Check if Dependency is Dynamic or Changing?

smozely · October 10, 2015, 5:19am

Hi there,

So I’m just trying to add some logic to a build that will fail when the build contains dynamic or changing dependencies (say like the Maven release plugin) … I’m aiming to have this so that my master branch is not allowed changing / dynamic dependencies.

I’ve done this before with SNAPSHOTs using basically the same implementation as this SO post http://stackoverflow.com/questions/29553215/gradle-equivalent-of-maven-enforcers-requirereleasedeps … Now I’m trying to do something where I use unique version numbers for every build rather than SNAPSHOT’s and can see how I could kinda do the same thing using something like version.endsWith('+') but I’m wondering if there is a better way to identify deps as changing/dynamic than string comparison?

mark_vieira · October 10, 2015, 6:28am

There’s nothing in the API for this. Essentially, our internal resolution logic is just doing string comparison to make the same determination. For changing modules we interpret anything with a ‘SNAPSHOT’ suffix as changing but you can also set changing = true on the dependency itself. In your logic you should check for both. For dynamic versions its a bit more complex. Technically it’s more than just the ‘+’ character. We also support version ranges ex. [1.0, 2.0).

smozely · October 10, 2015, 8:22pm

Thanks Mark,

Thats all good, string compares it it is.

Though any pointers to the internal logic doing the resolution? Would be cool if I could reuse some of that stuff.

Thanks again
Steve

mark_vieira · October 11, 2015, 6:08am

Here’s our internal implementation if you want to use that as a guide. There’s a pretty gnarly regex to determine if the version number is a range selector.

github.com

gradle/gradle/blob/master/subprojects/dependency-management/src/main/java/org/gradle/api/internal/artifacts/ivyservice/ivyresolve/strategy/DefaultVersionSelectorScheme.java#L26-L40


public VersionSelector parseSelector(String selectorString) {
    if (VersionRangeSelector.ALL_RANGE.matcher(selectorString).matches()) {
        return new VersionRangeSelector(selectorString, versionComparator.asVersionComparator());
    }


    if (selectorString.endsWith("+")) {
        return new SubVersionSelector(selectorString);
    }


    if (selectorString.startsWith("latest.")) {
        return new LatestVersionSelector(selectorString);
    }


    return new ExactVersionSelector(selectorString);
}

smozely · October 27, 2015, 3:50am

Super thanks for this info Mark

Chris_Dore · October 29, 2015, 5:52am

Hi @smozely,

Not quite what you were originally after, but have you taken a look at the nebula dependency lock plugin?

We have found it to be a good balance between dynamic and static dependencies. We use it to allow our CI system to integrate everything very early with dynamic dependencies, but at points we can control using jobs that explicitly test new dependency resolutions before committing the updated lock files (developers have the option of committing updated lock files as well, as certain scenarios require it).

If you were to stop committing lock files on your master branch, the dynamic dependencies would be ignored. To me it would make sense that you might still want to fail on SNAPSHOT dependencies, since releasing from master with those might be a bad idea (or for whatever reason you want master stable).

Topic		Replies	Views
Gradle dependencies management with "+" sign Old Forum Archive	1	616	January 29, 2015
How does gradle compare classifiers in dependency resolution? Old Forum Archive	2	2188	November 5, 2014
Dependency caching and update: dynamic, changing, with unreliable maven repository Old Forum Archive	1	1879	December 4, 2013
SNAPSHOT dependencies are not detected without number Bugs issue-acknowledged , gradle-3350	8	6490	October 21, 2015
Pulling in snapshot dependency bumps all dynamic versioned dependencies to snapshot as well Old Forum Archive	8	1697	March 3, 2015

Check if Dependency is Dynamic or Changing?

Related topics