From da6948ab89429a1fe0dea6095a5d0050e59fbf00 Mon Sep 17 00:00:00 2001
From: Mark Waite <mark.earl.waite@gmail.com>
Date: Tue, 20 Aug 2024 15:05:07 -0600
Subject: [PATCH 1/8] Add sparseCheckout symbol for Pipeline (#1638)

Includes a test that confirms the sparseCheckout syntax works as expected.

Tested interactively to confirm that the new symbol behaves the same as
the old syntax behaved.  Does not include detailed functional testing
that the sparseCheckout symbol works as expected, since there are already
tests of sparse checkout in other tests.
---
 README.adoc                                          | 12 +++++++++++-
 .../git/extensions/impl/SparseCheckoutPaths.java     |  4 +++-
 .../plugins/git/CredentialsUserRemoteConfigTest.java |  1 +
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/README.adoc b/README.adoc
index 548b5924fa..2477ae8fee 100644
--- a/README.adoc
+++ b/README.adoc
@@ -159,7 +159,7 @@ This removes remote tracking branches and tags from the local workspace if they
 ----
 checkout scmGit(
     branches: [[name: 'master']],
-    extensions: [pruneStaleBranch(), pruneTags(true)],
+    extensions: [ pruneStaleBranch(), pruneTags(true) ],
     userRemoteConfigs: [[url: 'https://github.com/jenkinsci/ws-cleanup-plugin']])
 ----
 
@@ -1058,6 +1058,16 @@ Path::
 
   File or directory to be included in the checkout
 
+[source,groovy]
+----
+checkout scmGit(
+    branches: [[name: 'master']],
+    extensions: [
+        sparseCheckout(sparseCheckoutPaths: [[path: 'src'], [path: 'Makefile']])
+    ],
+    userRemoteConfigs: [[url: 'https://github.com/jenkinsci/git-plugin.git']])
+----
+
 [#git-lfs-pull-after-checkout]
 ==== Git LFS pull after checkout
 
diff --git a/src/main/java/hudson/plugins/git/extensions/impl/SparseCheckoutPaths.java b/src/main/java/hudson/plugins/git/extensions/impl/SparseCheckoutPaths.java
index 0a8796f1d7..c5a326a837 100644
--- a/src/main/java/hudson/plugins/git/extensions/impl/SparseCheckoutPaths.java
+++ b/src/main/java/hudson/plugins/git/extensions/impl/SparseCheckoutPaths.java
@@ -13,6 +13,7 @@
 import org.jenkinsci.plugins.gitclient.GitClient;
 import org.jenkinsci.plugins.gitclient.UnsupportedCommand;
 import org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.Whitelisted;
+import org.jenkinsci.Symbol;
 import org.kohsuke.stapler.DataBoundConstructor;
 import edu.umd.cs.findbugs.annotations.NonNull;
 
@@ -52,10 +53,11 @@ public void determineSupportForJGit(GitSCM scm, @NonNull UnsupportedCommand cmd)
     }
 
     @Extension
+    @Symbol("sparseCheckout")
     public static class DescriptorImpl extends GitSCMExtensionDescriptor {
         @Override
         public String getDisplayName() {
-            return "Sparse Checkout paths";
+            return "Sparse checkout paths";
         }
     }
 
diff --git a/src/test/java/hudson/plugins/git/CredentialsUserRemoteConfigTest.java b/src/test/java/hudson/plugins/git/CredentialsUserRemoteConfigTest.java
index 5e198345db..7efa4bb3ae 100644
--- a/src/test/java/hudson/plugins/git/CredentialsUserRemoteConfigTest.java
+++ b/src/test/java/hudson/plugins/git/CredentialsUserRemoteConfigTest.java
@@ -163,6 +163,7 @@ private String randomPipelineExtensions() {
             "pruneTags()",
             "pruneTags(false)",
             "pruneTags(true)",
+            "sparseCheckout(sparseCheckoutPaths: [[path: 'src'], [path: 'Makefile']])",
             "submodule(disableSubmodules: true)",
             "submodule(depth: 1, shallow: true)",
             "submodule(parentCredentials: true, recursiveSubmodules: true, threads: 13)",

From c380f5ba421df76e8f4ca32540f7db05736ff82d Mon Sep 17 00:00:00 2001
From: Sirine Jnayeh <128883619+sirine707@users.noreply.github.com>
Date: Wed, 21 Aug 2024 02:33:59 +0100
Subject: [PATCH 2/8] [JENKINS-71876] Add  "NOTIFY_COMMIT_ACCESS_CONTROL" 
 examples (#1641)

* Update documentation for setting NOTIFY_COMMIT_ACCESS_CONTROL system property

* fixed spacing

* Updated README file

* Remove GitPod configuration

* Use disabled-for-polling in examples

Since `disabled` is not recommneded, let's use a little more favorable
example to allow anonymous notifyCommit so long as the request only
invokes polling.

Include links that provide more information to describe system properties
and Groovy post inititalization scripts.

* Add prefix text for system property

Move mode descriptions before method description

* Retain indentation for code fragment

* Remove groovy specific formatting from example

Looks better without it

* Move return value description earlier

---------

Co-authored-by: Mark Waite <mark.earl.waite@gmail.com>
---
 README.adoc | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/README.adoc b/README.adoc
index 2477ae8fee..8148abd908 100644
--- a/README.adoc
+++ b/README.adoc
@@ -324,6 +324,8 @@ If polling finds a change worthy of a build, a build will be triggered.
 This allows a notify script to remain the same for all Jenkins jobs.
 Or if you have multiple repositories under a single repository host application (such as Gitosis), you can share a single post-receive hook script with all the repositories.
 
+When notifyCommit is successful, the list of triggered projects is returned.
+
 The `token` parameter is required by default as a security measure, but can be disabled by the following link:https://www.jenkins.io/doc/book/managing/system-properties/[system property]:
 
 ....
@@ -337,7 +339,27 @@ It has two modes:
 * `disabled` - Fully disables the access token mechanism and allows all requests to `notifyCommit`
 to be unauthenticated. *This option is insecure and is not recommended.*
 
-When notifyCommit is successful, the list of triggered projects is returned.
+You can set the `NOTIFY_COMMIT_ACCESS_CONTROL` value with either a link:https://www.jenkins.io/doc/book/managing/system-properties/[system property] or a link:https://www.jenkins.io/doc/book/managing/groovy-hook-scripts/[Groovy hook script].
+
+[[using-a-system-property-push-notification]]
+Using a system property::
+
+The `NOTIFY_COMMIT_ACCESS_CONTROL` value can be set from the command line that starts Jenkins.
+This method is useful for environments where initial Jenkins settings are managed with command line arguments.
++
+....
+java -Dhudson.plugins.git.GitStatus.NOTIFY_COMMIT_ACCESS_CONTROL=disabled-for-polling -jar jenkins.war
+....
+
+[[using-a-groovy-script-push-notification]]
+ Using a Groovy script::
+
+The `NOTIFY_COMMIT_ACCESS_CONTROL` value can be set using a Groovy script placed in the `init.groovy.d` subdirectory of the Jenkins home directory.
+This method is useful for environments where Jenkins settings are managed with link:https://www.jenkins.io/doc/book/managing/groovy-hook-scripts/#post-initialization-script-init-hook[Groovy post-initialization scripts].
++
+----
+hudson.plugins.git.GitStatus.NOTIFY_COMMIT_ACCESS_CONTROL='disabled-for-polling'
+----
 
 [#enabling-jgit]
 === Enabling JGit

From e015312009ca00b728ca51b734ad7c0dd70385d7 Mon Sep 17 00:00:00 2001
From: Mark Waite <mark.earl.waite@gmail.com>
Date: Fri, 23 Aug 2024 05:39:59 -0600
Subject: [PATCH 3/8] [JENKINS-73676] Allow users with Job/CONFIGURE permission
 to edit remote URL (#1642)

Changes for FIPS mistakenly placed the requirement for administrator on
the field when it previously allowed users with Job/CONFIGURE permission
to modify the field.
---
 src/main/java/jenkins/plugins/git/GitSCMSource.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/main/java/jenkins/plugins/git/GitSCMSource.java b/src/main/java/jenkins/plugins/git/GitSCMSource.java
index 204942ec3c..536b845b38 100644
--- a/src/main/java/jenkins/plugins/git/GitSCMSource.java
+++ b/src/main/java/jenkins/plugins/git/GitSCMSource.java
@@ -444,7 +444,10 @@ public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item context,
         public FormValidation doCheckRemote(@AncestorInPath Item item,
                                          @QueryParameter String credentialsId,
                                          @QueryParameter String remote) throws IOException, InterruptedException {
-            Jenkins.get().checkPermission(Jenkins.MANAGE);
+            if (item == null && !Jenkins.get().hasPermission(Jenkins.MANAGE) ||
+                item != null && !item.hasPermission(Item.CONFIGURE)) {
+                return FormValidation.warning("Not allowed to modify remote");
+            }
             return isFIPSCompliantTLS(credentialsId, remote) ? FormValidation.ok() : FormValidation.error(hudson.plugins.git.Messages.git_fips_url_notsecured());
         }
 

From fb29ebf80461130fcf0786dee62e9dfc698bd571 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 23 Aug 2024 19:23:04 +0000
Subject: [PATCH 4/8] Bump nl.jqno.equalsverifier:equalsverifier from 3.16.1 to
 3.16.2 (#1643)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index de24289fd4..3a8103b8d4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -165,7 +165,7 @@
     <dependency>
       <groupId>nl.jqno.equalsverifier</groupId>
       <artifactId>equalsverifier</artifactId>
-      <version>3.16.1</version>
+      <version>3.16.2</version>
       <scope>test</scope>
     </dependency>
     <!--Credential Binding Plugin-->

From 5e39da1ff45cc4c64ae63fd87d8f3336a46487d5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 23 Aug 2024 19:23:44 +0000
Subject: [PATCH 5/8] Bump io.jenkins.tools.bom:bom-2.440.x (#1644)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 3a8103b8d4..23ad88d484 100644
--- a/pom.xml
+++ b/pom.xml
@@ -89,7 +89,7 @@
       <dependency>
         <groupId>io.jenkins.tools.bom</groupId>
         <artifactId>bom-${jenkins.baseline}.x</artifactId>
-        <version>3276.vcd71db_867fb_2</version>
+        <version>3289.v3ff9637cd241</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>

From 349603e6ba9f2eb24778485ac65b8dce57a54651 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 23 Aug 2024 19:24:04 +0000
Subject: [PATCH 6/8] Bump org.apache.maven.plugins:maven-checkstyle-plugin
 (#1645)

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 23ad88d484..2e36574c36 100644
--- a/pom.xml
+++ b/pom.xml
@@ -296,7 +296,7 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-checkstyle-plugin</artifactId>
-        <version>3.4.0</version>
+        <version>3.5.0</version>
         <configuration>
           <configLocation>google_checks.xml</configLocation>
           <failOnViolation>true</failOnViolation>

From 15312d38ad4ccdd84dec19663814ebe39f4d3489 Mon Sep 17 00:00:00 2001
From: Mark Waite <mark.earl.waite@gmail.com>
Date: Fri, 23 Aug 2024 14:35:26 -0600
Subject: [PATCH 7/8] [maven-release-plugin] prepare release git-5.4.0

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 2e36574c36..d4fb8a2d43 100644
--- a/pom.xml
+++ b/pom.xml
@@ -10,7 +10,7 @@
   </parent>
 
   <artifactId>git</artifactId>
-  <version>${revision}${changelist}</version>
+  <version>5.4.0</version>
   <packaging>hpi</packaging>
   <name>Git plugin</name>
   <url>https://github.com/${gitHubRepo}</url>
@@ -64,7 +64,7 @@
   <scm>
     <connection>scm:git:https://github.com/${gitHubRepo}</connection>
     <developerConnection>scm:git:git@github.com:${gitHubRepo}.git</developerConnection>
-    <tag>${scmTag}</tag>
+    <tag>git-5.4.0</tag>
     <url>https://github.com/${gitHubRepo}</url>
   </scm>
 

From fea4aad1d63b876b0899f157e37fff706902a938 Mon Sep 17 00:00:00 2001
From: Mark Waite <mark.earl.waite@gmail.com>
Date: Fri, 23 Aug 2024 14:35:32 -0600
Subject: [PATCH 8/8] [maven-release-plugin] prepare for next development
 iteration

---
 pom.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index d4fb8a2d43..4e8ea5e2d0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -10,7 +10,7 @@
   </parent>
 
   <artifactId>git</artifactId>
-  <version>5.4.0</version>
+  <version>${revision}${changelist}</version>
   <packaging>hpi</packaging>
   <name>Git plugin</name>
   <url>https://github.com/${gitHubRepo}</url>
@@ -64,12 +64,12 @@
   <scm>
     <connection>scm:git:https://github.com/${gitHubRepo}</connection>
     <developerConnection>scm:git:git@github.com:${gitHubRepo}.git</developerConnection>
-    <tag>git-5.4.0</tag>
+    <tag>${scmTag}</tag>
     <url>https://github.com/${gitHubRepo}</url>
   </scm>
 
   <properties>
-    <revision>5.3.1</revision>
+    <revision>5.4.1</revision>
     <changelist>-SNAPSHOT</changelist>
     <gitHubRepo>jenkinsci/${project.artifactId}-plugin</gitHubRepo>
     <jenkins.baseline>2.440</jenkins.baseline>