Prevent absolute links from adoc to www.jenkins.io and jenkins.io (jenkins-infra#5899)

## Prevent absolute links to jenkins.io and www.jenkins.io in adoc files

When the https://www.jenkins.io/ URL is embedded in the source code of
the jenkins.io pages, it causes a user exploring a pull request through
the preview sites to be moved from the preview site to the
www.jenkins.io site. If they are not very carefully watching the URL
address bar, they can waste time looking at the production site when
they wanted to review the preview site.

* jenkins-infra#5718
* jenkins-infra#5715

@ADITYADAS1999 I assumed that the issue was more difficult than you were
ready to attack. If you'd like to review the technique I've used, I'd
love to have comments or recommendations of ways it could be improved.

Co-authored-by: Damien Duportal <damien.duportal@gmail.com>

Author: MarkEWaite

Jenkinsfile

@@ -48,9 +48,16 @@ node('docker&&linux') {
         checkout scm
     }
 
-    stage('Check for typos') {
-      sh 'make check'
-      recordIssues(tools: [checkStyle(id: 'typos', name: 'Typos', pattern: 'checkstyle.xml')], qualityGates: [[threshold: 1, type: 'TOTAL', unstable: true]])
+    stage('Checks') {
+        /* The Jenkins which deploys doesn't use multibranch or GitHub Org Folders.
+         * Checks are advisory only.
+         * They are intentionally skipped when preparing a deployment.
+        */
+        if (!infra.isTrusted() && env.BRANCH_NAME != null) {
+            sh 'make check'
+            recordIssues(tools: [checkStyle(id: 'typos', name: 'Typos', pattern: 'checkstyle.xml')],
+                         qualityGates: [[threshold: 1, type: 'TOTAL', unstable: true]])
+        }
     }
 
     stage('Build site') {
@@ -84,9 +91,9 @@ node('docker&&linux') {
         archiveArtifacts artifacts: 'build/**/*.zip', fingerprint: true
     }
 
-    /* The Jenkins which deploys doesn't use multibranch or GitHub Org Folders
+    /* The Jenkins which deploys doesn't use multibranch or GitHub Org Folders.
     */
-    if (env.BRANCH_NAME == null) {
+    if (infra.isTrusted() && env.BRANCH_NAME == null) {
         stage('Publish on Azure') {
             /* -> https://github.com/Azure/blobxfer
             Require credential 'BLOBXFER_STORAGEACCOUNTKEY' set to the storage account key */

Makefile

@@ -120,6 +120,7 @@ archive: generate
 # Check Typo
 #######################################################
 check:
+	scripts/check-hard-coded-URL-references
 	curl -qsL https://github.com/crate-ci/typos/releases/download/v1.13.4/typos-v1.13.4-x86_64-unknown-linux-musl.tar.gz | tar xvzf - ./typos
 	curl -qsL https://github.com/halkeye/typos-json-to-checkstyle/releases/download/v0.1.1/typos-checkstyle-v0.1.1-x86_64 > typos-checkstyle && chmod 0755 typos-checkstyle
 	./typos --format json | ./typos-checkstyle - > checkstyle.xml || true

content/events/hacktoberfest.adoc

@@ -75,7 +75,7 @@ who have committed to assist contributors and to provide quick turnaround in pul
 |=========================================================
 |Project/component | Keywords | Ideas and links
 
-| link:https://jenkins.io[Jenkins Website]
+| link:/[Jenkins Website]
 | Documentation, +
   Asciidoc, +
   CSS, +

content/participate/report-issue.adoc

@@ -90,7 +90,7 @@ https://issues.jenkins.io/secure/Dashboard.jspa[the JIRA home page].
 * For *Project* select:
 ** _Jenkins_ for general issues with Jenkins,
 ** _Security Issues_ if you want to report a security issue privately
-* For _Infrastructure_, if you're reporting a bug with https://www.jenkins.io/projects/infrastructure/[a Jenkins service run by the Jenkins project], open an issue in the https://github.com/jenkins-infra/helpdesk/issues/new/choose[dedicated helpdesk on Github].
+* For _Infrastructure_, if you're reporting a bug with link:/projects/infrastructure/[a Jenkins service run by the Jenkins project], open an issue in the https://github.com/jenkins-infra/helpdesk/issues/new/choose[dedicated helpdesk on Github].
 * Enter a short but meaningful description of your problem as *Summary*.
 * For *Priority*, see
 https://issues.jenkins.io/secure/ShowConstantsHelp.jspa?decorator=popup#PriorityLevels[here]

content/participate/test.adoc

@@ -34,11 +34,11 @@ See the jira:WEBSITE-662[] EPIC for tasks related to this page, contributions ar
 
