 Welcome, everyone. This is the third of March 2023. It's documentation office hours. Agenda topics for today include action items. LTS 2.3 87.1 documentation transition to Java 17. Improving end of life notifications. Preparing for Cento seven end of life. We should probably put even before any of those introductions. And yes, so let's do introductions. Are there any other topics you want to put on the agenda for today? I was just thinking that we could, you know, also reviewed the PR so that you mentioned this once I guess I'm going to spend around five minutes on that. You mean these poor requests. Okay, all right, you already have no wait, I'm going to share these are the same ones. I was talking about the ones which are the balls around the CLI against. Oh, okay, plug in installation manager tool. I think it is a fight 22. Yeah, it's the fight. Oh, sorry, it is a fight 20 five to zero. Good. All right. Yeah, so I'm frame given that that's not specifically a documentation topic. Later and let's let's see if we can get to it. Perfect. Any other topics we should consider for the agenda. Meg any hot topics for you. Okay, then let's go ahead. So, can you introduce yourself so that so that Meg knows who you are and what your background is, etc. Yeah, yeah, hi everyone. I'm Liam and I'm actually a currently CS Britain in India. I have been, I mean I've joined Jenkins in the last four months or so and I have just been looking around and then finally currently. I'm a printer for one of the projects which are coming up in the Google summer of good. And I'm here to just learn more about the, I mean like how the, how junking works, because I feel that documentation is a very core sign of how any, or any of its. So, yeah, I'm just here to learn and let's like have some fun. Great. Thank you, make you want to introduce yourself. So Meg's muted she may not be so I'll try to provide an introduction for Meg myself for him. Oh good Meg go ahead. muted unmuted. Sorry about that. I'm, I'm a technical writer I've been with the Jenkins project I think for five and a half years now. In the next year or so I've been working less on Jenkins and more on some observability open source tools like captain and open feature and open telemetry and all of these. But I still have Jenkins and I love Mark so I check in this keeps my fingers in the pot here. Super thank you Meg. Meg is delightful. I love working with and learning from Meg she is the extraordinary technical writer, I come from a software development background. Meg's actually a writer and a writer who has who has worked at places like AT&T Bell Labs writing so so she's she's got deep wonderful experience and is is a tremendous asset for what we do in the Jenkins project. Now do I get to tell you what I think about Mark. No you don't thank you very much for checking. I'll tell you later he's fabulous you've already figured that out though. I have I have it's very obvious. Yeah, let's see so how about I'll play the same game, I am a, I am a Jenkins contributor. I'm a core maintainer. I maintain the get plug in documentation contributor. I spent several years as the documentation officer, which is kind of strange because my background is actually mechanical, I have a degree in mechanical engineering and I left the university with that degree and told the recruiter that I didn't want to do mechanical engineering I wanted to play with computers, and I've played with computers since I left university and I still play with computers, so a lot of fun. But Mark is a delightful software person who really does understand documentation so you can have market that's why Mark and I've had a lot of fun together because we can really sit down and talk about how you're going to do so so often the engineers are like the software works right whatever you want to about it I don't care. And vice versa so Mark and I have had a lot that we've had good times. We really have and that that has been a lot of fun. So Megan I have enjoyed enjoyed a bunch of things. And a lot about how to run an open source project working with Mark to. And I am trying to emulate my inner mark and only about 10 times a day to I say you got a long ways to go lady to make this. Great. Anything else on introductions. I'm from what are you actually working on right now are you working on the, the plugin installer or a plugin installation management okay. Yeah, so, so frame wants to be a no frame did you had you previously been a Google summer of code participant. Okay, so I have actually been a contributor in 2021, and I was a mentor in 2022. Yeah, so I 21 I was a contributor at that ask, and in 2022, I was a mentor at jumbla. I have had my fair share of documentation and entering students to actually start documenting, because I feel that like documenting is one of those skills where which are exactly taught in the university courses and like the actually I mean the actual importance of this and any kind of a project. It's kind of great. Yeah. Excellent. Thank you. Anything else on introductions. Okay, then let's quick review of action items I've got two open action items 2.387.1 releases next Wednesday and the change log and upgrade guide needs to be merged. And then we've got some long standing pull request. Vundit scene created a really an amazing pull request for the upgrade guide for Jenkins, and it needs needs further refinement and merge, and then unselling a plug in this is in the docker repository, but then it needs needs extension and copy into