Jenkins BOM and base Jenkins version

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Jenkins BOM and base Jenkins version

Mark Waite-2
The git plugin currently requires Jenkins 2.204.1 and uses the plugin bom to simplify dependency management.  I like the results of that simplification very much.

A dependabot pull request has proposed to update the git plugin use of bom-2.204.x from 17 to 18.  However, the build of that proposed update fails because one of the dependent plugins requires Jenkins 2.204.6 rather than 2.204.1.

I believe my options are:
  • Update the  minimum Jenkins version required by the git plugin from 2.204.1 to 2.222.1 to retain the benefits of the plugin bom and move the minimum version forward to one of the currently recommended minimum versions - few users affected, reduces maintenance by reducing number of older Jenkins versions allowed to use the plugin
  • Update the minimum Jenkins version required by the git plugin from 2.204.1 to 2.204.6 to retain the benefits of the plugin bom with least chance of disrupting existing users (though the number of users of Jenkins 2.204.x using newer versions of the git plugin is quite small based on stats.jenkins.io - even fewer users affected, retains benefits of the bom
  • Close the pull request updating bom-2.204.x from 17 to 18 and make that change at some other time - suspends benefits of plugin bom until the next time the Jenkins minimum version is incremented
I prefer the first option (update from 2.204.1 to 2.222.1 as minimum version).  Are there reasons I should consider something other than that?

Mark Waite

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/f61faad1-4f67-4920-b68a-b75b4b124d64n%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins BOM and base Jenkins version

Matt Sicker
Whichever LTS version you use should probably be kept up to date with
the latest security patch version for that LTS. No preference from me
on 2.204.x versus 2.222.x.

On Mon, Nov 23, 2020 at 11:24 AM Mark Waite <[hidden email]> wrote:

>
> The git plugin currently requires Jenkins 2.204.1 and uses the plugin bom to simplify dependency management.  I like the results of that simplification very much.
>
> A dependabot pull request has proposed to update the git plugin use of bom-2.204.x from 17 to 18.  However, the build of that proposed update fails because one of the dependent plugins requires Jenkins 2.204.6 rather than 2.204.1.
>
> I believe my options are:
>
> Update the  minimum Jenkins version required by the git plugin from 2.204.1 to 2.222.1 to retain the benefits of the plugin bom and move the minimum version forward to one of the currently recommended minimum versions - few users affected, reduces maintenance by reducing number of older Jenkins versions allowed to use the plugin
> Update the minimum Jenkins version required by the git plugin from 2.204.1 to 2.204.6 to retain the benefits of the plugin bom with least chance of disrupting existing users (though the number of users of Jenkins 2.204.x using newer versions of the git plugin is quite small based on stats.jenkins.io - even fewer users affected, retains benefits of the bom
> Close the pull request updating bom-2.204.x from 17 to 18 and make that change at some other time - suspends benefits of plugin bom until the next time the Jenkins minimum version is incremented
>
> I prefer the first option (update from 2.204.1 to 2.222.1 as minimum version).  Are there reasons I should consider something other than that?
>
> Mark Waite
>
> --
> You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
> To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/f61faad1-4f67-4920-b68a-b75b4b124d64n%40googlegroups.com.



--
Matt Sicker
Senior Software Engineer, CloudBees

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAEot4oxW8RMu0ZyWYEdkjOZ5yARaSyvmSuEVq_4pfZtxb9JD6A%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins BOM and base Jenkins version

timja...@gmail.com

On Mon, 23 Nov 2020 at 17:30, Matt Sicker <[hidden email]> wrote:
Whichever LTS version you use should probably be kept up to date with
the latest security patch version for that LTS. No preference from me
on 2.204.x versus 2.222.x.

