chore(deps): update dependency zextras/jenkins-lib-common to v2.9.2

[ZxBot]

This PR contains the following updates:

Package	Update	Change
zextras/jenkins-lib-common	minor	v2.8.7 → v2.9.2

---

Release Notes

zextras/jenkins-lib-common (zextras/jenkins-lib-common)

v2.9.2

Compare Source

Bug Fixes

• distroConfig: run singlePkg ubuntu/rocky builds on v2 nodes (80960a0)

v2.9.1

Compare Source

Features

• buildStage: dual build modes, prefix-match distros, v2-only arch flag (982deb3)

v2.8.8

Compare Source

Features

• buildStage: dual build modes, prefix-match distros, v2-only arch flag (982deb3)

2.8.8 (2026-05-27)

Bug Fixes

• semanticRelease: always install changelog and github packages (bdd3905)

2.8.7 (2026-05-27)

Bug Fixes

• debuginfodStage: add tagOnly param to gate upload on tag builds (#​103) (e7635c8)

2.8.6 (2026-05-26)

Bug Fixes

• buildStage: apply sudo to preBuildScript on v2 nodes (fd0161b)

2.8.5 (2026-05-26)

Bug Fixes

• gitMetadata: avoid insecure interpolation of SSH_KEY credential (4539848)

2.8.4 (2026-05-26)

Bug Fixes

• PackageInfo: add @​NonCPS to getter methods and overrides (6937f10)

2.8.3 (2026-05-25)

Bug Fixes

• build: add groovy-cps compileOnly dep for @​NonCPS annotation (fef356c)
• PackageInfo: add @​NonCPS to equals/hashCode/toString (08ab9f1)

2.8.2 (2026-05-25)

Bug Fixes

• uiPipeline: remove redundant upload when-guard and fix sandbox-blocked asImmutable (6a05d65)
• uiPipeline: remove self-referential library() call (0abde88)

2.8.1 (2026-05-25)

Bug Fixes

• artifactoryHelper: tolerate missing previous build in issue collection (#​95) (a6b7003)

2.8.0 (2026-05-25)

Features

• artifactory: add 'any' arch mapping to archMap() (40a7b32)
• artifactory: use per-package arch from PackageInfo for RPM specs (bb28ba4)
• upload: internalize yapHelper, replace packages with yapPath/yapPaths (1444b80)
• yapHelper: add PackageInfo data class (6a53385)
• yapHelper: add packages() returning Set (a5cb75a)

Bug Fixes

• address review feedback — dedup, tests, failNoOp, guards (8dad7de)

2.7.2 (2026-05-25)

2.7.1 (2026-05-22)

Bug Fixes

• distroConfig: use /rc/ URL path for rc repoEnv (c4f0b64)

2.7.0 (2026-05-18)

Features

• buildStage: add useDefaultExcludes param to stash (8b60d02)

2.6.1 (2026-05-18)

Bug Fixes

• follow symlinks when stashing debug-symbols (8cdbe32)

2.6.0 (2026-05-16)

Features

• upload: add distros filter to uploadStage to scope unstashing (b7aa323)

2.5.0 (2026-05-16)

Features

• upload: multi-arch yap support and repo forwarding via --repo flag (1668ad7)

2.4.7 (2026-05-15)

Bug Fixes

• deps: update dependency org.apache.groovy:groovy-all to v5 (038ba35)

2.4.6 (2026-05-14)

Bug Fixes

• gitMetadata: remove stray 'p' typo causing MissingPropertyException (650d39c)

2.4.5 (2026-05-14)

Bug Fixes

• gitMetadata: restore GIT_IS_DEFAULT_BRANCH dual-path and GIT_TAGS contract (926f506)

2.4.4 (2026-05-14)

2.4.3 (2026-05-14)

Bug Fixes

• uiPipeline: refactor unit test and lint stages (e6a1593)

2.4.2 (2026-05-14)

Bug Fixes

• uiPipeline: re-install deps with --ignore-engines in playwright container (4dd9a74)

2.4.1 (2026-05-14)

Bug Fixes

• uploadStage: allow RC upload and skip artifact validation in PLAYGROUND mode (f413000)

2.4.0 (2026-05-14)

Features

• semanticRelease: add guard() to skip build on [skip ci] commits (c73b388)

2.3.1 (2026-05-14)

