dependency-guard icon indicating copy to clipboard operation
dependency-guard copied to clipboard
verified publisher icon dropbox

Support "allowedFilter" without a baseline file

Open qwert2603 opened this issue 3 years ago • 2 comments

One of the possible use cases of the dependencyGuard plugin is to restrict particular dependencies between modules of a multi-module project. For example, to restrict a feature-module as a dependency of a core-module in an Android project.

Such use case can easily be done via allowedFilter parameter of the dependencyGuard configuration. dependencyGuard plugin can be applied in the core-module with allowedFilter = { !it.startsWith("feature-") }. But a baseline file will also be created in such case, though it is not needed. For core-module we don't need to guard against dependencies changes, but only against particular dependencies themselves.

From this follows that there may be some configuration of the dependencyGuard plugin, that allows to specify allowedFilter without a baseline file creation.

One possible solution may be adding special function noBaseline(), that can be assigned to baselineMap to explicitly specify, that a baseline file is not needed. (using baselineMap = { null } for that is less explicit)

dependencyGuard {
    configuration("releaseRuntimeClasspath") {
        modules = true
        allowedFilter = { !it.startsWith("feature-") }
        baselineMap = noBaseline()
    }
}

Another possible solution may be adding parameter guardDiff or baselineFile (default to true), that will control whether a baseline file will be created or not. But this solution has drawbacks:

  • such parameter can be messed with parameter baselineMap
  • it's easy to break guarding against dependencies changes by assigning baselineFile = false 
dependencyGuard {
    configuration("releaseRuntimeClasspath") {
        modules = true
        allowedFilter = { !it.startsWith("feature-") }
        guardDiff = false
    }
}

IMHO, the first solution is preferred, because it is more explicit.

qwert2603 avatar Jan 24 '23 18:01 qwert2603

I've been meaning to create a very similar feature request. Our use case would be to prevent test libraries and SNAPSHOT releases via the allowedFilter without maintaining a baseline. I proposed integrating this plugin but many people had reservations as we have a polyrepo architecture so dependencies are getting bumped in the host application repo with every pull request.

kyhule avatar Jan 25 '23 02:01 kyhule

I also faced a similar scenario that I/We want to use dependency-guard to guard only specific dependencies, and let other dependencies bumped by automate tools if they don't bump the dependency's version that we want to guard. But current dependency-guard looks like requiring the baseline that contains full list of dependencies. Is it possible to support the feature that this issue proposed?

utzcoz avatar Mar 02 '24 11:03 utzcoz