(build, workspace, launcher, listener);
         return new MultiEnvironment(Collections.singletonMap(variable, single.value), single.unbinder);
     }
 
-    @Override public final Set<String> variables() {
+    @Override public final Set<String> variables(@NonNull Run<?, ?> build) {
         return Collections.singleton(variable);
     }
 
     @Deprecated
-    protected final @Nonnull C getCredentials(@Nonnull AbstractBuild<?,?> build) throws IOException {
+    protected final @NonNull C getCredentials(@NonNull AbstractBuild<?,?> build) throws IOException {
         return super.getCredentials(build);
     }
 

src/main/java/org/jenkinsci/plugins/credentialsbinding/BindingDescriptor.java

@@ -28,7 +28,7 @@
 import com.cloudbees.plugins.credentials.CredentialsProvider;
 import com.cloudbees.plugins.credentials.common.AbstractIdCredentialsListBoxModel;
 import com.cloudbees.plugins.credentials.common.StandardCredentials;
-import com.cloudbees.plugins.credentials.domains.DomainRequirement;
+import edu.umd.cs.findbugs.annotations.NonNull;
 import hudson.model.Descriptor;
 import hudson.model.Item;
 import hudson.security.ACL;
@@ -60,12 +60,14 @@ public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item owner) {
         // when configuring the job, you only want those credentials that are available to ACL.SYSTEM selectable
         // as we cannot select from a user's credentials unless they are the only user submitting the build
         // (which we cannot assume) thus ACL.SYSTEM is correct here.
-        return new Model().withAll(CredentialsProvider.lookupCredentials(type(), owner, ACL.SYSTEM, Collections.<DomainRequirement>emptyList()));
+        return new Model().withAll(CredentialsProvider.lookupCredentials(type(), owner, ACL.SYSTEM, Collections.emptyList()));
     }
 
     private final class Model extends AbstractIdCredentialsListBoxModel<Model,C> {
 
-        @Override protected String describe(C c) {
+        @NonNull
+        @Override
+        protected String describe(@NonNull C c) {
             return CredentialsNameProvider.name(c);
         }