Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Managing Dependencies for Spring Projects with Gradle

jlstrater
May 16, 2019
Technology
2
730

Managing Dependencies for Spring Projects with Gradle

Managing dependencies is hard. For Spring projects, Gradle and Maven are just two of the tools we can use to help make dependency management easier. They both handle dependency management effectively, but in very different ways. For example, Maven uses BOMs, and, until recently, Gradle didn’t have an equivalent concept. Because of this and other differences, the Spring Dependency Management plugin was created so that Gradle users who already knew Maven could manage dependencies in a way that was familiar to them.

For earlier versions of Gradle, the plugin’s version enforcement and dependency exclusion features were revolutionary and led to the Spring Dependency Management Plugin’s popularity in the Spring ecosystem and spread to other JVM-based communities such as Android. Now that Gradle 5.X includes native BOM support, users can replace parts of the plugin and take advantage of the productivity gains of the native support.

In this session, we’ll go over some basic use cases for Gradle native BOM support and show you how to use it to manage the dependencies of a Spring Boot application. We’ll also look at some scenarios where you’ll still want to use the Spring Dependency Management Gradle plugin.

jlstrater

May 16, 2019
Tweet

More Decks by jlstrater

See All by jlstrater
Code as Art
jlstrater
0
280
Codenarc Revisited GR8Conf EU 2019
jlstrater
0
120
test driven docs javaland 2019
jlstrater
1
410
Test Driven Docs Warsaw JUG 2018
jlstrater
1
990
Why Groovy Gr8Conf 2018
jlstrater
1
630
Why Groovy Berlin GUG March 2018
jlstrater
0
43
Test Driven Docs SpringOne 2017
jlstrater
2
1.3k
Test Driven Docs APIConf DE 2017
jlstrater
1
1.5k
Introduction to Documentation with Asciidoctor
jlstrater
0
64

Other Decks in Technology

See All in Technology
Dive Into The Cutting-edge LINE API Innovations
linedevth
2
490
コロプラゲームバックエンド共通基盤 運用・開発体制の紹介
colopl
0
140
SRE を実践するためのプラットフォームの作り方と技術マネジメント / Building a Platform for SRE
irotoris
1
3.4k
信頼性目標とシステムアーキテクチャー / Reliability Objective and System Architecture
ymotongpoo
12
3.9k
LINEスタンプのSREing事例集:大きなスパイクアクセスを捌くためのSREing
line_developers
PRO
1
280
Deploy web frontend apps with AWS CDK
tmokmss
1
150
230928 watsonx.ai 利用準備とデモアプリ紹介(前編:環境構築編)
teruterubohz_ibm
0
100
増え続ける公開アプリケーションへの悪意あるアクセス_多層防御を取り入れるSRE活動_.pdf
yoshiiryo1
0
400
LLMアプリケーションの安定性を高めるための精度評価・改善
nrryuya
3
1.4k
背伸びしないコンポーネントの始め方
yuneco
1
620
オーティファイ会社紹介資料 / Autify Company Deck
autifyhq
7
91k
Renovate を使った ライブラリアップデート 仕組み化の取り組み
andpad
0
260

Featured

See All Featured
Building a Modern Day 
E-commerce SEO Strategy
aleyda
12
5.7k
Done Done
chrislema
178
15k
Making the Leap to Tech Lead
cromwellryan
119
8.1k
How to train your dragon (web standard)
notwaldorf
70
4.7k
How to name files
jennybc
56
85k
We Have a Design System, Now What?
morganepeng
40
6.3k
Become a Pro
speakerdeck
PRO
8
3.5k
What's new in Ruby 2.0
geeforr
336
30k
Code Reviewing Like a Champion
maltzj
510
38k
BBQ
matthewcrist
76
8.4k
Three Pipe Problems
jasonvnalue
89
9.2k
Fireside Chat
paigeccino
18
2.2k

Transcript

  1. Andy Wilkinson
    @ankinson
    Managing Dependencies for Spring
    Projects with Gradle
    Jenn Strater
    @codeJENNerator

    View Slide

  2. Outline
    • Introduction to the Spring Dependency Management Gradle Plugin
    • Gradle 5 and beyond
    • Migration Tips

    View Slide

  3. Outline
    • Introduction to the Spring Dependency Management Gradle Plugin
    • Gradle 5 and beyond
    • Migration Tips

    View Slide

  4. View Slide

  5. spring-boot-dependencies
    • Maven bill of materials (bom)
    • Manages dependency versions (and Maven plugin versions)
    • Both Spring and third-party dependencies
    • Over 150 version properties
    • Over 800 dependencies

    View Slide



  6. 5.1.6.RELEASE

    3.0.10.RELEASE






    org.thymeleaf
    thymeleaf
    ${thymeleaf.version}




    spring-boot-dependencies

    View Slide

  7. • Removes the need to think about versions when declaring
    dependencies
    • Provides a consistent version across a library’s modules
    • Avoids accidentally mixing acme-core 1.2 with acme-server 1.1
    • Provides default versions that are tested and known to work together
    • Just an opinion
    • Override to meet a project’s needs
    Why is a bom a good thing?

