The Jenkins Gradle Convention Plugin is a Kotlin-first, 🐘 Gradle convention plugin that acts as the Maven Parent POM equivalent for Jenkins plugin development with Gradle. It provides a unified, opinionated foundation for building, testing, and publishing Jenkins plugins—standardizing best practices, automating quality checks, and eliminating boilerplate.
Built on top of the well-established gradle-jpi-plugin, this plugin extends JPI with extra conventions, integrated quality tools, and CI-friendly defaults—so you can focus on your plugin’s logic, not your build scripts.
✓ Stop copy-pasting boilerplate:
Get reproducible, high-quality, CI-ready Jenkins plugins out of the box!
Modern Language Standards Enforcement
- Java 21 via toolchains (future-proof)
- Kotlin explicit API mode for better maintainability
- Groovy 4+ conventions for all source sets
- Cross-language compatibility and best practices
Automatic BOM (Bill of Materials) Alignment
Goodbye, dependency hell.
- Zero Version Conflicts: All major dependencies automatically aligned
- Supported BOMs: Jenkins Core, Spring, Jackson, Jetty, Netty, SLF4J, Guava, Log4j, Vert.x, JUnit, Mockito, Testcontainers
- Custom BOM Support: Project-specific BOMs with runtime/test scoping
Note
Quality tools are applied conditionally based on project sources.
| Category | Tools | Languages | Purpose |
|---|---|---|---|
| Code Style | Spotless | Java, Kotlin, Groovy, JSON, YAML | Universal formatting and style |
| Checkstyle | Java | Java-specific style checks | |
| Codenarc | Groovy | Groovy-specific style checks | |
| Static Analysis | PMD | Java | Java bug detection and best practices |
| SpotBugs | Java | Java bytecode analysis for bugs | |
| Detekt | Kotlin | Kotlin-specific linting and style | |
| Security | OWASP Dependency-Check | All | Vulnerability scanning for dependencies |
| Coverage | Jacoco | Java, Groovy | JVM test coverage enforcement |
| Kover | Kotlin | Kotlin-native coverage analysis | |
| Testing | Pitest | Java | Mutation testing for robust test suites |
| Frontend | ESLint | JavaScript, TypeScript | Frontend code quality |
| Documentation | Dokka | Kotlin | Kotlin API documentation |
| Duplication | CPD | Java, Groovy | Copy-paste detection |
Unified Reporting
- All reports in standard locations (
build/reports/) - Multiple formats:
HTML,XML,SARIF - CI-ready integration with
checklifecycle
Preconfigured Testing Stack
- JUnit Jupiter 5.x - Modern test framework
- Kotest - Kotlin-native testing
- MockK & Mockito - Comprehensive mocking
- AssertJ - Fluent assertions
- Spock - Groovy testing framework
- Testcontainers - Integration testing
Optimized Execution
- Forked JVMs with sensible memory defaults
- Parallel test execution
- Structured logging and reporting
Multiple Configuration Approaches
- Properties-based: Perfect for CI/CD environments
- DSL-based: Rich, type-safe configuration in build scripts
- Multi-module support: Consistent conventions across large projects
- Kotlin DSL optimized: First-class Kotlin build script support
[versions]
jenkinsConvention = "<LATEST_VERSION>"
[plugins]
jenkinsConvention = { id = "io.github.aaravmahajanofficial.jenkins-gradle-convention-plugin", version.ref = "jenkinsConvention" }In the root settings.gradle.kts, add the plugin’s version catalog:
dependencyResolutionManagement {
repositories {
mavenCentral()
}
versionCatalogs {
create("baseLibs") {
from("io.github.aaravmahajanofficial:version-catalog:<LATEST_VERSION>")
}
}
}plugins {
alias(libs.plugins.jenkinsConvention)
}
jenkinsConvention {
// Required: at least one developer
developer {
id = "exampleDev"
name = "Example Developer"
email = "[email protected]"
}
}Important
This is the minimal working configuration.
All later examples (BOMs, quality, etc.) assume you already have this block in place.
By default, common BOMs (like Jackson) are applied automatically.
You can disable or add your own:
jenkinsConvention {
bom {
// Disable a default BOM
jackson { enabled = false }
// Add a custom BOM
customBoms {
create("aws-bom") {
coordinates = "com.amazonaws:aws-java-sdk-bom"
version = "<AWS_BOM_VERSION>"
testOnly = false
}
}
}
}The plugin integrates Spotless, OWASP Dependency Check, Detekt, and more.
You can enforce stricter rules or relax defaults:
jenkinsConvention {
quality {
spotless {
enabled = false
}
detekt {
failOnViolation = false // Default: true
}
owaspDepCheck {
enabled = true
failOnCvss = 7.5f // Default: 7.0f
}
}
}| Component | Supported Versions |
|---|---|
| Gradle | 9.0 or newer |
| Jenkins | Jenkins Core 2.516.2+ (LTS) – defined via Jenkins Plugin BOM |
| Java | 21 (via toolchains, enforced) |
| Kotlin | 2.2.x+ |
| Groovy | 4.0+ (with BOM alignment) |
| OS | Linux, macOS, Windows |
- Requires: Kotlin DSL or Groovy DSL
convention-plugin/src/main/kotlin: Core plugin implementationconvention-plugin/src/integrationTest: Comprehensive integration testsbuild-logic: Reusable convention and quality pluginsversion-catalogs: Centralized dependency versions (libs.versions.toml)
Want to help improve this plugin?
- Fork and open an issue or submit a pull request for any bugs/improvements.
- Review CONTRIBUTING.md for guidelines.
- Gradle Community Project Page - Overview of the project's goals and progress
- Gradle Plugin Portal - Official plugin page with installation instructions.
- Community/Support: Join the
#jenkins-plugin-toolchainchannel on the Gradle Community Slack.
This project began during Google Summer of Code 2025 with guidance from mentors Oleg Nenashev, Steve Hill & Rahul Somasunderam and support from the Kotlin Foundation, and continues to be actively maintained.
This project is licensed under the Apache License 2.0.
© 2025 Aarav Mahajan