Issue resolving eclipse dependency

[niktekusho]

Hi, recently, we started having problems resolving a transitive dependency of an eclipse plugin.

Disclaimer: this might be a problem on the eclipse side of things.

Even though we set a specific release version of eclipse (4.11.0), the jars goomph downloads seem to be released much later.

I discovered this because, in the recent days, our internal build pipeline started to behave strangely: in a sudden org.eclipse.platform:org.eclipse.e4.core.di dependency tried to pull a "strange" version of javax-annotations-api, which cannot be found even on maven central:

Could not find any version that matches javax.annotation:javax.annotation-api:[1.3.5,2.0.0).
Versions that do not match:
  - 1.3.2
  - 1.3.1
  - 1.3
  - 1.2
  - 1.2-b04
  - + 3 more
Searched in the following locations:
  - https://repo.maven.apache.org/maven2/javax/annotation/javax.annotation-api/maven-metadata.xml

I put together a small reproduction project, and you can find it attached to this issue. goomph-dep.zip

Here is a Gradle build scan of the failure: https://scans.gradle.com/s/zawvnmvueqvze

To reproduce locally: ./gradlew dependencyInsight --dependency 'org.eclipse.ui.workbench'

[nedtwigg]

My guess is that something like the following is happening:

• org.eclipse.platform:dep-you-asked-for depends on transitive-dep-you-didnt-ask-for:[1.2.3,2.0.0)
• because you aren't asking for it, Gradle resolves the transitive itself based on what is available at the time
• as new versions come out over time, [1.2.3,2.0.0) resolves to something new, which might itself have new transitives

In terms of fixing this, some solutions are:

1. specifically list out all transitives (bummer)
2. use dependency locking to keep deps from drifting in the future
3. add a feature to eclipseMavenCentral to constrain the versions of transitive resolutions (doable but tricky)

I'd be happy to take a PR for option 3, but it won't make the top of my todo list. I would implement it as constrainTransitiveVersionsToThisRelease(), similar to

https://github.com/diffplug/goomph/blob/687ef227a9f03c498af3b397225f68855c6aa633/src/main/java/com/diffplug/gradle/eclipse/MavenCentralExtension.java#L122-L132

[niktekusho]

Understood. Thanks for the heads up: I ended up forcing dependencies' versions in the Gradle dependency resolution.

Sample code for future readers

allprojects {
    configurations {
        all {
                        // Lock dependency to specific version
            resolutionStrategy.force 'org.eclipse.platform:org.eclipse.ui.workbench:3.113.0'
        }
    }
}

[nedtwigg]

I bumped into this same issue, and resolved it with the commit above, just FYI.

[niktekusho]

Thank you very much. 👍