Using POM's with unversioned dependencies


(Dimitar Dimitrov) #1

We have a build that uses the practice documented as Dependency Management // Modelling releaseable units. In essence it boils down to not declaring the versions at dependency declaration and enforcing the actual version for all direct and transitive occurrences using a resolutionStrategy like this.

configurations.all {
    resolutionStrategy.eachDependency { DependencyResolveDetails details ->
        switch (details.requested.group) { // 23.8.2.1. Releasable Units - https://docs.gradle.org/current/userguide/dependency_management.html
            case 'org.apache.logging.log4j' : details.useVersion '2.7'   ; break
            case 'org.codehaus.groovy'      : details.useVersion '2.4.7' ; break
            case 'org.slf4j'                : details.useVersion '1.7.21'; break
        }
    }
}

While the approach works, it has the disadvantage that when publishing a POM, the “releasable unit” dependencies do not specify a version (see this thread for more background). Initially, the artifact consumers were using Maven and BOMs, so that was not seen as a problem.

Now we started using this artifact from Gradle builds, and we found out that the resolver is too eager to validate that the POM has version, so we get an exception before the resolutionStrategy has a chance to tweak the dependency.

Is there a reasonable short-term workaround, short of ignoring the POM? Over the longer term, we will require that all direct dependencies declare a version and add an assertion that it matches the releasable unit, yet for now we need to deal somehow with the existing artifacts.