Skip to content

zhan9san/jpm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
.github
.github
 
 
docs
docs
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.markdownlint.json
.markdownlint.json
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
plugins-lock.txt
plugins-lock.txt
 
 
plugins.txt
plugins.txt
 
 

Repository files navigation

jpm — Jenkins Plugin Manager

CI Release License: MIT

Jenkins has never had a proper package manager. Teams copy-paste plugin lists, get bitten by transitive dependency conflicts, and can't reproduce builds. jpm brings the Cargo.lock model to Jenkins plugins.

# Declare what you want
echo "git\ncredentials\nworkflow-aggregator" > plugins.txt

# Resolve all transitive deps and lock with SHA-256 checksums
jpm lock -j 2.452.4

# Install exactly what the lock says, every time
jpm install -l plugins-lock.txt -d ./plugins/

Features

  • Lock file — pins every transitive dep to an exact version + SHA-256
  • Staleness detection — warns when plugins.txt changed since last lock
  • Bundled metadata awareness — fetches war/pom.xml (30 KB) for runtime-aware graph checks (no bundled version uplift during resolve)
  • Concurrent downloads — parallel tokio tasks with retry + mirror fallback
  • Atomic writes — no half-written plugin files on failure
  • Dry-run & skip-failed flags

Install

Pre-built binaries (Linux, macOS, Windows) on the Releases page, or build from source (Rust 1.75+):

cargo install --path .

macOS: Gatekeeper will block the downloaded binary as unnotarized. Remove the quarantine flag after download:

xattr -d com.apple.quarantine jpm

Usage

jpm lock    -j <VERSION> [-f plugins.txt] [-o plugins-lock.txt] [--fix] [--upgrade]
jpm install [-l plugins-lock.txt] [-d ./plugins/] [--dry-run] [--skip-failed]
jpm doctor  [-l plugins-lock.txt] [-d ./plugins/] [--strict]
jpm graph   -j <VERSION> (-f plugins.txt | -l plugins-lock.txt) [-o plugins-graph.dot] [--allow-cycle]
jpm roots   -j <VERSION> [-f plugins.txt] [--write] [--keep <PLUGIN>]
Situation Command
Initial setup or routine update jpm lock -j <VERSION>
Jenkins upgrade breaks plugins jpm lock -j <VERSION> --fix
Annual Jenkins + plugin refresh jpm lock -j <VERSION> --fix --upgrade

Operating Modes

  • Immutable image build: run jpm lock then jpm install into a clean plugin directory.
  • Long-lived Jenkins server: run jpm doctor --strict before restart to catch drift (duplicate suffix files, version drift, unmanaged plugins, disabled markers).

Detailed jpm lock behavior and file formats are documented in docs/lock.md.

Background

The official plugin-installation-manager-tool (Java) re-resolves from the Update Center on every run — no lock file, no reproducibility. jpm separates lock from install and persists the full resolved graph with checksums.

See docs/lock.md, docs/install.md, docs/doctor-design.md, docs/graph-design.md, docs/roots-design.md, docs/comparison.md, and docs/feature-status.md.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 3

v0.1.2 Latest
Mar 21, 2026
+ 2 releases

Packages

 
 
 

Contributors

Languages