I'm not sure if this is expected behavior, but it certainly was unexpected to me…, and seems like it might be a bug. Slightly complicated to explain, but I'll try...
Expected behavior:
1. User A has a list of pinned plugins to install. They have the entire set of plugins (+ dependencies) that are needed. They pass the list of plugins to the install tool.
2. The tool goes through each item and collects its dependencies.
3. Seeing as the entire list of dependencies has been provided, and all of them are pinned, the tool should only install what has been provided and nothing more, and return successfully.
But this is what is happening:
1. User A has a list of pinned plugins to install. They have the entire set of plugins (+ dependencies) that are needed. They pass the list of plugins to the install tool.
2. The tool goes through each item and collects its dependencies. It then retrieves the *latest version of each dependency* (due to `--latest` default of `true`), ___regardless of what has been pinned___.
3. The tool fails with an error that it can't resolve the newer dependency it wanted to collect, because that dependency was already provided and pinned to an earlier version. The tool ignores the fact that the pinned version actually satisfies the dependency.
The "bug" here is that the list User A is providing is complete and accurate. All plugins + dependencies have been provided and pinned to their minimum required versions. But the tool is erroring out, seemingly due to ignoring the pinned items in favor of the latest dependencies it wants to install.
Maybe I missed something and something else is going on? But I've combed through all the `MANIFEST.MF` files of all the plugins and even the `plugin-versions.json` file, and all the dependencies shown below seem to be correct. It seems to be just `--latest true` that is failing.
The plugins below has been crafted to provide the minimum versions of all plugins + dependencies in this chain.
Sample failure with `--latest true`:
```
jenkins-plugin-cli --no-download --verbose --latest true --plugins active-directory:2.20 apache-httpcomponents-client-4-api:4.5.10-1.0 aws-credentials:1.23 aws-java-sdk:1.11.341 aws-parameter-store:1.2.2 configuration-as-code:1.27 configuration-as-code-secret-ssm:1.0.1 credentials:2.3.5 credentials-binding:1.23 display-url-api:2.3.1 git:4.2.1 git-client:3.0.0 github:1.29.2 github-api:1.90 jackson2-api:2.7.3 job-dsl:1.72 jsch:0.1.55.1 ldap:2.2 mailer:1.32.1 matrix-auth:2.6.2 plain-credentials:1.6 role-strategy:3.1 scm-api:2.6.3 script-security:1.75 ssh-credentials:1.17.3 structs:1.20 timestamper:1.11.2 token-macro:2.8 workflow-api:2.39 workflow-scm-step:2.9 workflow-step-api:2.22
No .txt or .yaml file containing list of plugins to be downloaded entered.
No directory to download plugins entered. Will use default of /usr/share/jenkins/ref/plugins
Using update center https://updates.jenkins.io/update-center.json from JENKINS_UC environment variable
Using experimental update center https://updates.jenkins.io/experimental/update-center.json from JENKINS_UC_EXPERIMENTAL environment variable
Using incrementals mirror https://repo.jenkins-ci.org/incrementals from JENKINS_INCREMENTALS_REPO_MIRROR environment variable
No CLI option or environment variable set for plugin info, using default of https://updates.jenkins.io/plugin-versions.json
No war entered. Will use default of /usr/share/jenkins/jenkins.war
Jenkins version: 2.272
Retrieving update center information
Created cache at: /var/jenkins_home/.cache/jenkins-plugin-management-cli
Cache miss for: update-center-2.272
Cache miss for: experimental-update-center-2.272
Cache miss for: plugin-versions
Couldn't find checksum for active-directory at version: 2.20
