From c7456f7b56d8b289ba039d704633f004904c05cc Mon Sep 17 00:00:00 2001
From: Mark Waite <mark.earl.waite@gmail.com>
Date: Tue, 7 May 2024 16:00:49 -0600
Subject: [PATCH 1/2] Exclude PA_PUBLIC_PRIMITIVE_ATTRIBUTE spotbugs warning

This exclusion is widely used in Jenkins plugins because public primitives
are often part of the public API of a Java object in Jenkins.

Removes the spotbugs plugin from the pom file because the parent pom
already provides it and provides additional configuration to make spotbugs
even more useful for a Jenkins plugin.

Resolves the 19 spotbugs warnings that are reported on the master branch.
---
 pom.xml                         |  4 ----
 src/spotbugs/excludesFilter.xml | 29 +++++++++++++++++++++++++++++
 2 files changed, 29 insertions(+), 4 deletions(-)
 create mode 100644 src/spotbugs/excludesFilter.xml

diff --git a/pom.xml b/pom.xml
index 1f1224c17..71facbe6e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -232,10 +232,6 @@ THE SOFTWARE.
                     <compatibleSinceVersion>1.45</compatibleSinceVersion>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>com.github.spotbugs</groupId>
-                <artifactId>spotbugs-maven-plugin</artifactId>
-            </plugin>
         </plugins>
     </build>
 </project>
diff --git a/src/spotbugs/excludesFilter.xml b/src/spotbugs/excludesFilter.xml
new file mode 100644
index 000000000..967bff18c
--- /dev/null
+++ b/src/spotbugs/excludesFilter.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<FindBugsFilter>
+  <!--
+    Exclusions in this section have been triaged and determined to be
+    false positives.
+  -->
+  <Match>
+    <!-- These primitive attributes need to be public to preserve the API -->
+    <Bug pattern="PA_PUBLIC_PRIMITIVE_ATTRIBUTE" />
+    <Or>
+      <Class name="hudson.plugins.ec2.EC2AbstractSlave" />
+      <Class name="hudson.plugins.ec2.SlaveTemplate" />
+    </Or>
+  </Match>
+
+  <!--
+    Here lies technical debt. Exclusions in this section have not yet
+    been triaged. When working on this section, pick an exclusion to
+    triage, then:
+
+    - Add a @SuppressFBWarnings(value = "[...]", justification = "[...]")
+      annotation if it is a false positive.  Indicate the reason why
+      it is a false positive, then remove the exclusion from this
+      section.
+
+    - If it is not a false positive, fix the bug, then remove the
+      exclusion from this section.
+   -->
+</FindBugsFilter>

From e002ea5339e815db7dc9b16bc68c2c30dc722780 Mon Sep 17 00:00:00 2001
From: Mark Waite <mark.earl.waite@gmail.com>
Date: Tue, 7 May 2024 16:03:34 -0600
Subject: [PATCH 2/2] Replace JSR-305 annotations with spotbugs annotations

Annotations for Nonnull, CheckForNull, and several others were proposed
for Java as part of dormant Java specification request JSR-305. The
proposal never became a part of standard Java.

Jenkins plugins should switch from using JSR-305 annotations to use
Spotbugs annotations that provide the same semantics.

The [mailing list discussion](https://groups.google.com/g/jenkinsci-dev/c/uE1wwtVi1W0/m/gLxdEJmlBQAJ)
from James Nord describes the affected annotations and why they should
be replaced with annotations that are actively maintained.

The ["Improve a plugin" tutorial](https://www.jenkins.io/doc/developer/tutorial-improve/replace-jsr-305-annotations/)
provides instructions to perform this change.

An [OpenRewrite recipe](https://docs.openrewrite.org/recipes/jenkins/javaxannotationstospotbugs)
is also available and is even better than the tutorial.

Confirmed that automated tests pass on Linux with Java 21.
---
 .../java/hudson/plugins/ec2/EC2RetentionStrategyTest.java   | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/test/java/hudson/plugins/ec2/EC2RetentionStrategyTest.java b/src/test/java/hudson/plugins/ec2/EC2RetentionStrategyTest.java
index c54c91aeb..4e4ad5bb3 100644
--- a/src/test/java/hudson/plugins/ec2/EC2RetentionStrategyTest.java
+++ b/src/test/java/hudson/plugins/ec2/EC2RetentionStrategyTest.java
@@ -2,6 +2,7 @@
 
 import com.amazonaws.AmazonClientException;
 import com.amazonaws.services.ec2.model.InstanceType;
+import edu.umd.cs.findbugs.annotations.NonNull;
 import hudson.model.Executor;
 import hudson.model.Node;
 import hudson.model.Label;
@@ -30,7 +31,6 @@
 import org.testcontainers.shaded.org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.jvnet.hudson.test.LoggerRule;
 
-import javax.annotation.Nonnull;
 import java.security.Security;
 import java.time.Clock;
 import java.time.Duration;
@@ -141,10 +141,10 @@ public String getShortDescription() {
             }
         } : null;
         return new AccessControlledTask() {
-            @Nonnull
+            @NonNull
             public ACL getACL() {
                 return new ACL() {
-                    public boolean hasPermission(@Nonnull Authentication a, @Nonnull Permission permission) {
+                    public boolean hasPermission(@NonNull Authentication a, @NonNull Permission permission) {
                         return true;
                     }
                 };