Liviu Tudor, profile picture
Uploaded byLiviu Tudor
PDF, PPTX2,196 views

Managing dependencies with gradle

The document discusses managing dependencies in Gradle multi-module projects. It presents three problems: 1) managing shared dependencies across modules, 2) changing dependencies that impact repeatable builds, and 3) dependency conflicts when modules are updated separately. For problem 1, it recommends using a gradle.properties file to define shared versions. For problem 2, it introduces the nebula-dependency-lock plugin to lock dependencies until explicitly updated. For problem 3, it notes conflicts can occur if modules are updated independently and provides solutions like dependency locking or pinning versions.

Software
Related topics:
Continuous Integration

Embed presentation

Download as PDF, PPTX
Headline Gradle / Dependencies Managing Dependencies with Gradle Ads Engineering
Problem 1 ● Managing dependencies in multi-module projects TOP LEVEL build.gradle settings.gradle Module A build.gradle: compile “netflix.platform:1.2” Module B build.gradle: compile “netflix.platform:?”
Problem 1 -- cont’d ● Managing dependencies in multi-module projects TOP LEVEL build.gradle settings.gradle Module A build.gradle: compile “netflix.platform:1.2” Module B build.gradle: compile “netflix.platform:1.2”
Problem 1 -- cont’d ● To update platform version to 2.3: TOP LEVEL build.gradle settings.gradle Module A build.gradle: compile “netflix.platform:2.3” Module B build.gradle: compile “netflix.platform:2.3” ● Result: 2 edits …. or N edits!
Problem 1 -- Solution ● Use gradle.properties TOP LEVEL build.gradle settings.gradle gradle.properties
Problem 1 -- Solution -- cont’d ● What is it? ○ Normal Java properties file -- used to store module versions (amongst others): gradle.properties … platformVersion=1.2 libraryXVersion=latest.release ... ● The values from the properties file can be referenced in build.gradle file: build.gradle … compile “netflix:platform: $platformVersion” compile “some:library: $libraryXVersion” ... ● Use the groovy string “ (double quotes not single)
Problem 1 -- Solution -- cont’d ● The versions can be referenced in all build.gradle files! TOP LEVEL build.gradle settings.gradle gradle.properties Module A build.gradle: compile “netflix.platform:$platformVersion” Module B build.gradle: compile “netflix.platform:$platformVersion” … platformVersion=1.2 libraryXVersion=latest.release ... ● One centralized place to change version numbers.
Problem 2 ● Nebula promises repeatable immutable builds ● But! // build.gradle snippet ... compile “netflix:platform:latest.release” …
Problem 2 -- cont’d Day 1 platform.versions ● 1.1 ● 1.2 latest.release -> 1.2 Build includes platform-1.2
Problem 2 -- cont’d Day 1 platform.versions ● 1.1 ● 1.2 latest.release -> 1.2 Day 2 platform.versions ● 1.1 ● 1.2 ● 1.3 latest.release -> 1.3 Build includes platform-1.3
Problem 2 -- cont’d Day 1 platform.versions ● 1.1 ● 1.2 latest.release -> 1.2 Day 2 platform.versions ● 1.1 ● 1.2 ● 1.3 latest.release -> 1.3 Day 3 platform.versions ● 1.1 ● 1.2 ● 1.3 ● 2.0 (breaks binary compatibility) latest.release -> 2.0 Build includes platform-2.0 (and fails!)
Problem 2 -- One Solution ● Pin version down // build.gradle snippet ... compile “netflix:platform:1.2” …
Problem 2 -- One Solution -- cont’d ● Pin version down // build.gradle snippet ... compile “netflix:platform:1.2” … Problem: Have to manually update versions now every time there is a new release. (Tedious and error-prone.)
Problem 2 -- nebula-dependency-lock Gradle Plugin ● Part of the Nebula gradle plugins family: https://github.com/nebula- plugins/gradle-dependency-lock-plugin A plugin to allow people using dynamic dependency versions to lock them to specific versions. ● We can still use “latest.release” as the version number, but decide when the version gets incremented, regardless of the versions of the components available in the repository
● How? ● Creates a (JSON) “lock” file in the project directory with the current version numbers. ● Lock file does NOT get updated during the normal build process -- so versions are “locked” until the lock file is updated ● Provides Gradle tasks to update the lock file ● Committing the “lock” file into SCM (git/stash/etc) means building from the commit (hash) at any time will use the same versions always nebula-dependency-lock Gradle Plugin -- Cont’d
