Add support for looking up Jenkins Plugins

ecosyste-ms / packages

An open API service providing package, version and dependency metadata of many open source software ecosystems and registries.

https://packages.ecosyste.ms

GNU Affero General Public License v3.0

25 stars 4 forks source link

Add support for looking up Jenkins Plugins #625

Open jamietanna opened 8 months ago

jamietanna commented 8 months ago

In ~2018, Jenkins plugins were migrated from being available on Maven Central (https://packages.ecosyste.ms/registries/repo1.maven.org/packages) to their own infrastructure in https://repo.jenkins-ci.org/public (via)

It may be useful to be able to look up information about the Jenkins plugins.

This would also allow looking up via a pURL for a given plugin, via a pkg:maven/... pURL.

Additionally, lookup of the package could surface cases where a plugin is up for adoption i.e. https://plugins.jenkins.io/job-dsl/

2024-01-30-124955_1251x636_scrot

Upvote & Fund

We're using Polar.sh so you can upvote and help fund this issue.
We receive the funding once the issue is completed & confirmed by you.
Thank you in advance for helping prioritize & fund our backlog.

andrew commented 8 months ago

@jamietanna we can either add it as another maven registry which will automatically make the purl lookups work, or use their public api: https://github.com/jenkins-infra/plugin-site-api for a custom setup to get the extra data not available from the regular maven api.

jamietanna commented 8 months ago

Nice! Is it possible to use both? Or easiest to do one-or-the-other?

(This is a low priority enhancement

andrew commented 8 months ago

As there's no jenkins purl type at the moment, it makes sense for the ecosystem to be maven to keep the purl lookups working, but I've never had a registry use a different class of code to it's purl, currently the implementation class is looked up via the name of the ecosystem, but in this case we want to load some jenkins specific code but treat them as part of the maven ecosystem.

It should work but will need some testing as there could be some edge case functionality that gets confused.

Luckily I've been thinking about this recently whilst working on https://github.com/ecosyste-ms/packages/pull/623, as ubuntu packages are really a namespace of deb packages in terms of the purl spec, but loading package data is potentially different for different kinds of debian distro (i.e. the url structure isn't perfectly shared)

jamietanna commented 8 months ago

Glad to add another interesting to the mix!

In the meantime, I'll make sure I map Jenkins plugins to a pkg:maven/... pURL so at least they're valid for other purposes :+1: