Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for looking up Jenkins Plugins #625

Open
jamietanna opened this issue Jan 30, 2024 · 4 comments
Open

Add support for looking up Jenkins Plugins #625

jamietanna opened this issue Jan 30, 2024 · 4 comments
Labels
enhancement New feature or request

Comments

@jamietanna
Copy link
Contributor

jamietanna commented Jan 30, 2024
edited by polar-sh bot
Loading

In ~2018, Jenkins plugins were migrated from being available on Maven Central (https://packages.ecosyste.ms/registries/repo1.maven.org/packages) to their own infrastructure in https://repo.jenkins-ci.org/public (via)

It may be useful to be able to look up information about the Jenkins plugins.

This would also allow looking up via a pURL for a given plugin, via a pkg:maven/... pURL.

Additionally, lookup of the package could surface cases where a plugin is up for adoption i.e. https://plugins.jenkins.io/job-dsl/

2024-01-30-124955_1251x636_scrot

Related: https://gitlab.com/tanna.dev/dependency-management-data/-/issues/448

Upvote & Fund

  • We're using Polar.sh so you can upvote and help fund this issue.
  • We receive the funding once the issue is completed & confirmed by you.
  • Thank you in advance for helping prioritize & fund our backlog.
Fund with Polar
@andrew
Copy link
Member

andrew commented Jan 30, 2024

@jamietanna we can either add it as another maven registry which will automatically make the purl lookups work, or use their public api: https://github.com/jenkins-infra/plugin-site-api for a custom setup to get the extra data not available from the regular maven api.

@andrew andrew added the enhancement New feature or request label Jan 30, 2024
@jamietanna
Copy link
Contributor Author

Nice! Is it possible to use both? Or easiest to do one-or-the-other?

(This is a low priority enhancement

@andrew
Copy link
Member

andrew commented Jan 30, 2024

As there's no jenkins purl type at the moment, it makes sense for the ecosystem to be maven to keep the purl lookups working, but I've never had a registry use a different class of code to it's purl, currently the implementation class is looked up via the name of the ecosystem, but in this case we want to load some jenkins specific code but treat them as part of the maven ecosystem.

It should work but will need some testing as there could be some edge case functionality that gets confused.

Luckily I've been thinking about this recently whilst working on #623, as ubuntu packages are really a namespace of deb packages in terms of the purl spec, but loading package data is potentially different for different kinds of debian distro (i.e. the url structure isn't perfectly shared)

@jamietanna
Copy link
Contributor Author

Glad to add another interesting to the mix!

In the meantime, I'll make sure I map Jenkins plugins to a pkg:maven/... pURL so at least they're valid for other purposes 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andrew @jamietanna