Use a hash in file name for dependencies with capabilities

autonomousapps / dependency-analysis-gradle-plugin

Gradle plugin for JVM projects written in Java, Kotlin, Groovy, or Scala; and Android projects written in Java or Kotlin. Provides advice for managing dependencies and other applied plugins

Apache License 2.0

1.67k stars 115 forks source link

Use a hash in file name for dependencies with capabilities #1138

Closed jjohannes closed 4 months ago

jjohannes commented 4 months ago

If this does not cause any unexpected problems, it's a "simple" solution for https://github.com/autonomousapps/dependency-analysis-gradle-plugin/issues/908.

jjohannes commented 4 months ago

I first wanted to try if there are any unexpected issues with using a hash. Looks like there are not!

We can probably use something better than hashCode() with a lower collision chance for the (rather short) Strings we are dealing with. But I would have to do some research. I think there is also plenty of hash functions in the Gradle code base we could take inspiration from. But this has never been my area of expertise.

I think before putting work into adding something like an additional debugging file, I would consider options to get rid of encoding coordinates in file names altogether.

jjohannes commented 4 months ago

I remembered now that the plugin is already using Guava, which brings in a number of hash functions. I now use Hashing.fingerprint2011() which I think is suited for our purpose as (with my limited understanding) fingerprint hashes are optimized for unique identifiers (very very low chance of collision). But as I said, I don't have much experience. You could pick anothee function from Guava's Hashing.

I am good to merge this as it is now.