Bump sshd from 3.1.0 to 3.228.v4c9f9e652c86

.github/dependabot.yml

@@ -3,4 +3,8 @@ updates:
   - package-ecosystem: "maven"
     directory: "/"
     schedule:
-      interval: "weekly"
+      interval: "daily"
+  - package-ecosystem: "github-actions"
+    directory: /
+    schedule:
+      interval: "daily"

.github/release-drafter.yml

@@ -1,6 +1,4 @@
 # https://github.com/jenkinsci/.github/blob/master/.github/release-drafter.adoc
+# https://www.jenkins.io/doc/developer/publishing/releasing-cd/#release-notes
 _extends: .github
-# Semantic versioning is used d=for this plugin: https://semver.org/
-version-template: $MAJOR.$MINOR.$PATCH
-tag-template: ssh-slaves-$NEXT_PATCH_VERSION
-name-template: $NEXT_PATCH_VERSION
+

.github/workflows/cd.yaml

@@ -0,0 +1,59 @@
+# Note: additional setup is required, see https://www.jenkins.io/redirect/continuous-delivery-of-plugins
+
+name: cd
+on:
+  workflow_dispatch:
+  check_run:
+    types:
+      - completed
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    outputs:
+      should_release: ${{ steps.verify-ci-status.outputs.result == 'success' && steps.interesting-categories.outputs.interesting == 'true' }}
+    steps:
+      - name: Verify CI status
+        uses: jenkins-infra/[email protected]
+        id: verify-ci-status
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          output_result: true
+
+      - name: Release Drafter
+        uses: release-drafter/release-drafter@v5
+        if: steps.verify-ci-status.outputs.result == 'success'
+        with:
+          name: next
+          tag: next
+          version: next
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Check interesting categories
+        uses: jenkins-infra/[email protected]
+        id: interesting-categories
+        if: steps.verify-ci-status.outputs.result == 'success'
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  release:
+    runs-on: ubuntu-latest
+    needs: [validate]
+    if: needs.validate.outputs.should_release == 'true'
+    steps:
+      - name: Check out
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Set up JDK 8
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'adopt'
+          java-version: 8
+      - name: Release
+        uses: jenkins-infra/[email protected]
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
+          MAVEN_TOKEN: ${{ secrets.MAVEN_TOKEN }}

.github/workflows/jenkins-security-scan.yml

@@ -0,0 +1,16 @@
+name: Jenkins Security Scan
+on:
+  push:
+    branches:
+      - main
+# see https://github.com/jenkins-infra/jenkins-security-scan/issues/3      
+#  pull_request:
+#    types: [ opened, synchronize, reopened ]
+  workflow_dispatch:
+
+jobs:
+  security-scan:
+    uses: jenkins-infra/jenkins-security-scan/.github/workflows/jenkins-security-scan.yaml@v1
+    with:
+      java-cache: '' # Optionally enable use of a build dependency cache. Specify 'maven' or 'gradle' as appropriate.
+      java-version: 11 # What version of Java to set up for the build.

.mvn/extensions.xml

@@ -2,6 +2,6 @@
   <extension>
     <groupId>io.jenkins.tools.incrementals</groupId>
     <artifactId>git-changelist-maven-extension</artifactId>
-    <version>1.2</version>
+    <version>1.3</version>
   </extension>
 </extensions>

.mvn/maven.config

@@ -1,2 +1,3 @@
 -Pconsume-incrementals
 -Pmight-produce-incrementals
+-Dchangelist.format=%d.v%s

pom.xml

@@ -5,11 +5,11 @@
   <parent>
     <groupId>org.jenkins-ci.plugins</groupId>
     <artifactId>plugin</artifactId>
-    <version>4.31</version>
+    <version>4.40</version>
   </parent>
 
   <artifactId>ssh-slaves</artifactId>
-  <version>${revision}${changelist}</version>
+  <version>${revision}.${changelist}</version>
   <packaging>hpi</packaging>
 
   <name>SSH Build Agents plugin</name>
@@ -25,9 +25,9 @@
   </licenses>
 
   <properties>
-    <revision>1.33.1</revision>
-    <changelist>-SNAPSHOT</changelist>
-    <jenkins.version>2.289.1</jenkins.version>
+    <revision>1</revision>
+    <changelist>999999-SNAPSHOT</changelist>
+    <jenkins.version>2.319.1</jenkins.version>
     <java.level>8</java.level>
     <hpi.compatibleSinceVersion>1.31.0</hpi.compatibleSinceVersion>
   </properties>
@@ -102,19 +102,15 @@
     <dependencies>
       <dependency>
         <groupId>io.jenkins.tools.bom</groupId>
-        <artifactId>bom-2.277.x</artifactId>
-        <version>961.vf0c9f6f59827</version>
+        <artifactId>bom-2.319.x</artifactId>
+        <version>1246.va_b_50630c1d19</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
       <dependency>
         <groupId>org.jenkins-ci.plugins</groupId>
         <artifactId>jackson2-api</artifactId>
       </dependency>
-      <dependency>
-        <groupId>org.slf4j</groupId>
-        <artifactId>slf4j-api</artifactId>
-      </dependency>
     </dependencies>
   </dependencyManagement>
 