Setting checksum for: active-directory to CGamy8Tm1yzx0TkE6/Sj+6UwPWqodup52RAGxP5MWjU=
active-directory depends on:
mailer 1.32.1
Skipping dependency mailer:1.32.1 and its sub-dependencies, because there is a higher version defined on the top level - mailer:1.32.1
Couldn't find checksum for apache-httpcomponents-client-4-api at version: 4.5.10-1.0
Setting checksum for: apache-httpcomponents-client-4-api to kTaiJaAAbVqBISY2AWNVjkhhl6DbXKVW6sEDKxTYdNs=
apache-httpcomponents-client-4-api has no dependencies
Couldn't find checksum for aws-credentials at version: 1.23
Setting checksum for: aws-credentials to IP5LXBJzruZrKK21BMzQ+7C0TiQLhL3HTvejh0nucm4=
aws-credentials depends on:
credentials 2.3.14
aws-java-sdk 1.11.854
credentials-binding 1.24
io.jenkins.tools.pluginmanager.impl.PluginDependencyStrategyException: Plugin aws-credentials:1.23 depends on credentials:2.3.14, but there is an older version defined on the top level - credentials:2.3.5
at io.jenkins.tools.pluginmanager.impl.PluginManager.resolveRecursiveDependencies(PluginManager.java:883)
at io.jenkins.tools.pluginmanager.impl.PluginManager.findPluginsAndDependencies(PluginManager.java:493)
at io.jenkins.tools.pluginmanager.impl.PluginManager.start(PluginManager.java:157)
at io.jenkins.tools.pluginmanager.impl.PluginManager.start(PluginManager.java:117)
at io.jenkins.tools.pluginmanager.cli.Main.main(Main.java:76)
Plugin aws-credentials:1.23 depends on credentials:2.3.14, but there is an older version defined on the top level - credentials:2.3.5
```
Sample success with `--latest false`:
```
jenkins-plugin-cli --no-download --verbose --latest false --plugins active-directory:2.20 apache-httpcomponents-client-4-api:4.5.10-1.0 aws-credentials:1.23 aws-java-sdk:1.11.341 aws-parameter-store:1.2.2 configuration-as-code:1.27 configuration-as-code-secret-ssm:1.0.1 credentials:2.3.5 credentials-binding:1.23 display-url-api:2.3.1 git:4.2.1 git-client:3.0.0 github:1.29.2 github-api:1.90 jackson2-api:2.7.3 job-dsl:1.72 jsch:0.1.55.1 ldap:2.2 mailer:1.32.1 matrix-auth:2.6.2 plain-credentials:1.6 role-strategy:3.1 scm-api:2.6.3 script-security:1.75 ssh-credentials:1.17.3 structs:1.20 timestamper:1.11.2 token-macro:2.8 workflow-api:2.39 workflow-scm-step:2.9 workflow-step-api:2.22
No .txt or .yaml file containing list of plugins to be downloaded entered.
No directory to download plugins entered. Will use default of /usr/share/jenkins/ref/plugins
Using update center https://updates.jenkins.io/update-center.json from JENKINS_UC environment variable
Using experimental update center https://updates.jenkins.io/experimental/update-center.json from JENKINS_UC_EXPERIMENTAL environment variable
Using incrementals mirror https://repo.jenkins-ci.org/incrementals from JENKINS_INCREMENTALS_REPO_MIRROR environment variable
No CLI option or environment variable set for plugin info, using default of https://updates.jenkins.io/plugin-versions.json
No war entered. Will use default of /usr/share/jenkins/jenkins.war
Jenkins version: 2.272
Retrieving update center information
Created cache at: /var/jenkins_home/.cache/jenkins-plugin-management-cli
Cache miss for: update-center-2.272
Cache miss for: experimental-update-center-2.272
Cache miss for: plugin-versions
Couldn't find checksum for active-directory at version: 2.20
Setting checksum for: active-directory to CGamy8Tm1yzx0TkE6/Sj+6UwPWqodup52RAGxP5MWjU=
active-directory depends on:
mailer 1.5
Skipping dependency mailer:1.5 and its sub-dependencies, because there is a higher version defined on the top level - mailer:1.32.1
Couldn't find checksum for apache-httpcomponents-client-4-api at version: 4.5.10-1.0
Setting checksum for: apache-httpcomponents-client-4-api to kTaiJaAAbVqBISY2AWNVjkhhl6DbXKVW6sEDKxTYdNs=
