POSSCON: Open Source and Dependency Management for Android

POSSCON: Open Source and Dependency Management for Android

Talked about how we use open source in mobile dev at 52inc and about Android's build system Gradle and it's dependency managment in devops


Drew Heavner

April 15, 2015


  1. Drew Heavner @r0adkll http://blog.r0adkll.com Lead Android Developer 52inc

  2. Open Source in Android • Everything from the OS itself

    to the tools it’s all open source. • Standing on the shoulders of Giants and not re- inventing the wheel • Let’s make our own Giants!
  3. Implementing Open Source Projects (It’s also open source)

  4. What is Gradle? • Automated build system • Polyglot builds

    • JVM, Android, Native, and Web • Flexible, Dynamic, and extensible • Plugin/Integration for every imaginable tool • Based on Groovy with complete interoperability with java
  5. Why Gradle? • Robust dependency management • Tool Integrations •

    High performance builds • Easy testing integrations • Unit & Instrumentation tests • Multiple product/build flavors • Alpha, Beta, Production, Mock, Free, Paid, etc… • Infinite* permutations * As far as system resources will allow anyway
  6. apply plugin: 'com.android.application'
 android {
 compileSdkVersion 22
 buildToolsVersion "22.0.1"

 defaultConfig {
 minSdkVersion 16
 targetSdkVersion 22
 versionCode 1
 versionName "1.0.0"
 buildTypes {
 release {
 minifyEnabled true
 proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
 dependencies {
 compile project(":lib")
 compile 'com.android.support:appcompat-v7:22.0.0'
 compile fileTree(dir: 'libs', include: ['*.jar'])
  7. Product Flavors • One module to create many different permutations

    of you application. • Alpha - Internal testing • Beta - External testing • Demo - A free trial version • etc…. Each flavor can also share a similar codebase that can vary in behavior based on the product flavor
  8. android {
 compileSdkVersion 22
 buildToolsVersion '22.0.1'
 defaultConfig {

 minSdkVersion 15
 targetSdkVersion 22
 versionCode 1
 versionName "1.0.0"
 productFlavors {
 alpha {
 applicationId "com.r0adkll.haystack.alpha"
 versionCode 2
 versionName "alpha-1.0.1"
 production {}
  9. Dependency Management • Declarative Dependencies • Track the qualified name,

    version and scope of all your project’s external dependencies • Organize into existing configurations (i.e., scopes) or create your own • Apply dependencies throughout the build using configurations • Model project relationships using the same declarative style as external dependencies
  10. If it’s out there, Gradle can grab it • Retrieve

    artifacts from any known binary repository, from public to private to local. • Gradually transition from other build systems by mixing and matching repository types. • Maven Repositories • Maven Central • jCenter • Bintray • Local • Ivy Repositories • Custom & Legacy • Flat Files
  11. repositories {
 maven { url "https://oss.sonatype.org/content/repositories/snapshots/" }

  12. Declaring Dependencies • Binary dependencies are usually defined by three

    parts: • The group identifier: e.g. com.google.dagger or com.52inc • Organization/Company identifier, usually their main domain • The artifact identifier: e.g. dagger or 52Kit • This is the project/library identifier. • The version code: e.g. 2.0.0 or 0.1.+ • This is the version of said library you are trying to load. You can specify the full version number/name or you can use the + identifier to specify the latest for the Major, Minor, or Build version numbers (if you follow Semantic Versioning).
  13. Declaring Dependencies dependencies {
 // Module dependency
 compile project(":lib")

 // Remote binary dependency
 compile 'com.android.support:appcompat-v7:22.0.0'
 // Local binary dependency
 compile fileTree(dir: 'libs', include: ['*.jar'])
 } Here are the most common ways you will see dependencies declared
  14. Dependency Configurations (i.e., Scopes) • Group dependencies in different configurations

    for different behavior. • Common configurations are: • compile - Normal configuration • debugCompile - debug build only configurations • releaseCompile- release build only configurations • <build_type>Compile • You can prepend any build type your create to the Compile command to limit dependencies to that build type. • provided - This dependency is need for compilation, and it shouldn't be distributed with it. • This is typically used for annotation pre-processors
  15. dependencies {
 compile 'com.google.guava:guava:18.+'
 runtime 'org.slf4j:slf4j-simple:1.7.10'
 testCompile('junit:junit:4.12') {
 exclude group:

 testCompile 'org.mockito:mockito-core:1.+'
  16. Dependency Resolution • Conflict resolution • Exclusions • Version locking

