Support for Kotlin DSL Gradle projects dynamically defining dependencies in separate files

[PatilShreyas]

Currently, Dependabot supports pure Gradle projects. But it doesn't work for Kotlin DSL Gradle projects. For e.g. here is my Android Gradle project with Kotlin DSL and it's failing there. It would be great if Dependabot would support build.gradle.kts projects too.

[shogo82148]

Any updates? I want dependabot to support build.gradle.kts too.

[dotCipher]

I believe this ties into the discussions in https://github.com/dependabot/dependabot-core/issues/1164 and https://github.com/dependabot/dependabot-core/issues/2238

[busches]

Should be fixed with https://github.com/dependabot/dependabot-core/pull/2680

[PatilShreyas]

@busches Is it really working? Because it's not working for my project

[jurre]

@busches Is it really working? Because it's not working for my project

@PatilShreyas do you have a link to the repo or job ID that's failing that we could look into?

[PatilShreyas]

@jurre I've repo open-source: https://github.com/PatilShreyas/Foodium/

It's not failing here. But it's not raising PR for updates.

For e.g. see this

Logs

  proxy | time="2020-12-21T06:19:20Z" level=info msg="proxy starting" commit=21ae9f84e9bb7b3f720e9bdc56e0b7a93b360267
  proxy | 2020/12/21 06:19:20 Listening (:1080)
updater | 2020-12-21T06:19:20.751634145 [77093810:WARN:src/devices/src/legacy/serial.rs:422] Detached the serial input due to peer close/error.
updater | time="2020-12-21T06:19:24Z" level=info msg="guest starting" commit=93f0ca9ddab7d943fd6e4b0d09e3c9a987e8a768
updater | time="2020-12-21T06:19:24Z" level=info msg="starting job..." fetcher_timeout=5m0s job_id=77093810 updater_timeout=45m0s updater_version=0.129.0-794bc4cbac8a083de02872c15ea85a55ccbe2aff
updater | yarn config v1.22.5
updater | success Set "cafile" to "/etc/ssl/certs/ca-certificates.crt".
updater | Done in 0.16s.
updater | I, [2020-12-21T06:19:35.364588 #72]  INFO -- sentry: ** [Raven] Raven 3.1.1 ready to catch errors
updater | INFO <job_77093810> Starting job processing
  proxy | 2020/12/21 06:19:42 [002] GET https://api.github.com:443/repos/PatilShreyas/Foodium
  proxy | 2020/12/21 06:19:42 [002] * authenticating github api request
  proxy | 2020/12/21 06:19:42 [002] 200 https://api.github.com:443/repos/PatilShreyas/Foodium
  proxy | 2020/12/21 06:19:42 [004] GET https://api.github.com:443/repos/PatilShreyas/Foodium/git/refs/heads/master
  proxy | 2020/12/21 06:19:42 [004] * authenticating github api request
  proxy | 2020/12/21 06:19:42 [004] 200 https://api.github.com:443/repos/PatilShreyas/Foodium/git/refs/heads/master
  proxy | 2020/12/21 06:19:42 [006] GET https://api.github.com:443/repos/PatilShreyas/Foodium/contents/?ref=9e40a9bae2f1dbf104939e4d72efe67c5fffadc4
  proxy | 2020/12/21 06:19:42 [006] * authenticating github api request
  proxy | 2020/12/21 06:19:42 [006] 200 https://api.github.com:443/repos/PatilShreyas/Foodium/contents/?ref=9e40a9bae2f1dbf104939e4d72efe67c5fffadc4
  proxy | 2020/12/21 06:19:42 [008] GET https://api.github.com:443/repos/PatilShreyas/Foodium/contents/build.gradle.kts?ref=9e40a9bae2f1dbf104939e4d72efe67c5fffadc4
  proxy | 2020/12/21 06:19:42 [008] * authenticating github api request
  proxy | 2020/12/21 06:19:43 [008] 200 https://api.github.com:443/repos/PatilShreyas/Foodium/contents/build.gradle.kts?ref=9e40a9bae2f1dbf104939e4d72efe67c5fffadc4
  proxy | 2020/12/21 06:19:43 [010] GET https://api.github.com:443/repos/PatilShreyas/Foodium/contents/build.gradle.kts?ref=9e40a9bae2f1dbf104939e4d72efe67c5fffadc4
  proxy | 2020/12/21 06:19:43 [010] * authenticating github api request
  proxy | 2020/12/21 06:19:43 [010] 200 https://api.github.com:443/repos/PatilShreyas/Foodium/contents/build.gradle.kts?ref=9e40a9bae2f1dbf104939e4d72efe67c5fffadc4
  proxy | 2020/12/21 06:19:43 [012] GET https://api.github.com:443/repos/PatilShreyas/Foodium/contents/settings.gradle.kts?ref=9e40a9bae2f1dbf104939e4d72efe67c5fffadc4
  proxy | 2020/12/21 06:19:43 [012] * authenticating github api request
  proxy | 2020/12/21 06:19:43 [012] 200 https://api.github.com:443/repos/PatilShreyas/Foodium/contents/settings.gradle.kts?ref=9e40a9bae2f1dbf104939e4d72efe67c5fffadc4
  proxy | 2020/12/21 06:19:43 [014] GET https://api.github.com:443/repos/PatilShreyas/Foodium/contents/settings.gradle.kts?ref=9e40a9bae2f1dbf104939e4d72efe67c5fffadc4
  proxy | 2020/12/21 06:19:43 [014] * authenticating github api request
  proxy | 2020/12/21 06:19:43 [014] 200 https://api.github.com:443/repos/PatilShreyas/Foodium/contents/settings.gradle.kts?ref=9e40a9bae2f1dbf104939e4d72efe67c5fffadc4
  proxy | 2020/12/21 06:19:43 [016] GET https://api.github.com:443/repos/PatilShreyas/Foodium/contents/app/build.gradle.kts?ref=9e40a9bae2f1dbf104939e4d72efe67c5fffadc4
  proxy | 2020/12/21 06:19:43 [016] * authenticating github api request
  proxy | 2020/12/21 06:19:43 [016] 200 https://api.github.com:443/repos/PatilShreyas/Foodium/contents/app/build.gradle.kts?ref=9e40a9bae2f1dbf104939e4d72efe67c5fffadc4
updater | INFO <job_77093810> Finished job processing
updater | time="2020-12-21T06:19:43Z" level=info msg="task complete" container_id=job-77093810-file-fetcher exit_code=0 job_id=77093810 step=fetcher
updater | yarn config v1.22.5
updater | success Set "cafile" to "/etc/ssl/certs/ca-certificates.crt".
updater | Done in 0.17s.
updater | I, [2020-12-21T06:19:56.570781 #72]  INFO -- sentry: ** [Raven] Raven 3.1.1 ready to catch errors
updater | INFO <job_77093810> Starting job processing
updater | INFO <job_77093810> Starting update job for PatilShreyas/Foodium
updater | INFO <job_77093810> Finished job processing
updater | time="2020-12-21T06:20:05Z" level=info msg="task complete" container_id=job-77093810-updater exit_code=0 job_id=77093810 step=updater

