openrewrite / rewrite-jenkins

OpenRewrite recipes to continuously modernize Jenkins plugins.
Apache License 2.0
9 stars 8 forks source link

`org.openrewrite.jenkins.BomLookup` is too simplistic #40

Open basil opened 1 year ago

basil commented 1 year ago

org.openrewrite.jenkins.BomLookup reads jenkins-plugins-bom-lookup.txt and checks to see if the plugin is present in this file. In reality, this list is constantly changing as plugins are added/removed to the plugin BOM. For example, newer releases of the plugin BOM have more plugins in the managed set than older releases. For a foolproof strategy, fetch the plugin BOM in use in the <dependencyManagement> section and determine if it is managing the given plugin.

sghill commented 1 year ago

Agree - an earlier implementation did do this, but it felt a bit complex for a first release. Some of the plugins I was attempting to modernize had the added complexity of being from before the core bom was resolvable. Now that we have modernizing for Java 8 separated out, it's worth revisiting.

There are some nice APIs from within a recipe to get a managed dependency after resolution is performed.