| I was testing the dependency management for andoid using the spring-dependency-management gradle plugin. There are two scenarios that we want to cover:
- Locking down (transitive) dependencies in our services (core, sync, keycloak...) which are all submodules of a common parent project
- Giving users of the SDK a way lock their (transitive) dependencies to versions that we specify in a 'BOM' to avoid conflicts and multiple version of the same library.
I've tested scenario 1 and am currently setting up an environment that allows me to test 2. 1) Locking down dependencies in our own services To achieve this we need to load the plugin in the parent gradle file and apply a 'dependencyManagement' section to all subprojects:
... |
plugins { |
id "io.spring.dependency-management" version "1.0.4.RELEASE" |
} |
... |
subprojects { |
apply plugin: 'io.spring.dependency-management' |
|
dependencies { |
dependency group: 'com.google.code.gson', name: 'gson', version: '2.7' |
} |
}
|
Since there is no inheritance of gradle build files we need to take the 'subprojects' approach. Now we can add dependencies in subprojects with:
compile group: 'com.google.code.gson', name: 'gson'
|
This will automatically pick the version specified in the dependencyManagement section of the parent project. This also works for transitive dependencies, e.g. if gson is included through another dependency. 2) Giving users of the SDK a way to use our BOM This is useful for developers that depend on our SDK. It allows them to lock down versions of their dependencies and subdependencies to versions specified in a 'BOM' that we provide. To do that the users has to include the spring-dependency-managenemt plugin in their app and define a 'dependencyManagenemt' section like this:
dependencyManagement { |
imports { |
mavenBom '<group and artifact of published aerogear-sdk-bom>' |
} |
}
|
For this to work we need to publish a project calle aerogear-sdk-bom that cotains a pom.xml file with the dependencyManagement section. NOTE: if we have a published aerogear-sdk-bom we can also use this to cover use case 1. NOTE: the spring-dependency-management plugin does not allow to import a mavenBOM from a project location. It has to be published. ping Summers Pittman Wojciech Trocki Daniel Passos |