Bug Fixes

• uiPipeline: allow upload stage when PLAYGROUND is enabled (1a8845c)

2.3.0 (2026-05-14)

Features

• release: auto-update uiPipeline library version on release (e7ac8f6)

2.2.0 (2026-05-14)

Features

• migrate uiPipeline from jenkins-lib-ui (b767c1d)

Bug Fixes

• uiPipeline: address review feedback (880f205)

2.1.1 (2026-05-14)

2.1.0 (2026-05-14)

Features

• semanticRelease: add changelog and github optional package flags (482b587)

2.0.3 (2026-05-13)

2.0.2 (2026-05-13)

Bug Fixes

• deps: update dependency org.apache.groovy:groovy-all to v4.0.32 (e129a33)
• deps: update dependency org.spockframework:spock-bom to v2.4-groovy-5.0 (a0f8eb9)
• gitMetadata: use HTTPS token for default-branch detection (4f69591)
• use user:token auth form and disable git prompts (a56b78e)

2.0.1 (2026-05-12)

Bug Fixes

• distroConfig: cast findAll result to List in repoSetupScript (47363ff)
• test: address review feedback from Copilot (33f0530)
• use sm-release-v1 pod for semantic-release stages (335ccdb), closes #​46

2.0.0 (2026-05-12)

⚠ BREAKING CHANGES

• branch guards now use GIT_DEFAULT_BRANCH and GIT_IS_TAG
  instead of hardcoded devel*/release* patterns.

• gitMetadata: add GIT_DEFAULT_BRANCH, GIT_IS_DEFAULT_BRANCH, GIT_IS_TAG
• buildStage: timestamp override fires on all non-tag builds; remove branchBuildDirs
• uploadStage: rewrite shouldUploadToDevel/Rc using GIT_IS_DEFAULT_BRANCH; remove isBuildingTag()
• mavenStage: shouldRunSonarQube/shouldDeploy match GIT_DEFAULT_BRANCH
• diffBuildHelper: use GIT_DEFAULT_BRANCH instead of hardcoded 'main'

Features

• defaultPipelineProperties: read throttleEnabled from JENKINS_THROTTLE_ENABLED env var (3c5016f)
• openspec: add trunk-based-branch-guards and block-snapshot-wip-rc-upload change proposals (9c74fab)
• replace devel/release branch guards with trunk-based detection (cd7c38c)

Bug Fixes

• address review feedback on trunk-based guards (f268d87)
• address round-2 review feedback (053afb7)
• uploadStage: move gitMetadata guard to shouldUpload(), fix comment (0f735dc)

[1.7.4] (2026-05-11)

Refactoring

• distroConfig: migrate package repository from JFrog (zextras.jfrog.io) to the new public repo (repo.area51-zextras.com)
  • Removes JFrog authentication (withCredentials, carbonioRepoCredentialId) from buildStage
  • Adds mapRepoEnv() to normalise rc → release in URLs; validates accepted values (devel, rc) and errors on unknown inputs
  • Renames centos8 distro to rhel8 in URL generation
  • New URL pattern: https://repo.area51-zextras.com/{env}/{distro}/
• dockerStage: hoist container('dind') and both withDockerRegistry calls to the top
  level of call() so registry authentication happens once per dockerStage invocation
  regardless of how many images are built — previously each image triggered separate logins
  to Docker Hub and the private registry (wasteful sequentially, and racy in parallel mode)

Features

• uploadStage: block RC/release uploads when artifacts contain pre-release version strings
  • Inlines a guard in stage('Upload & Promotion Config') after unstashArtifacts(), before the first createJfBuildInfo() — devel uploads are intentionally unaffected
  • Scans artifact filenames against (?i)(SNAPSHOT|wip\.|devel) and fails fast with an actionable error listing every offending filename
  • Prevents broken packages (e.g. carbonio-files-db-0.2.0-SNAPSHOT.el9.x86_64.rpm) from reaching -rc and -release repositories

Chore

• remove carbonio-certificate-manager references

[1.7.2] (2026-05-05)

