ben-manes / gradle-versions-plugin

Gradle plugin to discover dependency updates
Apache License 2.0
3.87k stars 200 forks source link

seeing org.jetbrains.kotlin:kotlin-stdlib-jdk8:2.0.20-Beta2 as upgradeable version even though betas are rejected #873

Open Keith-Albright-Bose opened 3 months ago

Keith-Albright-Bose commented 3 months ago

Running dependencyUpdates plugin .51 Kotlin DSL multiproject project.

I setup a filter per the documentation. Using build.gradle.kts and tried both reject and rejectVersionIf

// https://github.com/ben-manes/gradle-versions-plugin
tasks.withType<DependencyUpdatesTask> {
    resolutionStrategy {
        componentSelection {
            all {
                if (Versions.isNonStable(candidate))
                    reject("non stable")
            }
        }
    }

// rejectVersionIf { // Versions.isNonStable(candidate) // } }

I pass the candidate to the helper function so I can print debug statements with the candidate.displayName.

The test function I have looks like this:

    // for manes version checking, reject alpha, beta, snapshot, rc's
    fun isNonStable(candidate: ModuleComponentIdentifier): Boolean {
        val version = candidate.version
        val stableKeyword = listOf("RELEASE", "FINAL", "GA").any { version.uppercase().contains(it) }
        val unstableKeyword = listOf("PRERELEASE", "SNAPSHOT", "ALPHA", "BETA", "RC").any { version.uppercase().contains(it) }
        val regex = "^[0-9,.v-]+(-r)?$".toRegex()
        val isStable = stableKeyword || regex.matches(version)
        val isUnstable = isStable.not() || unstableKeyword
        println("${candidate.displayName} isNonStable: version: $version, stableKeyword: $stableKeyword, unstableKeyword: $unstableKeyword, isStable: $isStable, >>> isUnstable: $isUnstable")
        return isUnstable
    }

So in the debug statements I added, it shows that the candidate version is in fact unstable:

org.jetbrains.kotlin:kotlin-stdlib-jdk8:2.0.20-Beta2 isNonStable: version: 2.0.20-Beta2, stableKeyword: false, unstableKeyword: true, isStable: false, >>> isUnstable: true org.jetbrains.kotlin:kotlin-stdlib-jdk8:2.0.20-Beta2 isNonStable: version: 2.0.20-Beta2, stableKeyword: false, unstableKeyword: true, isStable: false, >>> isUnstable: true

Yet in spite of wanting to reject this version, I see this in the dependencyUpdates output unexpectedly:

 https://kotlinlang.org/

In the dependencies up to date there is this listing:

Only my project isn't using any Kotlin 2.0 anywhere. The regular dependencies Gradle task does not list this. So the bug seems to be that it thinks we're using Kotlin 2.0 Beta2???

In another instance for a different dependency, the same Beta2 is correctly excluded:

org.jetbrains.kotlin.plugin.serialization:org.jetbrains.kotlin.plugin.serialization.gradle.plugin:2.0.20-Beta2 isNonStable: version: 2.0.20-Beta2, stableKeyword: false, unstableKeyword: true, isStable: false, >>> isUnstable: true

and the dependencyUpdates output for this one: https://kotlinlang.org/

ben-manes commented 3 months ago

The 1.8.21 is what it thinks you are using, which is likely coming from Gradle's kotlin-dsl as a dependency. I'm not sure why the up-to-date would have 2.0.20-Beta2.

I can point you to my own build where I ignore kotlin for the precompiled script plugins and the main build's configuration. I don't have it show up for me there.

ben-manes commented 3 months ago

btw, I think the kotlin stdlib is showing up because of this regression. I never found the time to debug it further though.

Keith-Albright-Bose commented 3 months ago

Thanks! I applied those changes and also limited to the release/debug configs to speed up task time like this:

(kotlin dsl)

    // https://github.com/ben-manes/gradle-versions-plugin
    tasks.withType<DependencyUpdatesTask>{
        filterConfigurations = Spec{
            it.name.contains("debugRuntimeClasspath") ||
            it.name.contains("debugCompileClasspath") ||
            it.name.contains("releaseRuntimeClasspath") ||
            it.name.contains("releaseCompileClasspath")
        }
    }

However, got some strange versions exceeding milestone versions: The following dependencies exceed the version found at the milestone revision level:

Turned out these seem to be caused by one or both of these flags in the tasksWithType block checkBuildEnvironmentConstraints = true checkConstraints = true

I removed those and got the results I expected.