A plugin is downloaded from a url based on the following logic:
if a url is entered, download from that url
if "latest" version and there's a jenkins specific update center, download from cfg.getJenkinsUc()/jenkinsVersion/latest
if experimental or incremental, download from experimental update center or incrementals mirror repo
else: download from cfg.getJenkinsUc()/download/plugins/pluginName/pluginVersion/pluginName
Previously, a plugin's dependencies would be resolved after a plugin was downloaded and the dependencies were determined from the manifest.
Now, a plugin's dependences are resolved by getting the update center json from cfg.getJenkinsUc() + "/update-center.actual.json" and parsing this.
However, this may not always result in the correct dependencies for the requested/downloaded plugin.
Suppose the Jenkins Version is 2.121 and the requested plugin is artifact-manager-s3:latest.
The plugin would be downloaded from:
The correct dependencies could be found from the version specific update center json:
However, instead the code would get the dependencies from the update center listed in the configuration file, ignoring the version specific update center json:
See attached picture.
The same issue could occur when there is no Jenkins specific update center and the user specifies the version of the plugin directly.
Suppose the user wants to download artifact-manager-s3, version 1.3 and they are directed to https://updates.jenkins.io/download/plugins/artifact-manager-s3/1.3/artifact-manager-s3.hpi
The dependencies it appears this version is dependent on are:
Currently the code would find the dependencies from the current update center json (https://updates.jenkins.io/current/update-center.actual.json), which has the following dependencies: aws-global-configuration:1.3, jaxb:22.214.171.124,workflow-api:2.33,apache-httpcomponents-client-4-api, 4.5.5-3.0, aws-credentials:1.26, structs:1.17