● Usage: simply reference the plugin in the build.gradle: apply plugin: 'nebula.dependency-lock' ● Create a lock file: gradle generateLock saveLock Or (for multi-module projects) gradle generateGlobalLock saveGlobalLock (in root project) nebula-dependency-lock Gradle Plugin -- Cont’d
● To update dependency graph (i.e. when new library gets added to dependencies) -- but not update the versions! gradle updateLock saveLock Or gradle updateGlobalLock saveGlobalLock ● In fact generateLock/updateLock and generateGlobalLock/updateGlobalLock are equivalent so they can be interchanged ○ Same command can be used in both cases nebula-dependency-lock Gradle Plugin -- Cont’d
● To update versions gradle updateLock saveLock --refresh-dependencies Or gradle updateGlobalLock saveGlobalLock --refresh- dependencies nebula-dependency-lock Gradle Plugin -- Cont’d
● More goodness: plugging in nebula gradle-scm-plugins ● What is it ○ Suite of Nebula plugins for interfacing with SCM (git/stash/etc) ○ On Github: https://github.com/nebula-plugins/gradle-scm-plugin ● Specialized plugins for each SCM ○ gradle-git-scm-plugin is the plugin for Stash/Git ○ On Github: https://github.com/nebula-plugins/gradle-git-scm-plugin ● Creates tasks for committing from build.gradle into Stash/Git nebula-dependency-lock Gradle Plugin -- Cont’d
● When used in the same project with nebula-dependency-lock, a commitLock task is created: ○ Commits the dependency “lock” file into SCM ○ For git/stash it does a commit + push (sync local/remote repos) ● Following updates the lock file and pushes it to the remote repository: gradle updateLock saveLock commitLock --refresh-dependencies Or gradle updateGlobalLock saveGlobalLock commitLock --refresh- dependencies (Note the name of task is commitLock for both types of projects!) nebula-dependency-lock Gradle Plugin -- Cont’d
Automatic nightly checked dependencies version upgrade: ● Everyone commits into master (assume we commit just code -- not update dependencies too) ● Nightly, Jenkins job to: a. gradle updateLock saveLock b. gradle build test integrationTest c. gradle commitLock ● Every morning the lock file will contain the latest versions which don’t break the project! ■ Or if one of the new versions causes issues then you get notified by Jenkins! nebula-dependency-lock Gradle Plugin -- Cont’d
● Multi-module or separate modules? Problem 3 Module A Module B libX:1.0 libY:2.0 libZ:3.0 Module A: latest libX:1.0 libY:2.0 TOP LEVEL Module A libX:1.0 libY:2.0 Module B libZ:3.0 Module A
Problem 3 -- cont’d Module A Module B libX:1.0 libY:2.0 libZ:3.0 Module A: latest libX:1.0 libY:2.0 TOP LEVEL Module A libX:1.0 libY:2.0 Module B libZ:3.0 Module A Own Repo Own Jenkins Job Own Repo Own Jenkins Job One Repo One Jenkins Job
Problem 3 -- cont’d Module A Module B libX:1.0 libY:latest libZ:3.0 Module A: latest libX:1.0 libY:2.0 ● Dependencies Update -- separate modules libY: ● 2.0 ● 2.1 libY:2.1 Artifactory Module A: 1.1
Problem 3 -- cont’d Module A Module B libX:1.0 libY:latest libZ:3.0 Module A: 1.1 libX:1.0 libY:2.1 ● Dependencies Update -- separate modules libY: ● 2.0 ● 2.1 libY:2.1 Artifactory Module A: 1.1
Problem 3 -- cont’d Module A Module B libX:1.0 libY:latest libZ:3.0 Module A: 1.1 libX:1.0 libY:2.1 ● Dependencies Update -- separate modules libY: ● 2.0 ● 2.1 libY:2.1 Artifactory Module A: 1.1 CONFLICT! (Only visible when Module B gets compiled)
Problem 3 -- cont’d Solutions for conflict (separate modules): ● Go back to Module A and pin libY to version to 2.0 ○ Requires changes in A + rebuild A ● Change Module B and force pin libY to version 2.0 ○ Simply pin to 2.0 won’t work because Module A drags a new version (2.1) ○ Now Module A and B use different versions of libY (so any project using both of them will have to force pin libY) ● Change Module B to exclude libY when pulling Module A ○ Will use whatever version Module B has for libY ○ Again, Module A and B use different versions
Problem 3 -- cont’d Module B libZ:3.0 Module A: latest libX:1.0 libY:latest ● Dependencies Update -- multi-modules libY: ● 2.0 ● 2.1 Artifactory libY:2.1
Problem 3 -- cont’d Module B libZ:3.0 Module A: latest libX:1.0 libY:latest ● Dependencies Update -- multi-modules libY: ● 2.0 ● 2.1 Artifactory libY:2.1 CONFLICT! (Visible right away)
Problem 3 -- cont’d Solutions for conflict (multi-module): ● Pin libY to version to 2.0 ○ Requires one single change (in gradle.properties) ● Use dependency locking ○ The nightly build “catches” the incompatibility with 2.1 and doesn’t upgrade dependencies
Questions ?

