A Gradle plugin that allows you to leave off version numbers in your dependencies section and have versions recommended by several possible sources. The most familiar recommendation provider that is supported is the Maven BOM (i.e. Maven dependency management metadata). The plugin will control the versions of any dependencies that do not have a version specified.
- Nebula Dependency Recommender
- Usage
- Dependency recommender configuration
- Built-in recommendation providers
- Producing a Maven BOM for use as a dependency recommendation source
- Version selection rules
- Conflict resolution and transitive dependencies
- Accessing recommended versions directly
- Notes on POMs Generated by Gradle maven-publish
Apply the nebula-dependency-recommender plugin:
plugins {
id "nebula.dependency-recommender" version "4.2.0"
}
If you have an old Gradle version (<2.1), you need to do this:
buildscript {
repositories { jcenter() }
dependencies {
classpath 'com.netflix.nebula:nebula-dependency-recommender:4.2.0'
}
}
apply plugin: 'nebula.dependency-recommender'
Dependency recommenders are the source of versions. If more than one recommender defines a recommended version for a module, the last recommender specified will win.
dependencyRecommendations {
propertiesFile uri: 'http://somewhere/extlib.properties', name: 'myprops'
}
dependencies {
nebulaRecommenderBom 'netflix:platform:latest.release@pom'
compile 'com.google.guava:guava' // no version, version is recommended
compile 'commons-lang:commons-lang:2.6' // I know what I want, don't recommend
compile project.recommend('commmons-logging:commons-logging', 'myprops') // source the recommendation from the provider named myprops'
}
You can also specify bom lookup via a configuration
dependencies {
nebulaRecommenderBom 'test.nebula:bom:1.0.0@pom'
}
Several recommendation providers pack with the plugin. The file-based providers all a shared basic configuration that is described separately.
Suppose you want to produce a BOM that contains a recommended version for commons-configuration.
buildscript {
repositories { jcenter() }
dependencies { classpath 'com.netflix.nebula:nebula-dependency-recommender:4.+' }
}
apply plugin: 'maven-publish'
apply plugin: 'nebula.dependency-recommender'
group = 'netflix'
configurations { compile }
repositories { jcenter() }
dependencies {
compile 'commons-configuration:commons-configuration:1.6'
}
publishing {
publications {
parent(MavenPublication) {
// the transitive closure of this configuration will be flattened and added to the dependency management section
nebulaDependencyManagement.fromConfigurations { configurations.compile }
// alternative syntax when you want to explicitly add a dependency with no transitives
nebulaDependencyManagement.withDependencies { 'manual:dep:1' }
// the bom will be generated with dependency coordinates of netflix:module-parent:1
artifactId = 'module-parent'
version = 1
// further customization of the POM is allowed if desired
pom.withXml { asNode().appendNode('description', 'A demonstration of maven POM customization') }
}
}
repositories {
maven {
url "$buildDir/repo" // point this to your destination repository
}
}
}
The resultant BOM would look like this:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<modelVersion>4.0.0</modelVersion>
<groupId>netflix</groupId>
<artifactId>module-parent</artifactId>
<version>1</version>
<packaging>pom</packaging>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>commons-digester</groupId>
<artifactId>commons-digester</artifactId>
<version>1.8</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1.1</version>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<version>2.4</version>
</dependency>
<dependency>
<groupId>commons-configuration</groupId>
<artifactId>commons-configuration</artifactId>
<version>1.6</version>
</dependency>
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
<version>1.7.0</version>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
<version>3.2.1</version>
</dependency>
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils-core</artifactId>
<version>1.8.0</version>
</dependency>
<dependency>
<groupId>manual</groupId>
<artifactId>dep</artifactId>
<version>1</version>
</dependency>
</dependencies>
</dependencyManagement>
<description>A demonstration of maven POM customization</description>
</project>
The hierarchy of preference for versions is:
configurations.all {
resolutionStrategy {
force 'commons-logging:commons-logging:1.2'
}
}
dependencyRecommendations {
map recommendations: ['commons-logging:commons-logging': '1.1']
}
dependencies {
compile 'commons-logging:commons-logging' // version 1.2 is selected
}
Direct dependencies with a version qualifier trump recommendations, even if the version qualifier refers to an older version.
dependencyRecommendations {
map recommendations: ['commons-logging:commons-logging': '1.2']
}
dependencies {
compile 'commons-logging:commons-logging:1.0' // version 1.0 is selected
}
This is the basic case described elsewhere in the documentation;
dependencyRecommendations {
map recommendations: ['commons-logging:commons-logging': '1.0']
}
dependencies {
compile 'commons-logging:commons-logging' // version 1.0 is selected
}
Transitive dependencies interact with the plugin in different ways depending on which of two available strategies is selected.
Consider the following example with dependencies on commons-configuration
and commons-logging
. commons-configuration:1.6
depends on commons-logging:1.1.1
. In this case, the transitive dependency on commons-logging
via commons-configuration
is conflict resolved against the recommended version of 1.0. Normal Gradle conflict resolution selects 1.1.1.
dependencyRecommendations {
strategy ConflictResolved // this is the default, so this line is NOT necessary
map recommendations: ['commons-logging:commons-logging': '1.0']
}
dependencies {
compile 'commons-configuration:commons-configuration:1.6'
}
In the following example version commons-logging:commons-logging:1.0
is selected even though commons-logging
is not explicitly mentioned in dependencies. This would not work with the ConflictResolved strategy:
dependencyRecommendations {
strategy OverrideTransitives
map recommendations: ['commons-logging:commons-logging': '1.0']
}
dependencies {
compile 'commons-configuration:commons-configuration:1.6'
}
If no recommendation can be found in the recommendation sources for a dependency that has no version, but a version is provided by a transitive, the version provided by the transitive is applied. In this scenario, if several transitives provide versions for the module, normal Gradle conflict resolution applies.
dependencyRecommendations {
map recommendations: ['some:other-module': '1.1']
}
dependencies {
compile 'commons-configuration:commons-configuration:1.6'
compile 'commons-logging:commons-logging' // version 1.1.1 is selected
}
The dependencyRecommendations
container can be queried directly for a recommended version:
dependencyRecommendations.getRecommendedVersion('commons-logging', 'commons-logging')
The getRecommendedVersion
method returns null
if no recommendation is found.
dependencyRecommendations {
strictMode = true
}
Strict mode will cause the plugin to fail if a dependency version is omitted and not found in a recommendation source.
Gradle requires that version numbers are present in the dependencies block to create a valid POM file that includes version numbers. To fix the issue this causes when using the dependency-recommender plug-in, a[ply the nebula.maven-resolved-dependencies
plug-in from the nebula-publishing-plugin set.