Merge branch 'master' into update_jenkins_plugin

.github/CODEOWNERS

@@ -1 +1,2 @@
 * @janisz
+* @rhybrillou

.github/workflows/tests.yaml

@@ -8,130 +8,123 @@ on:
       - "*"
   pull_request:
   schedule:
-  - cron:  '0 5 * * *'
+    - cron: '0 5 * * *'
 
 jobs:
   style:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
-    - uses: actions/setup-java@v4
-      with:
-        distribution: 'temurin'
-        java-version: '11'
-        cache: 'gradle'
-    - name: Check style
-      run: make -C functionaltest-jenkins-plugin style
+      - uses: actions/checkout@v4
+      - uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '11'
+          cache: 'gradle'
+      - name: Check style
+        run: make -C functionaltest-jenkins-plugin style
 
   build:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
-    - uses: actions/setup-java@v4
-      with:
-        distribution: 'temurin'
-        java-version: '11'
-        cache: 'maven'
+      - uses: actions/checkout@v4
+      - uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '11'
+          cache: 'maven'
 
-    - name: Initialize CodeQL
-      if: github.event_name == 'push'
-      uses: github/codeql-action/init@v3
-      with:
-        languages: java, javascript
+      - name: Initialize CodeQL
+        if: github.event_name == 'push'
+        uses: github/codeql-action/init@v3
+        with:
+          languages: java, javascript
 
-    - name: Build with Maven
-      run: cd stackrox-container-image-scanner && ./mvnw -B verify package hpi:hpi cyclonedx:makeAggregateBom
-    - uses: actions/upload-artifact@v4
-      with:
-        name: stackrox-container-image-scanner.hpi
-        path: stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi
-    - uses: actions/upload-artifact@v4
-      with:
-        name: stackrox-container-image-scanner.jar
-        path: stackrox-container-image-scanner/target/stackrox-container-image-scanner.jar
+      - name: Build with Maven
+        run: cd stackrox-container-image-scanner && ./mvnw -B verify package hpi:hpi cyclonedx:makeAggregateBom
+      - uses: actions/upload-artifact@v4
+        with:
+          name: stackrox-container-image-scanner.hpi
+          path: stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi
+      - uses: actions/upload-artifact@v4
+        with:
+          name: stackrox-container-image-scanner.jar
+          path: stackrox-container-image-scanner/target/stackrox-container-image-scanner.jar
 
-    - name: Perform CodeQL Analysis
-      if: github.event_name == 'push'
-      uses: github/codeql-action/analyze@v3
+      - name: Perform CodeQL Analysis
+        if: github.event_name == 'push'
+        uses: github/codeql-action/analyze@v3
 