More Related Content

PPTX
A successful Git branching model
byabodeltae
 
PPTX
Build and release in code with azure devops pipelines
byGian Maria Ricci
 
PPTX
Git branching strategies
byjstack
 
PDF
Control de versiones utilizando Git
byHugo Gilmar Erazo
 
PPTX
Introduction to git & github
byVinothini KadambavanaSundaram
 
PDF
DoS and DDoS mitigations with eBPF, XDP and DPDK
byMarian Marinov
 
PDF
Git, CMake, Conan - How to ship and reuse our C++ projects?
byMateusz Pusz
 
PDF
Constructing SQL queries for AtoM
byArtefactual Systems - AtoM
 
A successful Git branching model
byabodeltae
 
Build and release in code with azure devops pipelines
byGian Maria Ricci
 
Git branching strategies
byjstack
 
Control de versiones utilizando Git
byHugo Gilmar Erazo
 
Introduction to git & github
byVinothini KadambavanaSundaram
 
DoS and DDoS mitigations with eBPF, XDP and DPDK
byMarian Marinov
 
Git, CMake, Conan - How to ship and reuse our C++ projects?
byMateusz Pusz
 
Constructing SQL queries for AtoM
byArtefactual Systems - AtoM
 

What's hot

PDF
Git Branching for Agile Teams
byAtlassian
 
PDF
Git flow Introduction
byDavid Paluy
 
PDF
Monorepo at Pinterest
bySuman Karumuri
 
PDF
Linux Profiling at Netflix
byBrendan Gregg
 
PDF
Rust Embedded Development on ESP32 and basics of Async with Embassy
byJuraj Michálek
 
PDF
Jenkins vs GitLab CI
byCEE-SEC(R)
 
PDF
Git - An Introduction
byBehzad Altaf
 
PDF
OpenSCAP Overview(security scanning for docker image and container)
byJooho Lee
 
PDF
Continuous Integration & Continuous Delivery with GCP
byKAI CHU CHUNG
 
PDF
Apache Flink internals
byKostas Tzoumas
 
PPT
Git workflows presentation
byMack Hardy
 
PPTX
Git Flow y GitOps
byJose Luis Sánchez Rebollo
 
PDF
Introducing GitLab (September 2018)
byNoa Harel
 
PPTX
Branching and Merging Practices
byRajesh Kumar
 
PDF
Git-flow workflow and pull-requests
byBartosz Kosarzycki
 
PDF
Conan a C/C++ Package Manager
byUilian Ries
 
PPTX
Implementing CloudHub 2.0 CI/CD Pipeline with Bitbucket Integration
bysandeepmenon62
 