www.jankens.io. The reason this one is so interesting in Docker is because of the complexities involved in removing a plug in from a Docker container. All right, so news items to daddy 2.387.1 releases next Wednesday. And so we've got, we've got just got to get it done. Next topic is more for your info so make for you. We're going to transition the documentation from Java 11 to Java 17. In, yeah, so this is in when Debian 12 releases. That'll be our excuse and we'll make that transition across everything. Okay. And the Tim's been informed. In the next piece this is a new piece so one of the things that we've realized is we've got a number of things that are reaching end of life, and we need to communicate that end of life to users for example, Ubuntu 18 reaches end of life in April 2023. So coming soon. But Ubuntu 18 and put the number there. But no way to tell users that it is end of life. We also have some Docker can take some container images that we want to end of life to stop supporting right and but no way to communicate that users. I mean, I had a time. So even during so yeah so what we would like for instance with Java 11. We announced the end of life and cause them to see a pop up. And they close the pop up okay we at least warn them then when we actually hit the end of life we caused another pop up saying hey, you're beyond end of life here. Are you really having their software stop working one day isn't considered a notification. No, because it doesn't stop working, and we, we, and we wouldn't want it to stop working. It's more that this is informing them they need to get to the newer, the newer environment to the newer version. It's basically right. So in a conversation in the platform SIG, the idea came out hey let's generalize this thing so that we could have a data file in a directory and the Jenkins home directory, or a series of data files a directory of data files, which are these end of life announcement things. And if that file exists, we will show you that end of life announcement. And the thought was, hey, if we do this, we have a way to tell people this container is is going away we're not maintaining it further, or this other thing is disappearing. So now what what we really need though is I've got to create a Jenkins enhancement proposal a JEP needed to launch the idea. And then we will then we'll apply it to get to the things like the blue ocean container image that we need to kill off. We just hope we will apply at the sento seven container image, and probably the arch Linux agent container image, and more right so we want, we want those kind of this this thing we want as a way of notifying users, you're using something that we have stopped supporting. Don't you want some of bunches on there. Well, we don't actually today ship any Ubuntu based container images so it's no harm. That one, this 1804 one is going to be more complicated because we don't control the file system where they write it. When we're doing a Docker container when we're doing a container we control the file system. So, so it's, there's more. That's why there's more to be done on this concept right we don't fully understand it yet. Could we add an item for figuring out how to. So that a bunch is on our list here. Yeah, right. Right, so consider how we would do that notification. And it could be it could be for instance. It could be chair and bundling a data file, data file of operating system. End of life dates, because there's actually a site that an open source site of all things end of life dot date that provides these kinds of dates and they have a an API that we can use to read their dates. So we can see that Alpine Linux 3.14 will be end of life in two months. So if we detect you're running Alpine 3.14 conceptually we could use this data and say, hey, you're on a on a on a container image that we will no longer support. Very cool. So, and the the folks at this website were very helpful when I asked them to update their, their data on Jenkins. So they had added Jenkins. We detected that they'd added it and a few days later they allowed us to make the merge to make it look like this. Nice. Yeah, so it says, hey weekly. Yep, here's the current weekly current LTS is supported. Preceding LTS is ended three months ago ended six months ago. Nice. Yeah. Okay, and that was that's that really there's nothing I think from a documentation side for us to do. This is a proposal that needs to be created and then then it'll be discussed in the Jenkins enhancement proposal then implemented in Jenkins core. Last one and then we'll get to to what, what frame had proposed. I've got a personal bias against antiquated sento seven. My personal bias is because it ships an ancient command line get an ancient version of SSH and those two things both complicate a plug in that I maintain. It's worse because sento seven has been in maintenance mode maintenance mode since 2020 end of life, June of 2024, but already not supported by the Jenkins installer already not supported, not maintained in its container image. So that many things going against it. The proposal is let's not wait till June of 2024, let's declare end of life sooner so we can stop bothering with this thing. All right, so any questions there on that so this one it'll need to be done with a Jenkins enhancement proposal to accelerate it. If we just let things flow naturally, it will end its end its support in the Jenkins project in June of 2024. I want it sooner than that because I want to stop worrying about