sghill
commented
1 year ago Agree - an earlier implementation did do this, but it felt a bit complex for a first release. Some of the plugins I was attempting to modernize had the added complexity of being from before the core bom was resolvable. Now that we have modernizing for Java 8 separated out, it's worth revisiting.
There are some nice APIs from within a recipe to get a managed dependency after resolution is performed.
org.openrewrite.jenkins.BomLookupreadsjenkins-plugins-bom-lookup.txtand checks to see if the plugin is present in this file. In reality, this list is constantly changing as plugins are added/removed to the plugin BOM. For example, newer releases of the plugin BOM have more plugins in the managed set than older releases. For a foolproof strategy, fetch the plugin BOM in use in the<dependencyManagement>section and determine if it is managing the given plugin.