Fixes

• mavenStage: fix DinD readiness wait silently timing out due to nested container blocks
  • container('dind') was nested inside container(jdkContainer); the Jenkins Kubernetes
    plugin's ContainerExecDecorator does not stack cleanly, so the inner sh step resolved
    to the outer container's exec context — meaning docker info ran inside the JDK container
    (no Docker socket), failed silently every 5s, and hit the full 300s timeout, killing builds
    that would otherwise succeed (observed in carbonio-ws-collaboration-ce#110 and #​111)
  • Fix: Testcontainers detection now runs in a dedicated container(jdkContainer) block before
    the build, the container('dind') wait runs sequentially after (top-level, never nested),
    and the main build/test block follows in a second container(jdkContainer) block
  • Sequential container blocks are safe; nested container blocks are not

[1.7.1] (2026-05-04)

Fixes

• mavenStage: skip Docker daemon readiness wait when project has no Testcontainers dependency
  • Previously the wait ran unconditionally, causing cold-pod builds to time out (exit 143) on projects that don't use Docker in tests
  • Auto-detects org.testcontainers artifacts via mvn help:effective-pom across all modules — no Jenkinsfile changes required
• mavenStage: increase dind readiness timeout from 120s to 300s and reduce poll interval from 2s to 5s
  • 120s was insufficient for cold pod starts and CPU-saturated nodes (empirically observed: node at 100% CPU caused DinD to miss the deadline)
  • Uses Jenkins timeout() step instead of shell-level timeout for cleaner failure reporting

[1.7.0] (2026-04-28)

Features

• throttleConfig: add throttleConfig() category lookup for the Throttle Concurrent Builds plugin
  • Maps repo names to throttle categories based on pod template and observed build load
  • Three-tier model: ci (global, cap 30), l (heavy Maven/UI builds, cap 12), xl (node-killing builds, cap 2)
  • Repo name extracted from JOB_NAME.tokenize('/')[2] (GitHub format: Github/zextras/<repo-name>/<branch>)
• defaultPipelineProperties: inject throttleJobProperty into all pipelines automatically
  • Zero Jenkinsfile changes required — throttle categories applied to every pipeline via the existing properties(defaultPipelineProperties()) call
  • Categories resolved by throttleConfig(env.JOB_NAME)

Documentation

• docs/jcasc-throttle-categories.md: add operator prompt with JCasC YAML for the three throttle categories (ci, l, xl) — must be applied to infra-k3s before or alongside deploying this version

[1.6.3] (2026-04-27)

Fixes

• mavenStage: run Docker daemon readiness check inside dind container — the JDK container has the socket mounted but no Docker CLI, causing the wait to fail
• artifactoryHelper: validate exclusion patterns are Java regex, not globs
  • Since v1.3.4, genRpmSingleSpec uses "regexp": "true" in the JFrog upload spec; JFrog applies the same mode to exclusions, requiring valid Java regex
  • Glob-style patterns (e.g. *alertmanager*.rpm) previously passed silently but now cause a cryptic PatternSyntaxException from JFrog mid-upload
  • Adds a pre-submission guard that detects bare glob stars and fails fast with an actionable error message and the correct regex equivalent

[1.6.2] (2026-04-25)

Fixes

• mavenStage: wait for Docker daemon to be ready before running test phases

[1.6.1] (2026-04-24)

Features

• dockerHelper: add getBaseImageTag(dockerfile) helper to extract the parent image tag from a Dockerfile FROM line, handling both tag and tag@sha256:digest forms
• ci: add playwright-pnpm CI image — Playwright with pnpm pre-installed, published to registry.dev.zextras.com/ci/playwright-pnpm; image tag mirrors the parent base image tag and is managed by Renovate

[1.6.0] (2026-04-23)

Features

• artifactoryHelper: add JFROG_XRAY_SCAN_ENABLED global toggle for Xray build-scan
  • Set JFROG_XRAY_SCAN_ENABLED=false in Jenkins Global Properties to disable Xray scans across all pipelines without touching any Jenkinsfile
  • When disabled, emits a log line including the build name so the skip is always traceable
  • Default behaviour unchanged: scan runs when variable is absent or set to any value other than false (case-insensitive)

[1.5.0] (2026-04-07)

Features

• debuginfodStage: add debuginfod integration for debug symbol upload (#​34)
  • Uploads debug symbols to debuginfod server via SSH after successful builds
  • Integrates with buildStage for automatic symbol extraction
• diffBuildHelper: add shared helper for diff-only package builds
  • Detects changed packages by diffing against base ref (merge-base for PRs, previous successful build for branches)
  • Sets DIFF_BUILD_PACKAGES env var for use with yap's --only flag
  • Handles shallow clones (depth=1) with git log fallback
  • Supports fullBuild flag for manual override
• distroConfig: add repoOverrides() for per-distro JFrog repo configuration
• buildStage: auto-apply JFrog repo overrides when DIFF_BUILD is active

