-
Improvement
-
Resolution: Fixed
-
Major
The dependencies in plugin POMs are typically a mess, especially when deep dependency trees are in use, as is typical for Pipeline suite components. The problem is Maven's transitive dependency resolution algorithm, which prefers the "nearest" version, even if it is older than what some other dependency requires. This does not work well for plugin dependencies in particular, and Jenkins 2.19.x and newer will in fact refuse to load plugins which fail to satisfy their dependencies, rather than producing cryptic linkage errors later. You can see this behavior via
mvn -Djenkins.version=2.19.3 -Dtest=InjectedTest test
Probably the best way forward is to use the Enforcer plugin to require upper bound dependencies. You can try this in a single plugin:
<build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-enforcer-plugin</artifactId> <configuration> <rules combine.children="append"> <requireUpperBoundDeps/> </rules> </configuration> </plugin> </plugins> </build>
I think andresrc tried adding this to the parent POM before but ran into issues. While it does detect plugin version mismatches, it also detects some problems that are apparently harmless (and currently RequireUpperBoundDeps has no excludes option). In particular I note from workflow-aggregator as an example:
- jenkins-core depends on com.google.guava:guava:11.0.1, which we would like to retain in plugin test classpaths for fidelity to runtime behavior, yet Stapler depends on 14.0
- that old Guava depends on com.google.code.findbugs:jsr305:1.3.9, whereas we would prefer Stapler's 2.0.1 (at least)
- org.kohsuke:github-api depends on com.infradna.tool:bridge-method-annotation:1.14, newer than core
- net.sourceforge.htmlunit:htmlunit and org.apache.httpcomponents:httpclient depend on commons-logging:commons-logging:1.2, newer than core's 1.1.3
- org.jenkins-ci.lib:lib-jenkins-maven-embedder, used from org.jenkins-ci.main:jenkins-test-harness, depends on org.apache.ant:ant:1.9.2 while core still uses 1.8.4
- org.jenkins-ci.lib:lib-jenkins-maven-embedder also uses org.codehaus.plexus:plexus-utils:3.0.10, newer than the 2.1 used by other paths in jenkins-test-harness; there is a similar problem with org.codehaus.plexus:plexus-classworlds 2.4 vs. 2.4.2
The Stapler-vs.-core conflict probably cannot be resolved in historical core baselines, so we may need to patch the Enforcer to allow an excludes list. Some of the other conflicts look solvable.
- depends on
-
-
- Resolved
-
- relates to
-
JENKINS-45047 Easy way to run integration tests in plugin repositories
-
- In Progress
-
-
-
- Resolved
-
- links to
[JENKINS-41631] Use requireUpperBoundDeps in plugin POM
Michael Fowler
added a comment - jglick can this be disabled for test dependencies? There's not much I can do about this:
Rule 5: org.apache.maven.plugins.enforcer.RequireUpperBoundDeps failed with message: Failed while enforcing RequireUpperBoundDeps. The error(s) are [ Require upper bound dependencies error for org.objenesis:objenesis:2.1 paths to dependency are: +-org.jenkins-ci.plugins:coverity:1.9.3-SNAPSHOT +-org.powermock:powermock-api-mockito:1.6.6 +-org.mockito:mockito-core:1.10.19 +-org.objenesis:objenesis:2.1 and +-org.jenkins-ci.plugins:coverity:1.9.3-SNAPSHOT +-org.powermock:powermock-module-junit4:1.6.6 +-org.powermock:powermock-module-junit4-common:1.6.6 +-org.powermock:powermock-reflect:1.6.6 +-org.objenesis:objenesis:2.4
Michael Fowler
added a comment - jglick can this be disabled for test dependencies? There's not much I can do about this:
Rule 5: org.apache.maven.plugins.enforcer.RequireUpperBoundDeps failed with message:
Failed while enforcing RequireUpperBoundDeps. The error(s) are [
Require upper bound dependencies error for org.objenesis:objenesis:2.1 paths to dependency are:
+-org.jenkins-ci.plugins:coverity:1.9.3-SNAPSHOT
+-org.powermock:powermock-api-mockito:1.6.6
+-org.mockito:mockito-core:1.10.19
+-org.objenesis:objenesis:2.1
and
+-org.jenkins-ci.plugins:coverity:1.9.3-SNAPSHOT
+-org.powermock:powermock-module-junit4:1.6.6
+-org.powermock:powermock-module-junit4-common:1.6.6
+-org.powermock:powermock-reflect:1.6.6
+-org.objenesis:objenesis:2.4
Sure there is. Decide which version of objenesis you meant to use and exclude the other. At least until PowerMock fixes their dependencies to be consistent.
I think we need to enable this on the core too. Without this, we can release a Jenkins version that doesn't respect this itself, hence will make plugins build trying to bump to it fail everytime.
For instance, trying to bump to 2.71:
[snip]
+-com.cloudbees.operations-center.common:operations-center-agent:2.60.0.3-SNAPSHOT
+-org.jenkins-ci.main:jenkins-war:2.71
+-org.jenkins-ci.modules:sshd:2.0
+-org.slf4j:slf4j-api:1.6.1
and
+-com.cloudbees.operations-center.common:operations-center-agent:2.60.0.3-SNAPSHOT
+-org.jenkins-ci.main:jenkins-war:2.71
+-org.jenkins-ci.modules:sshd:2.0
+-org.apache.sshd:sshd-core:1.6.0
+-org.slf4j:slf4j-api:1.7.25
When both are actually pulled in from org.jenkins-ci.main:jenkins-war:2.71.
And maybe also enabled on core modules like sshd, example in that case: https://github.com/jenkinsci/sshd-module/blob/f709b950581d8a46ab35e6f22a664fe26e086ac1/pom.xml#L39 vs. https://github.com/apache/mina-sshd/blob/3df4a6a14edd1e22513430b75fc50dd5b5de989e/pom.xml#L112
Code changed in jenkins
User: Jesse Glick
Path:
pom.xml
http://jenkins-ci.org/commit/plugin-pom/0782ed6172638173dadb4f5d38cd9d7a8db6e3f7
Log:
JENKINS-41631 Work better with new cores.
Code changed in jenkins
User: Jesse Glick
Path:
pom.xml
http://jenkins-ci.org/commit/plugin-pom/d05e6ad500223d7426a93c75e3f1907a5b50a17b
Log:
Merge pull request #73 from jglick/requireUpperBoundDeps-JENKINS-41631
JENKINS-41631 Make requireUpperBoundDeps work better with new cores
Compare: https://github.com/jenkinsci/plugin-pom/compare/e245b2e2b919...d05e6ad50022
Code changed in jenkins
User: Jesse Glick
Path:
core/pom.xml
pom.xml
test/pom.xml
war/pom.xml
http://jenkins-ci.org/commit/jenkins/b8f6246d7600a6e7d8b732da9c3153fb33f5ddde
Log:
JENKINS-41631 Enforce upper bound deps on Jenkins core (#2956)
JENKINS-41631Enforce upper bound deps on Jenkins core.
- stapler 1.252
Code changed in jenkins
User: Jesse Glick
Path:
pom.xml
http://jenkins-ci.org/commit/parameterized-trigger-plugin/95056c1d3460da6bf207f9b56f7e97648d7a9754
Log:
JENKINS-41631 Demonstration of POM update (#113)
JENKINS-41631Demonstration of POM update.
- plugin-pom 2.31
Code changed in jenkins
User: Jesse Glick
Path:
pom.xml
http://jenkins-ci.org/commit/plugin-pom/17cc56db940a78065a3da3344ff5cc93a6538738
Log:
Merge pull request #67 from jglick/requireUpperBoundDeps-
JENKINS-41631JENKINS-41631Running requireUpperBoundDepsCompare: https://github.com/jenkinsci/plugin-pom/compare/79ef0ec509dc...17cc56db940a