Gemfile.lock equivalent in Maven and gradle -
as maven (client) , ivyresolver (used gradle) bundler solves libraries dependencies declared on configuration file (gemfile bundler). however, after bundler saves dependency resolution on gemfile.lock. allows other developers use same libraries.
for instance, maven use determinist not clear way resolve conflict in dependency resolution. example, specifying version ...
<version>1.0.1</version>
is not guarantee version used. , specifying version ...
<version>[1.0.0,2.0.0)</version>
give no guarantee.
yes, write manually versions listed by
mvn dependency:resolve
but, there automatic way that?
to clear: is there equivalent gemfile.lock in maven or gradle?
java developers, if not familiar gemfile.lock, bundler, please check:
http://bundler.io/v1.3/rationale.html
the important part copy below:
checking code version control
after developing application while, check in application gemfile , gemfile.lock snapshot. now, repository has record of exact versions of of gems used last time know sure application worked. keep in mind while gemfile lists 3 gems (with varying degrees of version strictness), application depends on dozens of gems, once take consideration of implicit requirements of gems depend on.
this important: gemfile.lock makes application single package of both own code , third-party code ran last time know sure worked. specifying exact versions of third-party code depend on in gemfile not provide same guarantee, because gems declare range of versions dependencies.
the next time run bundle install on same machine, bundler see has of dependencies need, , skip installation process.
"you not correct. maven can garantee version"
yes, right. if have version declared in pom.xml, maven uses it. but, if declared in parent pom, garantee vanished.
dependency mediation - determines version of dependency used when multiple versions of artifact encountered. currently, maven 2.0 supports using "nearest definition" means use version of closest dependency project in tree of dependencies. can guarantee version declaring explicitly in project's pom. note if 2 dependency versions @ same depth in dependency tree, until maven 2.0.8 not defined 1 win, since maven 2.0.9 it's order in declaration counts: first declaration wins.
"nearest definition" means version used closest 1 project in tree of dependencies, eg. if dependencies a, b, , c defined -> b -> c -> d 2.0 , -> e -> d 1.0, d 1.0 used when building because path d through e shorter. explicitly add dependency d 2.0 in force use of d 2.0
oh, looks opposite of dry principle.
the nebula.gradle-dependency-lock plugin that.
ps: gradle doesn't use ivy anymore (if that's mean ivyresolver).
Comments
Post a Comment