Merge branch 'main' into dev-ui-section-and-page

Author: josephaw1022

_data/wg.yaml

@@ -1,5 +1,33 @@
 ---
 working-groups:
+    - title: "Test classloading"
+      board-url: "https://github.com/orgs/quarkusio/projects/30"
+      short-description: The goal of this working group is to rewrite Quarkus's test classloading, so that tests are run in the same classloader as the application under tests, and Quarkus extensions can do "Quarkus-y" manipulations of test classes.
+      readme: |
+        <p>At the moment, Quarkus tests are invoked using one classloader, and then executed in a different classloader. This mostly works well, but means some use cases don't work: extensions cannot manipulate test classes in the same way that they do normal application classes. For example, anything run via a JUnit @TestTemplate test case will see the un-transformed class.</p>
+        <p>It also means we have extra user-facing complexity, such as the QuarkusTest*Callbacks](https://quarkus.io/guides/getting-started-testing#enrichment-via-quarkustestcallback):</p>
+        <blockquote>
+        <p>While it is possible to use JUnit Jupiter callback interfaces like BeforeEachCallback, you might run into classloading issues because Quarkus has to run tests in a custom classloader which JUnit is not aware of.</p>
+        </blockquote>
+        <p>A final benefit is a reduction in the internal complexity of our code. Hopping between classloaders during test execution takes a lot of work, and adds a lot of code! It also is brittle in places. For example, because the hop between classloaders relies on serialization in some cases, it's becoming harder to do as the JVM tightens up security restrictions. We used to rely on xstream, but that stopped working in Java 17. In https://github.com/quarkusio/quarkus/pull/40601, @dmlloyd moved us to use the JBoss Serializer, which works better, but might still be affected by future restrictions on class access.</p>
+        <p>The goal of this working group is to allow test classes to fully participate in the 'quarkification' of classes. The mechanism for this is probably just to load the test classes with the classloader we intend to run them with, so that JUnit sees the 'correct' version of the class.</p>
+        <ul>
+        <li>Point of contact: @holly-cummins (@<strong>Holly Cummins</strong>  on Zulip)</li>
+        <li>Proposal: https://github.com/quarkusio/quarkus/discussions/41867</li>
+        <li>Discussion: <a href="https://quarkusio.zulipchat.com/#narrow/channel/187038-dev/topic/WG.20.2330.20Test.20Classloading.20chatter/">Zulip topic</a></li>
+        </ul>
+      status: on track
+      completed: false
+      last-activity: 2024-11-28
+      last-update-date: 2024-11-25
+      last-update: |
+        Good progress in the past week. Latest CI run: https://github.com/holly-cummins/quarkus/actions/runs/11940609084
+        Down to 8 failing jobs on CI, which is, admittedly, awful, but it’s better than the 10 that were failing before this week. Fixed a bunch of problems in my implementation, some dumb (like typing ’text’ instead of ’test’, some more significant.)
+        
+        The next task/blocker is @Nested tests which have a test profile. That means sorting out the contradiction between “load tests using the classloader we will use to execute them,” and “@Nested inner classes always get loaded by the parent’s classloader, which is totally the wrong classloader if there’s a @TestProfile on them”. I fear the solution may involve putting back a bunch of code I thought I was going to be able to delete.
+      point-of-contact: "@holly-cummins (@<strong>Holly Cummins</strong>  on Zulip)"
+      proposal: https://github.com/quarkusio/quarkus/discussions/41867
+      discussion: https://quarkusio.zulipchat.com/#narrow/channel/187038-dev/topic/WG.20.2330.20Test.20Classloading.20chatter/
     - title: "WebSocket Next"
       board-url: "https://github.com/orgs/quarkusio/projects/26"
       short-description: WebSocket-Next related tasks
@@ -76,34 +104,6 @@ working-groups:
       deliverable: <a rel="nofollow" href="https://www.youtube.com/watch?v=VP7c9ftFwrQ">Quarkus Insight</a>
