Exclude spring-boot dependencies from dependencyUpdates

[pertyjons]

Hi,

I think I have a way of excluding spring-boot dependencies from the result of dependencyUpdates but I think there may be a simpler or more elegant way of doing it. I used the example of exluding isNonStable as in the examples and it seems to work.

Here is my way of excluding in the

tasks.named("dependencyUpdates").configure {
    rejectVersionIf {
        def moduleIdentifier = it.candidate.moduleIdentifier.toString() 
        def managedBySpringBoot = dependencyManagement.managedVersions.containsKey(moduleIdentifier)
        managedBySpringBoot || isNonStable(it.candidate.version) && !isNonStable(it.currentVersion)
    }
}

But. I'm not sure about the inner workings of gradle and the plugin and it looks that when a version is rejected it tries another version and therefor download xml poms with the next lower version so the dependencyUpdates takes much more time and many more downloads.

So my question here is if there is a more elegant way of doing this.

This is the some of the result and it seems good, but I also tried the more verbose way of sending a reason with the rejection and it would be nice to get that also:

Failed to determine the latest version for the following dependencies (use --info for details):
 - io.micrometer:micrometer-registry-prometheus
 - org.apache.commons:commons-lang3
 - org.assertj:assertj-core
 - org.junit.platform:junit-platform-suite

Regards Per Jonsson

[ben-manes]

Unfortunately rejecting all of the versions forces each prior to be evaluated, which Gradle does sequentially. So it is slow as you noticed and results in a resolution error in the logs.

In #453, the solution snippets use a resolution rule to force the version. This way the dynamic query (+) resolves to the managed version and it appears as if up to date.

Another approach is to exclude them by using a custom report, where an outputFormatter filters the results before printing them. It would look something like,

outputFormatter {
  def reporter = new PlainTextReporter(project, revision, gradleReleaseChannel)
  outdated.dependencies.removeIf { isManagedBySpringBoot(it) }
  reporter.write(System.out, this)
}

Otherwise, right now we don't have a filterDependencies mirror to filterConfigurations to skip the resolution, which would make the execution a tiny bit faster than the current workarounds.

[pertyjons]

Thanks for your reply, I'll investigate a bit ad post if my findings is somewhat usefull to others.

[pertyjons]

If anyone is interested how my solution was I enclose it here. I went for the reporter you suggested as I think it is much simpler to comprehend:

tasks.named("dependencyUpdates").configure {
    def managedVersions = dependencyManagement.managedVersions

    rejectVersionIf {
        isNonStable(it.candidate.version) && !isNonStable(it.currentVersion)
    }

    outputFormatter = {
        result ->
            def reporter = new PlainTextReporter(project, revision, gradleReleaseChannel)
            def updatable = result.outdated.dependencies
            def springManaged = []
            updatable.removeIf { dependency ->
                def managedBySpringBoot = managedVersions.containsKey(dependency.group + ":" + dependency.name)
                if (managedBySpringBoot) {
                    springManaged.add(dependency)
                }
                return managedBySpringBoot
            }
            reporter.write(System.out, result)
            println("\nThe following dependencies is managed by Spring Boot:")
            springManaged.forEach { dependency ->
                def label = "${dependency.group}:${dependency.name}"
                println(" - ${label} [$dependency.version -> ${dependency.available[revision]}]")
            }
    }
}