Bump matrix-auth from 3.1.5 to 3.1.6 in /bom-weekly #1633
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [matrix-auth](https://github.com/jenkinsci/matrix-auth-plugin) from 3.1.5 to 3.1.6. - [Release notes](https://github.com/jenkinsci/matrix-auth-plugin/releases) - [Changelog](https://github.com/jenkinsci/matrix-auth-plugin/blob/master/CHANGELOG.md) - [Commits](jenkinsci/matrix-auth-plugin@matrix-auth-3.1.5...matrix-auth-3.1.6) --- updated-dependencies: - dependency-name: org.jenkins-ci.plugins:matrix-auth dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
whatever that is about. |
I'll investigate the issue within the next 3 days. I think that the issue was introduced in matrix-auth plugin 3.1.6. I need to understand the precise change that introduced the problem. I'll use the search techniques that @basil illustrated when he showed me the BOM/PCT related problem that was introduced in git plugin 4.14.2. #1623 (comment) is the comment from @basil that shows the process he used to do the investigation. My doing the investigation will assure that I've understood the technique. |
|
At first glance this just looks like a repeat of #1435 (comment) which was fixed in jenkinsci/text-finder-plugin#133. |
Tests run successfully without this dependency when executed from the usual Apache Maven command line as in: $ `mvn clean verify` Tests fail when run in the BOM evaluation as in jenkinsci/bom#1633 . They report that a class from the config file provider plugin could not be found. jenkinsci/bom#1633 (comment) provides details. Testing performed: Duplicated the problem by checking out jenkinsci/bom#1633 and compiling the megawar in the bom directory with: ``` PLUGINS=matrix-auth TEST=InjectedTest bash local-test.sh ``` Then built the matrix-auth plugin with this command line ``` BOM_DIR=/home/mwaite/hub/core/bom mvn -Denforcer.skip=true -Djenkins.version=2.381 \ -Djth.jenkins-war.path=$BOM_DIR/target/local-test/megawar.war \ -DoverrideWar=$BOM_DIR/target/local-test/megawar.war \ -DoverrideWarAdditions=true -DuseUpperBounds=true \ -DupperBoundsExcludes=javax.servlet:servlet-api \ -Dtest=ImportTest \ clean verify ``` That shows the failure in the matrix-auth 3.1.6 release. Then modified the matrix-auth pom.xml file as noted in this commit and ran the same code again. The test passed. The additional test dependency does not modify the production code. It will allow the next release of the matrix-auth plugin to be included in the Jenkins plugin bill of materials.
|
Investigation is complete. @basil was exactly correct. The config file provider plugin dependency that was needed in text finder plugin was also needed here. jenkinsci/matrix-auth-plugin#133 has been submitted to address the issue. A new release of matrix-auth plugin will be required. Closing this pull request. |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
MarkEWaite
deleted the
dependabot/maven/bom-weekly/org.jenkins-ci.plugins-matrix-auth-3.1.6
branch
Bumps matrix-auth from 3.1.5 to 3.1.6.
Release notes
Sourced from matrix-auth's releases.
Commits
6d72156[maven-release-plugin] prepare release matrix-auth-3.1.6c07416b[JENKINS-70231] Fix tooltips on 2.379+ (#130)b738a49[JENKINS-68581] Improve Javadoc (#128)4e72dccUse HTTPS SCM URL (#131)acf5fccUpdate core dependency, plugin dependencies, parent POM (#129)edd6565[maven-release-plugin] prepare for next development iterationDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot will merge this PR once CI passes on it, as requested by @MarkEWaite.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)