https://gradle.com/ logo
Join Slack
Powered by
This message was deleted.
# dependency-management
s
This message was deleted.
b
My ideal would be a way to fail the build for any DIRECT non-test dependencies on 
logback-core
and rely on the excludes to manage transitives in the published 
pom
/ 
module
m
you should be able to fail the build doing this:
Copy code
configurations.all {
   if (it.canBeConsumed) {
        allDependencies.all {
             if (it instanceof ExternalModuleDependency) {
                 if (it.group == 'ch.qos.logback' && it.name == 'logback-core') {
                     throw new InvalidUserCodeException("Oh noes, you are not allowed to expose logback!")
                 }
             }
        }
   }
}
b
so after some shuffling, i ended up with:
Copy code
configurations.configureEach {
    val configName = this.name

    // If the bucket is meant for dependency declarations, and is not intended for testing
    // We fail the build if a direct dependency is declared on a banned library
    if (!this.isCanBeResolved && !this.isCanBeConsumed && !configName.contains("test")) {
        dependencies.configureEach {
            if (isBannedDependency(this)) {
                throw GradleException(
                    """
                       |Conventions Plugin: Invalid dependency declaration on a dependency banned in this context. Remove dependency declaration: 
                       |    $configName("${this.group}:${this.name}") 
                    """.trimMargin()
                )
            }
        }
    }

    // Handles _transitive_ dependencies, ensuring they are excluded from any generated maven pom files (*Elements
    // configurations) as well as the configurations used when building and running the module (*Classpath
    // configurations)
    // They are though, still allowed to be used for any tests
    if (name == "runtimeClasspath" || name == "compileClasspath" || name == "runtimeElements" || name == "apiElements") {
        sharedLibraryBannedDependencies.entries().forEach {
            exclude(group = it.key, module = it.value)
        }
    }
}
This seems to fail if any direct dependencies are declared, but not fail for any transitives (e.g. from a platform)… but it also excludes any transitives from being included in the published pom/module.
i used !resolvable and !consumable as the table here: https://docs.gradle.org/current/userguide/java_library_plugin.html#sec:java_library_configurations_graph indicates that these are the buckets meant for apps to declare dependencies. your example above i believe would still cause a failure for any transitives (e.g. declared in a platform, but not actually applied to the project) which is just senseless noise - as i really don’t actually care if they’re on the classpath during build, as long as they aren’t exposed to any consumers.
but any further improvement suggestions are much appreciated!
m
my example doesn't resolve dependencies, so it's not using transitives
it's using the first level dependencies only
👍 1
Open in Slack
PreviousNext
Powered by