    View Slide

  8. View Slide

  9. View Slide

  10. Importing a bom
    plugins {
    id 'io.spring.dependency-management' version '1.0.7.RELEASE'
    }
    dependencyManagement {
    imports {
    mavenBom 'o.s.b:spring-boot-dependencies:2.1.4.RELEASE'
    }
    }

    View Slide

  11. $ ./gradlew dependencyManagement
    > Task :dependencyManagement
    ------------------------------------------------------------
    Root project
    ------------------------------------------------------------
    global - Default dependency management for all configurations

    org.thymeleaf:thymeleaf 3.0.11.RELEASE
    org.thymeleaf:thymeleaf-spring5 3.0.11.RELEASE
    org.thymeleaf.extras:thymeleaf-extras-java8time 3.0.4.RELEASE
    org.thymeleaf.extras:thymeleaf-extras-springsecurity5 3.0.4.RELEASE

    Importing a bom

    View Slide

  12. plugins {
    id 'org.springframework.boot' version '2.1.4.RELEASE'
    }
    apply plugin: 'io.spring.dependency-management'
    Spring Boot does this for you

    View Slide

  13. dependencies {
    runtime 'org.thymeleaf:thymeleaf-spring5'
    }
    Overriding a version
    runtimeClasspath - Runtime classpath of source set 'main'.
    \--- org.thymeleaf:thymeleaf-spring5 -> 3.0.11.RELEASE
    +--- org.thymeleaf:thymeleaf:3.0.11.RELEASE
    | +--- org.attoparser:attoparser:2.0.5.RELEASE
    | +--- org.unbescape:unbescape:1.1.6.RELEASE
    | \--- org.slf4j:slf4j-api:1.7.25 -> 1.7.26
    \--- org.slf4j:slf4j-api:1.7.25 -> 1.7.26

    View Slide

  14. Overriding a version
    dependencies {
    runtime 'org.thymeleaf:thymeleaf-spring5:3.0.10.RELEASE'
    }
    runtimeClasspath - Runtime classpath of source set 'main'.
    \--- org.thymeleaf:thymeleaf-spring5:3.0.10.RELEASE
    +--- org.thymeleaf:thymeleaf:3.0.10.RELEASE -> 3.0.11.RELEASE
    | +--- org.attoparser:attoparser:2.0.5.RELEASE
    | +--- org.unbescape:unbescape:1.1.6.RELEASE
    | \--- org.slf4j:slf4j-api:1.7.25 -> 1.7.26
    \--- org.slf4j:slf4j-api:1.7.25 -> 1.7.26

    View Slide

  15. Overriding a version
    ext['thymeleaf.version'] = '3.0.10.RELEASE'
    runtimeClasspath - Runtime classpath of source set 'main'.
    \--- org.thymeleaf:thymeleaf-spring5 -> 3.0.10.RELEASE
    +--- org.thymeleaf:thymeleaf:3.0.10.RELEASE
    | +--- org.attoparser:attoparser:2.0.5.RELEASE
    | +--- org.unbescape:unbescape:1.1.6.RELEASE
    | \--- org.slf4j:slf4j-api:1.7.25 -> 1.7.26
    \--- org.slf4j:slf4j-api:1.7.25 -> 1.7.26

    View Slide

  16. Maven-style exclusions
    example
    exclusions
    0.0.1


    org.springframework
    spring-core
    4.1.3.RELEASE


    commons-logging
    commons-logging




    View Slide

  17. Maven-style exclusions


    example
    exclusions
    0.0.1


    org.springframework
    spring-beans


    dependencies {
    implementation 'example:exclusions:0.0.1'
    implementation 'org.springframework:spring-beans'
    }

    View Slide

  18. Maven-style exclusions
    +- example:exclusions:jar:0.0.1:compile
    | \- org.springframework:spring-core:jar:4.1.3.RELEASE:compile
    \- org.springframework:spring-beans:jar:4.1.3.RELEASE:compile
    +--- com.example:exclusion-example:1.0
    | \--- org.springframework:spring-core:4.1.3.RELEASE
    | \--- commons-logging:commons-logging:1.2
    \--- org.springframework:spring-beans:4.1.3.RELEASE
    \--- org.springframework:spring-core:4.1.3.RELEASE (*)

    View Slide

  19. Outline
    • Introduction to the Spring Dependency Management Gradle Plugin
    • Gradle 5 and beyond
    • Migration Tips

    View Slide

  20. Outline
    • Introduction to the Spring Dependency Management Gradle Plugin
    • Gradle 5 and beyond
    • Migration Tips

