Slide 1

Slide 1 text

Andy Wilkinson @ankinson Managing Dependencies for Spring Projects with Gradle Jenn Strater @codeJENNerator

Slide 2

Slide 2 text

Outline • Introduction to the Spring Dependency Management Gradle Plugin • Gradle 5 and beyond • Migration Tips

Slide 3

Slide 3 text

Outline • Introduction to the Spring Dependency Management Gradle Plugin • Gradle 5 and beyond • Migration Tips

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

spring-boot-dependencies • Maven bill of materials (bom) • Manages dependency versions (and Maven plugin versions) • Both Spring and third-party dependencies • Over 150 version properties • Over 800 dependencies

Slide 6

Slide 6 text

… 5.1.6.RELEASE … 3.0.10.RELEASE … … org.thymeleaf thymeleaf ${thymeleaf.version} … spring-boot-dependencies

Slide 7

Slide 7 text

• Removes the need to think about versions when declaring dependencies • Provides a consistent version across a library’s modules • Avoids accidentally mixing acme-core 1.2 with acme-server 1.1 • Provides default versions that are tested and known to work together • Just an opinion • Override to meet a project’s needs Why is a bom a good thing?

Slide 8

Slide 8 text

No content

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

Importing a bom plugins { id 'io.spring.dependency-management' version '1.0.7.RELEASE' } dependencyManagement { imports { mavenBom 'o.s.b:spring-boot-dependencies:2.1.4.RELEASE' } }

Slide 11

Slide 11 text

$ ./gradlew dependencyManagement > Task :dependencyManagement ------------------------------------------------------------ Root project ------------------------------------------------------------ global - Default dependency management for all configurations … org.thymeleaf:thymeleaf 3.0.11.RELEASE org.thymeleaf:thymeleaf-spring5 3.0.11.RELEASE org.thymeleaf.extras:thymeleaf-extras-java8time 3.0.4.RELEASE org.thymeleaf.extras:thymeleaf-extras-springsecurity5 3.0.4.RELEASE … Importing a bom

Slide 12

Slide 12 text

plugins { id 'org.springframework.boot' version '2.1.4.RELEASE' } apply plugin: 'io.spring.dependency-management' Spring Boot does this for you

Slide 13

Slide 13 text

dependencies { runtime 'org.thymeleaf:thymeleaf-spring5' } Overriding a version runtimeClasspath - Runtime classpath of source set 'main'. \--- org.thymeleaf:thymeleaf-spring5 -> 3.0.11.RELEASE +--- org.thymeleaf:thymeleaf:3.0.11.RELEASE | +--- org.attoparser:attoparser:2.0.5.RELEASE | +--- org.unbescape:unbescape:1.1.6.RELEASE | \--- org.slf4j:slf4j-api:1.7.25 -> 1.7.26 \--- org.slf4j:slf4j-api:1.7.25 -> 1.7.26

Slide 14

Slide 14 text

Overriding a version dependencies { runtime 'org.thymeleaf:thymeleaf-spring5:3.0.10.RELEASE' } runtimeClasspath - Runtime classpath of source set 'main'. \--- org.thymeleaf:thymeleaf-spring5:3.0.10.RELEASE +--- org.thymeleaf:thymeleaf:3.0.10.RELEASE -> 3.0.11.RELEASE | +--- org.attoparser:attoparser:2.0.5.RELEASE | +--- org.unbescape:unbescape:1.1.6.RELEASE | \--- org.slf4j:slf4j-api:1.7.25 -> 1.7.26 \--- org.slf4j:slf4j-api:1.7.25 -> 1.7.26

Slide 15

Slide 15 text

Overriding a version ext['thymeleaf.version'] = '3.0.10.RELEASE' runtimeClasspath - Runtime classpath of source set 'main'. \--- org.thymeleaf:thymeleaf-spring5 -> 3.0.10.RELEASE +--- org.thymeleaf:thymeleaf:3.0.10.RELEASE | +--- org.attoparser:attoparser:2.0.5.RELEASE | +--- org.unbescape:unbescape:1.1.6.RELEASE | \--- org.slf4j:slf4j-api:1.7.25 -> 1.7.26 \--- org.slf4j:slf4j-api:1.7.25 -> 1.7.26

Slide 16

Slide 16 text

Maven-style exclusions example exclusions 0.0.1 org.springframework spring-core 4.1.3.RELEASE commons-logging commons-logging

Slide 17

Slide 17 text

Maven-style exclusions example exclusions 0.0.1 org.springframework spring-beans dependencies { implementation 'example:exclusions:0.0.1' implementation 'org.springframework:spring-beans' }

Slide 18

Slide 18 text

Maven-style exclusions +- example:exclusions:jar:0.0.1:compile | \- org.springframework:spring-core:jar:4.1.3.RELEASE:compile \- org.springframework:spring-beans:jar:4.1.3.RELEASE:compile +--- com.example:exclusion-example:1.0 | \--- org.springframework:spring-core:4.1.3.RELEASE | \--- commons-logging:commons-logging:1.2 \--- org.springframework:spring-beans:4.1.3.RELEASE \--- org.springframework:spring-core:4.1.3.RELEASE (*)

Slide 19

Slide 19 text

Outline • Introduction to the Spring Dependency Management Gradle Plugin • Gradle 5 and beyond • Migration Tips