apache-httpcomponents-client-4-api has no dependencies
Couldn't find checksum for aws-credentials at version: 1.23
Setting checksum for: aws-credentials to IP5LXBJzruZrKK21BMzQ+7C0TiQLhL3HTvejh0nucm4=
aws-credentials depends on:
credentials 2.1.16
aws-java-sdk 1.10.16
credentials-binding 1.7
Skipping dependency credentials:2.1.16 and its sub-dependencies, because there is a higher version defined on the top level - credentials:2.3.5
Skipping dependency aws-java-sdk:1.10.16 and its sub-dependencies, because there is a higher version defined on the top level - aws-java-sdk:1.11.341
Skipping dependency credentials-binding:1.7 and its sub-dependencies, because there is a higher version defined on the top level - credentials-binding:1.23
Couldn't find checksum for aws-java-sdk at version: 1.11.341
Setting checksum for: aws-java-sdk to 6+fMp3VdwCDROO9Tenv3th47utQffw9r5ABJF8B2kjg=
aws-java-sdk depends on:
apache-httpcomponents-client-4-api 4.5.3-2.0
jackson2-api 2.7.0
Skipping dependency apache-httpcomponents-client-4-api:4.5.3-2.0 and its sub-dependencies, because there is a higher version defined on the top level - apache-httpcomponents-client-4-api:4.5.10-1.0
Skipping dependency jackson2-api:2.7.0 and its sub-dependencies, because there is a higher version defined on the top level - jackson2-api:2.7.3
Setting checksum for: aws-parameter-store to bUDzx5vvdyQ4QYkW3C2UtO46UVR5v0yCWWUNrWFh71w=
Setting checksum for: aws-parameter-store to bUDzx5vvdyQ4QYkW3C2UtO46UVR5v0yCWWUNrWFh71w=
aws-parameter-store depends on:
aws-credentials 1.23
aws-java-sdk 1.11.264
Skipping dependency aws-credentials:1.23 and its sub-dependencies, because there is a higher version defined on the top level - aws-credentials:1.23
Skipping dependency aws-java-sdk:1.11.264 and its sub-dependencies, because there is a higher version defined on the top level - aws-java-sdk:1.11.341
Setting checksum for: aws-parameter-store to bUDzx5vvdyQ4QYkW3C2UtO46UVR5v0yCWWUNrWFh71w=
Couldn't find checksum for configuration-as-code at version: 1.27
Setting checksum for: configuration-as-code to 3i717v6SHSrnZTGJ7RbUsLa+X8VMegbOCdNg4v0HpCo=
configuration-as-code has no dependencies
Setting checksum for: configuration-as-code-secret-ssm to uxb74m+8kzBnotLH0YjXi4uv8sBeR713izCG+ZKGGbA=
Setting checksum for: configuration-as-code-secret-ssm to uxb74m+8kzBnotLH0YjXi4uv8sBeR713izCG+ZKGGbA=
configuration-as-code-secret-ssm depends on:
configuration-as-code 1.2
aws-java-sdk 1.11.341
Skipping dependency configuration-as-code:1.2 and its sub-dependencies, because there is a higher version defined on the top level - configuration-as-code:1.27
Skipping dependency aws-java-sdk:1.11.341 and its sub-dependencies, because there is a higher version defined on the top level - aws-java-sdk:1.11.341
Setting checksum for: configuration-as-code-secret-ssm to uxb74m+8kzBnotLH0YjXi4uv8sBeR713izCG+ZKGGbA=
Couldn't find checksum for credentials at version: 2.3.5
Setting checksum for: credentials to tgVI8cfMc/mk8TzxP7yzUeKUXhudHmow5qOym+CvO5Q=
credentials depends on:
structs 1.20
Skipping dependency structs:1.20 and its sub-dependencies, because there is a higher version defined on the top level - structs:1.20
Couldn't find checksum for credentials-binding at version: 1.23
Setting checksum for: credentials-binding to 0tsPEoS2UEI3UUApcvSLUqkiisETySJxCNGeY9bXejo=
credentials-binding depends on:
workflow-step-api 2.22
credentials 2.3.5
plain-credentials 1.6
ssh-credentials 1.17.3
structs 1.20
Skipping dependency workflow-step-api:2.22 and its sub-dependencies, because there is a higher version defined on the top level - workflow-step-api:2.22
Skipping dependency credentials:2.3.5 and its sub-dependencies, because there is a higher version defined on the top level - credentials:2.3.5