    View Slide

  21. Native BOM Support

    View Slide

  22. Consuming Maven Dependencies
    https://docs.gradle.org/current/userguide/managing_transitive_dependencies.html#sec:bom_import
    dependencies {
    implementation enforcedPlatform('org.springframework.boot:spring-boot-dependencies:2.1.4.RELEASE')
    implementation ‘org.codehaus.groovy:groovy:2.5.7’
    }

    View Slide

  23. https://scans.gradle.com/s/dowsysqbnns44/dependencies?dependencies=groovy&expandAll

    View Slide

  24. Forcing specific versions
    https://docs.gradle.org/current/userguide/managing_transitive_dependencies.html#sec:bom_import
    dependencies {
    implementation enforcedPlatform('org.springframework.boot:spring-boot-dependencies:2.1.4.RELEASE')
    implementation(‘org.codehaus.groovy:groovy:2.5.7’) {
    force = true
    }
    }

    View Slide

  25. https://scans.gradle.com/s/25snam34zlriw/dependencies?dependencies=groovy&expandAll

    View Slide

  26. Using Gradle’s Conflict Resolution
    https://docs.gradle.org/current/userguide/managing_transitive_dependencies.html#sec:bom_import
    dependencies {
    implementation platform('org.springframework.boot:spring-boot-dependencies:2.1.4.RELEASE')
    implementation ‘org.codehaus.groovy:groovy:2.5.7’
    }

    View Slide

  27. https://scans.gradle.com/s/bwcwoumww2dtw/dependencies?dependencies=groovy&expandAll

    View Slide

  28. Overriding Groups of Dependencies
    https://docs.gradle.org/current/userguide/customizing_dependency_resolution_behavior.html#sec:dependency_resolve_rules
    dependencies {
    implementation platform('org.springframework.boot:spring-boot-dependencies:2.1.4.RELEASE')
    implementation "org.codehaus.groovy:groovy:2.5.7"
    }
    configurations.all {
    resolutionStrategy.eachDependency { DependencyResolveDetails details ->
    if (details.requested.group == 'org.codehaus.groovy') {
    details.useVersion '2.5.7'
    details.because 'upgrade to take advantage of new features'
    }
    }
    }

    View Slide

  29. https://scans.gradle.com/s/4sgi5nsf2zp7g/dependencies?dependencies=groovy&expandAll

    View Slide

  30. Performance

    View Slide

  31. https://scans.gradle.com/s/lopzbvymh2vmo/dependencies?toggled=W1swXV0

    View Slide

  32. https://scans.gradle.com/s/lopzbvymh2vmo/dependencies?toggled=W1swXV0

    View Slide

  33. With Gradle Native BOM Support
    https://scans.gradle.com/s/s3w7tsxmtc6xw/dependencies?toggled=W1swXV0

    View Slide

  34. Maven Publish Plugin
    • 5.2+ Resolved Dependencies vs Declared Dependencies

    View Slide

  35. 5.2+ Publishing Platforms with the Java Platform Plugin
    https://docs.gradle.org/current/userguide/java_platform_plugin.html#sec:java_platform_publishing

    View Slide

  36. 5.3+ Feature Variants
    Maven optional dependencies and more!

    View Slide

  37. Feature Variants

    View Slide

  38. Gradle Module Metadata Format

    View Slide

  39. Outline
    • Introduction to the Spring Dependency Management Gradle Plugin
    • Gradle 5 and beyond
    • Migration Tips

    View Slide

  40. Outline
    • Introduction to the Spring Dependency Management Gradle Plugin
    • Gradle 5 and beyond
    • Migration Tips

    View Slide

  41. Exclusions
    dependencies {
    implementation('log4j:log4j:1.2.15') {
    exclude group: 'javax.jms', module: 'jms'
    exclude group: 'com.sun.jdmk', module: 'jmxtools'
    exclude group: 'com.sun.jmx', module: 'jmxri'
    }
    }
    configurations {
    implementation {
    exclude group: 'javax.jms', module: 'jms'
    exclude group: 'com.sun.jdmk', module: 'jmxtools'
    exclude group: 'com.sun.jmx', module: 'jmxri'
    }
    }

    View Slide

  42. Multi-scope platform enforcement
    https://github.com/micronaut-projects/micronaut-profiles/issues/124

    View Slide

  43. IDE Support
    • Tooling hasn’t caught up to new 5.0 features
    • Issues are filed and should be fixed soon

    View Slide

  44. Overriding Version Properties
    ● The Plugin’s behavior is unique. It goes beyond both Maven and Gradle features.
    ● For upgrading, overriding is possible in Gradle.
    ● For downgrading, use:
    ○ • Dependency metadata rule to fix what the dependency declares and is wrong
    ○ • Substitutions to replace a given version with another
    ○ • Force
    ○ • Exclude
    ● Look for new Gradle releases to fix the remaining differences.

    View Slide

  45. Conclusion

    View Slide

  46. Thanks!
    Andy Wilkinson
    @ankinson
    Jenn Strater
    @codeJENNerator
    gradle.org/docs

    View Slide