gradle-release icon indicating copy to clipboard operation
gradle-release copied to clipboard

Published 20 hours ago verified publisher icon researchgate

failOnSnapshotDependencies does not detect explicit SNAPSHOT versions

Open GregDThomas opened this issue 4 years ago • 2 comments

If you have: com.example:dependency:1.0.0-SNAPSHOT then failOnSnapshotDependencies will fail the build.

If you have: com.example:dependency:1.0.0-20200514.165812-2 (i.e. an explicit SNAPSHOT dependency) then failOnSnapshotDependencies will not fail the build - it should.

GregDThomas avatar Jun 04 '20 09:06 GregDThomas

Workaround:

checkSnapshotDependencies.doLast {
    def snapshotDependencies = new HashSet()
    project.configurations.each { configuration ->
        if (configuration.canBeResolved) {
            snapshotDependencies.addAll(
                    configuration.resolvedConfiguration.resolvedArtifacts
                            .findAll { artifact -> artifact.moduleVersion.id.version =~ /.*?\d{8}\.\d{6}-\d*$/ }
                            .unique()
                            .collect { artifact -> artifact.moduleVersion.id }
            )
        }
    }
    if (!snapshotDependencies.empty) {
        throw new GradleException("Explicit snapshot dependencies detected: ${snapshotDependencies}")
    }
}

GregDThomas avatar Jun 04 '20 09:06 GregDThomas

Why should this fail the build? It is a concrete version specification. The protection against SNAPSHOT versions is to prevent that you release a version that can produce a different result on each build as the version is dynamic and a known snapshot dependency that can break anytime. If you specify a concrete version you don't have this problem. Also there is no valid heuristic to determine such a version as "snapshot" version, as it is also a valid version string, even one following semver specification.

Vampire avatar Aug 08 '20 17:08 Vampire