Fixes

• debuginfodStage: replace sshagent with withCredentials for SSH key binding
  • The ssh-agent plugin is not installed on the Jenkins instance, causing NoSuchMethodError
• diffBuildHelper: use GIT_PREVIOUS_SUCCESSFUL_COMMIT as diff base for branch builds
  • Fixes rebase-merged PRs only detecting changes from the last commit instead of all commits since the last green build
  • Falls back to GIT_PREVIOUS_COMMIT, then HEAD~1 when Jenkins Git plugin vars are unavailable
• diffBuildHelper: set REPO_ENV to rc for main branch builds, matching tag build behavior

Documentation

• api-reference: add diffBuildHelper, distroConfig.repoOverrides, debuginfodStage documentation
• readme: add Diff Builds to features list

[1.4.0] (2026-03-22)

Features

• maven: add mavenStage for complete Maven build lifecycle (build, test, deploy)
• gitMetadata: change GIT_REPO to contain org/name format instead of just repository name
  • GIT_REPO now contains the full repository identifier (e.g. zextras/repo-name)
  • GIT_REPO_NAME contains the repository short name (unchanged behavior)
  • GIT_REPO_ORG contains the organization/owner (unchanged behavior)
  • Updated dockerHelper to build GitHub URLs directly from GIT_REPO
  • Updated artifactoryHelper to use GIT_REPO_NAME for build name generation

Fixes

• dockerStage: use TAG_NAME instead of GIT_TAG for release detection
• defaultPipelineProperties: remove incorrect JFROG_CLI_HOME_DIR env var
  • The path /home/jenkins/agent/tools/io.jenkins.plugins.jfrog does not exist on agents; the variable was unused
• artifactoryHelper: simplify build-scan to use pipeline JFrog CLI directly
  • Removed hardcoded /home/jenkins/agent/tools/…/jf binary path and dedicated xray service-account setup
  • Replaced two sh steps (config + scan) with a single jf "build-scan …" call that reuses the existing pipeline JFrog configuration
• dockerHelper: build GitHub URLs directly from GIT_REPO org/name
• artifactoryHelper: use GIT_REPO_NAME instead of GIT_REPO for build name

Documentation

• readme: update library name in examples and documentation
• api: update references and add Maven build examples
• defaultPipelineProperties: replace JFROG_CLI_HOME_DIR entries with placeholder in API reference and environment variables sections

[1.3.5] (2026-03-04)

Features

• artifactoryHelper: use dedicated xray token for build-scan

[1.3.4] (2026-03-03)

Features

• maven: add reusable mavenStage function
• openspec: add new OpenSpec command files
• markdown: add markdownlint configuration and pre-commit hooks
• pre-commit: enhance pre-commit hooks configuration
• specs: add retroactive specifications for pipeline stages
• specs: add specifications for build, upload, and security stages

Fixes

• artifactoryHelper: use regexp mode to prevent RPM prefix-name collisions

Documentation

• contributing: add contributing guide with coding standards and release process
• readme: update Agentic Development section

Chore

• github: add pull request template
• github: add per-team CODEOWNERS entries for dt1/dt2/dt3
• specs: archive add-existing-stage-specifications
• prompts: remove outdated update prompts for Jenkinsfile

[1.3.3] (2026-02-25)

Features

• dt2_semanticRelease: add semantic release Groovy script (#​25)

[1.3.2] (2026-02-23)

Chore

• dockerStage: add Docker Hub authentication to avoid rate limiting
  • Added outer withDockerRegistry block using credential jenkins-dockerhub-carbonio to authenticate against docker.io before base image pulls
  • Retained inner withDockerRegistry block for pushing to private registry

[1.3.1] (2026-02-12)

Features

• defaultPipelineProperties: set JFROG_CLI_HOME_DIR environment variable
  • Sets JFROG_CLI_HOME_DIR=/home/jenkins/agent/tools/io.jenkins.plugins.jfrog for all consuming pipelines

Documentation

• defaultPipelineProperties: add dedicated section to API reference
  • Documents environment variables set and pipeline parameters registered
  • Adds usage example

