Dependecy-Locking Issue with Test-Fixtures (Gradle >= 8.5)

[pfhartma]

Current Behavior

After update to Gradle 8.5, running the tests results in error: "Could not resolve all files for configuration ':testRuntimeClasspath'."

Expected Behavior

After fixing the dependency versions with "./gradlew dependencies --write-locks", gradle should execute the tests with "./gradlew test".

Context

Unable to run the tests when using the following features at once:

• dependency locking
• explicit versions for some (selected) dependencies
• test-fixtures

Steps to Reproduce

Call

./gradlew dependencies --write-locks
./gradlew test

with the following build.gradle file:

plugins {
    id 'java'
    id 'io.spring.dependency-management' version '1.1.4'
    id 'java-test-fixtures'
}

java {
    sourceCompatibility = '17'
}

repositories {
    mavenCentral()
}

dependencyManagement {
    dependencies {
        dependency 'org.keycloak:keycloak-admin-client:22.0.5'
    }
}

dependencyLocking {
    lockAllConfigurations()
}

dependencies {
    implementation 'org.keycloak:keycloak-admin-client'
}

==>

$ ./gradlew test
> Task :test FAILED

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':test'.
> Could not resolve all files for configuration ':testRuntimeClasspath'.
   > Resolved 'com.github.java-json-tools:jackson-coreutils:2.0' which is not part of the dependency lock state
   > Resolved 'com.sun.activation:jakarta.activation:2.0.1' which is not part of the dependency lock state
   > Resolved 'com.github.java-json-tools:msg-simple:1.2' which is not part of the dependency lock state
   > Resolved 'com.github.java-json-tools:btf:1.3' which is not part of the dependency lock state

Observations:

• It does work in Gradle 8.4, but not in Gradle 8.5
• It does work, when removing the line id 'java-test-fixtures' (not used in the minimal example, but we do need it)
• It does work, when removing the line id 'io.spring.dependency-management' version '1.1.4'
• Where are the dependencies from the error message coming from? Those are the versions that would be resolved, when running without the spring dependency plugin.

[wilkinsona]

Given that this works with Gradle 8.4 but fails with Gradle 8.5, I think this should be reported to the Gradle team in the first instance. Ideally, Gradle 8.5 would be backwards-compatible. If it turns out that's not possible, we may be able to make a change here but I don't think that should be considered until the possibility of fixing this on the Gradle side has been ruled out.

[pfhartma]

Thanks for the respone! I did report the issue to the Gradle team beforehand: https://github.com/gradle/gradle/issues/27947

They asked for a reproducer without spring dependency management plugin, otherwise they would consider the issue out of scope for the Gradle core team.

From what I can tell, it only occurs in relation to this plugin. Not sure if there are other ways to trigger it.

How can we get progress with the issue? I'm not using anything out of the ordinary.

[wilkinsona]

We have a shared Slack channel with the Gradle team. I've reached out to them there. I'll let you know what they come back with.

[wilkinsona]

I think it's also worth noting that I cannot reproduce the problem, either as current described or with some additional dummy test and test fixture code. Can you create a complete, yet minimal example that reproduces the failure with 8.5 and works with 8.4?

[pfhartma]

Great, I'm glad you have these collaborative efforts.

I have uploaded the complete (minimal) project: https://github.com/pfhartma/dependency-locking-issue-g8-5-reproducer

A colleague was able reproduce based on this project, hope this works for you as well. (It is indeed necessary to have at least one test file.)

[wilkinsona]

Thanks. I've reproduced the problem. I've yet to hear from the Gradle team. In the meantime, here's a workaround that tolerates the breaking change in Gradle 8.5:

dependencyManagement {
    applyMavenExclusions(false)
    dependencies {
        dependency 'org.keycloak:keycloak-admin-client:22.0.5'
    }
}

Disabling this plugin's support for Maven-style exclusions may mean that you have more transitive dependencies on the classpath than you want. You can correct that by using one of Gradle's standard exclusion mechanisms.