Gradle is an open-source build automation tool focused on flexibility, build reproducibility and performance. Over the years, this tool has evolved and introduced new concepts and features around dependency management, publication and other aspects on build and release of artifacts for the Java platform.
Keeping up to date with all these features across several projects can be challenging. How do you make sure that all your projects can be upgraded to the latest version of Gradle? What if you have thousands of projects and hundreds of engineers? How can you abstract common tasks for them and make sure that new releases work as expected?
At Netflix, we built Nebula, a collection of Gradle plugins that helps engineers remove boilerplate in Gradle build files, and makes building software the Netflix way easy. This reduces the cognitive load on developers, allowing them to focus on writing code.
In this talk, I’ll share with you our philosophy on how to build JVM artifacts and the pieces that help us boost the productivity of engineers at Netflix. I’ll talk about:
- What is Nebula
- What are the common problems we face and try to solve
- How we distribute it to every JVM engineer
- How we ensure that Nebula/Gradle changes do not break builds so we can ship new features with confidence at Netflix
13. ⚠ ⚠ ⚠ ⚠ ⚠ ⚠ ⚠ ⚠ ⚠ ⚠
Free and Open Source
Software (FOSS)
constitutes 70-90% of any
given piece of modern
software solutions
⚠ ⚠ ⚠ ⚠ ⚠ ⚠ ⚠ ⚠ ⚠ ⚠
A Summary of Census II: Open Source Software Application Libraries the World Depends On
15. Examples…
— Resources Downloaded over
Insecure Protocol
(CVE-2021-26291)
— Arbitrary code execution via
specially crafted environment
variables (CVE-2021-32751)
— Dependencies used by external
plugins or the plugins
themselves
🔐 You should follow Jonathan Leitschuh’s (@JLLeitschuh) work! 🔐
19. We started looking for a build tool that:
— Better dependency management
Enabled testability
— Provided first class support for
Java applications
— Rich community and ecosystem
— Allowed us to vastly simplify build
files
28. Keeping up with the release cadence
— Latest: Gradle 8.7 (March 2024)
— Aiming for:
• Major release every year
• Gradle 9.x ~Q3 2024
• Minor release every 6 weeks
• The major version before the
previous one to become end-of-
life (EOL)
29. Breaking changes
Be aware of the feature states!
• Internal (don’t use them)
• Incubating (provide feedback)
• Public (safe to use)
• Deprecated (act as soon as
possible)
30. Adopting new features
• How fast can you adopt
new features?
• Should you adopt all of
them?
31. Java Compatibility
Image from https://docs.gradle.org/current/userguide/compatibility.html
Compatibility varies for:
— Compile and test code
— Running Gradle
• Groovy or Kotlin DSL
• Plugins
40. Create Init plugins
Good for:
— Add dependencies to build
script classpath
— Modify repositories for all
projects
— Any settings that apply
globally to all builds on a
machine
47. What developers get
— Linting
— Dependency Locking
— Resolution Rules
— Dependency Graph Manifests
— Develocity configuration
— And many more…
— Spring Boot plugin default
configurations
— Debian generation
— Docker image generation
Versioning
— Internal Repositories
— Testing opinions
— Publishing credentials and
configuration
— Static code analysis defaults
Example from https://github.com/gradle/foojay-toolchains
48. Custom Distribution isn’t as complex as it sounds
Creating a custom distribution is in a
nutshell
- Download Gradle
- Unzip it
- Copy your init script and
gradle.properties files to init.d
- Zip it again
- Use it
49. It isn’t as complex as it sounds
This is thanks to Gradle init script management
Content from https://docs.gradle.org/current/userguide/init_scripts.html
50. How to create it then?
Demo can be found in https://github.com/rpalcolea/devnexus-2024-demos/tree/main/custom-distribution-demo
There is a custom-gradle-dist-gradle plugin!
51. But even with all the
plugins in the world, you
still need to maintain
build scripts…
52. Linting build files
Demo can be found in https://github.com/rpalcolea/devnexus-2024-demos/tree/main/nebula-lint-demo
54. Acceptance testing
Niagara clones every repository and
runs some commands to:
— Upgrade Nebula (Gradle)
• Candidates
• Snapshots
— Upgrade Gradle for OSS plugins
that we use
67. Define your commitment
- Trying out snapshots and RCs
really helps Gradle team to
identify issues but not everyone
have the time to do it and that is
fine.
- You can have different
approaches based on the release
type (e.g. adopt minor and patch
release quickly but major versions
take more time)
70. Test your plugin with
multiple Gradle versions
The Gradle Test plugin extends the power that the new GradleTestKit brings
without having to actually author code!
71. ⚠ Only introduce incubating
APIs in your plugins if you
know that all your
consumers are compatible ⚠
72. Similar to other projects,
avoid adding third party
dependencies when they are
not necessary
73. Same applies to plugins, look
at the activity of them before
introducing to your builds,
they can be a major blocker
for evolving your toolkit
74. Gradle Community
Images from https://gradle.org/fellowship/
- Join the Gradle Community Slack
https://gradle.org/slack-invite/
- Gradle Fellowship: these folks are
very active in the slack community
and also generate a lot of
educational material
76. Reiterating a bit…
— Gradle is a build tool with many
great features but you might not
need all of them, invest where
possible
— From project plugins to custom
distribution, there are ways to
abstract complexity and
standardize build tooling for
teams/orgs
— Keeping Gradle up to date can be
challenging but it is important not
only for the developer experience
but also for security concerns.
Prioritize accordingly