Chore

• renovate: add initial Renovate configuration file (#​21)
  • Enables automated dependency updates for the project
  • Configured with default settings for optimal maintenance
• github: add CODEOWNERS file for repository management (#​20)
  • Establishes code ownership and review requirements
  • Improves code review workflow and accountability

[1.3.0] (2026-01-19)

Features

• gitleaksStage: add Gitleaks secret scanning stage (feat/add-gitleaks)
  • Scans git history for hardcoded secrets, API keys, and credentials
  • Runs in 'gitleaks' container on 'base' Kubernetes agent
  • Automatically uses default configuration from jenkins-lib-common
  • Supports custom .gitleaks.toml configuration per repository
  • Publishes HTML report on Jenkins build page
  • Archives JSON/SARIF/CSV reports as build artifacts
  • Supports targeted scans via logOpts parameter (e.g., PR-only scanning)
  • Refs: IN-1008

Documentation

• Add comprehensive Gitleaks documentation
  • API reference with parameters and examples
  • Pipeline examples for basic, PR, and warning mode usage
  • Testing and validation guide

[1.2.0] (2026-01-16)

Features

• buildStage: add multi-architecture support with -t flag (#​15)
  • Add architecture parameter to buildStage function for target architecture specification
  • Modify yap build and prepare commands to include -t flag when architecture is provided
  • Maintain backward compatibility when architecture is not specified

Fixes

• uploadStage: refine conditions for upload to RC (#​17)
  • Update shouldUploadToRc to ensure devel tags are excluded
  • Adjust exclusionMap retrieval to handle exclusions correctly
  • Fixes IN-997
• dockerHelper: add URL label to OpenContainer labels (649f5a7)
  • Updated the repo and url fields in OpenContainer labels
  • Ensured the URL is constructed correctly using the GIT_REPO environment variable
• docker: replace addWarningBadge with warnError for invalid tags (7e48001)

Code Refactoring

• yapHelper: prefer jq over JsonSlurper for JSON parsing (#​16)
  • Use shell-based jq for parsing yap.json files instead of Groovy's JsonSlurperClassic
  • Reduces load on Jenkins controller by offloading JSON parsing to agents
  • Avoids script security approval requirements for JsonSlurperClassic
  • Falls back to JsonSlurper if jq is not available on the agent
  • Refs: IN-986

[1.1.2] (2025-11-17)

Features

• dockerHelper: add BuildKit secrets support for secure credential mounting (#​10)
  • Added secrets parameter to support Docker BuildKit secret mounting
  • Enables secure credential passing during Docker image builds without exposing them in layers
  • Full documentation and examples included in API reference

Fixes

• uploadStage: remove rc branch check in isBuildingTag method (4aeb9aa)

[1.1.1] (2025-11-12)

Code Refactoring

• uploadStage: simplify upload condition checks (264ae8b)
  • Extracted upload condition checks into separate methods:
    • shouldUploadToDevel()
    • shouldUploadToRc()
    • shouldUpload()
  • Improved readability and maintainability of the call method

Features

• gitMetadata: add commit message environment variables
  • Added GIT_COMMIT_MESSAGE environment variable with full commit message
  • Added GIT_COMMIT_MSG as alias for GIT_COMMIT_MESSAGE

[1.1.0] (2025-11-15)

Features

• dockerStage: add new pipeline stage for building and publishing Docker images (feat/docker-stage)
  • Implements Carbonio Docker Image Versioning and Publishing Procedure
  • Automatic tagging based on git context (commit ID, branch name, git tag)
  • Automatically adds 'latest' tag for release builds
  • Supports both single and multiple image builds
  • Parallel build support for multiple images (enabled by default)
  • Delegates to dockerHelper.buildImage for validation and execution
  • Full documentation and examples included in API reference
• gitMetadata: add helper functions for checking if gitMetadata was called (feat/docker-stage)
  • Added wasCalled() function to check if gitMetadata was previously invoked, can raise error if specified
  • Added usageInstructions() helper to provide clear pipeline integration examples
  • Set GIT_METADATA environment variable to track invocation state

Code Refactoring

• dockerHelper: enhance buildImage with registry and build context support (feat/docker-stage)
  • Added registry parameter to automatically prepend registry to image name
  • Added buildContext parameter with default value of . for flexible build contexts
  • Improved image name handling to avoid duplicate registry prefixes

---

Configuration

📅 Schedule: (in timezone Europe/Rome)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.