Dependency Locking and useVersion

I’m observing problems related to dependency locking when using DependencyResolveDetails.useVersion(). It seems that useVersion bypasses
dependency locking.

I do have an example here: Github example

Here is what I do:

  • I create a local maven repository having versions 0.1.0, 0.2.0, 1.1.0 and 1.2.0
  • I’ve setup the project to call “useVersion(‘1.+’)”
  • I create dependency lockfiles using `./gradlew dependencies --write-locks’
  • Within the lockfiles, I see versions 1.2.0
  • Now I extend the local maven repository so it has these versions available:
    0.1.0, 0.2.0, 1.1.0, 1.2.0, 1.3.0
  • I try to build the project using ./gradlew build
  • I hoped to get a build based on 1.2.0
  • Unfortunately, I get an error instead

Here is the error:

java-example-gradle-useversion$ ./gradlew build
> Task :compileJava FAILED

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':compileJava'.
> Could not resolve all files for configuration ':compileClasspath'.
   > Did not resolve 'cool.heller.uli:hello-world:1.2.0' which has been forced / substituted to a different version: '1.3.0'
   > Did not resolve 'cool.heller.uli:bye-moon:1.2.0' which has been forced / substituted to a different version: '1.3.0'

* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Run with --scan to get full insights.
> Get more help at https://help.gradle.org.

BUILD FAILED in 714ms
1 actionable task: 1 executed

My impression is that “useVersion” always tries to resolve the dynamic version passed to it against the maven repository. It even skips the usual 24 hours cache interval.

Am I doing something stupid (as before with my previous question)? Thx for any help!

Best regards, Uli

Am I doing something stupid (as before with my previous question)?

Actually yes. :smiley:
useVersion is exactly the problematic low-level method that also the SDM plugin uses which circumvents dependency locking and also is not properly represented in reports like a build scan, dependencies task or dependencyInsight task: dependency-management-plugin/src/main/java/io/spring/gradle/dependencymanagement/internal/VersionConfiguringAction.java at d6d1462461b51305f77058fc05984c906f5e0bae · spring-gradle-plugins/dependency-management-plugin · GitHub

1 Like

Hey @Vampire ,

thank you so much. Your answer is quite helpfull. I already decided that we have to get rid off the usage of useVersion(). For me, it was quite difficult to explain its behavior to other team members. So I had a bad feeling in seeing it within our code.

To me, your explanation is a confirmation of this. I’ll define a variable `coolHellerUliVersion=‘1.+’ and use that for each dependency, like:

implementation "cool.heller:maybe-mars:${coolHellerUliVersion}"

Much easier to understand! And it works perfectly, too!

Best regards, Uli