Dynamic dependency resolves to a snapshot instead of the latest release

My team develops our own internal Gradle plugin which we release on our own Artifactory repository. Intermediate builds are published as snapshots with a name like OurPlugin and version 0.9.5-SNAPSHOT.

(Currently using Gradle 1.10, but saw the same result with 1.12)

In our build.gradle scripts, we apply our plugin, with dependencies declared like this

buildscript {
  repositories {
    maven {
      url "http://ourRepo"
    }
  }
  dependencies {
    classpath(group: 'ourgroupid', name: 'OurPlugin', version: '0.9.+')
  }
}

The problem I’m seeing is that if I’ve got a release out with version 0.9.4, and a snapshot 0.9.5-SNAPSHOT, then Gradle scripts always uses the snapshot. If I then make 0.9.5 official and release it, then the Gradle uses it instead.

What am I missing here, or is this a bug?

We also publish custom plugins, and put them on the classpath with a dynamic version specification.

We publish snapshots to one repo, and releases to another repo. By default in all the projects, the build script repositories block specifies only the release repo. So snapshots are not picked up.

You could declare the snapshot repo also, but wrap it in a conditional based on a project property. Then you can control whether or not a build uses snapshots, and what the default is. We don’t happen to do this, but it would certainly be possible. Or if you never want the snapshots, don’t bother declaring that repo at all.

1 Like

So it looks like having one repo for both snapshots and releases is just a bad practice. I’ll need to separate them out, or just stop publishing snapshots.

Looks like a bug to me. Can you try with an older version (say 1.8 or 1.6)?

I’ve tried with 1.8, 1.6, and even 1.0. They all use the snapshot. I’m wondering if snapshots are used, since their pom files show versions made with timestamps like this:

<version>0.9.5-20140530.132746-1</version>

Thanks for the feedback. We’ll have to investigate/discuss what the desired behavior is. Raised GRADLE-3097.

Good to know it was a bug. I thought it was the behavior. I was planing to use

latest.release

and

latest.integration

We’re having the same issue for all Gradle versions >= 2.0. Gradle resolves dependencies with “+” to SNAPSHOT versions.

E.g. org.apache.logging.log4j:log4j-core:2.+ -> 2.2-SNAPSHOT We also have our own repo with different locations for releases and snapshots, but we get snapshots from there too. E.g. com.company.package:module:5.+ gives us 5.0.1-SNAPSHOT.

We had previously Gradle 1.7 and it resolves dependencies just fine.

Hello,

we have the same problem after we switched from Gradle 1.10 to Gradle 2.2.1.

This strange behavior was introduced with Gradle 1.12.

We uses dynamic version a lot for core libraries and for us this is a serious problem.

Is there a workaround?

Regards, Andreas