On Mon, Nov 23, 2020 at 11:24 AM Mark Waite <[hidden email]> wrote:
>
> The git plugin currently requires Jenkins 2.204.1 and uses the plugin bom to simplify dependency management.  I like the results of that simplification very much.
>
> A dependabot pull request has proposed to update the git plugin use of bom-2.204.x from 17 to 18.  However, the build of that proposed update fails because one of the dependent plugins requires Jenkins 2.204.6 rather than 2.204.1.
>
> I believe my options are:
>
> Update the  minimum Jenkins version required by the git plugin from 2.204.1 to 2.222.1 to retain the benefits of the plugin bom and move the minimum version forward to one of the currently recommended minimum versions - few users affected, reduces maintenance by reducing number of older Jenkins versions allowed to use the plugin
> Update the minimum Jenkins version required by the git plugin from 2.204.1 to 2.204.6 to retain the benefits of the plugin bom with least chance of disrupting existing users (though the number of users of Jenkins 2.204.x using newer versions of the git plugin is quite small based on stats.jenkins.io - even fewer users affected, retains benefits of the bom
> Close the pull request updating bom-2.204.x from 17 to 18 and make that change at some other time - suspends benefits of plugin bom until the next time the Jenkins minimum version is incremented
>
> I prefer the first option (update from 2.204.1 to 2.222.1 as minimum version).  Are there reasons I should consider something other than that?
>
> Mark Waite
>
> --
> You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
> To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/f61faad1-4f67-4920-b68a-b75b4b124d64n%40googlegroups.com.



--
Matt Sicker
Senior Software Engineer, CloudBees

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAEot4oxW8RMu0ZyWYEdkjOZ5yARaSyvmSuEVq_4pfZtxb9JD6A%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAH-3BifQdSN0PU9BeD6f87DsYes1989X2bGOefuXnAvAUNOsEA%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins BOM and base Jenkins version

Basil Crow
The documentation says: "Prefer .1 LTS releases over weekly versions and later releases within an LTS line for greater compatibility." cloudbees-folder seems to use 2.204.6 because its dependency snakeyaml-api uses 2.204.6. I am curious if there is a particular reason for this or if snakeyaml-api (and therefore cloudbees-folder) could use 2.204.1 (as recommended by the documentation) instead. Apologies in advance if I am missing something obvious.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjo%2BNM5UJpAO4fyTf7BdRraUWc8_3kjT2zK5RM1VywFJ4Q%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins BOM and base Jenkins version

Ulli Hafner
I’m not sure if it makes sense to revert that for existing releases. However, we should double check every time we upgrade to a new baseline that we use the .1 version. Currently we already have some new plugin releases that require a core of 1.222.4 (and not 1.222.1). This should be avoided. 

I think going with 1.222.1 would be a good choice. 

Am 23.11.2020 um 19:17 schrieb Basil Crow <[hidden email]>:

The documentation says: "Prefer .1 LTS releases over weekly versions and later releases within an LTS line for greater compatibility." cloudbees-folder seems to use 2.204.6 because its dependency snakeyaml-api uses 2.204.6. I am curious if there is a particular reason for this or if snakeyaml-api (and therefore cloudbees-folder) could use 2.204.1 (as recommended by the documentation) instead. Apologies in advance if I am missing something obvious.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjo%2BNM5UJpAO4fyTf7BdRraUWc8_3kjT2zK5RM1VywFJ4Q%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/F0F462C8-832B-41EE-9736-883E5512E55A%40gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins BOM and base Jenkins version

Jesse Glick-4
In reply to this post by Basil Crow
On Mon, Nov 23, 2020 at 1:18 PM Basil Crow <[hidden email]> wrote:
> The documentation says

Yes; no solid consensus here:

https://github.com/jenkins-infra/jenkins.io/pull/3643#discussion_r475615780

I would suggest 2.204.6 but if you prefer 2.204.1 I am also fine with
cutting an extra release of `cloudbees-folder` if `snakeyaml-api` also
gets one:

https://github.com/jenkinsci/cloudbees-folder-plugin/pull/169#discussion_r528945008

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr3em9OAbodAvhdwhCs9yenutn04fvZMeUeC%3DNg7BwcgkQ%40mail.gmail.com.