What’s new in Eficode ROOT: January 2024

Darkness has fallen

A dark theme was all the rage in the early twenties. And by twenties, I don’t mean the proper twenties, obviously, when things were not yet all bleak and monochromatic. Not until the second half of ‘29, anyway. Maybe that is when it all started going wrong; how the scene was set for the demise leading up to our less roaring twenties.

But at least we have the new Bitbucket here, which, by the way, you can now have in any color you want. As long as it’s black.

^{The new dark theme in Bitbucket 8.16.}

The other colorless option given to us is the new light theme which, as the name suggests, is indeed very light and joyful in its grayscale attire. There’s also a possibility to revert to the original look, should you prefer to keep things the way they’ve always been. You know, the way they ought to be.

You could have also previously had your Bitbucket set up to wear a corporate livery using the “Look and Feel” plugin or some CSS hacks. Combined with the new theming facility, these modifications could possibly result in slightly unsightly appearances.

Whilst beauty certainly is in the eye of the beholder, our recommendation would be to turn off the earlier UI modifications for the time being. Who knows, maybe one day, Bitbucket will ship with a built-in theme customization facility.

CODEOWNERS for all

The concept of Code Owners was first introduced in GitHub back in 2017. Having evolved into a stable implementation and a commonly accepted good practice, various other source code management platforms have started to ship an adaptation of the same idea.

With the release of 8.14 LTS, all Bitbucket users on Server and Data Center alike can reap the CODEOWNERS benefits. You can now define the owners of different parts of your codebase using various rules and patterns declared in a CODEOWNERS file. Once set up, Bitbucket will automatically configure appropriate pull request reviewers based on the declared ownership.

Check out the documentation for Code Owners for further instructions and an example of a CODEOWNERS ruleset.

Auto-merge pull requests

How often have you had a pull request sitting open for days on end, all merge checks and approvals completed, just waiting for someone to click on the merge button? Happens to the best of us, right?

Bitbucket now has an answer for us. You now have the option to enable auto-merge for qualifying pull requests. It does exactly what you would expect a feature called “auto-merge” to do—it automatically merges your PRs when all merge checks have been completed.

Check out the auto-merge docs to see how you can get the ball rolling automatically.

Embed videos from YouTube et al.

Building on top of the new video feature introduced in our September 2023 release, the inclusion of moving pictures in your PR descriptions and comments has been made ever so convenient with the newest Bitbucket. No need to upload a file anymore; simply slap a link to a video from a platform like YouTube or Vimeo, and Bitbucket will automatically transform it into an embedded video player.

End of an era

The February expiration date for Atlassian’s Server licensing is approaching quickly. This also means changes in Eficode ROOT releases which, admittedly, most of you won’t even notice.

Bitbucket 8.14.x LTS is the last release line to run on a Server license. Going forward, Data Center will receive new versions and features as always, while the remaining Server deployments only receive security patches on 8.14.

With the exception of the CODEOWNERS support, all new features in this Eficode ROOT release will only be available on Bitbucket Data Center.

AI-powered Duo Code Suggestions

Nowadays, artificial flavors, sweeteners, or preservatives tend to be frowned upon, as do many other synthetic man-made things. Natural and real is the way to go. Except when it comes to intelligence, where the artificial kind seems to be the new black. This hasn’t gone unnoticed in the GitLab HQ.

GitLab joins the Copilots of the world by making its new AI-assisted coding facility, the Duo Code Suggestions, generally available for all Premium and Ultimate users starting with the 16.7 release.

Code Suggestions is a “privacy-first AI” approach, where your private, non-public source code does not get used as training data, making it possibly more acceptable from a security perspective than some other AI adaptations.

The feature is available as an add-on for a myriad of different IDEs, such as the GitLab Web IDE, VS Code, Jetbrains-based stuff, and NeoVIM.

Code Suggestions is free to try until February 15, which is when it turns into a paid extra.

Check out the documentation for Code Suggestions and the main announcement for the feature to learn more!

Pages without wildcard DNS

Enabling GitLab Pages has required provisioning a wildcard DNS entry with the accompanying wildcard TLS certificates. Which in some cases has not been possible, effectively preventing GitLab Pages from being taken into use.

With the introduction of a new experimental Pages configuration scheme in GitLab 16.7, it is now possible to set up Pages without a wildcard DNS. This approach uses a single domain name to cover all Pages projects with a new URL scheme where the namespace and project slug are specified in the request URL itself, resulting in a URL scheme of https://pages.example.io/<namespace>/<project_slug>.

Minimal forking

Like a thousand knives when all you need is a fork. Previously forking a repository meant taking the whole ordeal, the ins and outs of all branches. With this latest GitLab, you can limit the fork to the default branch only, which is probably what you wanted anyway. Just tick the “only the default branch” box when forking and off to the races you are.

CI/CD Catalog public Beta

This release of GitLab ships with a public Beta of CI/CD Catalog, a centralized place where you can search for reusable CI/CD components maintained by you, your organization, or the public community. The new Catalog allows you to reuse published CI/CD components even more easily than before.

The feature is available on all tiers of GitLab. And since this is an initial Beta release, GitLab will continue working on making the experience even better.

Head over to the documentation for CI/CD components to learn more about reusable components and the new Catalog.

Old navigation is no more

And we end our highlights with a bit of a sad farewell.

Until recently, you could opt out of the new navigation bar introduced in 16.0. Go back to the old, familiar one. That has now gone the way of the dodo bird. What’s left is the new navigation and only the new navigation, which, admittedly, has been vastly improved based on user feedback since its first appearance and undoubtedly will be improved further going forward; all of which will be tracked on the navigation experience overhaul epic on gitlab.com.

