Last active
February 7, 2023 10:49
-
-
Save JakeWharton/2066f5e4f08fbaaa68fd to your computer and use it in GitHub Desktop.
Prevent wildcard versions in your Gradle project. These undermine deterministic and hermetic builds and are generally considered bad practice.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| allprojects { | |
| afterEvaluate { project -> | |
| project.configurations.all { | |
| resolutionStrategy.eachDependency { DependencyResolveDetails details -> | |
| def requested = details.requested | |
| if (requested.version.contains('+')) { | |
| throw new GradleException("Wildcard dependency forbidden: ${requested.group}:${requested.name}:${requested.version}") | |
| } | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Shouldn't it be
details.targetinstead ofdetails.requested?If I have a dependency and it's author have used '+', then I can't change it's sources and your script would abort my build. But I can use
resolutionStrategy.force "group:name:exact_version"to make sure that my build uses exact version of the transitive dependency even if it's author doesn't mean it so.