PPTX
Airflow at lyft
byTao Feng
 
PPTX
Github basics
byRadoslav Georgiev
 
PPTX
Git
byShinu Suresh
 
Git Branching for Agile Teams
byAtlassian
 
Git flow Introduction
byDavid Paluy
 
Monorepo at Pinterest
bySuman Karumuri
 
Linux Profiling at Netflix
byBrendan Gregg
 
Rust Embedded Development on ESP32 and basics of Async with Embassy
byJuraj Michálek
 
Jenkins vs GitLab CI
byCEE-SEC(R)
 
Git - An Introduction
byBehzad Altaf
 
OpenSCAP Overview(security scanning for docker image and container)
byJooho Lee
 
Continuous Integration & Continuous Delivery with GCP
byKAI CHU CHUNG
 
Apache Flink internals
byKostas Tzoumas
 
Git workflows presentation
byMack Hardy
 
Git Flow y GitOps
byJose Luis Sánchez Rebollo
 
Introducing GitLab (September 2018)
byNoa Harel
 
Branching and Merging Practices
byRajesh Kumar
 
Git-flow workflow and pull-requests
byBartosz Kosarzycki
 
Conan a C/C++ Package Manager
byUilian Ries
 
Implementing CloudHub 2.0 CI/CD Pipeline with Bitbucket Integration
bysandeepmenon62
 
Airflow at lyft
byTao Feng
 
Github basics
byRadoslav Georgiev
 
Git
byShinu Suresh
 

Viewers also liked

PDF
Netflix Nebula - Gradle Summit 2014
byJustin Ryan
 
PPTX
Protista
byxempat
 
PDF
NWC Resume
byJohn Stone
 
PDF
Progress in chhattisgarh
byrajpalnegi
 
DOCX
NANOTEHNOLOGIJA U MEDICINI
byDr Milan Popović (MD)
 
PPTX
Fungi
byxempat
 
PPTX
Pertumbuhan dan perkembangan
byxempat
 
PPTX
Diapositivas.
byAndrea Jackeline
 
PDF
Itchayada_Klorvutisatian_visualcv_resume
byItchayada Klorvutisatian
 
PPTX
Builder pattern vs constructor
byLiviu Tudor
 
PPTX
Sistem ekskresi
byxempat
 
PPTX
Sistem pernapasan
byxempat
 
Netflix Nebula - Gradle Summit 2014
byJustin Ryan
 
Protista
byxempat
 
NWC Resume
byJohn Stone
 
Progress in chhattisgarh
byrajpalnegi
 
NANOTEHNOLOGIJA U MEDICINI
byDr Milan Popović (MD)
 
Fungi
byxempat
 
Pertumbuhan dan perkembangan
byxempat
 
Diapositivas.
byAndrea Jackeline
 
Itchayada_Klorvutisatian_visualcv_resume
byItchayada Klorvutisatian
 
Builder pattern vs constructor
byLiviu Tudor
 
Sistem ekskresi
byxempat
 
Sistem pernapasan
byxempat
 

Similar to Managing dependencies with gradle

PDF
Dependency Management at Scale
byRoberto Pérez Alcolea
 
PDF
Nebula: Netflix's OSS Gradle Plugins
byRob Spieldenner
 
PDF
Escaping Dependency Hell: A deep dive into Gradle's dependency management fea...
byRoberto Pérez Alcolea
 
PDF
In the Brain of Hans Dockter: Gradle
bySkills Matter
 
PDF
Keeping your build tool updated in a multi repository world
byRoberto Pérez Alcolea
 
PDF
Gradle - time for a new build
byIgor Khotin
 
PDF
Gradle - Build system evolved
byBhagwat Kumar
 
PDF
Apache Maven - eXo TN presentation
byArnaud Héritier
 
PPTX
Mono Repo
byZacky Pickholz
 
PDF
Making the most of your gradle build - Gr8Conf 2017
byAndres Almiray
 
PDF
Making the most of your gradle build - Greach 2017
byAndres Almiray
 
PDF
Leveraging Gradle @ Netflix (Guadalajara JUG Feb 25, 2021)
byRoberto Pérez Alcolea
 
