Generating resolved dependencies

Help/Discuss
1

We have a need for listing dependencies (as a subtask when generating SBOM). We
use a simple function for this:

Set<Dependency> getExternalDeps() {
  subprojects.collectMany { p ->
    p.configurations.collectMany { cfg ->
      cfg.allDependencies
    }.findAll { d ->
      !(d instanceof ProjectDependency)
    }
  }
}

This almost works perfectly, except for the case with dependencies lacking a
version requirement, e.g.:

testImplementation 'org.junit.jupiter:junit-jupiter-api'

The version from the above Dependency is null
(Dependency (Gradle API 6.9.4))

Is this because the result is not “resolved” yet? Is it possible to get the
resolved version from gradle? Is there another API for this we should use?

2

For various reasons that another is a very bad idea. First and foremost, because you reach into other projects model. Even just for reading this is a very bad idea.

Besides that, yeah, you only get the declared dependencies, not what it resolves to in the end that way, even if it would work properly, which it does not.

And even if it would work properly you get all dependencies declared on all configurations which is very unlikely what you want, you for example also get dependencies on tools only used during build time and so on.

You probably want instead a configuration that depends on all the subprojects and then using these API to work with the resolution result: Graph Resolution

3

hmmm, OK. I will look into that

Thanks!

1 Like