   e2e:
     if: github.event_name == 'push' || !github.event.pull_request.head.repo.fork
     runs-on: ubuntu-latest
     needs: build
     steps:
-    - uses: actions/checkout@v4
-    - uses: actions/checkout@v4
-      with:
-        repository: stackrox/stackrox
-        path: stackrox
-    - uses: docker/setup-buildx-action@v3
-    - uses: actions/setup-java@v4
-      with:
-        distribution: 'temurin'
-        java-version: '11'
-        cache: 'gradle'
-    - name: Install kubectl
-      run: sudo snap install kubectl --classic
-    - name: Install gcloud
-      run: |
-        sudo snap install google-cloud-cli --classic
-        echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
-        curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -
-        sudo apt-get update
-        sudo apt-get install google-cloud-sdk-gke-gcloud-auth-plugin
-    - uses: actions/download-artifact@v4
-      with:
-        name: stackrox-container-image-scanner.hpi
-        path: jenkins
-    - uses: actions/download-artifact@v4
-      with:
-        name: stackrox-container-image-scanner.hpi
-        path: stackrox-container-image-scanner/target/
-    - name: Build jenkins image
-      uses: docker/build-push-action@v5
-      with:
-        tags: jenkins-test
-        context: jenkins
-        push: false
-        load: true
-    - name: Run jenkins in background
-      run: docker run -d --add-host host.docker.internal:host-gateway -p 8080:8080 jenkins-test
-    - name: Create GKE cluster
-      id: create-cluster
-      env:
-        GCP_SERVICE_ACCOUNT_STACKROX_CI: ${{ secrets.GCP_SERVICE_ACCOUNT_STACKROX_CI }}
-      run: |
-        cd stackrox
-        source "scripts/ci/gke.sh"
-        provision_gke_cluster "jenkins-plugin-e2e"
-        echo "CLUSTER_NAME=${CLUSTER_NAME}" >> $GITHUB_OUTPUT
-        wait_for_cluster
-    - name: Deploy Stackrox
-      id: deploy
-      env:
-        MAIN_IMAGE_TAG: latest
-        MONITORING_SUPPORT: false
-      run: |
-        cd stackrox
-        ./deploy/k8s/central.sh
-        pass=$(cat deploy/k8s/central-deploy/password)
-        echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT
-    - name: Wait for API
-      run: |
-        cd stackrox
-        source "tests/e2e/lib.sh"
-        export USE_MIDSTREAM_IMAGES=false
-        wait_for_api
-    - name: Run tests
-      env:
-        ROX_PASSWORD: ${{ steps.deploy.outputs.ROX_PASSWORD }}
-        ROX_ENDPOINT: https://localhost:8000
-        JENKINS_ROX_ENDPOINT: https://host.docker.internal:8000
-      run: make -C functionaltest-jenkins-plugin test
-    - name: Teardown GKE cluster
-      if: always() && steps.create-cluster.outputs.CLUSTER_NAME != ''
-      env:
-        CLUSTER_NAME: ${{ steps.create-cluster.outputs.CLUSTER_NAME }}
-      run: |
-        source "stackrox/scripts/ci/gke.sh"
-        teardown_gke_cluster
+      - uses: actions/checkout@v4
+      - name: Setup infractl
+        uses: stackrox/actions/infra/install-infractl@main
+      - uses: actions/checkout@v4
+        with:
+          repository: stackrox/stackrox
+          path: stackrox
+      - uses: docker/setup-buildx-action@v3
+      - uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '11'
+          cache: 'gradle'
+
+      - uses: actions/download-artifact@v4
+        with:
+          name: stackrox-container-image-scanner.hpi
+          path: jenkins
+      - uses: actions/download-artifact@v4
+        with:
+          name: stackrox-container-image-scanner.hpi
+          path: stackrox-container-image-scanner/target/
+      - name: Build jenkins image
+        uses: docker/build-push-action@v6
+        with:
+          tags: jenkins-test
+          context: jenkins
+          push: false
+          load: true
+      - name: Run jenkins in background
+        run: docker run -d --add-host host.docker.internal:host-gateway -p 8080:8080 jenkins-test
+
+      - name: Create GKE infra cluster
+        uses: stackrox/actions/infra/[email protected]
+        with:
+          token: ${{ secrets.INFRA_TOKEN }}
+          flavor: qa-demo
+          name: jenkins-plugin-${{ github.run_id }}
+          lifespan: 1h
+          args: main-image=quay.io/stackrox-io/main:latest
+          wait: "true"
+          no-slack: "true"
+      - name: Setup environment from cluster artifacts
+        env:
+          CLUSTER_NAME: jenkins-plugin-${{ github.run_id }}
+          INFRA_TOKEN: ${{ secrets.INFRA_TOKEN }}
+          ARTIFACTS_DIR: ${{ runner.temp }}/gke-artifacts
+        run: |
+          # Fetch the artifacts for the GKE cluster.
+          infractl artifacts --download-dir=${ARTIFACTS_DIR} ${CLUSTER_NAME} >/dev/null
+          # Set both URL and admin password.
+          ROX_PASSWORD=$(cat ${ARTIFACTS_DIR}/admin-password)
+          ROX_ENDPOINT=$(cat ${ARTIFACTS_DIR}/url)
+          echo "::add-mask::$ROX_PASSWORD"
+          echo "::add-mask::$ROX_ENDPOINT"
+          echo "ROX_PASSWORD=$ROX_PASSWORD" >> $GITHUB_ENV
+          echo "ROX_ENDPOINT=$ROX_ENDPOINT" >> $GITHUB_ENV   
+
+      - name: Run tests
+        run: |
+          echo $ROX_ENDPOINT
+          make -C functionaltest-jenkins-plugin test
+
+      - name: Teardown cluster
+        if: always()
+        env:
+          INFRA_TOKEN: ${{ secrets.INFRA_TOKEN }}
+        run: |
+          infractl delete jenkins-plugin-${{ github.run_id }} || echo "Failed to remove the infra cluster"

README.md

@@ -65,3 +65,10 @@ make -C functionaltest-jenkins-plugin test
       - bearerAuth: [ ]
     ```
 6. Save changes in `stackrox-container-image-scanner/api.yaml`
+
+## Release
+
+The release process is managed by the [release.yml GitHub Action](https://github.com/stackrox/jenkins-plugin/actions/workflows/release.yml). 
+When running the workflow, ensure that the correct version is specified in the workflow options. 
+After the release, it typically takes a few hours for the plugin to be available on the 
+[Jenkins Plugin site](https://plugins.jenkins.io/stackrox-container-image-scanner/).