PPTX
Faster Java EE Builds with Gradle
byRyan Cuprak
 
PDF
Lorraine JUG (1st June, 2010) - Maven
byArnaud Héritier
 
PPTX
Faster Java EE Builds with Gradle
byRyan Cuprak
 
PDF
Leveraging Gradle @ Netflix (Madrid GUG Feb 2, 2021)
byRoberto Pérez Alcolea
 
PPTX
Gradle
byReturn on Intelligence
 
PDF
Release It!
byEvgeny Goldin
 
KEY
4 maven junit
byHonnix Liang
 
PDF
Protecting your organization against attacks via the build system
byLouis Jacomet
 
Dependency Management at Scale
byRoberto Pérez Alcolea
 
Nebula: Netflix's OSS Gradle Plugins
byRob Spieldenner
 
Escaping Dependency Hell: A deep dive into Gradle's dependency management fea...
byRoberto Pérez Alcolea
 
In the Brain of Hans Dockter: Gradle
bySkills Matter
 
Keeping your build tool updated in a multi repository world
byRoberto Pérez Alcolea
 
Gradle - time for a new build
byIgor Khotin
 
Gradle - Build system evolved
byBhagwat Kumar
 
Apache Maven - eXo TN presentation
byArnaud Héritier
 
Mono Repo
byZacky Pickholz
 
Making the most of your gradle build - Gr8Conf 2017
byAndres Almiray
 
Making the most of your gradle build - Greach 2017
byAndres Almiray
 
Leveraging Gradle @ Netflix (Guadalajara JUG Feb 25, 2021)
byRoberto Pérez Alcolea
 
Faster Java EE Builds with Gradle
byRyan Cuprak
 
Lorraine JUG (1st June, 2010) - Maven
byArnaud Héritier
 
Faster Java EE Builds with Gradle
byRyan Cuprak
 
Leveraging Gradle @ Netflix (Madrid GUG Feb 2, 2021)
byRoberto Pérez Alcolea
 
Gradle
byReturn on Intelligence
 
Release It!
byEvgeny Goldin
 
4 maven junit
byHonnix Liang
 
Protecting your organization against attacks via the build system
byLouis Jacomet
 

Recently uploaded

PPTX
CRM Development Company | Custom CRM Development Services
byyugababu033
 
PDF
DSD-INT 2025 Century-Scale Impacts of Sediment-Based Coastal Restoration unde...
byDeltares
 
PPT
Presentation on TCL/TK scripting language
byBimal Jain
 
PPTX
wAIred_LearnwithoutAI_KotlinDevDay_27112025.pptx
bySimonedeGijt
 
PDF
DSD-INT 2025 Timor-Leste Flood exposure and Climate Change assessment - Ogunwumi
byDeltares
 
PDF
DSD-INT 2025 3D-modelling of salt intrusion into Germany’s busiest waterway -...
byDeltares
 
PDF
DSD-INT 2025 Flood Early Warning System for the Trans-African Hydrometeorolog...
byDeltares
 
PDF
IAAM Meetup #7 chez Onepoint - Construire un Rag-as-a-service en production. ...
byiaaixmarseille
 
PDF
Breaking the Vulnerability Management Cycle with Anchore and Echo
byAnchore
 
PDF
DSD-INT 2025 Advancing Urban Flood Modeling with Delft3D FM 1D2D - A Pilot St...
byDeltares
 
PDF
Smarter Testing Safer Systems Balancing AI and Oversight in Regulated Environ...
byApplitools
 
PPTX
Understanding-ROM-RAM-Cache-and-Buffer-Memory.pptx.pptx
bylata2850
 
PDF
DSD-INT 2025 Modernizing Hydrodynamics in Large Flood Forecasting System - Mi...
byDeltares
 
PDF
DSD-INT 2025 The Sinterklaas Storm in the Southwest of the Netherlands - Wope...
byDeltares
 
PPTX
Boost Productivity the Smart Way with AI Automation Solutions
byEllocent Labs
 
PPTX
Building a RAG System for Customer Support - L1
byBogdan Mustata
 
PDF
How Device, OS, and Network Variability Affects App Experience - And How to T...
bykalichargn70th171
 
