Dependency Management in Gradle 5 and Beyond

Transcript

1. Dependency Management
   in Gradle 5 and beyond
   Jendrik Johannes, Gradle
   

   View Slide

2. PRODUCER
   A Model of Software Reuse
   

   View Slide

3. PRODUCER CONSUMER
   A Model of Software Reuse
   

   View Slide

4. PRODUCER CONSUMER
   REPOSITORY
   push
   software component
   component metadata
   A Model of Software Reuse
   

   View Slide

5. PRODUCER CONSUMER
   REPOSITORY
   push
   software component
   component metadata
   pull
   component metadata
   software component
   A Model of Software Reuse
   

   View Slide

6. Chapter 1:
   Versioning of Software Components
   Chapter 2:
   Different Variants of Software Components
   Chapter 3:
   Dealing with an imperfect World
   

   View Slide

7. Chapter 1:
   Versioning of Software Components
   Chapter 2:
   Different Variants of Software Components
   Chapter 3:
   Dealing with an imperfect World
   

   View Slide

8. PRODUCER CONSUMER
   REPOSITORY
   push
   software component
   component metadata
   pull
   component metadata
   software component
   

   View Slide

9. PRODUCER CONSUMER
   REPOSITORY
   push
   software component
   component metadata
   pull
   component metadata
   software component
   NULL 8 FUFFZEHN // BANK
   !
   

   View Slide

10. PRODUCER CONSUMER
    REPOSITORY
    push
    software component
    component metadata
    pull
    component metadata
    software component
    NULL 8 FUFFZEHN // BANK
    SantaSoft
    "
    !
    

    View Slide

11. NULL 8 FUFFZEHN // BANK
    

    View Slide

12. XMasTree
    by SantaSoft
    Open-source out-of-the-box Christmas trees for Java!
    From Christmas tree lovers for Christmas tree lovers!
    Maven
    dependencies {
    // just add your tree...
    implementation(“com.santasoft.xmastree:tree-swing:1.0”)
    // ...and decorate it as you like
    implementation(“com.santasoft.xmastree:lights-swing:1.0”)
    }
    Gradle
    // inject it in your UI code
    com.santasoft.xmastree.Tree.compose(container)
    

    View Slide

13. View Slide

14. View Slide

15. View Slide

16. View Slide

17. NULL 8 FUFFZEHN // BANK
    

    View Slide

18. XMasTree
    by SantaSoft
    Open-source out-of-the-box Christmas trees for Java!
    From Christmas tree lovers for Christmas tree lovers!
    Maven
    dependencies {
    // just add your tree...
    implementation(“com.santasoft.xmastree:tree-swing:2.0”)
    // ...and decorate it as you like
    implementation(“com.santasoft.xmastree:lights-swing:2.0”)
    }
    Gradle
    // inject it in your UI code
    com.santasoft.xmastree.Tree.compose(container)
    2.0 W
    ITH
    FLASHY
    LIGHTS!
    

    View Slide

19. View Slide

20. View Slide

21. Why did the Christmas tree crash?
    tree:1.0
    lights:1.0
    ornaments:1.0
    train:1.0
    tree:2.0
    lights:2.0
    ornaments:2.0
    train:2.0
    component
    repository
    

    View Slide

22. component
    repository
    Why did the Christmas tree crash?
    tree:1.0
    lights:1.0
    null8fuffzehn-desktop
    ornaments:1.0
    train:1.0
    tree:2.0
    lights:2.0
    ornaments:2.0
    train:2.0
    

    View Slide

23. component
    repository
    Why did the Christmas tree crash?
    tree:1.0
    lights:1.0
    null8fuffzehn-desktop
    ornaments:1.0
    train:1.0
    tree:2.0
    lights:2.0
    ornaments:2.0
    train:2.0
    

