Skip security warnings heading if no warnings (#537)

Test highlights that there is ambiguity in the tested code because there
are two booleans to represent a single condition.  It is possible to
have hideWarning == true and showWarning == true, even though we can
only do one or the other but not both.

Another pull request or another change in this pull request will need
to resolve that issue in the most recently merged pull request.

Author: MarkEWaite

plugin-management-library/src/main/java/io/jenkins/tools/pluginmanager/impl/PluginManager.java

@@ -459,9 +459,13 @@ public void showSpecificSecurityWarnings(List<Plugin> plugins) {
         // NOTE: By default, the plugin installation manager tool will show security warnings.
         // see: https://github.com/jenkinsci/plugin-installation-manager-tool/issues/258
         if (!cfg.isHideWarnings()) {
-            logMessage("\nSecurity warnings:");
+            boolean headingDisplayed = false;
             for (Plugin plugin : plugins) {
                 if (warningExists(plugin)) {
+                    if (!headingDisplayed) {
+                        logMessage("\nSecurity warnings:");
+                        headingDisplayed = true;
+                    }
                     String pluginName = plugin.getName();
                     logMessage(plugin.getSecurityWarnings().stream()
                             .map(warning -> String.format("%s (%s): %s %s %s", pluginName,

plugin-management-library/src/test/java/io/jenkins/tools/pluginmanager/impl/PluginManagerIntegrationTest.java

@@ -26,6 +26,7 @@
 import org.junit.rules.TemporaryFolder;
 
 import static com.github.stefanbirkner.systemlambda.SystemLambda.tapSystemOut;
+import static com.github.stefanbirkner.systemlambda.SystemLambda.tapSystemErr;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatNoException;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
@@ -56,13 +57,29 @@ public interface Configurator {
     }
 
     public PluginManager initPluginManager(Configurator configurator) throws IOException {
+        return initPluginManagerWithSecurityWarning(false, configurator);
+    }
+
+    public PluginManager initPluginManagerWithSecurityWarning(boolean showSecurityWarnings, Configurator configurator) throws IOException {
         Config.Builder configBuilder = Config.builder()
                 .withJenkinsWar(jenkinsWar.getAbsolutePath())
                 .withPluginDir(pluginsDir)
-                .withShowAvailableUpdates(true)
                 .withIsVerbose(true)
                 .withDoDownload(false)
                 .withCachePath(cacheDir.toPath());
+        if (showSecurityWarnings) {
+            // if showing security warnings, do not show available updates
+            configBuilder
+                .withHideWarnings(false)
+                .withShowWarnings(true)
+                .withShowAvailableUpdates(false);
+        } else {
+            // if showing available updates, do not show security warnings
+            configBuilder
+                .withHideWarnings(true)
+                .withShowWarnings(false)
+                .withShowAvailableUpdates(true);
+        }
         configurator.configure(configBuilder);
         Config config = configBuilder.build();
 
@@ -133,6 +150,28 @@ public void showAvailableUpdates_shouldNotFailOnUIThemes() throws Exception {
         assertThat(output).doesNotContain("uithemes");
     }
 
+    @Test
+    public void securityWarningsShownByDefaultTest() throws Exception {
+        Plugin pluginScriptSecurityWithSecurityWarning = new Plugin("script-security", "1.30", null, null);
+        PluginManager pluginManager = initPluginManagerWithSecurityWarning(true,
+                configBuilder -> configBuilder.withPlugins(Arrays.asList(pluginScriptSecurityWithSecurityWarning)));
+
+        String output = tapSystemErr(
+                () -> pluginManager.start(false));
+        assertThat(output).contains("Security warnings");
+    }
+
+    @Test
+    public void securityWarningsNotShownTest() throws Exception {
+        Plugin pluginScriptSecurityWithSecurityWarning = new Plugin("script-security", "1.30", null, null);
+        PluginManager pluginManager = initPluginManagerWithSecurityWarning(false,
+                configBuilder -> configBuilder.withPlugins(Arrays.asList(pluginScriptSecurityWithSecurityWarning)));
+
+        String output = tapSystemErr(
+                () -> pluginManager.start(false));
+        assertThat(output).doesNotContain("Security warnings");
+    }
+
     @Test
     public void findPluginsAndDependenciesTest() throws IOException {
         Plugin plugin1 = new Plugin("plugin1", "1.0", null, null);