And a lot more

As always, this was just the tip of the iceberg. Check out the complete release notes for both

GitLab 16.6 and GitLab 16.7 for a full disclosure of all changes and new features, such as the possibility for Ultimate users to enforce MR approvals as a compliance policy, improved UI for CI/CD variable management and a Beta announcement for a Runner Fleet Dashboard in 16.6 to name a few.

Monthly refresh

The Eficode ROOT release for January ships with a Jenkins LTS Core version 2.426.2. This release sorts out some niggles related to the UI refresh that has been going on for a while. There’s also added support for Java 21, which resulted in the announcement of the expiration date for Java 11. More on this below.

There’s a new Coverage Plugin, a spin-off from the old code Coverage Plugin, which will get deployed on all Eficode ROOT instances. Going forward, the Coverage Plugin will carry the torch for code coverage reporting needs in Jenkins.

Otherwise, it’s the same old story: Jenkins is a curated selection of plugins and features, each installation being unique to some extent. If you have an interest in the specific ingredients of your own concoction, please do not hesitate to get in touch with your friendly Eficode ROOT support team.

Java 11 end-of-life

Jenkins’ LTS Core 2.426.1 introduces support for running Jenkins on Java 21. In other words, it can currently operate on a trio or Java 11, 17, and 21. Eficode ROOT Jenkins instances, for the most part, are still on Java 11 to ensure maximum compatibility with all plugins in the ecosystem.

This will change in 2024. Support for Java 11 in Jenkins will end on or after September 30th. All Eficode ROOT Jenkins instances will be updated to Java 17 well before that.

Why 17 and not the latest and greatest, one might ask. It’s the plugins. We are confident that the vast majority of the plugins, if not all, that are currently in use have already been updated to run properly on Java 17. Whereas with Java 21 that might not yet be the case by the third quarter of 2024.

For the most part, the transition will be completely invisible. It’s the same stuff that can break as it was with Java 8 to Java 11 bump back in the fall of ‘22: old Maven-type jobs, externally hosted Jenkins agents and such like. You can check out our September 2022 release notes for the advice we gave back then.

The “Introducing the 2 + 2 + 2 Java support plan” blog post brilliantly summarizes the Java support landscape from a Jenkins perspective for the years to come.

Rest assured, we will keep you updated as the transition unfolds.

Support for self-hosted Hugging Face ML repositories

With the introduction of support for local and remote Hugging Face repositories, you can now use Artifactory to store your ML models the same way you already could do with your other software components while incorporating the Xray features to detect possible malicious models and to enforce license compliance in the machine learning stuff.

Improved trash can

Nobody likes a malfunction in the trash can. This release of Artifactory improves its garbage management facilities. Previously you could accidentally remove stuff permanently if you happened to delete an artifact with the exact same path and filename as one that was already sitting in the bin. And we all know that a trash can is essentially just temporary storage for the backlog of brilliant ideas, not actually for getting rid of them.

Now you’ll get a prompt asking you to confirm the permanent deletion of the item in the trash can before anything bad happens.

Enhancements in Xray

The Force Reindex operation has been improved in this release of Xray to support deleting components that should no longer be part of the component graph of an artifact or a build.

Xray’s Jira integration has also been expanded with the possibility of setting up custom and mandatory fields for a Jira issue. See the documentation for Xray Jira integration for more on this topic.

Strict Clean as You Code criteria for quality gates

This release of SonarQube adopts more rigorous Clean as You Code criteria for the built-in Sonar way quality gates. The new policy allows new code to have exactly zero issues for passing the quality gate to ensure that any newly written and modified code meets the highest possible clean code standards.

Additionally, the Sonar way quality gate no longer differentiates between bugs, vulnerabilities, and code smells in its policy; it’s now a single issues category with zero allowed.

The previous quality gates are still available as “Sonar way (legacy)” if it turns out you’re not quite ready for the change yet.

Secrets detection at the source

Keep your code free of unwanted secrets with the new secret detection engine in SonarQube and SonarLint. With SonarLint in your IDE, you can leverage the detection capabilities to ensure that your codebase is clean of any unwanted sensitive information before pushing anything into your CI/CD pipeline.

Right out of the box, Sonar can detect the top 100+ common patterns for sensitive secrets or tokens, with the option of adding custom rules to detect company-specific secrets.

Stay in sync with GitLab

The GitLab integration introduced in the previous version was able to synchronize issues back to the GitLab Vulnerability Report whenever SonarQube detected a new issue or updated the status of an existing one.

With this release the synchronization has turned a full circle with status changes of issues in GitLab getting automatically replicated back to the corresponding issue in SonarQube in the subsequent analysis, keeping both in sync.

UI and language updates

The UI modernization of series 10 progresses with the following getting updated to the latest UI in 10.3:

• Quality gates page
• Quality profiles page
• Rules page
• DevOps platform configuration modal shown during project onboarding

Language packs also received a hefty amount of updates:

JavaScript/TypeScript receives first-rate support for React with over 60 rules, including rules to prevent common brand practices, to identify deprecated APIs and to improve accessibility. There are also improvements made to diagnostics of memory issues.

Java/Kotlin benefits from the newly added support of Maven 4.0, the refresh of all external linters analyzers, added support for Jakarta namespaces, and the detection of the most common pitfalls of Spring Boot.

C/C++ adds new MISRA C++ 2023 rules, while .NET support is expanded to cover .NET 8 and C# 12. There’s also added support for C# code in .NET templates with Razor syntax.

And finally, Python gets extended to cover Python 3.12 new syntax, new rules, and error-free parsing. There are also new rules added to cover NumPy and Pandas libraries.

For a full overview of everything new in SonarQube 10.3, check out the official SonarQube 10.3 release announcement!