Slide 20

Slide 20 text

Outline • Introduction to the Spring Dependency Management Gradle Plugin • Gradle 5 and beyond • Migration Tips

Slide 21

Slide 21 text

Native BOM Support

Slide 22

Slide 22 text

Consuming Maven Dependencies https://docs.gradle.org/current/userguide/managing_transitive_dependencies.html#sec:bom_import dependencies { implementation enforcedPlatform('org.springframework.boot:spring-boot-dependencies:2.1.4.RELEASE') implementation ‘org.codehaus.groovy:groovy:2.5.7’ }

Slide 23

Slide 23 text

https://scans.gradle.com/s/dowsysqbnns44/dependencies?dependencies=groovy&expandAll

Slide 24

Slide 24 text

Forcing specific versions https://docs.gradle.org/current/userguide/managing_transitive_dependencies.html#sec:bom_import dependencies { implementation enforcedPlatform('org.springframework.boot:spring-boot-dependencies:2.1.4.RELEASE') implementation(‘org.codehaus.groovy:groovy:2.5.7’) { force = true } }

Slide 25

Slide 25 text

https://scans.gradle.com/s/25snam34zlriw/dependencies?dependencies=groovy&expandAll

Slide 26

Slide 26 text

Using Gradle’s Conflict Resolution https://docs.gradle.org/current/userguide/managing_transitive_dependencies.html#sec:bom_import dependencies { implementation platform('org.springframework.boot:spring-boot-dependencies:2.1.4.RELEASE') implementation ‘org.codehaus.groovy:groovy:2.5.7’ }

Slide 27

Slide 27 text

https://scans.gradle.com/s/bwcwoumww2dtw/dependencies?dependencies=groovy&expandAll

Slide 28

Slide 28 text

Overriding Groups of Dependencies https://docs.gradle.org/current/userguide/customizing_dependency_resolution_behavior.html#sec:dependency_resolve_rules dependencies { implementation platform('org.springframework.boot:spring-boot-dependencies:2.1.4.RELEASE') implementation "org.codehaus.groovy:groovy:2.5.7" } configurations.all { resolutionStrategy.eachDependency { DependencyResolveDetails details -> if (details.requested.group == 'org.codehaus.groovy') { details.useVersion '2.5.7' details.because 'upgrade to take advantage of new features' } } }

Slide 29

Slide 29 text

https://scans.gradle.com/s/4sgi5nsf2zp7g/dependencies?dependencies=groovy&expandAll

Slide 30

Slide 30 text

Performance

Slide 31

Slide 31 text

https://scans.gradle.com/s/lopzbvymh2vmo/dependencies?toggled=W1swXV0

Slide 32

Slide 32 text

https://scans.gradle.com/s/lopzbvymh2vmo/dependencies?toggled=W1swXV0

Slide 33

Slide 33 text

With Gradle Native BOM Support https://scans.gradle.com/s/s3w7tsxmtc6xw/dependencies?toggled=W1swXV0

Slide 34

Slide 34 text

Maven Publish Plugin • 5.2+ Resolved Dependencies vs Declared Dependencies

Slide 35

Slide 35 text

5.2+ Publishing Platforms with the Java Platform Plugin https://docs.gradle.org/current/userguide/java_platform_plugin.html#sec:java_platform_publishing

Slide 36

Slide 36 text

5.3+ Feature Variants Maven optional dependencies and more!

Slide 37

Slide 37 text

Feature Variants

Slide 38

Slide 38 text

Gradle Module Metadata Format

Slide 39

Slide 39 text

Outline • Introduction to the Spring Dependency Management Gradle Plugin • Gradle 5 and beyond • Migration Tips

Slide 40

Slide 40 text

Outline • Introduction to the Spring Dependency Management Gradle Plugin • Gradle 5 and beyond • Migration Tips

Slide 41

Slide 41 text

Exclusions dependencies { implementation('log4j:log4j:1.2.15') { exclude group: 'javax.jms', module: 'jms' exclude group: 'com.sun.jdmk', module: 'jmxtools' exclude group: 'com.sun.jmx', module: 'jmxri' } } configurations { implementation { exclude group: 'javax.jms', module: 'jms' exclude group: 'com.sun.jdmk', module: 'jmxtools' exclude group: 'com.sun.jmx', module: 'jmxri' } }

Slide 42

Slide 42 text

Multi-scope platform enforcement https://github.com/micronaut-projects/micronaut-profiles/issues/124

Slide 43

Slide 43 text

IDE Support • Tooling hasn’t caught up to new 5.0 features • Issues are filed and should be fixed soon

Slide 44

Slide 44 text

Overriding Version Properties ● The Plugin’s behavior is unique. It goes beyond both Maven and Gradle features. ● For upgrading, overriding is possible in Gradle. ● For downgrading, use: ○ • Dependency metadata rule to fix what the dependency declares and is wrong ○ • Substitutions to replace a given version with another ○ • Force ○ • Exclude ● Look for new Gradle releases to fix the remaining differences.

Slide 45

Slide 45 text

Conclusion

Slide 46

Slide 46 text

Thanks! Andy Wilkinson @ankinson Jenn Strater @codeJENNerator gradle.org/docs