Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Managing Dependencies for Spring Projects with Gradle

Managing Dependencies for Spring Projects with Gradle

Managing dependencies is hard. For Spring projects, Gradle and Maven are just two of the tools we can use to help make dependency management easier. They both handle dependency management effectively, but in very different ways. For example, Maven uses BOMs, and, until recently, Gradle didn’t have an equivalent concept. Because of this and other differences, the Spring Dependency Management plugin was created so that Gradle users who already knew Maven could manage dependencies in a way that was familiar to them.

For earlier versions of Gradle, the plugin’s version enforcement and dependency exclusion features were revolutionary and led to the Spring Dependency Management Plugin’s popularity in the Spring ecosystem and spread to other JVM-based communities such as Android. Now that Gradle 5.X includes native BOM support, users can replace parts of the plugin and take advantage of the productivity gains of the native support.

In this session, we’ll go over some basic use cases for Gradle native BOM support and show you how to use it to manage the dependencies of a Spring Boot application. We’ll also look at some scenarios where you’ll still want to use the Spring Dependency Management Gradle plugin.

jlstrater

May 16, 2019
Tweet

More Decks by jlstrater

Other Decks in Technology

Transcript

  1. Andy Wilkinson
    @ankinson
    Managing Dependencies for Spring
    Projects with Gradle
    Jenn Strater
    @codeJENNerator

    View full-size slide

  2. Outline
    • Introduction to the Spring Dependency Management Gradle Plugin
    • Gradle 5 and beyond
    • Migration Tips

    View full-size slide

  3. Outline
    • Introduction to the Spring Dependency Management Gradle Plugin
    • Gradle 5 and beyond
    • Migration Tips

    View full-size slide

  4. spring-boot-dependencies
    • Maven bill of materials (bom)
    • Manages dependency versions (and Maven plugin versions)
    • Both Spring and third-party dependencies
    • Over 150 version properties
    • Over 800 dependencies

    View full-size slide



  5. 5.1.6.RELEASE

    3.0.10.RELEASE






    org.thymeleaf
    thymeleaf
    ${thymeleaf.version}




    spring-boot-dependencies

    View full-size slide

  6. • Removes the need to think about versions when declaring
    dependencies
    • Provides a consistent version across a library’s modules
    • Avoids accidentally mixing acme-core 1.2 with acme-server 1.1
    • Provides default versions that are tested and known to work together
    • Just an opinion
    • Override to meet a project’s needs
    Why is a bom a good thing?

    View full-size slide

  7. Importing a bom
    plugins {
    id 'io.spring.dependency-management' version '1.0.7.RELEASE'
    }
    dependencyManagement {
    imports {
    mavenBom 'o.s.b:spring-boot-dependencies:2.1.4.RELEASE'
    }
    }

    View full-size slide

  8. $ ./gradlew dependencyManagement
    > Task :dependencyManagement
    ------------------------------------------------------------
    Root project
    ------------------------------------------------------------
    global - Default dependency management for all configurations

    org.thymeleaf:thymeleaf 3.0.11.RELEASE
    org.thymeleaf:thymeleaf-spring5 3.0.11.RELEASE
    org.thymeleaf.extras:thymeleaf-extras-java8time 3.0.4.RELEASE
    org.thymeleaf.extras:thymeleaf-extras-springsecurity5 3.0.4.RELEASE

    Importing a bom

    View full-size slide

  9. plugins {
    id 'org.springframework.boot' version '2.1.4.RELEASE'
    }
    apply plugin: 'io.spring.dependency-management'
    Spring Boot does this for you

    View full-size slide

  10. dependencies {
    runtime 'org.thymeleaf:thymeleaf-spring5'
    }
    Overriding a version
    runtimeClasspath - Runtime classpath of source set 'main'.
    \--- org.thymeleaf:thymeleaf-spring5 -> 3.0.11.RELEASE
    +--- org.thymeleaf:thymeleaf:3.0.11.RELEASE
    | +--- org.attoparser:attoparser:2.0.5.RELEASE
    | +--- org.unbescape:unbescape:1.1.6.RELEASE
    | \--- org.slf4j:slf4j-api:1.7.25 -> 1.7.26
    \--- org.slf4j:slf4j-api:1.7.25 -> 1.7.26