Skipping dependency plain-credentials:1.6 and its sub-dependencies, because there is a higher version defined on the top level - plain-credentials:1.6
Skipping dependency ssh-credentials:1.17.3 and its sub-dependencies, because there is a higher version defined on the top level - ssh-credentials:1.17.3
Skipping dependency structs:1.20 and its sub-dependencies, because there is a higher version defined on the top level - structs:1.20
Couldn't find checksum for display-url-api at version: 2.3.1
Setting checksum for: display-url-api to FIjOqVuLDR7dgw56pJRYvubMsIGRcZlq/ykbE+m5mjw=
display-url-api has no dependencies
Couldn't find checksum for git at version: 4.2.1
Setting checksum for: git to Xc9x7ta81coOYHFXmic4C3szqD33QMG9VkmS25bXklA=
git depends on:
workflow-scm-step 2.9
workflow-step-api 2.20
credentials 2.3.0
git-client 3.0.0
mailer 1.23
scm-api 2.6.3
script-security 1.66
ssh-credentials 1.17.3
structs 1.20
Skipping dependency workflow-scm-step:2.9 and its sub-dependencies, because there is a higher version defined on the top level - workflow-scm-step:2.9
Skipping dependency workflow-step-api:2.20 and its sub-dependencies, because there is a higher version defined on the top level - workflow-step-api:2.22
Skipping dependency credentials:2.3.0 and its sub-dependencies, because there is a higher version defined on the top level - credentials:2.3.5
Skipping dependency git-client:3.0.0 and its sub-dependencies, because there is a higher version defined on the top level - git-client:3.0.0
Skipping dependency mailer:1.23 and its sub-dependencies, because there is a higher version defined on the top level - mailer:1.32.1
Skipping dependency scm-api:2.6.3 and its sub-dependencies, because there is a higher version defined on the top level - scm-api:2.6.3
Skipping dependency script-security:1.66 and its sub-dependencies, because there is a higher version defined on the top level - script-security:1.75
Skipping dependency ssh-credentials:1.17.3 and its sub-dependencies, because there is a higher version defined on the top level - ssh-credentials:1.17.3
Skipping dependency structs:1.20 and its sub-dependencies, because there is a higher version defined on the top level - structs:1.20
Couldn't find checksum for git-client at version: 3.0.0
Setting checksum for: git-client to DKFkrtQQCZDhroGQH2Ld7hBc9+vP7AOpcVErPjZgRsA=
git-client depends on:
apache-httpcomponents-client-4-api 4.5.10-1.0
credentials 2.3.0
jsch 0.1.55.1
ssh-credentials 1.17.2
structs 1.20
Skipping dependency apache-httpcomponents-client-4-api:4.5.10-1.0 and its sub-dependencies, because there is a higher version defined on the top level - apache-httpcomponents-client-4-api:4.5.10-1.0
Skipping dependency credentials:2.3.0 and its sub-dependencies, because there is a higher version defined on the top level - credentials:2.3.5
Skipping dependency jsch:0.1.55.1 and its sub-dependencies, because there is a higher version defined on the top level - jsch:0.1.55.1
Skipping dependency ssh-credentials:1.17.2 and its sub-dependencies, because there is a higher version defined on the top level - ssh-credentials:1.17.3
Skipping dependency structs:1.20 and its sub-dependencies, because there is a higher version defined on the top level - structs:1.20
Couldn't find checksum for github at version: 1.29.2
Setting checksum for: github to P0s/MQxAXzTNZyxZ2NxuRTx4gTgPy0yywZlKbg5z4SE=
github depends on:
credentials 2.1.8
display-url-api 2.0
git 3.4.0
github-api 1.90
plain-credentials 1.1
scm-api 2.2.0
structs 1.10
token-macro 1.11
Skipping dependency credentials:2.1.8 and its sub-dependencies, because there is a higher version defined on the top level - credentials:2.3.5