it. I thought sentos was always a stupid thing so no fighting. Right. Okay. So that covered all those frame I see that you added a topic, a 10 minute right into intro to J into. So what's your topic there go ahead. If I may share my screen right now. Yes, here we do. Stop. I don't have access to it. I mean I think I can do it now perfect cool. So what I was trying to show you what I'm sure one second. Are you guys able to see my screen. Okay, perfect. Let me just hide this annoying thing. Perfect. Okay, all right, cool. Okay, so this is something I worked on. I was a geesaw student at ask. So the simple idea is that you kind of have the simple dog where you kind of just give an overview of all the commands, or at least all the code commands of any software and then it's simply called 10 minutes to 10 minutes into dusk. Now dusk is a software which kind of visualizes your containers or which is collections in Python. So in this case we have a simple like code with ampere just import the dusk properties and finally create some objects and then so on. The idea is that this thing gives a very simple overview of how to actually get started and how to get your hands dirty inside the library from the first time from the very first time you use it. So I mean, okay, so like, do we like have something and Jenkins as well like for example, I think this is the page that we're related with. We do. So, so click get over on the left hand side under tutorials. Okay, guided tour will take you through a tour of introducing you to Jenkins and how to create a pipeline to then use that pipeline to do something, etc, with videos associated. Perfect. Okay, perfect. Good. Now if that tour is not enough then if you go back to the tutorials on the left, click the. Yeah, Jenkins pipeline tutorial so that one will give you more, more tutorials and now here's a page filled with tutorials of various types so a guided tour that was the easy one. You've got, hey, I want to do something more involved, the pipeline tutorials tab section there gives you much more involved things. Or if you scroll down to the using build tools maybe you say, hey, I'm a Python user. Show me how to do something with Python well there's the build a Python app. No I'm a no JS user or react developer. Okay, here's one for react. I do Java. So each of those is available. Understood. I mean, yeah, I just wanted to give you a new idea if it wasn't already good. Thank you. Yeah, thanks very much. Yeah, okay, then this is no longer new. It's just like a thing. All right, yeah. Oh yeah, this is a comment. I mean, yeah, that's kind of it. Okay, great. Thank you. Next topic then let's take on our. So, see the tutorials on www Jenkins.io. Now we also I guess there there is another, another part to this frame which may be may be more of interest for you in Google summer of code. See the developer tutorials. Well, and it's even more than contributing guides there is a and improve a plugin. Tutorial that allows a new contributor to start. I remember that. Right. Good. Okay. Super. So we have a new developer with, and these are real with real small with small, but valuable contributions. So we intentionally made them so that they will benefit the plug in that's that is being that is receiving the pull request. Got it. Great. So mega, are you okay if frame and I use this now as a chance to review some plugin installation manager to pull the question. Look along and see what you're up to just for the luck of it. All right, great. Go plug in installation manager. Okay. So the one that was most recently reviewed is this show security warnings by default. And let's make the text big enough to reach frame. Okay, so, so the submitter. Submitted changes in. Well, first, let's look at the goal, right. The goal was implement this enhancement request security warnings should be shown by default. And the way that Daniel proposes to do that is make the existing view security warnings. Command line argument a no op so that if someone gives it, we see it and ignore it. And add a new option hide security warnings that says, Oh, I don't want to show them so that by default, the user will always see security warnings. There's an additional subtlety here that we need to check, which is that these warnings must not go to standard out. They must go to standard error. Right. Right. Exactly. So because standard out one of the things that the contributing guide for the plug in tells us is standard out is reserved for output that should go into the plugins text or the plug in file. So it's reserved for definitional output, not for informational or message based output. So that's, that's the idea. And now let's go look at the code. All right, so first things first. So this is the read me documenting it. And so if we look at that read me. We see view security warnings is no longer there. Whoops, is it. I think it's there somewhere. Oh, it's there. Oh, interesting. Okay. But why would we want to. So maybe we need so this may already hint something that we need which is, we probably need to say this is the default. Yeah. Right, because hide security warnings is no longer the default. Okay, so let's make a note there. Now there isn't a way to do it here so. Okay. And we should update the, it was view security warnings description to note that it isn't that it is the default value. One second. Actually, the line number 54 is the one in question right because yeah, I mean he has a view all security one. Oh, you're right. No way to sex. So am I just