functionaltest-jenkins-plugin/build.gradle

@@ -2,7 +2,7 @@ plugins {
     id 'groovy'
     id 'java'
     id "codenarc"
-    id "org.openapi.generator" version "7.5.0"
+    id "org.openapi.generator" version "7.11.0"
 }
 
 group 'functional-automation'
@@ -39,7 +39,7 @@ dependencies {
     implementation "org.glassfish.jaxb:jaxb-runtime:4.0.5"
 
     implementation 'com.squareup.okhttp3:okhttp:4.12.0'
-    implementation 'com.google.code.gson:gson:2.10.1'
+    implementation 'com.google.code.gson:gson:2.12.1'
     implementation 'io.gsonfire:gson-fire:1.9.0'
     implementation 'javax.xml.bind:jaxb-api:2.3.1'
 }

functionaltest-jenkins-plugin/src/main/groovy/util/Config.groovy

@@ -4,10 +4,6 @@ import groovy.transform.CompileStatic
 
 @CompileStatic
 class Config {
-    static String getCentralUri() {
-        return getEnv("JENKINS_ROX_ENDPOINT")
-    }
-
     static String getRoxEndpoint() {
         return getEnv("ROX_ENDPOINT")
     }

functionaltest-jenkins-plugin/src/test/groovy/ImageScanningTest.groovy

@@ -19,7 +19,7 @@ import spock.lang.Unroll
 
 class ImageScanningTest extends BaseSpecification {
 
-    protected static final String CENTRAL_URI = Config.centralUri
+    protected static final String CENTRAL_URI = Config.roxEndpoint
     protected static final String QUAY_REPO = "quay.io/openshifttest/"
 
     @Unroll

stackrox-container-image-scanner/pom.xml

@@ -48,7 +48,7 @@
         <dependency>
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
-            <version>1.18.32</version>
+            <version>1.18.34</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
@@ -60,13 +60,13 @@
         <dependency>
             <groupId>org.hamcrest</groupId>
             <artifactId>hamcrest-core</artifactId>
-            <version>2.2</version>
+            <version>3.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>2.0.13</version>
+            <version>2.0.16</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -88,7 +88,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-csv</artifactId>
-            <version>1.10.0</version>
+            <version>1.11.0</version>
         </dependency>
         <!--        OpenAPI -->
         <dependency>
@@ -119,7 +119,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
-            <version>3.14.0</version>
+            <version>3.17.0</version>
         </dependency>
         <dependency>
             <groupId>org.openapitools</groupId>
@@ -130,15 +130,15 @@
         <dependency>
             <groupId>org.jetbrains.kotlin</groupId>
             <artifactId>kotlin-stdlib-common</artifactId>
-            <version>1.9.23</version>
+            <version>2.0.20</version>
         </dependency>
     </dependencies>
     <dependencyManagement>
         <dependencies>
             <dependency>
                 <groupId>org.junit</groupId>
                 <artifactId>junit-bom</artifactId>
-                <version>5.10.2</version>
+                <version>5.11.0</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
@@ -169,7 +169,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>3.2.5</version>
+                <version>3.5.0</version>
                 <configuration>
                     <redirectTestOutputToFile>true</redirectTestOutputToFile>
                 </configuration>
@@ -187,7 +187,7 @@
                 <groupId>org.openapitools</groupId>
                 <artifactId>openapi-generator-maven-plugin</artifactId>
                 <!-- RELEASE_VERSION -->
-                <version>7.4.0</version>
+                <version>7.8.0</version>
                 <!-- /RELEASE_VERSION -->
                 <executions>
                     <execution>
@@ -217,7 +217,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.6.3</version>
+                <version>3.10.0</version>
                 <configuration>
                     <excludePackageNames>com.stackrox.api:com.stackrox.model:com.stackrox.invoker</excludePackageNames>
                 </configuration>
@@ -244,7 +244,7 @@
                                 <artifactItem>
                                     <groupId>org.webjars</groupId>
                                     <artifactId>datatables</artifactId>
-                                    <version>2.0.3</version>
+                                    <version>2.1.0</version>
                                     <includes>
                                         **/jquery.dataTables.min.js,**/dataTables.bootstrap.min.js,**/dataTables.bootstrap.min.css,**/fonts/*
                                     </includes>
@@ -328,7 +328,7 @@
             <plugin>
                 <groupId>org.cyclonedx</groupId>
                 <artifactId>cyclonedx-maven-plugin</artifactId>
-                <version>2.8.0</version>
+                <version>2.8.1</version>
             </plugin>
         </plugins>
     </build>

stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/DetectionServiceTest.java

@@ -80,7 +80,7 @@ public void shouldJoinViolations() throws IOException {
     private MappingBuilder postDetectBuild() {
         return post(urlEqualTo("/v1/detect/build"))
                 .withHeader("Authorization", equalTo("Bearer {some token}"))
-                .withRequestBody(equalToJson("{\"imageName\" : \"nginx:latest\", \"cluster\" : \"\"}"));
+                .withRequestBody(equalToJson("{\"imageName\" : \"nginx:latest\", \"policyCategories\" : [ ], \"cluster\" : \"\"}"));
     }
 
 }