       point-of-contact: "@cescoffier (@<strong>Clement Escoffier</strong> on Zulip)"
       proposal: https://github.com/quarkusio/quarkus/discussions/41024
-    - title: "Test classloading"
-      board-url: "https://github.com/orgs/quarkusio/projects/30"
-      short-description: The goal of this working group is to rewrite Quarkus's test classloading, so that tests are run in the same classloader as the application under tests, and Quarkus extensions can do "Quarkus-y" manipulations of test classes.
-      readme: |
-        <p>At the moment, Quarkus tests are invoked using one classloader, and then executed in a different classloader. This mostly works well, but means some use cases don't work: extensions cannot manipulate test classes in the same way that they do normal application classes. For example, anything run via a JUnit @TestTemplate test case will see the un-transformed class.</p>
-        <p>It also means we have extra user-facing complexity, such as the QuarkusTest*Callbacks](https://quarkus.io/guides/getting-started-testing#enrichment-via-quarkustestcallback):</p>
-        <blockquote>
-        <p>While it is possible to use JUnit Jupiter callback interfaces like BeforeEachCallback, you might run into classloading issues because Quarkus has to run tests in a custom classloader which JUnit is not aware of.</p>
-        </blockquote>
-        <p>A final benefit is a reduction in the internal complexity of our code. Hopping between classloaders during test execution takes a lot of work, and adds a lot of code! It also is brittle in places. For example, because the hop between classloaders relies on serialization in some cases, it's becoming harder to do as the JVM tightens up security restrictions. We used to rely on xstream, but that stopped working in Java 17. In https://github.com/quarkusio/quarkus/pull/40601, @dmlloyd moved us to use the JBoss Serializer, which works better, but might still be affected by future restrictions on class access.</p>
-        <p>The goal of this working group is to allow test classes to fully participate in the 'quarkification' of classes. The mechanism for this is probably just to load the test classes with the classloader we intend to run them with, so that JUnit sees the 'correct' version of the class.</p>
-        <ul>
-        <li>Point of contact: @holly-cummins (@<strong>Holly Cummins</strong>  on Zulip)</li>
-        <li>Proposal: https://github.com/quarkusio/quarkus/discussions/41867</li>
-        <li>Discussion: <a href="https://quarkusio.zulipchat.com/#narrow/channel/187038-dev/topic/WG.20.2330.20Test.20Classloading.20chatter/">Zulip topic</a></li>
-        </ul>
-      status: on track
-      completed: false
-      last-activity: 2024-11-19
-      last-update-date: 2024-11-25
-      last-update: |
-        Good progress in the past week. Latest CI run: https://github.com/holly-cummins/quarkus/actions/runs/11940609084
-        Down to 8 failing jobs on CI, which is, admittedly, awful, but it’s better than the 10 that were failing before this week. Fixed a bunch of problems in my implementation, some dumb (like typing ’text’ instead of ’test’, some more significant.)
-        
-        The next task/blocker is @Nested tests which have a test profile. That means sorting out the contradiction between “load tests using the classloader we will use to execute them,” and “@Nested inner classes always get loaded by the parent’s classloader, which is totally the wrong classloader if there’s a @TestProfile on them”. I fear the solution may involve putting back a bunch of code I thought I was going to be able to delete.
-      point-of-contact: "@holly-cummins (@<strong>Holly Cummins</strong>  on Zulip)"
-      proposal: https://github.com/quarkusio/quarkus/discussions/41867
-      discussion: https://quarkusio.zulipchat.com/#narrow/channel/187038-dev/topic/WG.20.2330.20Test.20Classloading.20chatter/
     - title: "Quarkus 3.15 LTS"
       board-url: "https://github.com/orgs/quarkusio/projects/28"
       short-description: This WG focuses on defining the issues we would like to have in the next-to-be LTS (Quarkus 3.14/3.15)

