We have some jobs such as https://ci.adoptium.net/job/build.getDependency/ which are being used to store third party artifacts (for availability purposes). It is not ideal for us to be using jenkins as a software distribution mechanism for anyone using our scripts.
We have already started to take some actions to reduce this but we should catalogue where we are currently doing things like this in the main build and distribution process and look for ways to reduce it.
We have some jobs such as https://ci.adoptium.net/job/build.getDependency/ which are being used to store third party artifacts (for availability purposes). It is not ideal for us to be using jenkins as a software distribution mechanism for anyone using our scripts.
We have already started to take some actions to reduce this but we should catalogue where we are currently doing things like this in the main build and distribution process and look for ways to reduce it.
Ref: https://github.com/adoptium/temurin-build/pull/3985 and the associated infrastructure PR to have CycloneDX installed on the build machines. Also see the associated slack discussion.