[JENKINS-54834] Create a Dependabot equivalent for CWP plugin lists or add support of Jenkins updates to pom.xml - Jenkins Jira

XML

Word

Printable

Details

Type: Improvement
Status: Resolved (View Workflow)
Priority: Minor
Resolution: Fixed
Component/s: custom-war-packager, other
Labels:
- triaged

Similar Issues:

Show
Epic Link:
Jenkinsfile Runner productization

Description

Currently Jenkins X Serverless does not have automatic update for Custom WAR Packager definitions. There are 2 options we could use:

Option 1: Use pom.xml as plugin list input, it's already supported by Custom War Packager.
- In such case we also get upper bounds dependency checks for plugins OOTB, so that the build fails on conflicting dependencies even before starting the build
- Problem: Dependabot does not seem to scan Jenkins Maven repositories. Could it be tweaked somehow
Option 2: Implement dependabot plugin for BOM.yml (Jenkins JEP-309)

CC jstrachan jrawlings cosmin_cojocar

Attachments

Issue Links

relates to

JENKINS-54316 Incrementals Tool: Update plugins defined in package-config.yml of CWP

Open

Activity

Ascending order - Click to sort in descending order

Oleg Nenashev added a comment - 2018-11-23 11:59

I like the option 1 BTW. Not sure what needs to be done in Jenkins X dependabot to enable it

Oleg Nenashev added a comment - 2018-11-23 11:59 I like the option 1 BTW. Not sure what needs to be done in Jenkins X dependabot to enable it

Oleg Nenashev added a comment - 2018-12-14 17:17

https://github.com/oleg-nenashev/ci.jenkins.io-runner prototypes the option 1. Once ~~JENKINS-54391~~ is ready, it can be used for real-world updates CD for Jenkinsfile Runner.

Oleg Nenashev added a comment - 2018-12-14 17:17 https://github.com/oleg-nenashev/ci.jenkins.io-runner prototypes the option 1. Once JENKINS-54391 is ready, it can be used for real-world updates CD for Jenkinsfile Runner.

Jesse Glick added a comment - 2018-12-14 17:54

Option 1 is probably easier from my PoV as well. Either way, the main issue I see is that the input must explicitly mention all transitive dependencies, so that they are all listed as eligible for upgrade by the bot. (Perhaps using dependencyManagement to clearly separate those plugins which are required on their own merits vs. those which are just there to satisfy the transitive closure.) I have had a similar issue with Evergreen and am not sure if it is resolved yet.

Jesse Glick added a comment - 2018-12-14 17:54 Option 1 is probably easier from my PoV as well. Either way, the main issue I see is that the input must explicitly mention all transitive dependencies, so that they are all listed as eligible for upgrade by the bot. (Perhaps using dependencyManagement to clearly separate those plugins which are required on their own merits vs. those which are just there to satisfy the transitive closure.) I have had a similar issue with Evergreen and am not sure if it is resolved yet.

Evaristo Gutierrez added a comment - 2019-02-12 09:52

Option 1 was implemented in CWP 1.5 version and it seems to be enough. Closing then.

Evaristo Gutierrez added a comment - 2019-02-12 09:52 Option 1 was implemented in CWP 1.5 version and it seems to be enough. Closing then.

People

Assignee:: Oleg Nenashev

Reporter:: Oleg Nenashev

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2018-11-23 11:55

Updated:: 2019-02-12 09:52

Resolved:: 2019-02-12 09:52