Wrong plugin version included sometimes

[andham]

I'm having a weird issue where the wrong plugin version is sometimes included. Some builds are produced right, sometimes one plugin has the wrong version and sometimes two plugins are wrong.

It's always the same two plugins that are problematic: git and git-client. The strange thing is that tmp/prebuild/pom.xml specifies the right version for the plugin(s).

Haven't been able to reproduce this in my local enviromment, but sees it in our CI (Jenkins) environment on Linux (RHEL). Not sure how to figure out what the problem is. I've tested v1.6, 1.7 and 2.0-alpha-2 of customer-war-packager-cli. Also tested Maven 3.5.4 and 3.6.2. The same problem regardless.

This is how we execute: java -jar ./lib/custom-war-packager-cli-1.7-jar-with-dependencies.jar --batch-mode -configPath packager-config.yml -mvnSettingsFile SOMEMAVENSETTINGSINJENKINS -version SOMEVERSION

I'm attaching the packager-config.yml (had to add .txt extension for Github to accept it.) packager-config.yml.txt

[andham]

So, to clarify, the exact same source base sometimes produces a custom-war that, for example, includes git-client plugin v2.8.0 (as specified in the yml file) and sometimes v1.0.1 is included. I just can't understand how this happens as Maven should always produce the same result.

[oleg-nenashev]

No idea as well. A FINE-level log from the packaging run would be appreciated

[andham]

I'm trying to figure out how a enable FINE-level logging. Do I need to build a version of custom-war-packager with that hard-coded or is it configurable?

[oleg-nenashev]

http://tutorials.jenkov.com/java-logging/configuration.html

On Wed, Sep 18, 2019 at 1:56 PM Anders Hammar notifications@github.com wrote:

I'm trying to figure out how a enable FINE-level logging. Do I need to build a version of custom-war-packager with that hard-coded or is it configurable?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/jenkinsci/custom-war-packager/issues/123?email_source=notifications&email_token=AAW4RIEHKKVZTNUVREBUN7TQKIJQXA5CNFSM4IX24BE2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD67Z25A#issuecomment-532651380, or mute the thread https://github.com/notifications/unsubscribe-auth/AAW4RIGMV5Z22N5RIC4WSYTQKIJQXANCNFSM4IX24BEQ .

[andham]

After some investigation I've found out that the prebuild war includes duplicated git-client.hpi and git.hpi files (two different version for each). DOn't know why, but that's what I see. I can reproduce this on local Windows environment, with the yml file and command mentioned earlier.

[oleg-nenashev]

Thanks for the hint. I will try reproducing it

[andham]

The culprit may be maven-hpi-plugin. I currently testing a newer version. I can reproduce by just building on the prebuild pom with "mvn clean package".

[andham]

I'm getting the same behavior with v3.9 of maven-hpi-plugin. :-(

[andham]

I believe I know what the problem is. These plugins exist under a different groupId as well, which Maven will treat as a different artifact. It's not noticable just by looking at the file name. git-client exists as org.jenkins-ci.plugins:git-client and as org.jenkinsci.plugins:git-client (old initial versions), for example. So I guess some other plugin has a dependency on this old version of git-client.

[andham]

It's the plugin "repository" that pulls in these very old versions of git and git-client.

[oleg-nenashev]

Just another reason to migrate to https://github.com/jenkinsci/plugin-installation-manager-tool :( Thanks for the analysis!

On Thu, Sep 19, 2019, 22:06 Anders Hammar notifications@github.com wrote:

It's the plugin "repository" that pulls in these very old versions of git and git-client.

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/jenkinsci/custom-war-packager/issues/123?email_source=notifications&email_token=AAW4RIAFNILSWTDDCHLH7RLQKPLSZA5CNFSM4IX24BE2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD7EVN6I#issuecomment-533288697, or mute the thread https://github.com/notifications/unsubscribe-auth/AAW4RIBYR5LH7IKT5J2MVNTQKPLSZANCNFSM4IX24BEQ .

[andham]

Closing this as it's not a bug per se.

[oleg-nenashev]

I would like to keep it, because we can handle it on the Custom WAR packager side. But indeed it would be nice to update plugins to use modern dependencies to avoid such collisions in the Maven HPI Plugin.

FYI @MarkEWaite

[MarkEWaite]

@oleg-nenashev I don't understand how the git client plugin and the git plugin can be updated to use any more modern dependencies than they already use. I'll need more education or a pull request that proposes to use modern dependencies.

Git client plugins since 2.8.0 have been based on parent pom 3.x, beginning with parent pom 3.44 and continuing to update to the most recent parent pom since then. Git client plugin 2.8.6 is the most recent release and is based on parent pom 3.49.

Git client plugins since 2.8.0 have required Jenkins 2.121.x and later. That version was chosen based on deployed Jenkins versions so that users would not be forced to upgrade their Jenkins major version in order to receive a git client plugin update.

Current development versions of git client plugin are based on 3.50 and use the BOM from the plugin pom to simplify dependency management even further.

What am I missing that needs to be updated to use modern dependencies?

[oleg-nenashev]

But indeed it would be nice to update plugins to use modern dependencies to avoid such collisions in the Maven HPI Plugin.

Sorry if I confused you here. It is hard to understand the context without the previous message. My comment is not about updating git/git-client, but about updating plugins which declare dependencies on very old Git/GitClient plugin versions with old groupIDs