Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-54834

Create a Dependabot equivalent for CWP plugin lists or add support of Jenkins updates to pom.xml

    XMLWordPrintable

Details

    Description

      Currently Jenkins X Serverless does not have automatic update for Custom WAR Packager definitions. There are 2 options we could use:

      • Option 1: Use pom.xml as plugin list input, it's already supported by Custom War Packager.
        • In such case we also get upper bounds dependency checks for plugins OOTB, so that the build fails on conflicting dependencies even before starting the build
        • Problem: Dependabot does not seem to scan Jenkins Maven repositories. Could it be tweaked somehow
      • Option 2: Implement dependabot plugin for BOM.yml (Jenkins JEP-309)

      CC jstrachan jrawlings cosmin_cojocar

      Attachments

        Issue Links

          relates to

          New Feature - A new feature of the product, which has yet to be developed. JENKINS-54316 Incrementals Tool: Update plugins defined in package-config.yml of CWP

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Activity

            People

              oleg_nenashev Oleg Nenashev
              oleg_nenashev Oleg Nenashev
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: