Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48578

Create BOM for components included into the Core

    • Icon: New Feature New Feature
    • Resolution: Fixed
    • Icon: Major Major
    • bom, core
    • None

      The idea of this BOM is to simplify the dependency management in plugins and modules.

      Proposed changes:

      1. New BOM module in the jenkinsci/jenkins repository. We could have an external BOM, but it complicates the release management
      2. Move library definitions from Parent POM and Jenkins WAR to the BOM file
      3. Update WAR and Core components to use BOM
      4. Update plugin POM to optionally include BOM if possible (depending on jenkins.version)

          [JENKINS-48578] Create BOM for components included into the Core

          James Nord added a comment -

          Would selectivly need to publish a few BOMs for older lines so that the plugin-pom would still work (which would get funky as far as permissions in repository are perhaps concerned...)

          James Nord added a comment - Would selectivly need to publish a few BOMs for older lines so that the plugin-pom would still work (which would get funky as far as permissions in repository are perhaps concerned...)

          Oleg Nenashev added a comment -

          There is no way it gets backported to LTS, so I removed the label

          Oleg Nenashev added a comment - There is no way it gets backported to LTS, so I removed the label

          James Nord added a comment - - edited

          >There is no way it gets backported to LTS, so I removed the label

          yes there is, I can adapt it and it can be included.  the label is to start a discussion.  I do not think the libraries have changed here so it can also be a simple cherry-pick.

          Granted you could call this a feature that is not eligible, but you could call it a bug that the correct libraries are not used in a plugin build based on the Jenkins version.

          There have also been some special cases historically.

          James Nord added a comment - - edited >There is no way it gets backported to LTS, so I removed the label yes there is, I can adapt it and it can be included.  the label is to start a discussion.  I do not think the libraries have changed here so it can also be a simple cherry-pick. Granted you could call this a feature that is not eligible, but you could call it a bug that the correct libraries are not used in a plugin build based on the Jenkins version. There have also been some special cases historically.

          James Nord added a comment -

          specifically we are talking about the BOM in core for backport not the plugin-pom.
          https://github.com/jenkinsci/jenkins/pull/4150

          James Nord added a comment - specifically we are talking about the BOM in core for backport not the plugin-pom. https://github.com/jenkinsci/jenkins/pull/4150

          Oleg Nenashev added a comment -

          Note that the 2.190.1 RC has testing has already started. Even if there is a consensus to backport it, it is likely to be 2.190.2 only

           

          My suggestion would be to actually consider doing this:

          > Would selectivly need to publish a few BOMs for older lines so that the plugin-pom would still work (which would get funky as far as permissions in repository are perhaps concerned...)

          It is funky indeed, but it is technically doable. My suggestion would be to deploy BOMs for 2.138.3 and above so that we can start consuming it in plugins quickly. Deploying it for last baseline releases (2.138.3, 2.150.3, 2.164.3, 2.176.3/4) would be enough imho

           

          Oleg Nenashev added a comment - Note that the 2.190.1 RC has testing has already started. Even if there is a consensus to backport it, it is likely to be 2.190.2 only   My suggestion would be to actually consider doing this: > Would selectivly need to publish a few BOMs for older lines so that the plugin-pom would still work (which would get funky as far as permissions in repository are perhaps concerned...) It is funky indeed, but it is technically doable. My suggestion would be to deploy BOMs for 2.138.3 and above so that we can start consuming it in plugins quickly. Deploying it for last baseline releases (2.138.3, 2.150.3, 2.164.3, 2.176.3/4) would be enough imho  

          James Nord added a comment -

          >  Even if there is a consensus to backport it, it is likely to be 2.190.2 only

          If it prevents the "oh shit I forgot to push a release of the bom after a release was made" that's a win in my eyes.  We're aware the .1 boat has sailed and we where a little late to merge the original bom and hence make the backport request.

          James Nord added a comment - >  Even if there is a consensus to backport it, it is likely to be 2.190.2 only If it prevents the "oh shit I forgot to push a release of the bom after a release was made" that's a win in my eyes.  We're aware the .1 boat has sailed and we where a little late to merge the original bom and hence make the backport request.

          Daniel Beck added a comment -

          Why is this issue still open?

          Daniel Beck added a comment - Why is this issue still open?

          Oleg Nenashev added a comment -

          I think all proposed changes are delivered. All minor follow-ups can be handled separately

          Oleg Nenashev added a comment - I think all proposed changes are delivered. All minor follow-ups can be handled separately

          Yes, they are. Sorry, it just got missed.

          Mark Wynn-Mackenzie added a comment - Yes, they are. Sorry, it just got missed.

          Daniel Beck added a comment -

          teilo If you label an issue lts-candidate, you should make sure its issue type doesn't disqualify it from backporting: https://issues.jenkins-ci.org/issues/?filter=12146

          Daniel Beck added a comment - teilo If you label an issue lts-candidate, you should make sure its issue type doesn't disqualify it from backporting: https://issues.jenkins-ci.org/issues/?filter=12146

            markwm Mark Wynn-Mackenzie
            oleg_nenashev Oleg Nenashev
            Votes:
            2 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: