Details
-
Improvement
-
Status: Resolved (View Workflow)
-
Major
-
Resolution: Fixed
Description
The dependencies in plugin POMs are typically a mess, especially when deep dependency trees are in use, as is typical for Pipeline suite components. The problem is Maven's transitive dependency resolution algorithm, which prefers the "nearest" version, even if it is older than what some other dependency requires. This does not work well for plugin dependencies in particular, and Jenkins 2.19.x and newer will in fact refuse to load plugins which fail to satisfy their dependencies, rather than producing cryptic linkage errors later. You can see this behavior via
mvn -Djenkins.version=2.19.3 -Dtest=InjectedTest test
Probably the best way forward is to use the Enforcer plugin to require upper bound dependencies. You can try this in a single plugin:
<build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-enforcer-plugin</artifactId> <configuration> <rules combine.children="append"> <requireUpperBoundDeps/> </rules> </configuration> </plugin> </plugins> </build>
I think andresrc tried adding this to the parent POM before but ran into issues. While it does detect plugin version mismatches, it also detects some problems that are apparently harmless (and currently RequireUpperBoundDeps has no excludes option). In particular I note from workflow-aggregator as an example:
- jenkins-core depends on com.google.guava:guava:11.0.1, which we would like to retain in plugin test classpaths for fidelity to runtime behavior, yet Stapler depends on 14.0
- that old Guava depends on com.google.code.findbugs:jsr305:1.3.9, whereas we would prefer Stapler's 2.0.1 (at least)
- org.kohsuke:github-api depends on com.infradna.tool:bridge-method-annotation:1.14, newer than core
- net.sourceforge.htmlunit:htmlunit and org.apache.httpcomponents:httpclient depend on commons-logging:commons-logging:1.2, newer than core's 1.1.3
- org.jenkins-ci.lib:lib-jenkins-maven-embedder, used from org.jenkins-ci.main:jenkins-test-harness, depends on org.apache.ant:ant:1.9.2 while core still uses 1.8.4
- org.jenkins-ci.lib:lib-jenkins-maven-embedder also uses org.codehaus.plexus:plexus-utils:3.0.10, newer than the 2.1 used by other paths in jenkins-test-harness; there is a similar problem with org.codehaus.plexus:plexus-classworlds 2.4 vs. 2.4.2
The Stapler-vs.-core conflict probably cannot be resolved in historical core baselines, so we may need to patch the Enforcer to allow an excludes list. Some of the other conflicts look solvable.
Attachments
Issue Links
- depends on
-
-
- Resolved
-
- relates to
-
JENKINS-45047 Easy way to run integration tests in plugin repositories
-
- In Progress
-
-
-
- Resolved
-
- links to
Activity
Code changed in jenkins
User: Jesse Glick
Path:
pom.xml
http://jenkins-ci.org/commit/plugin-pom/d05e6ad500223d7426a93c75e3f1907a5b50a17b
Log:
Merge pull request #73 from jglick/requireUpperBoundDeps-JENKINS-41631
JENKINS-41631 Make requireUpperBoundDeps work better with new cores
Compare: https://github.com/jenkinsci/plugin-pom/compare/e245b2e2b919...d05e6ad50022
Code changed in jenkins
User: Jesse Glick
Path:
core/pom.xml
pom.xml
test/pom.xml
war/pom.xml
http://jenkins-ci.org/commit/jenkins/b8f6246d7600a6e7d8b732da9c3153fb33f5ddde
Log:
JENKINS-41631 Enforce upper bound deps on Jenkins core (#2956)
JENKINS-41631Enforce upper bound deps on Jenkins core.
- stapler 1.252
Code changed in jenkins
User: Jesse Glick
Path:
pom.xml
http://jenkins-ci.org/commit/parameterized-trigger-plugin/95056c1d3460da6bf207f9b56f7e97648d7a9754
Log:
JENKINS-41631 Demonstration of POM update (#113)
JENKINS-41631Demonstration of POM update.
- plugin-pom 2.31
Code changed in jenkins
User: Jesse Glick
Path:
pom.xml
http://jenkins-ci.org/commit/plugin-pom/0782ed6172638173dadb4f5d38cd9d7a8db6e3f7
Log:
JENKINS-41631Work better with new cores.