_generated-doc/main/config/quarkus-all-config.adoc

@@ -14295,7 +14295,7 @@ endif::add-copy-button-to-config-props[]
 
 [.description]
 --
-Origins allowed for CORS Comma separated list of valid URLs, e.g.: http://www.quarkus.io,http://localhost:3000 In case an entry of the list is surrounded by forward slashes, it is interpreted as a regular expression.
+The origins allowed for CORS. A comma-separated list of valid URLs, such as `http://www.quarkus.io,http://localhost:3000`. URLs enclosed in forward slashes are interpreted as regular expressions.
 
 
 ifdef::add-copy-button-to-env-var[]
@@ -14316,7 +14316,7 @@ endif::add-copy-button-to-config-props[]
 
 [.description]
 --
-HTTP methods allowed for CORS Comma separated list of valid methods. ex: GET,PUT,POST The filter allows any method if this is not set. default: returns any requested method as valid
+The HTTP methods allowed for CORS requests. A comma-separated list of valid HTTP methods, such as `GET,PUT,POST`. If not set, the filter allows any HTTP method by default. Default: Any HTTP request method is allowed.
 
 
 ifdef::add-copy-button-to-env-var[]
@@ -14337,7 +14337,7 @@ endif::add-copy-button-to-config-props[]
 
 [.description]
 --
-HTTP headers allowed for CORS Comma separated list of valid headers. ex: X-Custom,Content-Disposition The filter allows any header if this is not set. default: returns any requested header as valid
+The HTTP headers allowed for CORS requests. A comma-separated list of valid headers, such as `X-Custom,Content-Disposition`. If not set, the filter allows any header by default. Default: Any HTTP request header is allowed.
 
 
 ifdef::add-copy-button-to-env-var[]
@@ -14358,7 +14358,7 @@ endif::add-copy-button-to-config-props[]
 
 [.description]
 --
-HTTP headers exposed in CORS Comma separated list of valid headers. ex: X-Custom,Content-Disposition default: empty
+The HTTP headers exposed in CORS responses. A comma-separated list of headers to expose, such as `X-Custom,Content-Disposition`. Default: No headers are exposed.
 
 
 ifdef::add-copy-button-to-env-var[]
@@ -14379,7 +14379,7 @@ endif::add-copy-button-to-config-props[]
 
 [.description]
 --
-The `Access-Control-Max-Age` response header value indicating how long the results of a pre-flight request can be cached.
+The `Access-Control-Max-Age` response header value in `java.time.Duration` format. Informs the browser how long it can cache the results of a preflight request.
 
 
 ifdef::add-copy-button-to-env-var[]
@@ -14400,7 +14400,7 @@ endif::add-copy-button-to-config-props[]
 
 [.description]
 --
-The `Access-Control-Allow-Credentials` header is used to tell the browsers to expose the response to front-end JavaScript code when the request’s credentials mode Request.credentials is “include”. The value of this header will default to `true` if `quarkus.http.cors.origins` property is set and there is a match with the precise `Origin` header.
+The `Access-Control-Allow-Credentials` response header. Tells browsers if front-end JavaScript can be allowed to access credentials when the request's credentials mode, `Request.credentials`, is set to `include`. Default: `true` if the `quarkus.http.cors.origins` property is set and matches the precise `Origin` header value.
 
 
 ifdef::add-copy-button-to-env-var[]

_generated-doc/main/config/quarkus-vertx-http_quarkus.http.adoc

@@ -2301,7 +2301,7 @@ endif::add-copy-button-to-config-props[]
 
 [.description]
 --
-Origins allowed for CORS Comma separated list of valid URLs, e.g.: http://www.quarkus.io,http://localhost:3000 In case an entry of the list is surrounded by forward slashes, it is interpreted as a regular expression.
+The origins allowed for CORS. A comma-separated list of valid URLs, such as `http://www.quarkus.io,http://localhost:3000`. URLs enclosed in forward slashes are interpreted as regular expressions.
 
 
 ifdef::add-copy-button-to-env-var[]
@@ -2322,7 +2322,7 @@ endif::add-copy-button-to-config-props[]
 
 [.description]
 --
-HTTP methods allowed for CORS Comma separated list of valid methods. ex: GET,PUT,POST The filter allows any method if this is not set. default: returns any requested method as valid
+The HTTP methods allowed for CORS requests. A comma-separated list of valid HTTP methods, such as `GET,PUT,POST`. If not set, the filter allows any HTTP method by default. Default: Any HTTP request method is allowed.
 
 
 ifdef::add-copy-button-to-env-var[]
@@ -2343,7 +2343,7 @@ endif::add-copy-button-to-config-props[]
 
 [.description]
 --
-HTTP headers allowed for CORS Comma separated list of valid headers. ex: X-Custom,Content-Disposition The filter allows any header if this is not set. default: returns any requested header as valid
+The HTTP headers allowed for CORS requests. A comma-separated list of valid headers, such as `X-Custom,Content-Disposition`. If not set, the filter allows any header by default. Default: Any HTTP request header is allowed.
 
 
 ifdef::add-copy-button-to-env-var[]
@@ -2364,7 +2364,7 @@ endif::add-copy-button-to-config-props[]
 
 [.description]
 --
-HTTP headers exposed in CORS Comma separated list of valid headers. ex: X-Custom,Content-Disposition default: empty
+The HTTP headers exposed in CORS responses. A comma-separated list of headers to expose, such as `X-Custom,Content-Disposition`. Default: No headers are exposed.
 
 
 ifdef::add-copy-button-to-env-var[]
@@ -2385,7 +2385,7 @@ endif::add-copy-button-to-config-props[]
 