@@ -134,7 +130,7 @@
     <dependency>
       <groupId>org.jenkins-ci.modules</groupId>
       <artifactId>sshd</artifactId>
-      <version>3.1.0</version>
+      <version>3.228.v4c9f9e652c86</version>
       <scope>test</scope>
     </dependency>
     <dependency>
@@ -162,7 +158,7 @@
     <dependency>
       <groupId>org.testcontainers</groupId>
       <artifactId>testcontainers</artifactId>
-      <version>1.16.2</version>
+      <version>1.16.3</version>
       <scope>test</scope>
       <exclusions>
         <exclusion>

src/main/java/hudson/plugins/sshslaves/SSHLauncher.java

@@ -419,60 +419,58 @@ public void launch(final SlaveComputer computer, final TaskListener listener) th
             launcherExecutorService = Executors.newSingleThreadExecutor(
                     new NamingThreadFactory(Executors.defaultThreadFactory(), "SSHLauncher.launch for '" + computer.getName() + "' node"));
             Set<Callable<Boolean>> callables = new HashSet<>();
-            callables.add(new Callable<Boolean>() {
-                public Boolean call() throws InterruptedException {
-                    Boolean rval = Boolean.FALSE;
-                    try {
-                        String[] preferredKeyAlgorithms = getSshHostKeyVerificationStrategyDefaulted().getPreferredKeyAlgorithms(computer);
-                        if (preferredKeyAlgorithms != null && preferredKeyAlgorithms.length > 0) { // JENKINS-44832
-                            connection.setServerHostKeyAlgorithms(preferredKeyAlgorithms);
-                        } else {
-                            listener.getLogger().println("Warning: no key algorithms provided; JENKINS-42959 disabled");
-                        }
-
-                        listener.getLogger().println(logConfiguration());
-
-                        openConnection(listener, computer);
-
-                        verifyNoHeaderJunk(listener);
-                        reportEnvironment(listener);
-
-                        final String workingDirectory = getWorkingDirectory(computer);
-                        if (workingDirectory == null) {
-                            listener.error("Cannot get the working directory for " + computer);
-                            return Boolean.FALSE;
-                        }
-
-                        String java = null;
-                        if (StringUtils.isNotBlank(javaPath)) {
-                            java = expandExpression(computer, javaPath);
-                        } else {
-                          checkJavaIsInPath(listener);
-                          //FIXME deprecated on 2020-12-10, it will removed after 2021-09-01
-                            JavaVersionChecker javaVersionChecker = new JavaVersionChecker(computer, listener, getJvmOptions(),
-                                    connection);
-                            java = javaVersionChecker.resolveJava();
-                        }
-
-                        copyAgentJar(listener, workingDirectory);
-
-                        startAgent(computer, listener, java, workingDirectory);
-
-                        PluginImpl.register(connection);
-                        rval = Boolean.TRUE;
-                    } catch (RuntimeException|Error e) {
-                        String msg = Messages.SSHLauncher_UnexpectedError();
-                        if(StringUtils.isNotBlank(e.getMessage())){
-                            msg = e.getMessage();
-                        }
-                        e.printStackTrace(listener.error(msg));
-                    } catch (AbortException e) {
-                        listener.getLogger().println(e.getMessage());
-                    } catch (IOException e) {
-                        e.printStackTrace(listener.getLogger());
-                    } finally {
-                        return rval;
+            callables.add(() -> {
+                Boolean rval = Boolean.FALSE;
+                try {
+                    String[] preferredKeyAlgorithms = getSshHostKeyVerificationStrategyDefaulted().getPreferredKeyAlgorithms(computer);
+                    if (preferredKeyAlgorithms != null && preferredKeyAlgorithms.length > 0) { // JENKINS-44832
+                        connection.setServerHostKeyAlgorithms(preferredKeyAlgorithms);
+                    } else {
+                        listener.getLogger().println("Warning: no key algorithms provided; JENKINS-42959 disabled");
+                    }
+
+                    listener.getLogger().println(logConfiguration());
+
+                    openConnection(listener, computer);
+
+                    verifyNoHeaderJunk(listener);
+                    reportEnvironment(listener);
+
+                    final String workingDirectory = getWorkingDirectory(computer);
+                    if (workingDirectory == null) {
+                        listener.error("Cannot get the working directory for " + computer);
+                        return Boolean.FALSE;
+                    }
+
+                    String java = null;
+                    if (StringUtils.isNotBlank(javaPath)) {
+                        java = expandExpression(computer, javaPath);
+                    } else {
+                      checkJavaIsInPath(listener);
+                      //FIXME deprecated on 2020-12-10, it will removed after 2021-09-01
+                        JavaVersionChecker javaVersionChecker = new JavaVersionChecker(computer, listener, getJvmOptions(),
+                                connection);
+                        java = javaVersionChecker.resolveJava();
+                    }
+
+                    copyAgentJar(listener, workingDirectory);
+
+                    startAgent(computer, listener, java, workingDirectory);
+
+                    PluginImpl.register(connection);
+                    rval = Boolean.TRUE;
+                } catch (RuntimeException|Error e) {
+                    String msg = Messages.SSHLauncher_UnexpectedError();
+                    if(StringUtils.isNotBlank(e.getMessage())){
+                        msg = e.getMessage();
                     }
+                    e.printStackTrace(listener.error(msg));
+                } catch (AbortException e) {
+                    listener.getLogger().println(e.getMessage());
+                } catch (IOException e) {
+                    e.printStackTrace(listener.getLogger());
+                } finally {
+                    return rval;
                 }
             });
 