    View Slide

24. component
    repository
    Why did the Christmas tree crash?
    tree:1.0
    lights:1.0
    null8fuffzehn-desktop
    ornaments:1.0
    train:1.0
    tree:2.0
    lights:2.0
    ornaments:2.0
    train:2.0
    

    View Slide

25. component
    repository
    Why did the Christmas tree crash?
    tree:1.0
    lights:1.0
    null8fuffzehn-desktop
    ornaments:1.0
    train:1.0
    tree:2.0
    lights:2.0
    ornaments:2.0
    train:2.0
    

    View Slide

26. component
    repository
    Why did the Christmas tree crash?
    tree:1.0
    lights:1.0
    null8fuffzehn-desktop
    ornaments:1.0
    train:1.0
    tree:2.0
    lights:2.0
    ornaments:2.0
    train:2.0
    

    View Slide

27. component
    repository
    Why did the Christmas tree crash?
    tree:1.0
    lights:1.0
    null8fuffzehn-desktop
    ornaments:1.0
    train:1.0
    tree:2.0
    lights:2.0
    ornaments:2.0
    train:2.0
    conflict !
    

    View Slide

28. component
    repository
    Dependency Constraints
    tree:1.0
    lights:1.0
    ornaments:1.0
    train:1.0
    tree:2.0
    lights:2.0
    ornaments:2.0
    train:2.0
    depends-on
    

    View Slide

29. component
    repository
    Dependency Constraints
    tree:1.0
    lights:1.0
    ornaments:1.0
    train:1.0
    tree:2.0
    lights:2.0
    ornaments:2.0
    train:2.0
    depends-on
    (requires + constraints)
    constraints
    

    View Slide

30. component
    repository
    Dependency Constraints save Christmas
    tree:1.0
    lights:1.0
    ornaments:1.0
    train:1.0
    tree:2.0
    lights:2.0
    ornaments:2.0
    train:2.0
    depends-on
    (requires + constraints)
    constraints
    null8fuffzehn-desktop
    

    View Slide

31. component
    repository
    Dependency Constraints save Christmas
    tree:1.0
    lights:1.0
    ornaments:1.0
    train:1.0
    tree:2.0
    lights:2.0
    ornaments:2.0
    train:2.0
    depends-on
    (requires + constraints)
    constraints
    null8fuffzehn-desktop
    

    View Slide

32. com.santasoft.xmastree:tree-swing:2.0
    github.com/gradle/gradle/blob/master/subprojects/docs/src/
    
    docs/design/gradle-module-metadata-specification.md
    {
    "component": {
    "group": "com.santasoft.xmastree",
    "module": "tree-swing",
    "version": "2.0",
    },
    ...
    "dependencyConstraints": [
    {
    "group": "com.santasoft.xmastree",
    "module": "lights-swing",
    "version": {
    "requires": "2.0"
    }
    },
    {
    "group": "com.santasoft.xmastree",
    "module": "ornaments-swing",
    "version": {
    "requires": "2.0"
    }
    },
    {
    "group": "com.santasoft.xmastree",
    "module": "train-swing",
    "version": {
    "requires": "2.0"
    }
    }
    ],
    ...
    }
    component
    repository
    — tree-swing-2.0.jar
    
    — tree-swing-2.0.pom
    
    — tree-swing-2.0.module
    
    

    View Slide

33. Chapter 1:
    Versioning of Software Components
    Chapter 2:
    Different Variants of Software Components
    Chapter 3:
    Dealing with an imperfect World
    

    View Slide

34. NULL 8 FUFFZEHN // BANK
    

    View Slide

35. NULL 8 FUFFZEHN // BANK
    

    View Slide

36. Gradle_Android
    XMasTree
    by SantaSoft
    Open-source out-of-the-box Christmas trees for Java!
    From Christmas tree lovers for Christmas tree lovers!
    Maven
    dependencies {
    // just add your tree...
    implementation(“com.santasoft.xmastree:tree-swing:2.0”)
    // ...and decorate it as you like
    implementation(“com.santasoft.xmastree:lights-swing:2.0”)
    }
    Gradle
    // inject it in your UI code
    com.santasoft.xmastree.Tree.compose(container)
    NOW
    ALSO
    FOR
    ANDROID!
    2.0 W
    ITH
    FLASHY
    LIGHTS!
    

