(replies inline) On Tue, 07 Aug 2018, Oleg Nenashev wrote:
> Hi Tyler, > > Thanks for the feedback! > > > > I believe the only think which needs to be resolved which is likely just an > > obsolete part of the example YAML. The root `status` key in the YAML for a > > "realized" BOM I don't believe we've ever actually used and is worth > > removing. > > > Actually I use it in some cases in order to implement custom packaging > Pipelines after customWARPackager() > <https://github.com/jenkins-infra/pipeline-library/blob/master/vars/customWARPackager.groovy>. > > > - BOM's specification lists explicit dependencies > - BOM's specification does not require all dependencies to be explicit > - Some dependencies may have "dir" references > - Some dependencies may be transitive. JEP-309 permits that though > does not recommend for production use (dependency resolution > > <https://github.com/jenkinsci/jep/tree/master/jep/309#dependency-resolution> > in the spec) > - "status" key returns the full list of resolved dependencies > - In addition to transitive deps, CWP uses "status" to squash the > "environment" definitions into a single list in order to show what was > actually packaged into the WAR file > > I would rather prefer the "status" section to stay in the specification. It > is helpful for CWP at least (though it may be possible to just generate a > new output BOM). If we do that, it would be nice to get feedback from Raul > who is also experimenting with processing of BOMs. > > In order to address your comment, we could explicitly say that the "status" > section is optional so that you do not need to implement it in Evergreen if > not needed. WDYT? I mentioned in a video call with Oleg this morning that I've gone ahead and implemented the `status` section for the Bill of Materials being used in the jenkins-infra/evergreen repository. Overall I'm quite happy with this work by Oleg and Carlos, and I will be submitting a PR (with my BDFL-Delegate hat on) to mark JEP-309 as 'Accepted' later today. Thanks for the hard work everybody! -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/20180814153826.GH17800%40grape.lasagna.io. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: PGP signature
