plugin-installation-manager-tool icon indicating copy to clipboard operation
plugin-installation-manager-tool copied to clipboard

Published 20 hours ago verified publisher icon jenkinsci

Add support for Jenkins BOM as a source of plugin versions when using YAML or TXT plugin lists

Open oleg-nenashev opened this issue 4 years ago • 3 comments

Jenkins Plugin Bill of Materials provides a list of plugins which are cross-verified to some extent: https://github.com/jenkinsci/bom . When using pom.xml as a plugin list input, it is possible to use BOM via Maven features. But it is not possible for a YAML configuration. It would be awesome to support it so that users can delegate version management of some components they bundle

Example of a cocnfig file:

versionSources:
  - bom:
      baseline: 2.277
      version: 27
plugins:
  - artifactId: git
  - artifactId: job-import-plugin
    source:
      version: 2.1
  - artifactId: docker
  - artifactId: cloudbees-bitbucket-branch-source
  - artifactId: script-security
  - artifactId: workflow-step-api

oleg-nenashev avatar Jul 23 '20 22:07 oleg-nenashev

Hi @oleg-nenashev, can I work on this issue? Regards

Svastikkka avatar Apr 09 '22 12:04 Svastikkka

Yes, go for it

oleg-nenashev avatar Apr 09 '22 12:04 oleg-nenashev

Beware that jenkinsci/bom is currently used as a source of minimum dependency versions (used during compilation and testing of downstream plugins), as well as a way of cross-testing recent changes in various components. To be appropriate as a source of actual runtime versions for users, we would need to ensure that pinned versions for LTS lines (bom-2.nnn.x) were kept up to date with security fixes and other backports: https://github.com/jenkinsci/bom/issues/1019

jglick avatar Apr 18 '22 16:04 jglick