    • Optional transitives • Artifact substitutions • Surrogate metadata
  17. Let’s make our own Giants! • So you’ve made a

    library, but how do you wield it? • You could import it as a local module in your project // Module dependency
 compile project(":lib") • You could export the binary .aar file and load it in your project // Local binary dependency
 compile fileTree(dir: 'libs', include: ['*.aar']) • Or we can use a public central repository for free!
  18. Maven • Maven comes from the Yiddish word for “Accumulator

    of knowledge” • Maven itself is a build system/tool with dependency management • Maven is Gradle’s predecessor • Gradle still uses POM (Project Object Model) XML descriptor files for fetching dependencies
  19. Then and Now • The Maven way of importing dependencies

 </dependency> • The new Gradle way of importing dependencies compile 'com.52inc:52Kit:0.1.3'
  20. Maven Repositories • So how do we upload our projects

    to Maven Central? 1. Create a Sonatype account at https://oss.sonatype.org Add your username and password to your ~/.gradle/gradle.properties global config file. NEXUS_USERNAME=r0adkll
 NEXUS_PASSWORD=somepassword 2. Create a new group JIRA Ticket: http://goo.gl/s8dgmn Here you will want to choose a unique Group Id that can be reused for future projects • com.r0adkll or com.52inc
  21. Maven Repositories 3. Create a new PGP key $gpg2 -—new-key

    Enter your email, same sonatype.org email, and other info from prompts. Export the secring.gpg file $gpg2 —-export-secret-keys > secring.gpg List your keys to get your keyId using this command: $gpg2 —-list-keys me@mydomain.com Add the following data to your global grade.properties file signing.keyId=BBBBBBBB
  22. Maven Repositories 4. Send your key to the key servers

    To enable the sonatype servers to verify the key, the public key needs to be sent to the standard key servers. $gpg2 —-keyserver pgp.mit.edu —-send-keys A2AAD1B1 Use the save key ID that you used in the previous step
  23. Maven Repositories 5. Create a gradle.properties file in your project

    root Then add the following properties of your project to it: VERSION_NAME=2.0.3
 POM_DESCRIPTION=Some Description Here POM_URL=https://github.com/r0adkll/Slidr
 POM_LICENCE_NAME=The Apache Software License, Version 2.0
  24. Maven Repositories 6. Create a gradle.properties file in each module/sub-project

    Then add the following properties of your project to it: POM_NAME=Slidable Activity
 POM_PACKAGING=aar This defines the artifact identifier for each project that we talked about earlier
  25. Maven Repositories 6. Apply the gradle-mvn-push plugin apply from: 'https://raw.github.com/chrisbanes/

    gradle-mvn-push/master/gradle-mvn-push.gradle' Add the following command to the end of your sub-module build.gradle file to apply it 7. Build and push your library to maven central $ gradle clean build uploadArchives
  26. Maven Repositories 8. Lastly, close and release the newly staged

    repository • Go to https://oss.sonatype.org and Login • Then go to ‘Staging Repositories’ and find the entry that has your group Id in it, i.e. com.r0adkll • Then ‘Close’ it and wait for it to finish • Then ‘Release’ it and wait for it to finish • It will take up to 2 hours to finish syncing with the central repository for it to become available
  27. Jitpack.io • Builds GitHub projects on demand and return ready-

    to-use binaries to your application. • Uses GitHub’s tag and releases for versioning • Why? Because publishing to a central repository can be…difficult. • This is actually really cool! Easy to use package repository for Gradle, Maven and Android projects
  28. Favorite OSS Libraries for Android • OkHttp - A modern

    HTTP & SPDY client for Android and Java • Retrofit - A high level type-safe REST client for Android and Java • Dagger - A fast dependency injector for Android and Java • Picasso - A powerful image downloading and caching library for Android • Otto - An enhanced Guava-based event bus with emphasis on Android support. • ButterKnife - View "injection" library for Android. • Timber - A logger with a small, extensible API which provides utility on top of Android's normal Log class. • RxJava - Reactive Extensions for the JVM • Ollie - Compile-time active record ORM for Android with RxJava support • LoganSquare - Screaming fast JSON parsing and serialization library for Android.