    View full-size slide

  11. Overriding a version
    dependencies {
    runtime 'org.thymeleaf:thymeleaf-spring5:3.0.10.RELEASE'
    }
    runtimeClasspath - Runtime classpath of source set 'main'.
    \--- org.thymeleaf:thymeleaf-spring5:3.0.10.RELEASE
    +--- org.thymeleaf:thymeleaf:3.0.10.RELEASE -> 3.0.11.RELEASE
    | +--- org.attoparser:attoparser:2.0.5.RELEASE
    | +--- org.unbescape:unbescape:1.1.6.RELEASE
    | \--- org.slf4j:slf4j-api:1.7.25 -> 1.7.26
    \--- org.slf4j:slf4j-api:1.7.25 -> 1.7.26

    View full-size slide

  12. Overriding a version
    ext['thymeleaf.version'] = '3.0.10.RELEASE'
    runtimeClasspath - Runtime classpath of source set 'main'.
    \--- org.thymeleaf:thymeleaf-spring5 -> 3.0.10.RELEASE
    +--- org.thymeleaf:thymeleaf:3.0.10.RELEASE
    | +--- org.attoparser:attoparser:2.0.5.RELEASE
    | +--- org.unbescape:unbescape:1.1.6.RELEASE
    | \--- org.slf4j:slf4j-api:1.7.25 -> 1.7.26
    \--- org.slf4j:slf4j-api:1.7.25 -> 1.7.26

    View full-size slide

  13. Maven-style exclusions
    example
    exclusions
    0.0.1


    org.springframework
    spring-core
    4.1.3.RELEASE


    commons-logging
    commons-logging




    View full-size slide

  14. Maven-style exclusions


    example
    exclusions
    0.0.1


    org.springframework
    spring-beans


    dependencies {
    implementation 'example:exclusions:0.0.1'
    implementation 'org.springframework:spring-beans'
    }

    View full-size slide

  15. Maven-style exclusions
    +- example:exclusions:jar:0.0.1:compile
    | \- org.springframework:spring-core:jar:4.1.3.RELEASE:compile
    \- org.springframework:spring-beans:jar:4.1.3.RELEASE:compile
    +--- com.example:exclusion-example:1.0
    | \--- org.springframework:spring-core:4.1.3.RELEASE
    | \--- commons-logging:commons-logging:1.2
    \--- org.springframework:spring-beans:4.1.3.RELEASE
    \--- org.springframework:spring-core:4.1.3.RELEASE (*)

    View full-size slide

  16. Outline
    • Introduction to the Spring Dependency Management Gradle Plugin
    • Gradle 5 and beyond
    • Migration Tips

    View full-size slide

  17. Outline
    • Introduction to the Spring Dependency Management Gradle Plugin
    • Gradle 5 and beyond
    • Migration Tips

    View full-size slide

  18. Native BOM Support

    View full-size slide

  19. Consuming Maven Dependencies
    https://docs.gradle.org/current/userguide/managing_transitive_dependencies.html#sec:bom_import
    dependencies {
    implementation enforcedPlatform('org.springframework.boot:spring-boot-dependencies:2.1.4.RELEASE')
    implementation ‘org.codehaus.groovy:groovy:2.5.7’
    }

    View full-size slide

  20. https://scans.gradle.com/s/dowsysqbnns44/dependencies?dependencies=groovy&expandAll

    View full-size slide

  21. Forcing specific versions
    https://docs.gradle.org/current/userguide/managing_transitive_dependencies.html#sec:bom_import
    dependencies {
    implementation enforcedPlatform('org.springframework.boot:spring-boot-dependencies:2.1.4.RELEASE')
    implementation(‘org.codehaus.groovy:groovy:2.5.7’) {
    force = true
    }
    }

    View full-size slide

  22. https://scans.gradle.com/s/25snam34zlriw/dependencies?dependencies=groovy&expandAll