    View Slide

37. Gradle
    XMasTree
    by SantaSoft
    Open-source out-of-the-box Christmas trees for Java!
    From Christmas tree lovers for Christmas tree lovers!
    Maven
    dependencies {
    // just add your tree...
    implementation(“com.santasoft.xmastree:tree-android:2.0”)
    // ...and decorate it as you like
    implementation(“com.santasoft.xmastree:lights-android:2.0”)
    }
    // inject it in your UI code
    com.santasoft.xmastree.Tree.compose(container)
    Gradle_Android
    NOW
    ALSO
    FOR
    ANDROID!
    2.0 W
    ITH
    FLASHY
    LIGHTS!
    

    View Slide

38. View Slide

39. View Slide

40. View Slide

41. component
    repository
    Modeling Platforms as Variants
    tree-swing
    lights-swing
    null8fuffzehn-desktop
    ornaments-swing
    train-swing
    tree-android
    lights-android
    null8fuffzehn-android
    ornaments-android
    train-android
    

    View Slide

42. component
    repository
    Modeling Platforms as Variants
    tree-swing
    lights-swing
    ornaments-swing
    train-swing
    tree-android
    lights-android
    ornaments-android
    train-android
    null8fuffzehn-shared
    null8fuffzehn-desktop null8fuffzehn-android
    

    View Slide

43. component
    repository
    Modeling Platforms as Variants
    tree-swing
    lights-swing
    ornaments-swing
    train-swing
    tree-android
    lights-android
    ornaments-android
    train-android
    null8fuffzehn-shared
    null8fuffzehn-desktop null8fuffzehn-android
    tree
    lights
    ornaments
    train
    variant
    ui-framework = swing
    variant
    ui-framework = android
    ui-framework = swing ui-framework = android
    

    View Slide

44. component
    repository
    Modeling Platforms as Variants
    tree-swing
    lights-swing
    ornaments-swing
    train-swing
    tree-android
    lights-android
    ornaments-android
    train-android
    null8fuffzehn-shared
    null8fuffzehn-desktop null8fuffzehn-android
    tree
    lights
    ornaments
    train
    variant
    ui-framework = swing
    variant
    ui-framework = android
    ui-framework = swing ui-framework = android
    

    View Slide

45. component
    repository
    Modeling Platforms as Variants
    tree-swing
    lights-swing
    ornaments-swing
    train-swing
    tree-android
    lights-android
    ornaments-android
    train-android
    null8fuffzehn-shared
    null8fuffzehn-desktop null8fuffzehn-android
    tree
    lights
    ornaments
    train
    variant
    ui-framework = swing
    variant
    ui-framework = android
    ui-framework = swing ui-framework = android
    

    View Slide

46. Gradle_Android
    Gradle
    XMasTree
    by SantaSoft
    Open-source out-of-the-box Christmas trees for Java!
    From Christmas tree lovers for Christmas tree lovers!
    Maven
    // configure your tree
    dependencies {
    implementation(“com.santasoft.xmastree:lights”)
    }
    // choose your variant
    configurations.all {
    attributes { attribute(“ui-framework”, “android”) }
    }
    // inject it in your UI code
    com.santasoft.xmastree.Tree.compose(container)
    NOW
    ALSO
    FOR
    ANDROID!
    2.0 W
    ITH
    FLASHY
    LIGHTS!
    NOW
    W
    ITH
    VARIANT
    SUPPORT!
    Gradle_Variants
    

