Random version in a transitive dependency
JavierSegoviaCordoba opened this issue · 10 comments
Applied in a subproject
// subproject/build.gradle.kts
id("com.squareup.sort-dependencies") version "0.1"Stacktrace:
* What went wrong:
Execution failed for task ':gradle-extensions-subprojects:gradle-delegated-properties-extensions:sortDependencies'.
> Could not resolve all files for configuration ':gradle-extensions-subprojects:gradle-delegated-properties-extensions:detachedConfiguration5'.
> Could not find com.squareup:sort-gradle-dependencies-app:3.5.0.2730.
Searched in the following locations:
- https://repo.maven.apache.org/maven2/com/squareup/sort-gradle-dependencies-app/3.5.0.2730/sort-gradle-dependencies-app-3.5.0.2730.pom
- https://dl.google.com/dl/android/maven2/com/squareup/sort-gradle-dependencies-app/3.5.0.2730/sort-gradle-dependencies-app-3.5.0.2730.pom
- https://plugins.gradle.org/m2/com/squareup/sort-gradle-dependencies-app/3.5.0.2730/sort-gradle-dependencies-app-3.5.0.2730.pom
- https://maven.pkg.jetbrains.space/public/p/compose/dev/com/squareup/sort-gradle-dependencies-app/3.5.0.2730/sort-gradle-dependencies-app-3.5.0.2730.pom
Required by:
project :gradle-extensions-subprojects:gradle-delegated-properties-extensions
The workaround is loading it on root too:
// build.gradle.kts
id("com.squareup.sort-dependencies") version "0.1" apply falseThanks for the issue. Do you have a minimal reproducer?
Sorry @autonomousapps, a lot of time has passed and I don't remember the features, I think it was a normal Kotlin (or Android with Kotlin) project.
I think I was using Spotless
which is doing something with configurations eagerly, I have been issues with that and forcing to add the plugin to the root project.
Thanks @JavierSegoviaCordoba. I'm going to close this as non-reproducible for now, but feel free to open if you run into it again. I'll be cutting a new release soon with some important fixes.
I've run into this same issue. I'll see if I can create a reproducer. I see it trying to fetch a version that looks to be the same as the sonar plugin we are using.
Huh, I have a feeling it might relate to this, this and this. That is to say, there's a resource in the jar named version and maybe there's some kind of namespace collision happening with the sonar plugin?
A repro would definitely help. If my hypothesis is right, then a solution would be to namespace the property to avoid collisions.
I was about to hack together a reproducer from a repo I created for a recent talk. See https://github.com/kyhule/polyworld-app/tree/reproduce-bad-dep-sort-version.
* What went wrong:
10 actionable tasks: 10 executed
Execution failed for task ':app:checkSortDependencies'.
> Could not resolve all files for configuration ':app:detachedConfiguration9'.
> Could not find com.squareup:sort-gradle-dependencies-app:4.0.0.2929.
Searched in the following locations:
- https://dl.google.com/dl/android/maven2/com/squareup/sort-gradle-dependencies-app/4.0.0.2929/sort-gradle-dependencies-app-4.0.0.2929.pom
- https://repo.maven.apache.org/maven2/com/squareup/sort-gradle-dependencies-app/4.0.0.2929/sort-gradle-dependencies-app-4.0.0.2929.pom
Required by:
project :app
https://github.com/kyhule/polyworld-app/actions/runs/5591602973/jobs/10222909893#step:6:1533
It cannot be a coincidence that the version it tries to resolve is the same as the sonar version here.
Thanks! That'll help a lot.
@autonomousapps Let me know if I can help in any other way. I can take a look at what you suspect is the problem.
Also, if it is what you suspect, probably worth raising a ticket in sonar gradle plugin to have them namespace theirs as well. Would you agree?
@kyhule maybe! But let me see if I can reproduce it on my end first. I'll respond here once I've done so.
ka-ching, I was right. This is from the IDEA debugger. There are two resources with the same name, and the sonar one just happens to be picked first (probably for classpath reasons). The simplest solution will be to namespace the resource to make it harder to get clobbered. Probably worth notifying the Sonar people too.