reading wrong. Oh, thank you for am you're right. I read it incorrectly cancel. Very good. Thank you. There's power and two of us doing this. This is view all security warnings. Exactly. And that's not bad. Right. You're correct. Absolutely. Thank you. Very good. Okay, and so that is this line here. Good. All right, so we're fine. Okay, next then. So in the command line options. Comment here that tells us view security warnings is deprecated but not removed. So that's good. And the variable is stores the value is deprecated. The hide security warnings has now been added. I have any security warnings exist. Good. And it is a bully. Okay, so I think this is this is set. And now with hide warnings. Okay, so this is. All right, so I'm a little perplexed here. Why is there still a with show warnings. So this one. You shouldn't this line be removed. It seems like because in the well, let's no longer being called. Well, okay, let's again, let's take a look at the file. Let's see what it tells us bigger picture. Okay, so with. Okay, okay, so this says creates a configuration class with configuration specified. Okay, so it is intentionally initializing everything. I even deprecated things are being initialized here so I think this should remain. Let's double check that are there any other deprecated options. Use security warnings. That's the only one. Okay, so this is the first time where we're doing a deprecate deprecating an option. So it's saying it's going to use is show warnings and is show warnings if we search for is show warnings. We should see. Okay, interesting that this this method that access it is that is not listed as deprecated. And yet seems like it probably should be shouldn't it. You just scroll up a bit. We just have a look at these surrounding ones. If they have anything specific. Yeah, I don't see anything. I think it should be deprecated. Because it's accessing a deprecated a deprecated really and it seems like this should also be deprecated. Let's add in. Okay, so let's make a note there. All right, so is hide warnings is hide warning. Okay, so shouldn't be is hide is is show warnings method be deprecated, since it is accessing a deprecated field. Right. And I'm not I'm not 100% sure but I think it's worth at least I was asking the question. Then before we conclude this review will decide if we want to say please make it so. All right. All right so this is a test on is hide warnings. Okay here is the test that says, if we pass in the argument hide security warnings. It comes back true. That makes sense. Yeah. Then we add a new Boolean hide warnings. Initialize it in the constructor. Set the value there. A getter. The builder also. Okay, so. Oh good right and so this doesn't have to alter anything. So we should be able to see this run ourselves then. So I should be able to go download this thing and run it on my local computer. So let's look in the checks. Here are the checks. So if we go to CI dot Jenkins dot IO. And if we download one of these files so what we need is the plug in management CLI jar file so this one. So I'm going to copy that. And now we're going to borrow a small computer. Okay. And this is what will request PR 522. Now what we need is we need a plug in. That has a security warning. So let's go choose one plug ins. Security. Whoops. About that doesn't help me. That's the word security. I want something that has a known security issue. Let's try. Well, this is why we have documentation isn't it make, we will now look at the list of security vulnerabilities and find one that is not resolved. So for instance, in the most recent advisory. Were there any that had unresolved. Nope, so we have to go back one more advisory this one. There's plugins that did not have a fix, including. All right, so this one, Barry chat plugin. Let's go confirm that. Oh, whoops. How about Cisco spark notifier. There we go. Okay. There's the thing that tells us exactly as a security warning right. And so we're going to add this as a plugin to be installed by the plugin installation manager. And the version number that we're going to install is 1.1.1. Okay, and because we want some plugin that does not have a, a security warning. We're going to choose another plugin. So that one's version number by heart. Okay, so we've got one that has a security warning and one that does not. Now what we need to do is we need to download that won't help. I need to download this thing. And then we're going to run it and see what it does. Okay, so, and let's make the file name shorter. Java minus jar CLI dot jar. And it should give us a help message. Which it does. Okay, so Java minus jar CLI dot jar and we need. Let's actually let's check its version just to be sure we got something that is. Yes, this is a non released version. So, let's now pass the right arguments like what Jenkins version do we want and I want to use 2.375.3. What plugins file. Do I want to use plugins dot txt. And now where do I want to write the file I want to write the contents to Oh, here, let's clean the download directory so that we can reuse this thing. Now, sorry for am testing is testing is complicated isn't it. I don't know that we see this one has hide security warnings and has no listing for show. So that's good. Yes. And it's also specified that and what is caused by you which is sort of sort of silly right because this is not one that takes a value but okay. That's that's correct the default is it's not set. And now, login file we've done, and we need to say what directory