Bump configuration-as-code from 1.34 to 1.35

[timja]

cc @jetersen

[timja]

Currently failing on:
jenkinsci/script-security-plugin#284
and ssh-credentials

ssh-credentials bump has caused:

Require upper bound dependencies error for org.jenkins-ci:trilead-ssh2:build-217-jenkins-14 paths to dependency are:
+-io.jenkins.tools.bom:sample:6-SNAPSHOT
  +-org.jenkins-ci.main:jenkins-core:2.176.3
    +-org.jenkins-ci:trilead-ssh2:build-217-jenkins-14
and
+-io.jenkins.tools.bom:sample:6-SNAPSHOT
  +-org.jenkins-ci.main:jenkins-core:2.176.3
    +-org.jenkins-ci.main:cli:2.176.3
      +-org.jenkins-ci:trilead-ssh2:build214-jenkins-1
and
+-io.jenkins.tools.bom:sample:6-SNAPSHOT
  +-org.jenkins-ci.main:jenkins-core:2.176.3
    +-org.kohsuke:trilead-putty-extension:1.2
      +-org.jenkins-ci:trilead-ssh2:build214-jenkins-1
and
+-io.jenkins.tools.bom:sample:6-SNAPSHOT
  +-org.jenkins-ci.plugins:ssh-slaves:1.30.2
    +-org.jenkins-ci.plugins:ssh-credentials:1.18.1
      +-org.jenkins-ci.plugins:trilead-api:1.0.5
        +-org.jenkins-ci:trilead-ssh2:build-217-jenkins-16

commented here:
jenkinsci/ssh-credentials-plugin#49 (comment)

[jetersen]

let's remove the fail fast, while testing? 🤔

[timja]

let's remove the fail fast, while testing? 🤔

if i change the Jenkinsfile it will just be ignored,
maybe @jglick will change it for us 😉

[jetersen]

if we ask nicely maybe we can get commit access? 🙇

[timja]

if we ask nicely maybe we can get commit access? 🙇

Pretty please Jesse 😄

[timja]

Seeing if the ansicolor failure is a flake or consistent

[timja]

failed this time on script-security.
would be good if we could get failFast disabled so we can see all the errors though.

cc @jglick

[timja]

FTR jenkinsci/script-security-plugin#284 (comment)

[jglick]

would be good if we could get failFast disabled

I am reluctant to disable failFast in master. Builds are very expensive, and there are a lot of failing PRs. I suppose I can try to load this flag from a separate file, so untrusted contributors can set it temporarily in a PR. Also I can give some people commit access.

[amuniz]

Oh, and this is why I don't like the PCT... it's testing a quite unreal setup.

[timja]

thanks for taking a look @amuniz,

From what I can see it should be managed though,
https://github.com/jenkinsci/bom/blob/bom-4/bom-latest/pom.xml#L249

In that bom release it's importing other boms up until latest,
https://github.com/jenkinsci/bom/blob/bom-4/bom-2.138.x/pom.xml#L13-L19

[amuniz]

How is bom-latest being picked up? I don't see it in https://github.com/jenkinsci/bom/blob/bom-4/bom-2.138.x/pom.xml

It looks they are picked up backward, but not forward (which seems correct).

[timja]

If I run:

mvn help:effective-pom

I see:

      <dependency>
        <groupId>org.jenkins-ci.plugins</groupId>
        <artifactId>structs</artifactId>
        <version>1.20</version>
      </dependency>

https://github.com/jenkinsci/bom/blob/bom-4/bom-2.138.x/pom.xml#L15

https://github.com/jenkinsci/bom/blob/bom-4/bom-2.150.x/pom.xml#L15

...

[amuniz]

Ah, ok. Then I have no idea 🤷‍♂️

[timja]

@jglick any ideas?

[timja]

Also @amuniz the bom change in workflow-step-api is unreleased, but even if I checkout the released version I have the same issue,

https://github.com/jenkinsci/workflow-step-api-plugin/pull/54/files#diff-600376dffeb79835ede4a0b285078036L88

[jglick]

Sorry, I have no time to work on this at the moment.

this is why I don't like the PCT... it's testing a quite unreal setup

Yes, no one likes it really, but we are sort of stuck with it because nearly all our test coverage presumes a Maven flat test classpath. There have been abortive efforts to create better systems.

[jglick]

You are busy! Thanks for moving this repo along.

[oleg-nenashev]

I would rather bite the bullet and integrate it, even with Folders plugin suppressed. We can fix it in a follow-up, PCT patch is needed IIUC