    View full-size slide

  23. Using Gradle’s Conflict Resolution
    https://docs.gradle.org/current/userguide/managing_transitive_dependencies.html#sec:bom_import
    dependencies {
    implementation platform('org.springframework.boot:spring-boot-dependencies:2.1.4.RELEASE')
    implementation ‘org.codehaus.groovy:groovy:2.5.7’
    }

    View full-size slide

  24. https://scans.gradle.com/s/bwcwoumww2dtw/dependencies?dependencies=groovy&expandAll

    View full-size slide

  25. Overriding Groups of Dependencies
    https://docs.gradle.org/current/userguide/customizing_dependency_resolution_behavior.html#sec:dependency_resolve_rules
    dependencies {
    implementation platform('org.springframework.boot:spring-boot-dependencies:2.1.4.RELEASE')
    implementation "org.codehaus.groovy:groovy:2.5.7"
    }
    configurations.all {
    resolutionStrategy.eachDependency { DependencyResolveDetails details ->
    if (details.requested.group == 'org.codehaus.groovy') {
    details.useVersion '2.5.7'
    details.because 'upgrade to take advantage of new features'
    }
    }
    }

    View full-size slide

  26. https://scans.gradle.com/s/4sgi5nsf2zp7g/dependencies?dependencies=groovy&expandAll

    View full-size slide

  27. https://scans.gradle.com/s/lopzbvymh2vmo/dependencies?toggled=W1swXV0

    View full-size slide

  28. https://scans.gradle.com/s/lopzbvymh2vmo/dependencies?toggled=W1swXV0

    View full-size slide

  29. With Gradle Native BOM Support
    https://scans.gradle.com/s/s3w7tsxmtc6xw/dependencies?toggled=W1swXV0

    View full-size slide

  30. Maven Publish Plugin
    • 5.2+ Resolved Dependencies vs Declared Dependencies

    View full-size slide

  31. 5.2+ Publishing Platforms with the Java Platform Plugin
    https://docs.gradle.org/current/userguide/java_platform_plugin.html#sec:java_platform_publishing

    View full-size slide

  32. 5.3+ Feature Variants
    Maven optional dependencies and more!

    View full-size slide

  33. Feature Variants

    View full-size slide

  34. Gradle Module Metadata Format

    View full-size slide

  35. Outline
    • Introduction to the Spring Dependency Management Gradle Plugin
    • Gradle 5 and beyond
    • Migration Tips

    View full-size slide

  36. Outline
    • Introduction to the Spring Dependency Management Gradle Plugin
    • Gradle 5 and beyond
    • Migration Tips

    View full-size slide

  37. Exclusions
    dependencies {
    implementation('log4j:log4j:1.2.15') {
    exclude group: 'javax.jms', module: 'jms'
    exclude group: 'com.sun.jdmk', module: 'jmxtools'
    exclude group: 'com.sun.jmx', module: 'jmxri'
    }
    }
    configurations {
    implementation {
    exclude group: 'javax.jms', module: 'jms'
    exclude group: 'com.sun.jdmk', module: 'jmxtools'
    exclude group: 'com.sun.jmx', module: 'jmxri'
    }
    }

    View full-size slide

  38. Multi-scope platform enforcement
    https://github.com/micronaut-projects/micronaut-profiles/issues/124

    View full-size slide

  39. IDE Support
    • Tooling hasn’t caught up to new 5.0 features
    • Issues are filed and should be fixed soon

    View full-size slide

  40. Overriding Version Properties
    ● The Plugin’s behavior is unique. It goes beyond both Maven and Gradle features.
    ● For upgrading, overriding is possible in Gradle.
    ● For downgrading, use:
    ○ • Dependency metadata rule to fix what the dependency declares and is wrong
    ○ • Substitutions to replace a given version with another
    ○ • Force
    ○ • Exclude
    ● Look for new Gradle releases to fix the remaining differences.

    View full-size slide

  41. Thanks!
    Andy Wilkinson
    @ankinson
    Jenn Strater
    @codeJENNerator
    gradle.org/docs

    View full-size slide