    View Slide

47. View Slide

48. View Slide

49. com.santasoft.xmastree:tree:2.0
    github.com/gradle/gradle/blob/master/subprojects/docs/src/
    
    docs/design/gradle-module-metadata-specification.md
    {
    "component": {
    "group": "com.santasoft.xmastree",
    "module": "tree",
    "version": "2.0",
    "attributes": {
    "org.gradle.status": "release"
    }
    },
    "variants": [
    {
    "name": "swing-api",
    "attributes": {
    "org.gradle.usage": "java-api",
    "ui-framework": "swing"
    },
    "available-at": {
    "url": "../../tree-swing/2.0/tree-swing-2.0.module",
    "group": "com.santasoft.xmastree",
    "module": "tree-swing",
    "version": "2.0"
    }
    },
    {
    "name": "android-api",
    "attributes": {
    "org.gradle.usage": "java-api",
    "ui-framework": "android"
    },
    "available-at": {
    "url": "../../tree-swing/2.0/tree-android-2.0.module",
    "group": "com.santasoft.xmastree",
    "module": "tree-android",
    "version": "2.0"
    }
    }
    ]
    ...
    }
    component
    repository
    
    
    — tree-swing-2.0.module
    
    

    View Slide

50. Chapter 1:
    Versioning of Software Components
    Chapter 2:
    Different Variants of Software Components
    Chapter 3:
    Dealing with the imperfect World
    

    View Slide

51. NULL 8 FUFFZEHN // BANK
    

    View Slide

52. What if the consumer has a different
    opinion than the producer?
    

    View Slide

53. PRODUCER CONSUMER
    REPOSITORY
    push
    software component
    component metadata
    pull
    component metadata
    software component
    NULL 8 FUFFZEHN // BANK
    SantaSoft
    "
    !
    What if the consumer has a different
    opinion than the producer?
    

    View Slide

54. component
    repository
    tree
    lights
    ornaments
    train
    What if the consumer has a different
    opinion than the producer?
    null8fuffzehn-desktop
    

    View Slide

55. component
    repository
    tree
    lights
    ornaments
    train
    What if the consumer has a different
    opinion than the producer?
    null8fuffzehn-desktop
    Component Metadata Rule
    

    View Slide

56. What if the producer “forgot” an
    important variant?
    

    View Slide

57. Gradle_Variants
    Gradle_Android
    Gradle
    XMasTree
    by SantaSoft
    Open-source out-of-the-box Christmas trees for Java!
    From Christmas tree lovers for Christmas tree lovers!
    Maven
    // configure your tree
    dependencies {
    implementation(“com.santasoft.xmastree:lights”)
    }
    // choose your variant
    configurations.all {
    attributes { attribute(“ui-framework”, “gif”) }
    }
    // inject it in your UI code
    com.santasoft.xmastree.Tree.compose(container)
    NOW
    ALSO
    FOR
    ANDROID!
    2.0 W
    ITH
    FLASHY
    LIGHTS!
    NOW
    W
    ITH
    VARIANT
    SUPPORT!
    NOW
    ALSO
    AS
    FLASHY
    GIF
    VARIANT!
    GIF
    

    View Slide

58. component
    repository
    tree-swing
    lights-swing
    ornaments-swing
    train-swing
    tree-gif
    lights-gif
    null8fuffzehn-shared
    null8fuffzehn-gif
    tree
    lights
    ornaments
    train
    variant
    ui-framework = swing
    variant
    ui-framework = gif
    ui-framework = gif
    What if the producer “forgot” an
    important variant?
    

    View Slide

59. component
    repository
    tree-swing
    lights-swing
    ornaments-swing
    train-swing
    tree-gif
    lights-gif
    null8fuffzehn-shared
    null8fuffzehn-gif
    tree
    lights
    ornaments
    train
    variant
    ui-framework = swing
    variant
    ui-framework = gif
    ui-framework = gif
    X
    What if the producer “forgot” an
    important variant?
    