Skipping dependency display-url-api:2.0 and its sub-dependencies, because there is a higher version defined on the top level - display-url-api:2.3.1
Skipping dependency git:3.4.0 and its sub-dependencies, because there is a higher version defined on the top level - git:4.2.1
Skipping dependency github-api:1.90 and its sub-dependencies, because there is a higher version defined on the top level - github-api:1.90
Skipping dependency plain-credentials:1.1 and its sub-dependencies, because there is a higher version defined on the top level - plain-credentials:1.6
Skipping dependency scm-api:2.2.0 and its sub-dependencies, because there is a higher version defined on the top level - scm-api:2.6.3
Skipping dependency structs:1.10 and its sub-dependencies, because there is a higher version defined on the top level - structs:1.20
Skipping dependency token-macro:1.11 and its sub-dependencies, because there is a higher version defined on the top level - token-macro:2.8
Couldn't find checksum for github-api at version: 1.90
Setting checksum for: github-api to jsEMmLTMED2Cbi4qEBtL9Es7kbOVwz3nRIADQxunNs4=
github-api depends on:
jackson2-api 2.7.3
Skipping dependency jackson2-api:2.7.3 and its sub-dependencies, because there is a higher version defined on the top level - jackson2-api:2.7.3
Couldn't find checksum for jackson2-api at version: 2.7.3
Setting checksum for: jackson2-api to bfobo9syrkdjCyOTmcP8jZEC/wtSOlwz3TK8iNmHSDc=
jackson2-api has no dependencies
Couldn't find checksum for job-dsl at version: 1.72
Setting checksum for: job-dsl to UaAZG3Ovv1xl+AZAILiRdkSmiZ+qKW6gfi3xjP9niTQ=
job-dsl depends on:
structs 1.13
script-security 1.54
Skipping dependency structs:1.13 and its sub-dependencies, because there is a higher version defined on the top level - structs:1.20
Skipping dependency script-security:1.54 and its sub-dependencies, because there is a higher version defined on the top level - script-security:1.75
Couldn't find checksum for jsch at version: 0.1.55.1
Setting checksum for: jsch to k0FRYA3UKwOY6IH7unBlbDj9am8SqHTSP8jcNeNxxNQ=
jsch depends on:
ssh-credentials 1.14
Skipping dependency ssh-credentials:1.14 and its sub-dependencies, because there is a higher version defined on the top level - ssh-credentials:1.17.3
Setting checksum for: ldap to waxLrSaPc/LvbBgjbgg11WeD2jMXJ3Rg/TGBKxXECvs=
Setting checksum for: ldap to waxLrSaPc/LvbBgjbgg11WeD2jMXJ3Rg/TGBKxXECvs=
ldap depends on:
mailer 1.32.1
Skipping dependency mailer:1.32.1 and its sub-dependencies, because there is a higher version defined on the top level - mailer:1.32.1
Setting checksum for: ldap to waxLrSaPc/LvbBgjbgg11WeD2jMXJ3Rg/TGBKxXECvs=
Setting checksum for: mailer to CwReqH78KJ/MrVWsUeTJA5RdloO3G0hmfhlEDkKi02g=
Setting checksum for: mailer to CwReqH78KJ/MrVWsUeTJA5RdloO3G0hmfhlEDkKi02g=
mailer depends on:
display-url-api 2.3.1
Skipping dependency display-url-api:2.3.1 and its sub-dependencies, because there is a higher version defined on the top level - display-url-api:2.3.1
Setting checksum for: mailer to CwReqH78KJ/MrVWsUeTJA5RdloO3G0hmfhlEDkKi02g=
Couldn't find checksum for matrix-auth at version: 2.6.2
Setting checksum for: matrix-auth to ZnV+9pzC4a45xwovy9WZluON6phRi0o5Xf5CZH1S3ls=
matrix-auth has no dependencies
Couldn't find checksum for plain-credentials at version: 1.6
Setting checksum for: plain-credentials to JrwSClZ0r6VZJSfjPF/LCC9BTV9MO13fsvRertn4MHM=
plain-credentials depends on:
credentials 2.1.16
Skipping dependency credentials:2.1.16 and its sub-dependencies, because there is a higher version defined on the top level - credentials:2.3.5
Setting checksum for: role-strategy to xf/+FgDzUkb3pdruf51USfQUI1dA7pM+x7iRImujFzQ=
Setting checksum for: role-strategy to xf/+FgDzUkb3pdruf51USfQUI1dA7pM+x7iRImujFzQ=
role-strategy depends on:
matrix-auth 2.2
Skipping dependency matrix-auth:2.2 and its sub-dependencies, because there is a higher version defined on the top level - matrix-auth:2.6.2
Setting checksum for: role-strategy to xf/+FgDzUkb3pdruf51USfQUI1dA7pM+x7iRImujFzQ=
Couldn't find checksum for scm-api at version: 2.6.3
Setting checksum for: scm-api to gyYtQGhirVX/kNNgIKg/iOvXHmb0nHXJpRQPQxdquik=
scm-api depends on:
structs 1.9
Skipping dependency structs:1.9 and its sub-dependencies, because there is a higher version defined on the top level - structs:1.20
Setting checksum for: script-security to 46ntxSuoQmaVu6ShnDGuQcOk6WwgpH/PX+gOd4UZxLg=
Setting checksum for: script-security to 46ntxSuoQmaVu6ShnDGuQcOk6WwgpH/PX+gOd4UZxLg=
script-security has no dependencies
Setting checksum for: script-security to 46ntxSuoQmaVu6ShnDGuQcOk6WwgpH/PX+gOd4UZxLg=
Couldn't find checksum for ssh-credentials at version: 1.17.3
Setting checksum for: ssh-credentials to Y/5ezKJXbwSYzSg5I+0gxBYHMKLOjjUGZuapxpkjfKs=
ssh-credentials depends on:
credentials 2.2.0
Skipping dependency credentials:2.2.0 and its sub-dependencies, because there is a higher version defined on the top level - credentials:2.3.5
Setting checksum for: structs to fnhhNWo3qmpydGLXrqcW3ZMHBxJS9zScJybWSnc/6zo=
Setting checksum for: structs to fnhhNWo3qmpydGLXrqcW3ZMHBxJS9zScJybWSnc/6zo=
structs has no dependencies
Setting checksum for: structs to fnhhNWo3qmpydGLXrqcW3ZMHBxJS9zScJybWSnc/6zo=
Couldn't find checksum for timestamper at version: 1.11.2
Setting checksum for: timestamper to Kp52J/R0R6hbWIVsnuBV4m4XhTONp5XN+SQHGYQr8xg=
timestamper depends on:
workflow-api 2.39
workflow-step-api 2.19
Skipping dependency workflow-api:2.39 and its sub-dependencies, because there is a higher version defined on the top level - workflow-api:2.39
Skipping dependency workflow-step-api:2.19 and its sub-dependencies, because there is a higher version defined on the top level - workflow-step-api:2.22
Couldn't find checksum for token-macro at version: 2.8
Setting checksum for: token-macro to WwaKWNi7yRp0z/0TfqoZYC19jVzpAYzACtZ+M7fDKDw=
token-macro depends on:
workflow-step-api 2.14
structs 1.14
Skipping dependency workflow-step-api:2.14 and its sub-dependencies, because there is a higher version defined on the top level - workflow-step-api:2.22
Skipping dependency structs:1.14 and its sub-dependencies, because there is a higher version defined on the top level - structs:1.20
Couldn't find checksum for workflow-api at version: 2.39
Setting checksum for: workflow-api to 7r0mqAtz8/K0G4++p4ncAVTDX9qzP9SGBRE6KYZ5wZI=
workflow-api depends on:
workflow-step-api 2.16
scm-api 2.2.6
structs 1.17
Skipping dependency workflow-step-api:2.16 and its sub-dependencies, because there is a higher version defined on the top level - workflow-step-api:2.22
Skipping dependency scm-api:2.2.6 and its sub-dependencies, because there is a higher version defined on the top level - scm-api:2.6.3
Skipping dependency structs:1.17 and its sub-dependencies, because there is a higher version defined on the top level - structs:1.20
Couldn't find checksum for workflow-scm-step at version: 2.9
Setting checksum for: workflow-scm-step to Y7EF7XduJp9pFQUiGNXNcx2mDKviKRu/0HGOpOOEuYE=
workflow-scm-step depends on:
workflow-step-api 2.9
Skipping dependency workflow-step-api:2.9 and its sub-dependencies, because there is a higher version defined on the top level - workflow-step-api:2.22
Couldn't find checksum for workflow-step-api at version: 2.22
Setting checksum for: workflow-step-api to 65xkoZQdOvMgRRJn4kj+Og/50jboDD9Xbx06Zm1QKjM=
workflow-step-api depends on:
structs 1.20
Skipping dependency structs:1.20 and its sub-dependencies, because there is a higher version defined on the top level - structs:1.20
Done
```