 - Pull Requests - link:https://ci.jenkins.io/job/Core/job/jenkins/view/change-requests/[https://ci.jenkins.io/job/Core/job/jenkins/view/change-requests/]
 
-- Weekly Release - link:/download/[https://jenkins.io/download/]
+- Weekly Release - link:/download/[weekly downloads]
 
 - Quarterly Long Term Support Release Candidate - link:http://mirrors.jenkins.io/war-stable-rc/[http://mirrors.jenkins.io/war-stable-rc/]
 
-- Quarterly Long Term Support Release - link:/download/[https://jenkins.io/download/]
+- Quarterly Long Term Support Release - link:/download/[LTS downloads]
 
 ==== Jenkins Plugins
 - Pull request builds from link:https://ci.jenkins.io/job/Plugins/[ci.jenkins.io]

content/project/conduct.adoc

@@ -97,7 +97,7 @@ Technical criticism is always appreciated. Keep it positive and constructive. Do
 
 Everything hosted under link:/[jenkins.io], link:https://jenkins-ci.org/[jenkins-ci.org] and their sub-domains such as:
 
-* link:https://jenkins.io[jenkins.io]
+* link:/[jenkins.io]
 * link:https://issues.jenkins.io/[issues.jenkins.io]
 * link:https://stories.jenkins.io/[stories.jenkins.io]
 

content/project/team-leads.adoc

@@ -46,7 +46,7 @@ Coordinates the security-related activities in the Jenkins project. This is an *
 * Publish link:https://wiki.jenkins.io/display/JENKINS/Security+Advisorie[Security Advisories] (including CVE IDs and CVSS) and notify the link:https://groups.google.com/forum/#!forum/jenkinsci-advisories[mailing list]
 * Drive security policy definition/changes in the community
 * Represent the Jenkins project on security topics with third parties
-* Represent the https://www.jenkins.io/security/cna/[Jenkins CNA].
+* Represent the link:/security/cna/[Jenkins CNA].
 
 [[infrastructure]]
 ### Infrastructure Officer

content/redirect/oracle-account-signup.adoc

@@ -1,4 +1,4 @@
 ---
 layout: redirect
-redirect_url: https://jenkins.io/oracleAccountSignup # TODO get rid of double redirect
+redirect_url: /oracleAccountSignup # TODO get rid of double redirect
 ---

content/redirect/pipeline-cps-method-mismatches.adoc

@@ -1,4 +1,4 @@
 ---
 layout: redirect
-redirect_url: https://www.jenkins.io/doc/book/pipeline/cps-method-mismatches/
+redirect_url: /doc/book/pipeline/cps-method-mismatches/
 ---

content/security/plugins.adoc

@@ -66,7 +66,7 @@ This typically is the case when plugins have particularly severe security vulner
 * Literate (`literate`): link:/security/advisory/2020-03-09/#SECURITY-1750[SECURITY-1750]
 * Nerrvana (`nerrvana`): link:/security/advisory/2020-10-08/#SECURITY-2097[SECURITY-2097]
 * Persona (`persona`): link:/security/advisory/2020-10-08/#SECURITY-2046[SECURITY-2046]
-* Pipeline: Classpath Step (`pipeline-classpath`): https://www.jenkins.io/security/advisory/2017-03-20/#pipeline-classpath-step-plugin-allowed-script-security-sandbox-bypass[SECURITY-336]
+* Pipeline: Classpath Step (`pipeline-classpath`): link:/security/advisory/2017-03-20/#pipeline-classpath-step-plugin-allowed-script-security-sandbox-bypass[SECURITY-336]
 * Pipeline: Phoenix AutoTest (`phoenix-autotest`): link:/security/advisory/2022-03-29/[multiple vulnerabilities announced on 2022-03-29]
 * Puppet Enterprise Pipeline (`puppet-enterprise-pipeline`): link:/security/advisory/2019-10-16/#SECURITY-918[SECURITY-918]
 * Reactor (`reactor`): link:/security/advisory/2017-04-10/#reactor-plugin[SECURITY-487]