[bountin]

It worked nicely for a private project of mine, even with version variables. Thanks a lot for implementing!

[savvisingh]

@PatilShreyas Were you able to make it work, I am having the same issue.

[fizodev]

@savvisingh I have a private repo with a build src implementation similar to @PatilShreyas (the dependencies & versions are in a separate file rather than build.gradle.kts), I only managed to get dependabot to work by including the dependencies and the versions inside build.gradle.kts file itself. :neutral_face:

[savvisingh]

@savvisingh I have a private repo with a build src implementation similar to @PatilShreyas (the dependencies & versions are in a separate file rather than build.gradle.kts), I only managed to get dependabot to work by including the dependencies and the versions inside build.gradle.kts file itself. 😐

We have a multi-module project so moving the dependencies from common file to each gradle file won't be a good idea and can introduce diff dependencies in diff modules, Let's see if dependabot team can come up with a better solution.

[PatilShreyas]

@PatilShreyas Were you able to make it work, I am having the same issue.

It's not working yet. Still looking for possible solutions.

[gesellix]

Would the central dependency catalog as of Gradle 7.x help? See https://docs.gradle.org/7.0-rc-1/release-notes.html#centralized-versions

[gesellix]

Regarding my last comment: See #3471

[dinomite]

I think the title here is misleading, this isn't an issue with Kotlin buildscripts (I've got many projects with Kotlin buildscripts for which Dependabot is working), but rather not having the dependency version directly in the dependency declaration string.

[mustafaozhan]

I totally agree with @dinomite And really looking forward to seeing this feature!

[jeffwidman]

@dinomite @mustafaozhan Thanks for the heads up.

I'm not super familiar with Kotlin/Gradle, so can one of you suggest what would be an appropriate issue title that would capture what's actually missing here?

[deivid-rodriguez]

In the sample project given, Dependencies are dynamically defined in Kotlin in a separate file: https://github.com/PatilShreyas/Foodium/blob/04dc75b7a0d22a07accc718d040d3b252b4727ef/buildSrc/src/main/kotlin/Dependencies.kt

While we do support version variables but we don't support that. And it'd be hard to do with the current approach. I guess it'd be better if we could shell out to gradle instead of this kind of thing.

I'm going to adapt the title to try capture this and make it less misleading.