Guaranteeing identical (developer) builds

When using dynamic version dependencies it might not be easy to create identical builds on different systems / different moments in time.

In the Ruby/Bundler world they came up with a solution for this to create lock files which states the exact version to use for a dependency.

Is something similar possible with Gradle?

Thinking about implementing similar lock functionality should not be so hard probably.

I can create a custom ‘lock’ task which resolves the dependencies and the actual version. This can be written in a dependencies.lock file or something just containing e.g.:

dependencies {
 compile "commons-lang:commons-lang:2.6"
 compile "org.apache.commons:commons-lang3:3.1"
 compile "org.springframework:spring-core:3.2.0.RELEASE"
 compile "org.springframework:spring-context:3.2.0.RELEASE"
 compile "org.springframework:spring-webmvc:3.2.0.RELEASE"
 testCompile "junit:junit:4.8.1"
}

The only thing I’m looking for now is to override the default dependency resolving. I wonder if there is a hook to that?

What is basically needs to do is override

project.configurations.compile

with the information from the dependencies.lock file.

Of course there also needs to be a task to update a dependency, just as bundler has a bundle update task which a) updated the dependency in build.gradle and b) re-locks the the dependencies again by recreating dependencies.lock

In this way you can always reproduce identical builds which is a strict requirement in our environment.

To rephrase my questions: 1) Is there some lock functioanlity already available? (I believe not) 2) Is there a hook available to override the dependencies (before resolving takes place) as described above?

You should be able to use forced versions to achieve what you want.

Yes this is exactly what I needed.

I can use this force ResolutionStrategy in a plugin to set the fixed version (probably read from a another file). With that we can offer similar functionality as Bundler lock.