we're using, and the directory we're using plug in download directory is plugins. Okay, here we go. Hey, there's the security warning. And now I want to be sure that that thing did not go to standard standard out. So I'm going to redirect standard error to X. And in the file X, there's the security warnings. Good. Alright, now if we look in the plugins directory. We have a client plugin and a bunch of its dependencies and the Cisco spark notifier. Okay, so that behave the way I expected. Now the next thing was a test to see what if we hide the security warnings. Does it in fact hide them. And so hide security warnings. So as far as I can tell this is well behaved it's doing what we wanted it to do. Oh, one more check one more check compatibility check. Okay, go ahead what was that. I was just saying we'll also just have a look at how this interacts with plugin. How it interacts with the get plugin tell me what you mean by that. Get does not exactly have any more warnings right so we just make sure that it also follows that. Oh okay so what you're saying is let's edit plugins that TXT remove Cisco spark notifier and try again and just try it out with get right right okay good. And when I said view security warnings it gave me an empty output for security warnings. Now if I take that away. It says okay, no security warnings for now that's interesting. That's, that's the way. Hmm. I wonder if that's what we want okay so do you see what happened here it says that on the standard error, it wrote, let's double check that it's really standard error. I think on standard error wrote the word security warnings. And nothing else. I would have thought it would be better if it didn't write anything if there were no security warnings, or just like a simple message that no security warnings were found. Right, right. Okay. Meg, did you have a comment. Nope. Okay. All right. So now I don't think that that. So I think that Daniel in his initial specification. I would say, hey, we need to. Where is his initial description, where's issues or pull requests. When he described this, I don't think Daniel said. Yeah, so, so the way I read this. Hey, there really isn't a reason for it to be disabled, enable it. He doesn't seem to care one way or the other if the phrase security warnings is visible or not. What do you recommend for I am should we accept it as is because this this contributor, it's now been a month we would I would like to get these kind of things in and I think this is a good one to say, Hey, no security warnings, or do we put the extra effort in and try to find a way to modify this so that if there are no warnings don't even display the heading. I would say for now this, I mean, I guess we can just sleep on this for now, but I think the PR solves the issue. So I think you can just go over to this for now. Okay, if it actually comes up again, then we can just have a look at this later on. Great. I think we go ahead and say that this is ready to merge. Let's say I do need to label the poll request so this is a. What would we call it this is really an enhancement right I don't think I wouldn't call it a bug show recruiting warnings by default for me isn't everybody okay if we call it an enhancement. Absolutely. Okay. Let's go through. And back to move. Okay, one option. Oh, let's read the what was the question that I had. No I don't want to cancel the review I was. Oh right one optional question. Let's just get rid of that. Let's not do that at all delete. I don't like giving people questions without an action. Basel crow has taught me that that's a bad thing we should give them either a specific action or not burden them with the thing. Okay, so reviewed in docs office hours. I am. And stack scribe, tested and saw expected behavior. In the general cases. I wondered during review. If we should suppress the security warnings had the heading or warnings. Text, if there are no warnings. Right. However, good change, whether we do that or not. The warning is a good change. Whether we suppress the warnings or not. Fair enough. Yep. Yep. Okay. So approve. I'm going to go ahead and merge it then. Now let's see is this one one that it would help it to be squash merged. It is good. Okay, so I'm just going to go ahead and squash merge it. Thanks everybody so frame did that go okay for you any anything. It did so I will just okay so my question my rational behind this was that okay so now I have to go very set number of steps to follow while reviewing the PRs. I just want to like have a look at like how this thing works in this organization as a board. Very good. You can say I guess you can now see me reviewing PRs. Yeah. So this one, this incorrect Jenkins war desk destination is a right 520 is a good, good one for you to review in particular because Jagruti Jagruti to wallet to water I believe is her name has submitted this one and it is now actually ready for review I just want to go back to it so if you could help review this one I do that run tests with it, etc. That's great. All right. Thanks. Any other topics we should discuss today. No, good meeting. Thanks Meg. And we'll meet again next week. Thank you so much you are welcome to join you certainly don't need to feel obligated but we love to help the Jenkins project. But this was a great time for me as well so you can, I can expect to me I mean you can expect me to be here even the next time. Great idea to mark I always learn something. All right, we will we will talk to each other in a week then thank you.