Open jamietanna opened 8 months ago
@jamietanna we can either add it as another maven registry which will automatically make the purl lookups work, or use their public api: https://github.com/jenkins-infra/plugin-site-api for a custom setup to get the extra data not available from the regular maven api.
Nice! Is it possible to use both? Or easiest to do one-or-the-other?
(This is a low priority enhancement
As there's no jenkins
purl type at the moment, it makes sense for the ecosystem to be maven
to keep the purl lookups working, but I've never had a registry use a different class of code to it's purl, currently the implementation class is looked up via the name of the ecosystem, but in this case we want to load some jenkins specific code but treat them as part of the maven ecosystem.
It should work but will need some testing as there could be some edge case functionality that gets confused.
Luckily I've been thinking about this recently whilst working on https://github.com/ecosyste-ms/packages/pull/623, as ubuntu packages are really a namespace of deb packages in terms of the purl spec, but loading package data is potentially different for different kinds of debian distro (i.e. the url structure isn't perfectly shared)
Glad to add another interesting to the mix!
In the meantime, I'll make sure I map Jenkins plugins to a pkg:maven/...
pURL so at least they're valid for other purposes :+1:
In ~2018, Jenkins plugins were migrated from being available on Maven Central (https://packages.ecosyste.ms/registries/repo1.maven.org/packages) to their own infrastructure in
https://repo.jenkins-ci.org/public
(via)It may be useful to be able to look up information about the Jenkins plugins.
This would also allow looking up via a pURL for a given plugin, via a
pkg:maven/...
pURL.Additionally, lookup of the package could surface cases where a plugin is up for adoption i.e. https://plugins.jenkins.io/job-dsl/
Related: https://gitlab.com/tanna.dev/dependency-management-data/-/issues/448
Upvote & Fund