PPTX
Zotero Software Demonstration. Biomedical Perspective
byDr Snehashis Singha
 
PDF
Microservices Architecture Benefits For Mobile Development.pdf
bydavidjohansen1597
 
PPTX
The Sync Strikes Back: Tales from the MOPs Trenches
bybbedford2
 
CRM Development Company | Custom CRM Development Services
byyugababu033
 
DSD-INT 2025 Century-Scale Impacts of Sediment-Based Coastal Restoration unde...
byDeltares
 
Presentation on TCL/TK scripting language
byBimal Jain
 
wAIred_LearnwithoutAI_KotlinDevDay_27112025.pptx
bySimonedeGijt
 
DSD-INT 2025 Timor-Leste Flood exposure and Climate Change assessment - Ogunwumi
byDeltares
 
DSD-INT 2025 3D-modelling of salt intrusion into Germany’s busiest waterway -...
byDeltares
 
DSD-INT 2025 Flood Early Warning System for the Trans-African Hydrometeorolog...
byDeltares
 
IAAM Meetup #7 chez Onepoint - Construire un Rag-as-a-service en production. ...
byiaaixmarseille
 
Breaking the Vulnerability Management Cycle with Anchore and Echo
byAnchore
 
DSD-INT 2025 Advancing Urban Flood Modeling with Delft3D FM 1D2D - A Pilot St...
byDeltares
 
Smarter Testing Safer Systems Balancing AI and Oversight in Regulated Environ...
byApplitools
 
Understanding-ROM-RAM-Cache-and-Buffer-Memory.pptx.pptx
bylata2850
 
DSD-INT 2025 Modernizing Hydrodynamics in Large Flood Forecasting System - Mi...
byDeltares
 
DSD-INT 2025 The Sinterklaas Storm in the Southwest of the Netherlands - Wope...
byDeltares
 
Boost Productivity the Smart Way with AI Automation Solutions
byEllocent Labs
 
Building a RAG System for Customer Support - L1
byBogdan Mustata
 
How Device, OS, and Network Variability Affects App Experience - And How to T...
bykalichargn70th171
 
Zotero Software Demonstration. Biomedical Perspective
byDr Snehashis Singha
 
Microservices Architecture Benefits For Mobile Development.pdf
bydavidjohansen1597
 
The Sync Strikes Back: Tales from the MOPs Trenches
bybbedford2
 
In this document
Powered by AI

Introduction to managing dependencies in Gradle for multi-module projects, using a centralized properties file for versioning to simplify updates.

Challenges with dynamic dependency versions causing inconsistencies, and solutions like pinning specific versions to ensure reliability.

Introduction of Nebula's dependency lock plugin, which allows locking dependency versions and creating lock files to ensure consistent builds.

Issues arising from dependencies in multi-module setups, solutions include pinning versions and using dependency locking to resolve conflicts.

