Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No need of git-client as dependency it is only a server :) #116

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

olamy
Copy link
Member

@olamy olamy commented Apr 26, 2024

Signed-off-by: Olivier Lamy [email protected]

Testing done

Submitter checklist

@olamy olamy requested a review from a team as a code owner April 26, 2024 08:46
@jglick
Copy link
Member

jglick commented Apr 26, 2024

This does not seem like a good idea. Controllers with both plugins installed would then have two copies of JGit. And we would need to issue releases of both plugins in response to security advisories.

What is the motivation here? git-client has no GUI so should be a harmless dependency.

@olamy
Copy link
Member Author

olamy commented Apr 27, 2024

This does not seem like a good idea. Controllers with both plugins installed would then have two copies of JGit. And we would need to issue releases of both plugins in response to security advisories.

What is the motivation here? git-client has no GUI so should be a harmless dependency.

with a Maven POV using a dependency only because you need something transitive from it looks totally wrong and means you do not have any control on the dependencies.
Actually with such dependency, you end up having an old git-client dependency in git-client during test. I was changing few things there and I didn't understand why tests were still working despite I made big changes when I realised "ditto this project depends on itself but older version"

mvn dependency:analyze

[INFO] --- dependency:3.6.1:analyze (default-cli) @ git-server ---
[WARNING] Used undeclared dependencies found:
[WARNING]    org.eclipse.jgit:org.eclipse.jgit:jar:6.5.0.202303070854-r:compile
[WARNING]    org.kohsuke.stapler:stapler:jar:1711.1713.vc400cfb_5597a_:provided
[WARNING]    commons-io:commons-io:jar:2.11.0:provided
[WARNING]    org.eclipse.jgit:org.eclipse.jgit.http.server:jar:6.5.0.202303070854-r:compile
[WARNING]    org.hamcrest:hamcrest:jar:2.2:test
[WARNING]    args4j:args4j:jar:2.33:provided
[WARNING]    junit:junit:jar:4.13.2:test
[WARNING]    org.apache.sshd:sshd-common:jar:2.10.0:compile
[WARNING]    org.jenkins-ci.main:remoting:jar:3044.vb_940a_a_e4f72e:provided
[WARNING]    org.apache.sshd:sshd-core:jar:2.10.0:compile
[WARNING] Unused declared dependencies found:
[WARNING]    org.jenkins-ci.modules:instance-identity:jar:142.v04572ca_5b_265:compile
[WARNING]    org.jenkins-ci.plugins:git-client:jar:4.2.0:compile
[WARNING]    org.jenkins-ci.main:jenkins-war:executable-war:2.361.4:test
[WARNING]    commons-logging:commons-logging:jar:1.2:provided
[WARNING]    org.jenkins-ci:test-annotations:jar:1.4:test
[WARNING]    org.junit.jupiter:junit-jupiter:jar:5.10.2:test
[WARNING]    org.junit.vintage:junit-vintage-engine:jar:5.10.2:test
[WARNING] Non-test scoped test only dependencies found:

the solution maybe is to have to jgit api plugin

@jglick
Copy link
Member

jglick commented Apr 29, 2024

We could have a JGit API plugin I guess. Do any other plugins need JGit? This one is a bit obscure—used mainly by Scriptler.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants