Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-63269

Jenkins WAR should not bundle JUnit and Hamcrest libraries

    Details

    • Similar Issues:
    • Released As:
      jenkins-2.253

      Description

      While working on Jenkinsfile Runner, I have noticed that the Jenkins Core includes JUnit JAR and Hamcrest JARs as transitive dependencies. Looks like it was my mistake in 2017 when I was working on a custom patch for commons-httpclient with vulnerability fix backports. It leads to 350KB of extra libraries, and, which is worse, potentially messes up the classpaths for testing environments and plugins

      Dependency tree:

       [INFO] +- io.jenkins.jenkinsfile-runner:setup:jar:1.0-beta-16-SNAPSHOT:compile
      [INFO] | +- org.jenkins-ci.main:jenkins-core:jar:2.246:compile
      [INFO] | | +- org.jenkins-ci.plugins.icon-shim:icon-set:jar:1.0.5:compile
      [INFO] | | +- org.jenkins-ci.main:remoting:jar:4.5:compile
      ...
      [INFO] | | +- org.kohsuke.stapler:json-lib:jar:2.4-jenkins-2:compile
      [INFO] | | | \- net.sf.ezmorph:ezmorph:jar:1.0.6:compile
      [INFO] | | +- commons-httpclient:commons-httpclient:jar:3.1-jenkins-1:compile
      [INFO] | | | \- junit:junit:jar:4.13:compile
      [INFO] | | | \- org.hamcrest:hamcrest-core:jar:1.3:compile

      Screenshot of a jenkins.war:

        Attachments

          Activity

          Show
          oleg_nenashev Oleg Nenashev added a comment - https://github.com/jenkinsci/lib-commons-httpclient/releases/tag/commons-httpclient-3.1-jenkins-2  as a first leg of the fix
          Hide
          sparshev Sergei Parshev added a comment - - edited

          Hello Guys, jenkinsbro uses built-in junit library to execute jenkins automation tests. I see it's not available in jenkins-2.253 anymore (and still was here in jenkins-2.252).

          I think junit is very useful as built-in in jenkins, so why we have to remove it? Maybe it's possible to leave it in the core for self-testing purposes? Or some another simple framework to run the tests...

          Show
          sparshev Sergei Parshev added a comment - - edited Hello Guys, jenkinsbro uses built-in junit library to execute jenkins automation tests. I see it's not available in jenkins-2.253 anymore (and still was here in jenkins-2.252). I think junit is very useful as built-in in jenkins, so why we have to remove it? Maybe it's possible to leave it in the core for self-testing purposes? Or some another simple framework to run the tests...
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          Sergei Parshev The main risk is binary conflicts with testing tools like Jenkins Test Harness.

          Regarding jenkinsbro, I did not expect to see somebody actually using the libraries. Great to know about the project. Commonly projects use Jenkins test Harness if they want to test Jenkins runtime as a whitebox. Not sure whether it qualifies as a simple framework, but it works

          For this particular use-case in jenkinsbro it might be feasible to just pass the libraries through classpath so they do not need to be bundled. Would it work for you?

          Show
          oleg_nenashev Oleg Nenashev added a comment - Sergei Parshev The main risk is binary conflicts with testing tools like Jenkins Test Harness. Regarding jenkinsbro, I did not expect to see somebody actually using the libraries. Great to know about the project. Commonly projects use Jenkins test Harness if they want to test Jenkins runtime as a whitebox. Not sure whether it qualifies as a simple framework, but it works For this particular use-case in jenkinsbro it might be feasible to just pass the libraries through classpath so they do not need to be bundled. Would it work for you?
          Hide
          sparshev Sergei Parshev added a comment -

          So I actually moved jenkinsbro test module to use grab ( https://github.com/rabits/jenkinsbro/commit/ba9f7e6be50913df14e49d4b9054c52bf6962ea1 ) - hopefully it will be available in the future versions of Jenkins)

          Show
          sparshev Sergei Parshev added a comment - So I actually moved jenkinsbro test module to use grab ( https://github.com/rabits/jenkinsbro/commit/ba9f7e6be50913df14e49d4b9054c52bf6962ea1 ) - hopefully it will be available in the future versions of Jenkins)

            People

            • Assignee:
              oleg_nenashev Oleg Nenashev
              Reporter:
              oleg_nenashev Oleg Nenashev
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: