EOL maven-assembly-plugin

[basil]

Since 2.111 we have been publishing a https://repo.jenkins-ci.org/releases/org/jenkins-ci/main/jenkins-parent/2.366/jenkins-parent-2.366-src.zip source archive. Note that unlike e.g. https://repo.jenkins-ci.org/releases/org/jenkins-ci/main/jenkins-core/2.366/jenkins-core-2.366-sources.jar and https://repo.jenkins-ci.org/releases/org/jenkins-ci/main/jenkins-war/2.366/jenkins-war-2.366-sources.jar (which just cover the core/ and war/ Maven modules), this actually contains the whole Git repository, much like https://github.com/jenkinsci/jenkins/archive/refs/tags/jenkins-2.366.zip but with the exception that (unlike the GitHub version) it accidentally omits test resources that end with .zip due to

jenkins/assembly-src.xml

Line 45 in 93f69b2

<exclude>**/*.zip</exclude>

and (unlike the GitHub version) it is signed with our GPG key. I spent a while searching for src.zip using GitHub Code Search in the jenkinsci, jenkins-infra, and cloudbees GitHub organizations without finding any references to consumers, and I cannot imagine why someone would want to consume this source archive: while it would make sense in the context of e.g. a C project where the packaging build scripts downloaded the source code and compiled it into a binary and then packaged the result, our Docker image and OS packaging scripts start with a pre-built WAR file and therefore have no need to download sources and verify their signature. I cannot imagine a use case where someone would need to verify a signature when casually downloading sources for offline consumption, so such a use case could be easily satisfied via GitHub's download feature. Altogether I am leaning toward flensing this code, but I do not feel strongly: if someone wants to keep it, I will gladly close this PR. My only reason for wanting to delete it is that this cleans up our release build and saves space on Artifactory for what I believe is an unnecessary historical relic.

Proposed changelog entries

Removed: The signed jenkins-parent-${JENKINS_VERSION}-src.zip source archives have been removed from Artifactory for future releases. Users who wish to download source archives for offline consumptions are encouraged to do so via GitHub.

Proposed upgrade guidelines

N/A

Submitter checklist

• (If applicable) Jira issue is well described
• Changelog entries and upgrade guidelines are appropriate for the audience affected by the change (users or developer, depending on the change) and are in the imperative mood. Examples
  • Fill-in the Proposed changelog entries section only if there are breaking changes or other changes which may require extra steps from users during the upgrade
• Appropriate autotests or explanation to why this change has no tests
• New public classes, fields, and methods are annotated with @Restricted or have @since TODO Javadoc, as appropriate.
• New deprecations are annotated with @Deprecated(since = "TODO") or @Deprecated(forRemoval = true, since = "TODO") if applicable.
• New or substantially changed JavaScript is not defined inline and does not call eval to ease future introduction of Content-Security-Policy directives (see documentation on jenkins.io).
• For dependency updates: links to external changelogs and, if possible, full diffs

Desired reviewers

@mention

Maintainer checklist

Before the changes are marked as ready-for-merge:

• There are at least 2 approvals for the pull request and no outstanding requests for change
• Conversations in the pull request are over OR it is explicit that a reviewer does not block the change
• Changelog entries in the PR title and/or Proposed changelog entries are accurate, human-readable, and in the imperative mood
• Proper changelog labels are set so that the changelog can be generated automatically
• If the change needs additional upgrade steps from users, upgrade-guide-needed label is set and there is a Proposed upgrade guidelines section in the PR title. (example)
• If it would make sense to backport the change to LTS, a Jira issue must exist, be a Bug or Improvement, and be labeled as lts-candidate to be considered (see query).

[daniel-beck]

I wish this is what source jar contents looked like 😄

[basil]

I wish this is what source jar contents looked like smile

You would probably like Python source distributions (sdists).

[basil]

This PR is now ready for merge. We will merge it after approximately 24 hours if there is no negative feedback. Please see the merge process documentation for more information about the merge process. Thanks!