Plugin site improperly displays GH releases with empty title

[daniel-beck]

Service(s)

plugins.jenkins.io

Summary

For example, https://github.com/jenkinsci/credentials-plugin/releases/tag/1381.v2c3a_12074da_b_

GH shows:

Plugins site shows:

Given title is optional and defaults to the tag name if unspecified, this seems like a bug on the plugins site.

Reproduction steps

No response

[alecharp]

Hi @daniel-beck. I noticed that it happens also on https://plugins.jenkins.io/credentials/releases/#version_1371.1373.v4eb_fa_b_7161e9 which seems to be both related to security releases. Has something been done differently on those releases?

I'll check the plugin-site code to see where the release title is gathered from.

[alecharp]

from https://github.com/jenkins-infra/plugin-site/blob/18a6674e117a109630ba6b2d1357bec7c64f0439/plugins/plugin-site/src/components/PluginReleases.jsx#L24, the data seems to be coming from https://plugin-site-issues.jenkins.io/api/plugin/credentials/releases where the "name" of the release 1381.v2c3a_12074da_b_ is not the version but credentials-plugin.

This error seems to be coming from https://github.com/jenkins-infra/docker-plugin-site-issues/blob/5d0cca43fec1cb36fa4549c2b39e49da943d2a62/src/db.ts#L241

[timja]

I expect should be release.name || release.tag_name

[daniel-beck]

Has something been done differently on those releases?

I created them manually (sort of*), not specifying an explicit release name (as it's not needed by GH when it would be the same as the tag), perhaps unlike what usual JEP-229 scripts do.

I expect that @timja's correct about what the solution should be to be consistent with GH.

* I create corresponding releases in private repos in `jenkinsci-cert` beforehand, then copy them over on release day using a script. GH API payload:

{
  "tag_name": "1381.v2c3a_12074da_b_",
  "name": "",
  "body": "<!-- Optional: add a release summary here -->\r\n## 🔒  Security fixes\r\n\r\n* Fix [SECURITY-3373](https://www.jenkins.io/security/advisory/2024-10-02/#SECURITY-3373). This fix requires Jenkins 2.479 or newer, LTS 2.462.3 or newer, to be effective.\r\n"
}

[alecharp]

Yes so the problem is that the name was empty when created. And the value was "stored".
I wonderer is we can discard the "stored" value by restarting the docker-plugin-site-issues or something like that. I don't know how that works.

[timja]

Isn't it still empty though?

[alecharp]

correct. I could run gh release --repo jenkinsci/credentials-plugin view 1381.v2c3a_12074da_b_ --json name is still empty. This is odd but your fix seems the most promising one @timja.

[alecharp]

You can assign this to me, I'm trying to solve it and add tests for it.

[dduportal]

• Fixes by @alecharp on the "plugins-issues" component had been deployed to production:
  • fix(GitHub Releases): Uses tag name for releases without name docker-plugin-site-issues#34
  • Bump plugin-site-issues docker image version to 0.5.0 helm-charts#1384
  • Bump plugin-site-issues helm chart version to 0.2.2 kubernetes-management#5799
• Build of plugins-site had been triggered manually: let's see the outcome (if I'm not mistaken, this build should retrieve data from the freshly deployed plugin-issues")

[dduportal]

Looks good, thanks folks!