Guaranteeing identical (developer) builds


(Marcel Overdijk) #1

When using dynamic version dependencies it might not be easy to create identical builds on different systems / different moments in time.

In the Ruby/Bundler world they came up with a solution for this to create lock files which states the exact version to use for a dependency.

Is something similar possible with Gradle?


(Marcel Overdijk) #2

Thinking about implementing similar lock functionality should not be so hard probably.

I can create a custom ‘lock’ task which resolves the dependencies and the actual version. This can be written in a dependencies.lock file or something just containing e.g.:

dependencies {
 compile "commons-lang:commons-lang:2.6"
 compile "org.apache.commons:commons-lang3:3.1"
 compile "org.springframework:spring-core:3.2.0.RELEASE"
 compile "org.springframework:spring-context:3.2.0.RELEASE"
 compile "org.springframework:spring-webmvc:3.2.0.RELEASE"
 testCompile "junit:junit:4.8.1"
}

The only thing I’m looking for now is to override the default dependency resolving. I wonder if there is a hook to that?

What is basically needs to do is override

project.configurations.compile

with the information from the dependencies.lock file.

Of course there also needs to be a task to update a dependency, just as bundler has a bundle update task which a) updated the dependency in build.gradle and b) re-locks the the dependencies again by recreating dependencies.lock

In this way you can always reproduce identical builds which is a strict requirement in our environment.


(Marcel Overdijk) #3

To rephrase my questions: 1) Is there some lock functioanlity already available? (I believe not) 2) Is there a hook available to override the dependencies (before resolving takes place) as described above?


#4

You should be able to use forced versions to achieve what you want.


(Marcel Overdijk) #5

Yes this is exactly what I needed.

I can use this force ResolutionStrategy in a plugin to set the fixed version (probably read from a another file). With that we can offer similar functionality as Bundler lock.