gradle-dependency-lock-plugin
gradle-dependency-lock-plugin copied to clipboard
nebula-plugins
Failure to find dependencies due to the aggregateConfiguration created in DependencyLockTaskConfigurer
I'm trying to upgrade from Gradle 7.6.4 to 8.11.1 and as part of that it appears as though I have to upgrade the gradle-dependency-lock-plugin which was on 9.4.1. The problem is that the newer versions all fail in the generateGlobalLock task with an error of ... Caused by: org.gradle.api.internal.artifacts.ivyservice.TypedResolveException: Could not resolve all dependencies for configuration ':detachedConfiguration1'. ... Caused by: org.gradle.internal.component.resolution.failure.exception.VariantSelectionByNameException: A dependency was declared on configuration 'aggregateConfiguration' of 'project :the:project-name' but no variant with that configuration name exists. ....
I tracked this down to a change that was made in DependencyLockTaskConfigurer.groovy in https://github.com/nebula-plugins/gradle-dependency-lock-plugin/commit/d48251558baa1b146f98fdb93ae0ecb6bce21742#diff-baa5044cd9d9bfebb1f37a3a4ad6b512462b4fd94ac6400393c6671623287416
If I modify a local copy of the dependency-lock plugin by reverting this code with the following diff then everything works properly. I assume this change was originally done for a reason. Any chance you would consider adding an option to conditionally use the non-aggregate way of collecting these dependencies?
Our build does have a custom resolution strategy defined via configurations {... all { resolutionStrategy { which is lost in that aggregate configuration (or more specifically: logging in that resolutionStrategy is never hit when using aggregate but is when using a direct dependency as it used to be pre-2021). Maybe that is related to the issue with the aggregateConfiguration?
diff --git a/src/main/groovy/nebula/plugin/dependencylock/DependencyLockTaskConfigurer.groovy b/src/main/groovy/nebula/plugin/dependencylock/DependencyLockTaskConfigurer.groovy
index 02484e6..9be9924 100644
--- a/src/main/groovy/nebula/plugin/dependencylock/DependencyLockTaskConfigurer.groovy
+++ b/src/main/groovy/nebula/plugin/dependencylock/DependencyLockTaskConfigurer.groovy
@@ -260,18 +260,14 @@ class DependencyLockTaskConfigurer {
if (ext != null) {
Collection<Configuration> lockableConfigurations = lockableConfigurations(project, subproject, ext.configurationNames, extension.skippedConfigurationNamesPrefixes)
Collection<Configuration> configurations = filterNonLockableConfigurationsAndProvideWarningsForGlobalLockSubproject(subproject, ext.configurationNames, lockableConfigurations)
- Configuration aggregate = subproject.configurations.create("aggregateConfiguration")
- aggregate.setCanBeConsumed(true)
- aggregate.setCanBeResolved(true)
configurations
.findAll { configuration ->
!configurationsToSkipForGlobalLockPrefixes.any { String prefix -> configuration.name.startsWith(prefix) }
&& !extension.skippedConfigurationNamesPrefixes.any { String prefix -> configuration.name.startsWith(prefix) }
}
- .each { configuration ->
- aggregate.extendsFrom(configuration)
+ .collect { configuration ->
+ project.dependencies.create(project.dependencies.project(path: subproject.path, configuration: configuration.name))
}
- [project.dependencies.create(project.dependencies.project(path: subproject.path, configuration: aggregate.name))]
} else {
[project.dependencies.create(subproject)]
}
