search

spring-gradle-plugins / dependency-management-plugin

A Gradle plugin that provides Maven-like dependency management functionality
684 stars 85 forks source link

Check managed dependencies for updates #371

Closed leobut closed 6 months ago

leobut commented 7 months ago

Hello there

We have a large multi-module project and have been using the com.github.ben-manes.versions gradle plugin for a while, but it's not picking up the transitive dependencies that are defined inside the dependencyManagement for each module.

Because of that, we tried to write our own update checker task and just ask https://repo1.maven.org/ for new versions of our used libraries. Now, I have noticed that when I call dependencyManagement.managedVersions.keySet().size() inside my custom gradle task, I get 1240 entries instead of the 146 dependencies that we have actually defined inside our dependencyManagement block in the build.gradle file. I assume that this list also contains all transitive dependencies, so basically the whole dependency tree.

Is it either possible that you could consider adding this dependency update check functionality to your plugin or could you provide us with a way to get a map of only the defined dependencies?

Either one would be very much appreciated :-)

Thank you very much for your time and effort.

Edit: The list of "real" dependencies per configuration seems to exist already somewhere in the code. When I just run gradle dependencyManagement, i get the correct list of dependencies for each configuration.

Edit 2: Added correct dependency amounts

wilkinsona commented 7 months ago

ThedependencyManagement task and dependencyManagement.managedVersions both use the same API under the covers:

https://github.com/spring-gradle-plugins/dependency-management-plugin/blob/c8d0dcfa9573e786fe0d4a247291358317064d69/src/main/java/io/spring/gradle/dependencymanagement/internal/report/DependencyManagementReportTask.java#L58-L59

https://github.com/spring-gradle-plugins/dependency-management-plugin/blob/c8d0dcfa9573e786fe0d4a247291358317064d69/src/main/java/io/spring/gradle/dependencymanagement/internal/dsl/StandardDependencyManagementExtension.java#L104-L107

Given this, I can't explain why you'd see 146 entries in one case and 1240 in the other. Can you provide a reproducer?

leobut commented 7 months ago

Good point, thanks for the quick reply.

I noticed that if I add my custom task to the allprojects section and execute it there, some of the submodules have the correct amount and others have the inflated amount. I will need to dig deeper to see what is happening here exactly and can then hopefully provide an example project.

In the meantime, would you consider adding some kind of dependency update task to your plugin? A list of outdated dependencies would be enough for our use case.

wilkinsona commented 7 months ago

In the meantime, would you consider adding some kind of dependency update task to your plugin?

I'm afraid not, no. That's out of scope for this plugin.

spring-projects-issues commented 7 months ago

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

ben-manes commented 7 months ago

Can’t you make a new configuration and addall of the managed plugins to it using those apis? The configuration can be unused and will be ignored by a normal build (lazy). Since they are no longer transitive the dependencyUpdates task will report on them.

spring-projects-issues commented 7 months ago

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

spring-projects-issues commented 6 months ago

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.