Prevent project dependency from picking up future version

I’m working on a multi-repo multi-module application, e.g.:

  • repoA
  • repoB
  • repoC: module1, module2
  • repoBom

Inside repoBom, I want to publish a platform BOM containing specific versions, e.g. repoA:repoA:1.2.3, repoB:repoB:1.2.3, repoC:module1:1.2.3, repoC:module2:1.2.3.

If repoC:module1 depends explicitly on repoB:repoB:1.2.3, everything is fine. However, having explicit dependencies is tediuous because there’s quite a few of them.

Instead of having these explicit dependencies, I tried to have repo[ABC] depend on repoBom:1.2.3.
How this works:

  • First, I define a new Bom version, say 1.2.4, with constaints such as repoA:repoA:1.2.4, before these constraints are actually built. This part is fine, as a BOM only contains constraints, not dependencies, and to build the BOM we don’t need the referred artifacts to exist.
  • Next, I upgrade repoA to consume repoBom:1.2.4, build it, and tag 1.2.4.
  • Repeat for repoB, repoC.
  • At the end I have repoA:repoA:1.2.4, etc, and repoBom:1.2.4 contains them all

All /tag/ builds are fine, specifically, myAppC:1.2.4 builds just fine.
However, the /branch/ build myAppC:master fails (at the same commit as 1.2.4), because e.g. myAppC:module2 depends on project(":module1), which in turn is resolved by Gradle as myAppC:module1:1.2.4 (!?), which is non-existent until the tag is built.

In short, Gradle’s project(":module1") is (unexpectedly, to me) picking up the constraint version from myBom for what is at that moment a project dependency (!?). I tried several things, such as resolutionStrategy { force “myAppC:module1:branch-SNAPSHOT” }, but it doesn’t work. I also found a post stating we cannot exclude a specific constraint from a BOM, though that might help here.

Is there a way to make this work?