    View Slide

60. What if the producer “forgot” an
    important variant?
    

    View Slide

61. What if the producer “forgot” an
    important variant?
    Artifact Transform
    

    View Slide

62. component
    repository
    tree-swing
    lights-swing
    ornaments-swing
    train-swing
    tree-gif
    lights-gif
    null8fuffzehn-shared
    null8fuffzehn-gif
    tree
    lights
    ornaments
    train
    variant
    ui-framework = swing
    variant
    ui-framework = gif
    ui-framework = gif
    What if the producer “forgot” an
    important variant?
    train-gif
    transformed into
    

    View Slide

63. Chapter 1:
    Versioning of Software Components
    Chapter 2:
    Different Variants of Software Components
    Chapter 3:
    Dealing with the imperfect World
    …and in the real world?
    

    View Slide

64. https://docs.google.com/document/d/
    1NYGbfz56C0Oh4IGymXjeQUVK4FcRiqDbpc4vGLnDMrY
    

    View Slide

65. https://docs.google.com/document/d/
    1NYGbfz56C0Oh4IGymXjeQUVK4FcRiqDbpc4vGLnDMrY
    

    View Slide

66. https://github.com/gradle/gradle/blob/master/buildSrc/subprojects/configuration/src/main/kotlin/
    org/gradle/gradlebuild/dependencies/DependenciesMetadataRulesPlugin.kt
    

    View Slide

67. https://github.com/gradle/gradle/blob/master/buildSrc/subprojects/packaging/src/main/kotlin/
    org/gradle/gradlebuild/packaging/MinifyTransform.kt
    

    View Slide

68. Gradle Summit 2017

    Dependencies, distributed code and engineering velocity

    - Mike McGarr, Netflix
    
    https://www.youtube.com/watch?v=k_mPS_1JpXM
    

    View Slide

69. Dependency Management
    in Gradle 5 and beyond
    Jendrik Johannes, Gradle
    

    View Slide

70. Dependency Constraints
    dependencies {
    implementation("org.apache.httpcomponents:httpclient")
    constraints {
    implementation("org.apache.httpcomponents:httpclient:4.5.3") {
    because("previous versions have a bug impacting this application")
    }
    implementation("commons-codec:commons-codec:1.11") {
    because("version 1.9 pulled from httpclient has bugs affecting this application")
    }
    }
    }
    

    View Slide

71. BOM/Platform support
    dependencies {
    // import a BOM
    implementation(platform(
    “org.springframework.boot:spring-boot-dependencies:1.5.8.RELEASE"))
    // define dependencies without versions
    implementation("com.google.code.gson:gson")
    implementation("dom4j:dom4j")
    }
    

    View Slide

72. dependencies {
    // get recommended versions from the platform project
    api(platform(project(":platform")))
    // no version required
    api("commons-httpclient:commons-httpclient")
    }
    Java Platform Plugin
    consumer
    plugins {
    `java-platform`
    }
    dependencies {
    constraints {
    // Platform declares some versions of libraries used in subprojects
    api("commons-httpclient:commons-httpclient:3.1")
    api("org.apache.commons:commons-lang3:3.8.1")
    }
    }
    producer
    

    View Slide

73. (New) Maven Publish Plugin
    publishing {
    publications {
    create("maven") {
    groupId = "org.gradle.sample"
    artifactId = "project1-sample"
    version = "1.1"
    from(components["java"])
    }
    }
    }
    enableFeaturePreview("GRADLE_METADATA")
    settings.gradle.kts
    

    View Slide

74. Dependency Locking
    configurations.compileClasspath {
    resolutionStrategy.activateDependencyLocking()
    }
    

    View Slide

75. Repository to dependency matching
    repositories {
    maven {
    url "https://repo.mycompany.com"
    content {
    includeGroupByRegex "com\\.mycompany.*"
    }
    }
    }
    

    View Slide

76. Christmas Tree by Jordan Irwin – https://opengameart.org/content/christmas-tree-0
    Compose your own Christmas trees: https://github.com/jjohannes/xmas-tree-reuse
    

    View Slide