You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@iceberg.apache.org by GitBox <gi...@apache.org> on 2019/06/26 18:31:06 UTC
[GitHub] [incubator-iceberg] mccheah opened a new issue #235: Ensure
dependencies are consistent and reviewable via gradle-consistent-versions
mccheah opened a new issue #235: Ensure dependencies are consistent and reviewable via gradle-consistent-versions
URL: https://github.com/apache/incubator-iceberg/issues/235
Currently, dependencies are managed via Gradle's native support. We have a section in the top level `build.gradle` that defines the versions for our direct dependencies.
There are several issues with managing dependencies this way:
- We don't set `failOnVersionConflict` as the resolution strategy, so we don't know if a transitive dependency is being pulled in with two conflicting versions and we don't know how Gradle is selecting the version of the transitive dependency.
- Reviewers cannot see the versions selected for transitive dependencies. The version that is selected by Gradle is only known after the pom is published.
- Transitive dependencies are traditionally resolved independently per Gradle configuration. So the version selected for the test runtime might be different from the version published in the pom. As a result, we end up testing with versions of transitive dependencies that are inconsistent with what will be pulled in transitively by Iceberg's consumers.
- The version of a direct dependency has to be written in every line where we declare a dependency. We also have an inconsistency where some of our dependency version numbers are defined in the `ext` block while others are hardcoded into the `dependencies` blocks. This is also error-prone because two submodules of Iceberg can depend on the same library but with different hardcoded versions.
[gradle-consistent-versions](https://github.com/palantir/gradle-consistent-versions) is a means to solve all of the above problems and more. When using gradle-consistent-versions, one defines the versions of all dependencies in a `versions.props` file. All dependencies are declared without specifically listing the version number. gradle-consistent-versions will ensure that all configurations have the same version of each and every dependency of the project, both direct and transitive. If there are version conflicts, one can use various Gradle tasks to trace the origin of the version conflicts.
Additionally, gradle-consistent-versions will add a `versions.lock` file in the repository. This is a list of all the dependencies with their respective versions - both direct and transitive. This will allow for reviewers to look over the changes in selected transitive dependencies caused as a result of upgrading the version of a direct dependency.
For more information on gradle-consistent-versions, please see the README in the gradle-consistent-versions repository linked above. A prototype of the proposal can be found [here](https://github.com/palantir/incubator-iceberg/pull/10).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org