 [.description]
 --
-The `Access-Control-Max-Age` response header value indicating how long the results of a pre-flight request can be cached.
+The `Access-Control-Max-Age` response header value in `java.time.Duration` format. Informs the browser how long it can cache the results of a preflight request.
 
 
 ifdef::add-copy-button-to-env-var[]
@@ -2406,7 +2406,7 @@ endif::add-copy-button-to-config-props[]
 
 [.description]
 --
-The `Access-Control-Allow-Credentials` header is used to tell the browsers to expose the response to front-end JavaScript code when the request’s credentials mode Request.credentials is “include”. The value of this header will default to `true` if `quarkus.http.cors.origins` property is set and there is a match with the precise `Origin` header.
+The `Access-Control-Allow-Credentials` response header. Tells browsers if front-end JavaScript can be allowed to access credentials when the request's credentials mode, `Request.credentials`, is set to `include`. Default: `true` if the `quarkus.http.cors.origins` property is set and matches the precise `Origin` header value.
 
 
 ifdef::add-copy-button-to-env-var[]

_generated-doc/main/config/quarkus-vertx-http_quarkus.http.cors.adoc

@@ -15,7 +15,7 @@ endif::add-copy-button-to-config-props[]
 
 [.description]
 --
-Origins allowed for CORS Comma separated list of valid URLs, e.g.: http://www.quarkus.io,http://localhost:3000 In case an entry of the list is surrounded by forward slashes, it is interpreted as a regular expression.
+The origins allowed for CORS. A comma-separated list of valid URLs, such as `http://www.quarkus.io,http://localhost:3000`. URLs enclosed in forward slashes are interpreted as regular expressions.
 
 
 ifdef::add-copy-button-to-env-var[]
@@ -36,7 +36,7 @@ endif::add-copy-button-to-config-props[]
 
 [.description]
 --
-HTTP methods allowed for CORS Comma separated list of valid methods. ex: GET,PUT,POST The filter allows any method if this is not set. default: returns any requested method as valid
+The HTTP methods allowed for CORS requests. A comma-separated list of valid HTTP methods, such as `GET,PUT,POST`. If not set, the filter allows any HTTP method by default. Default: Any HTTP request method is allowed.
 
 
 ifdef::add-copy-button-to-env-var[]
@@ -57,7 +57,7 @@ endif::add-copy-button-to-config-props[]
 
 [.description]
 --
-HTTP headers allowed for CORS Comma separated list of valid headers. ex: X-Custom,Content-Disposition The filter allows any header if this is not set. default: returns any requested header as valid
+The HTTP headers allowed for CORS requests. A comma-separated list of valid headers, such as `X-Custom,Content-Disposition`. If not set, the filter allows any header by default. Default: Any HTTP request header is allowed.
 
 
 ifdef::add-copy-button-to-env-var[]
@@ -78,7 +78,7 @@ endif::add-copy-button-to-config-props[]
 
 [.description]
 --
-HTTP headers exposed in CORS Comma separated list of valid headers. ex: X-Custom,Content-Disposition default: empty
+The HTTP headers exposed in CORS responses. A comma-separated list of headers to expose, such as `X-Custom,Content-Disposition`. Default: No headers are exposed.
 
 
 ifdef::add-copy-button-to-env-var[]
@@ -99,7 +99,7 @@ endif::add-copy-button-to-config-props[]
 
 [.description]
 --
-The `Access-Control-Max-Age` response header value indicating how long the results of a pre-flight request can be cached.
+The `Access-Control-Max-Age` response header value in `java.time.Duration` format. Informs the browser how long it can cache the results of a preflight request.
 
 
 ifdef::add-copy-button-to-env-var[]
@@ -120,7 +120,7 @@ endif::add-copy-button-to-config-props[]
 
 [.description]
 --
-The `Access-Control-Allow-Credentials` header is used to tell the browsers to expose the response to front-end JavaScript code when the request’s credentials mode Request.credentials is “include”. The value of this header will default to `true` if `quarkus.http.cors.origins` property is set and there is a match with the precise `Origin` header.
+The `Access-Control-Allow-Credentials` response header. Tells browsers if front-end JavaScript can be allowed to access credentials when the request's credentials mode, `Request.credentials`, is set to `include`. Default: `true` if the `quarkus.http.cors.origins` property is set and matches the precise `Origin` header value.
 
 
 ifdef::add-copy-button-to-env-var[]