content/security/reporting.adoc

@@ -29,7 +29,7 @@ Please report issues present in the following components:
 * Jenkins, including installers and Docker images published by the Jenkins project
 * Jenkins plugins published by the Jenkins project (listed on https://plugins.jenkins.io/[plugins.jenkins.io] and/or hosted in https://github.com/jenkinsci[the jenkinsci GitHub organization])
 * Additional components published by the Jenkins project for general use, such as Docker images
-* Jenkins infrastructure projects, such as https://www.jenkins.io/[jenkins.io] or more generally the repositories hosted in the https://github.com/jenkins-infra[jenkins-infra GitHub organization]
+* Jenkins infrastructure projects, such as link:/[jenkins.io] or more generally the repositories hosted in the https://github.com/jenkins-infra[jenkins-infra GitHub organization]
 
 
 The following components are out of scope:

content/solutions/php.adoc

@@ -177,7 +177,7 @@ file (`phpcs.xml`):
 ----
 
 You can then fine-tune the failure conditions using the
-https://www.jenkins.io/doc/pipeline/steps/warnings-ng/[Warnings-NG pipeline configuration]
+link:/doc/pipeline/steps/warnings-ng/[Warnings-NG pipeline configuration]
 
 ==== Results Caching
 

content/templates/updates.adoc

@@ -29,7 +29,7 @@ See https://github.com/jenkins-infra/update-center2/tree/master/site[OSS Update
 The experimental plugin site is located at https://updates.jenkins.io/experimental/[https://updates.jenkins.io/experimental/].
 Configure `+https://updates.jenkins.io/experimental/update-center.json+` in Jenkins to receive experimental releases (those with `alpha` or `beta` in their version numbers).
 
-See https://www.jenkins.io/doc/developer/publishing/releasing-experimental-updates/[Publishing Experimental Plugin Releases] for more information.
+See link:/doc/developer/publishing/releasing-experimental-updates/[Publishing Experimental Plugin Releases] for more information.
 
 This update site always serves the latest releases, which may be incompatible with your version of Jenkins.
 

scripts/check-hard-coded-URL-references

@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+# Report adoc files that use https://www.jenkins.io or https://jenkins.io
+
+# Site development depends on links being relative to the current site
+# so that we can show the site on a developer desktop or in the preview
+# sites without links that jump to the original site.
+
+# See https://github.com/jenkins-infra/jenkins.io/issues/5718
+# See also https://github.com/jenkins-infra/jenkins.io/pull/5715
+
+# Returns 0 if no issues are detected or script is running on trusted.ci.jenkins.io
+# Returns 1 if one or more adoc files include https://www.jenkins.io
+# Returns 2 if one or more adoc files include https://jenkins.io
+# Returns 3 if both https://www.jenkins.io and https://jenkins.io are found
+
+return_code=0
+
+files=$(git grep -l https://www.jenkins.io -- content/[a-zA-Z]**/*.adoc)
+if [ "$files" != "" ]; then
+        echo "ERROR: incorrectly used https://www.jenkins.io in ${files}"
+        echo
+        echo "See https://github.com/jenkins-infra/jenkins.io/issues/5718"
+        echo "See also https://github.com/jenkins-infra/jenkins.io/pull/5715"
+        echo
+        return_code=1
+fi
+
+files=$(git grep -l https://jenkins.io -- content/[a-zA-Z]**/*.adoc)
+if [ "$files" != "" ]; then
+        echo "ERROR: incorrectly used https://jenkins.io in ${files}"
+        echo
+        echo "See https://github.com/jenkins-infra/jenkins.io/issues/5718"
+        echo "See also https://github.com/jenkins-infra/jenkins.io/pull/5715"
+        echo
+        return_code=$(( return_code + 2 ))
+fi
+
+exit $return_code