Thinking about implementing similar lock functionality should not be so hard probably.
I can create a custom ‘lock’ task which resolves the dependencies and the actual version. This can be written in a dependencies.lock file or something just containing e.g.:
The only thing I’m looking for now is to override the default dependency resolving. I wonder if there is a hook to that?
What is basically needs to do is override
with the information from the dependencies.lock file.
Of course there also needs to be a task to update a dependency, just as bundler has a bundle update task which a) updated the dependency in build.gradle and b) re-locks the the dependencies again by recreating dependencies.lock
In this way you can always reproduce identical builds which is a strict requirement in our environment.