Managing dependencies with gradle

  • 1.
    Headline Gradle / Dependencies ManagingDependencies with Gradle Ads Engineering
  • 2.
    Problem 1 ● Managingdependencies in multi-module projects TOP LEVEL build.gradle settings.gradle Module A build.gradle: compile “netflix.platform:1.2” Module B build.gradle: compile “netflix.platform:?”
  • 3.
    Problem 1 --cont’d ● Managing dependencies in multi-module projects TOP LEVEL build.gradle settings.gradle Module A build.gradle: compile “netflix.platform:1.2” Module B build.gradle: compile “netflix.platform:1.2”
  • 4.
    Problem 1 --cont’d ● To update platform version to 2.3: TOP LEVEL build.gradle settings.gradle Module A build.gradle: compile “netflix.platform:2.3” Module B build.gradle: compile “netflix.platform:2.3” ● Result: 2 edits …. or N edits!
  • 5.
    Problem 1 --Solution ● Use gradle.properties TOP LEVEL build.gradle settings.gradle gradle.properties
  • 6.
    Problem 1 --Solution -- cont’d ● What is it? ○ Normal Java properties file -- used to store module versions (amongst others): gradle.properties … platformVersion=1.2 libraryXVersion=latest.release ... ● The values from the properties file can be referenced in build.gradle file: build.gradle … compile “netflix:platform: $platformVersion” compile “some:library: $libraryXVersion” ... ● Use the groovy string “ (double quotes not single)
  • 7.
    Problem 1 --Solution -- cont’d ● The versions can be referenced in all build.gradle files! TOP LEVEL build.gradle settings.gradle gradle.properties Module A build.gradle: compile “netflix.platform:$platformVersion” Module B build.gradle: compile “netflix.platform:$platformVersion” … platformVersion=1.2 libraryXVersion=latest.release ... ● One centralized place to change version numbers.
  • 8.
    Problem 2 ● Nebulapromises repeatable immutable builds ● But! // build.gradle snippet ... compile “netflix:platform:latest.release” …
  • 9.
    Problem 2 --cont’d Day 1 platform.versions ● 1.1 ● 1.2 latest.release -> 1.2 Build includes platform-1.2
  • 10.
    Problem 2 --cont’d Day 1 platform.versions ● 1.1 ● 1.2 latest.release -> 1.2 Day 2 platform.versions ● 1.1 ● 1.2 ● 1.3 latest.release -> 1.3 Build includes platform-1.3
  • 11.
    Problem 2 --cont’d Day 1 platform.versions ● 1.1 ● 1.2 latest.release -> 1.2 Day 2 platform.versions ● 1.1 ● 1.2 ● 1.3 latest.release -> 1.3 Day 3 platform.versions ● 1.1 ● 1.2 ● 1.3 ● 2.0 (breaks binary compatibility) latest.release -> 2.0 Build includes platform-2.0 (and fails!)
  • 12.
    Problem 2 --One Solution ● Pin version down // build.gradle snippet ... compile “netflix:platform:1.2” …
  • 13.
    Problem 2 --One Solution -- cont’d ● Pin version down // build.gradle snippet ... compile “netflix:platform:1.2” … Problem: Have to manually update versions now every time there is a new release. (Tedious and error-prone.)
  • 14.
    Problem 2 --nebula-dependency-lock Gradle Plugin ● Part of the Nebula gradle plugins family: https://github.com/nebula- plugins/gradle-dependency-lock-plugin A plugin to allow people using dynamic dependency versions to lock them to specific versions. ● We can still use “latest.release” as the version number, but decide when the version gets incremented, regardless of the versions of the components available in the repository
  • 15.
    ● How? ● Createsa (JSON) “lock” file in the project directory with the current version numbers. ● Lock file does NOT get updated during the normal build process -- so versions are “locked” until the lock file is updated ● Provides Gradle tasks to update the lock file ● Committing the “lock” file into SCM (git/stash/etc) means building from the commit (hash) at any time will use the same versions always nebula-dependency-lock Gradle Plugin -- Cont’d
  • 16.
    ● Usage: simplyreference the plugin in the build.gradle: apply plugin: 'nebula.dependency-lock' ● Create a lock file: gradle generateLock saveLock Or (for multi-module projects) gradle generateGlobalLock saveGlobalLock (in root project) nebula-dependency-lock Gradle Plugin -- Cont’d
  • 17.
    ● To updatedependency graph (i.e. when new library gets added to dependencies) -- but not update the versions! gradle updateLock saveLock Or gradle updateGlobalLock saveGlobalLock ● In fact generateLock/updateLock and generateGlobalLock/updateGlobalLock are equivalent so they can be interchanged ○ Same command can be used in both cases nebula-dependency-lock Gradle Plugin -- Cont’d
  • 18.
    ● To updateversions gradle updateLock saveLock --refresh-dependencies Or gradle updateGlobalLock saveGlobalLock --refresh- dependencies nebula-dependency-lock Gradle Plugin -- Cont’d
  • 19.
    ● More goodness:plugging in nebula gradle-scm-plugins ● What is it ○ Suite of Nebula plugins for interfacing with SCM (git/stash/etc) ○ On Github: https://github.com/nebula-plugins/gradle-scm-plugin ● Specialized plugins for each SCM ○ gradle-git-scm-plugin is the plugin for Stash/Git ○ On Github: https://github.com/nebula-plugins/gradle-git-scm-plugin ● Creates tasks for committing from build.gradle into Stash/Git nebula-dependency-lock Gradle Plugin -- Cont’d
  • 20.
    ● When usedin the same project with nebula-dependency-lock, a commitLock task is created: ○ Commits the dependency “lock” file into SCM ○ For git/stash it does a commit + push (sync local/remote repos) ● Following updates the lock file and pushes it to the remote repository: gradle updateLock saveLock commitLock --refresh-dependencies Or gradle updateGlobalLock saveGlobalLock commitLock --refresh- dependencies (Note the name of task is commitLock for both types of projects!) nebula-dependency-lock Gradle Plugin -- Cont’d
  • 21.
    Automatic nightly checkeddependencies version upgrade: ● Everyone commits into master (assume we commit just code -- not update dependencies too) ● Nightly, Jenkins job to: a. gradle updateLock saveLock b. gradle build test integrationTest c. gradle commitLock ● Every morning the lock file will contain the latest versions which don’t break the project! ■ Or if one of the new versions causes issues then you get notified by Jenkins! nebula-dependency-lock Gradle Plugin -- Cont’d
  • 22.
    ● Multi-module orseparate modules? Problem 3 Module A Module B libX:1.0 libY:2.0 libZ:3.0 Module A: latest libX:1.0 libY:2.0 TOP LEVEL Module A libX:1.0 libY:2.0 Module B libZ:3.0 Module A
  • 23.
    Problem 3 --cont’d Module A Module B libX:1.0 libY:2.0 libZ:3.0 Module A: latest libX:1.0 libY:2.0 TOP LEVEL Module A libX:1.0 libY:2.0 Module B libZ:3.0 Module A Own Repo Own Jenkins Job Own Repo Own Jenkins Job One Repo One Jenkins Job
  • 24.
    Problem 3 --cont’d Module A Module B libX:1.0 libY:latest libZ:3.0 Module A: latest libX:1.0 libY:2.0 ● Dependencies Update -- separate modules libY: ● 2.0 ● 2.1 libY:2.1 Artifactory Module A: 1.1
  • 25.
    Problem 3 --cont’d Module A Module B libX:1.0 libY:latest libZ:3.0 Module A: 1.1 libX:1.0 libY:2.1 ● Dependencies Update -- separate modules libY: ● 2.0 ● 2.1 libY:2.1 Artifactory Module A: 1.1
  • 26.
    Problem 3 --cont’d Module A Module B libX:1.0 libY:latest libZ:3.0 Module A: 1.1 libX:1.0 libY:2.1 ● Dependencies Update -- separate modules libY: ● 2.0 ● 2.1 libY:2.1 Artifactory Module A: 1.1 CONFLICT! (Only visible when Module B gets compiled)
  • 27.
    Problem 3 --cont’d Solutions for conflict (separate modules): ● Go back to Module A and pin libY to version to 2.0 ○ Requires changes in A + rebuild A ● Change Module B and force pin libY to version 2.0 ○ Simply pin to 2.0 won’t work because Module A drags a new version (2.1) ○ Now Module A and B use different versions of libY (so any project using both of them will have to force pin libY) ● Change Module B to exclude libY when pulling Module A ○ Will use whatever version Module B has for libY ○ Again, Module A and B use different versions
  • 28.
    Problem 3 --cont’d Module B libZ:3.0 Module A: latest libX:1.0 libY:latest ● Dependencies Update -- multi-modules libY: ● 2.0 ● 2.1 Artifactory libY:2.1
  • 29.
    Problem 3 --cont’d Module B libZ:3.0 Module A: latest libX:1.0 libY:latest ● Dependencies Update -- multi-modules libY: ● 2.0 ● 2.1 Artifactory libY:2.1 CONFLICT! (Visible right away)
  • 30.
    Problem 3 --cont’d Solutions for conflict (multi-module): ● Pin libY to version to 2.0 ○ Requires one single change (in gradle.properties) ● Use dependency locking ○ The nightly build “catches” the incompatibility with 2.1 and doesn’t upgrade dependencies
  • 31.