Track dependency evolution

Boon · September 8, 2016, 10:28pm

I’m working on a plugin which I will use to track how the dependencies of my Gradle projects change. That is, I would like to be able to record (i) all dependencies for a given build, and (ii) all new dependencies downloaded for a given build. This includes JARs, the POMs associated with those JARs, and parent POMs. I have toyed around with, without success, to tell Gradle to download all new dependencies to a given directory. Therefore, all non-changed dependencies will come from the cache, and I have a directory containing new dependencies for further analysis. I’ve also tried learning of the new dependencies using the “artifact” and “configurations” API, but no luck.

It seems that the only way to do this is to generate the dependency graph and write to it file (does this also include parent POMs?). Then, I would need to write a custom parser and diff tool to determine when new dependencies have been added and extract them (Maven coordinates).

Is there a more obvious solution, or something more readily supported by Gradle or an existing plugin?

Lance_Java · September 9, 2016, 1:47pm

From command line you can do
gradle dependencies
You could possibly use this task as a basis to produce a json / xml file which could be used for diffing (see DependencyReportTask)

If you want the poms/binaries in a folder you could use this gist as a starting point. This should grab parent poms too. You might want to tweak the gist to download project.buildscript.configurations.* and project.configuratutions.*

You could then call fileTree.subtract(fileTree) with a previous version of the folder to discover the “new” files

Boon · September 9, 2016, 3:32pm

The trouble with gradle dependencies is that it does not include parent POM files. I need to track those, as if I want to transfer dependencies elsewhere, perhaps to a new repository, I also need to track and transfer the parent POM files.