src/main/java/hudson/plugins/sshslaves/verifiers/MissingVerificationStrategyAdministrativeMonitor.java

@@ -65,6 +65,11 @@ public String getDisplayName() {
     }
 
     public String getAgentNames() {
-      return agentNames != null ? agentNames.toString() : "";
+        return agentNames != null ? agentNames.toString() : "";
+    }
+
+    @Override
+    public boolean isSecurity() {
+        return true;
     }
 }

src/test/java/hudson/plugins/sshslaves/SSHLauncherTest.java

@@ -76,6 +76,7 @@
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNotSame;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
@@ -154,12 +155,7 @@ private static boolean checkSupported(final String testVersionOutput) throws IOE
   }
 
   private static void assertNotSupported(final String testVersionOutput) throws AssertionError {
-    try {
-      checkSupported(testVersionOutput);
-      fail("Expected version " + testVersionOutput + " to be not supported, but it is supported");
-    } catch (IOException e) {
-      // expected
-    }
+    assertThrows(IOException.class, () -> checkSupported(testVersionOutput));
   }
 
   private void checkRoundTrip(String host) throws Exception {
@@ -400,7 +396,7 @@ public void getMd5Hash() {
     try {
       byte[] bytes = "Leave me alone!".getBytes();
       String result = SSHLauncher.getMd5Hash(bytes);
-      assertTrue("1EB226C8E950BAC1494BE197E84A264C".equals(result));
+      assertEquals("1EB226C8E950BAC1494BE197E84A264C", result);
     } catch (Exception e) {
       e.printStackTrace();
     }
@@ -420,7 +416,7 @@ public void readInputStreamIntoByteArrayAndClose() {
       byte[] bytes = SSHLauncher.readInputStreamIntoByteArrayAndClose(inputStream);
       assertNotNull(bytes);
       assertTrue(bytes.length > 0);
-      assertTrue("Don't change me or add newlines!".equals(new String(bytes)));
+      assertEquals("Don't change me or add newlines!", new String(bytes));
 
     } catch (Exception e) {
       e.printStackTrace();

src/test/java/hudson/plugins/sshslaves/agents/AgentDSAConnectionTest.java

@@ -11,12 +11,14 @@
 import hudson.plugins.sshslaves.categories.AgentSSHTest;
 import hudson.plugins.sshslaves.categories.SSHKeyAuthenticationTest;
 import static org.junit.Assert.assertTrue;
+import org.junit.Ignore;
 
 /**
  * Connect to a remote SSH Agent
  *
  * @author Kuisathaverat
  */
+@Ignore("Only for manual test.")
 @Category({ AgentSSHTest.class, SSHKeyAuthenticationTest.class})
 public class AgentDSAConnectionTest extends AgentConnectionBase {
   public static final String SSH_AGENT_NAME = "ssh-agent-dsa";

src/test/java/hudson/plugins/sshslaves/agents/AgentECDHSha2Nistp256ConnectionTest.java

@@ -11,12 +11,14 @@
 import hudson.plugins.sshslaves.categories.AgentSSHTest;
 import hudson.plugins.sshslaves.categories.SSHKexTest;
 import static org.junit.Assert.assertTrue;
+import org.junit.Ignore;
 
 /**
  * Connect to a remote SSH Agent
  *
  * @author Kuisathaverat
  */
+@Ignore("Only for manual test.")
 @Category({ AgentSSHTest.class, SSHKexTest.class})
 public class AgentECDHSha2Nistp256ConnectionTest extends AgentConnectionBase {
   public static final String SSH_AGENT_NAME = "ssh-agent-ecdh-sha2-nistp256";

src/test/java/hudson/plugins/sshslaves/agents/AgentECDHSha2Nistp384ConnectionTest.java

@@ -11,12 +11,14 @@
 import hudson.plugins.sshslaves.categories.AgentSSHTest;
 import hudson.plugins.sshslaves.categories.SSHKexTest;
 import static org.junit.Assert.assertTrue;
+import org.junit.Ignore;
 
 /**
  * Connect to a remote SSH Agent
  *
  * @author Kuisathaverat
  */
+@Ignore("Only for manual test.")
 @Category({ AgentSSHTest.class, SSHKexTest.class})
 public class AgentECDHSha2Nistp384ConnectionTest extends AgentConnectionBase {
   public static final String SSH_AGENT_NAME = "ssh-agent-ecdh-sha2-nistp384";