search

ben-manes / gradle-versions-plugin

Gradle plugin to discover dependency updates
Apache License 2.0
3.88k stars 201 forks source link

New resolution rules that take the current version into account do not work properly for dependencies with multiple versions #348

Open Vampire opened 5 years ago

Vampire commented 5 years ago

I have Spotbugs with multiple version in different configurations. The cause for this is, that I use the latest stable release 3.1.12 for the actual analyzing, but I use the overhauled stylesheet from 4.0.0-beta4 to generate the HTML report.

If I follow the "Example 1" style:

rejectVersionIf {
    val preliminaryReleaseRegex = Regex("""(?i)[.-](?:${listOf(
            "alpha",
            "beta",
            "..."
    ).joinToString("|")})[.\d-]*""")
    preliminaryReleaseRegex.containsMatchIn(candidate.version)
}

and am one minor version behind for both versions, I'm correctly advised to update the stable version but - also correctly as pre releases are rejected - not to update the beta version:

The following dependencies exceed the version found at the milestone revision level:
 - com.github.spotbugs:spotbugs [4.0.0-beta3 <- 3.1.12]
     https://spotbugs.github.io/

The following dependencies have later milestone versions:
 - com.github.spotbugs:spotbugs [3.1.11 -> 3.1.12]
     https://spotbugs.github.io/

I thought following the new "Example 2" style would be the solution:

rejectVersionIf {
    val preliminaryReleaseRegex = Regex("""(?i)[.-](?:${listOf(
            "alpha",
            "beta",
            "..."
    ).joinToString("|")})[.\d-]*""")
    preliminaryReleaseRegex.containsMatchIn(candidate.version)
            && !preliminaryReleaseRegex.containsMatchIn(currentVersion)
}

But unfortunately I'm not as exepcted advised to update the stable version to 3.1.12 and the unstable version to 4.0.0-beta4, but both to the beta.

The following dependencies have later milestone versions:
 - com.github.spotbugs:spotbugs [3.1.11 -> 4.0.0-beta4]
     https://spotbugs.github.io/
 - com.github.spotbugs:spotbugs [4.0.0-beta3 -> 4.0.0-beta4]
     https://spotbugs.github.io/

As the component selection now is calculated relative to the current version, it would be nice if it would also be applied relative to the current version and not for all configurations the same.

cc @ghus-raba

ben-manes commented 5 years ago

I think this is due to VersionMapping looking up the latest by the group & name, when organizing the results. At the time it made sense to ignore the versions because users might forget to include a repository in one configuration and get different latest version results (e.g. buildscirpt vs compile). That may not make as much sense anymore.

ben-manes commented 5 years ago

I think this is aggregating across all projects and configurations to build the sorted results. It may be that we need to capture the configuration path as part of the coordinate, so that we isolate the lookup to that configuration and its resolution results.