Thinking about implementing similar lock functionality should not be so hard probably.
I can create a custom ‘lock’ task which resolves the dependencies and the actual version. This can be written in a dependencies.lock file or something just containing e.g.:
The only thing I’m looking for now is to override the default dependency resolving. I wonder if there is a hook to that?
What is basically needs to do is override
project.configurations.compile
with the information from the dependencies.lock file.
Of course there also needs to be a task to update a dependency, just as bundler has a bundle update task which a) updated the dependency in build.gradle and b) re-locks the the dependencies again by recreating dependencies.lock
In this way you can always reproduce identical builds which is a strict requirement in our environment.
To rephrase my questions: 1) Is there some lock functioanlity already available? (I believe not) 2) Is there a hook available to override the dependencies (before resolving takes place) as described above?
I can use this force ResolutionStrategy in a plugin to set the fixed version (probably read from a another file). With that we can offer similar functionality as Bundler lock.