Gradle 依赖描述符中的自定义元数据
Custom Metadata in Gradle dependency descriptor
这就是我在 build.gradle
中添加依赖项的方式
// Dependency Versioning
apply plugin: 'io.spring.dependency-management'
dependencyManagement {
imports {
mavenBom 'org.springframework.cloud:spring-cloud-dependencies:Edgware.RELEASE'
mavenBom 'io.pivotal.spring.cloud:spring-cloud-services-dependencies:1.5.0.RELEASE'
mavenBom 'org.springframework.boot:spring-boot-dependencies:1.5.15.RELEASE'
}
dependencies {
dependency 'io.springfox:springfox-swagger2:2.8.0'
dependency 'io.springfox:springfox-swagger-ui:2.8.0'
dependency 'org.flywaydb:flyway-core:4.2.0'
dependency 'com.microsoft.sqlserver:mssql-jdbc:6.2.2.jre8'
}
}
我希望为每个依赖项添加一个自定义编号。这个数字是我们的架构团队提供的批准号,用于批准在我们的企业中使用该依赖项..
假设我的架构团队已批准使用 io.springfox:springfox-swagger2:2.8.0 依赖项并且批准编号为 APPL-1054 那么我必须将此编号也作为 metadata 添加到依赖项中标签,我将有一个不同的 gradle 任务来消耗这些数字
看起来像 dependency 'io.springfox:springfox-swagger2:2.8.0' : APPL-1054
请帮忙出出主意
您可以在 Map 中设置批准,然后使用依赖项解析来验证批准。该地图可以来自某些 Web 资源,只要您可以通过某种方式将其获取到地图即可。这是一个简单的例子
buildscript {
repositories {
jcenter()
}
dependencies {
gradleApi()
}
}
group 'com.Whosebug'
version '1.0-SNAPSHOT'
repositories {
jcenter()
}
configurations {
audited.extendsFrom(compile)
}
Map<String, Object> approvedDeps = [
'junit:junit:4.12': 'APPROVAL-1234'
]
dependencies {
compile gradleApi()
audited 'junit:junit:4.12'
audited 'org.mockito:mockito-android:2.22.0'
}
dependencies {
components {
all { ComponentMetadataDetails details ->
String requestedArtifact = "${details.id.group}:${details.id.name}:${details.id.version}"
String approvalCode = approvedDeps[requestedArtifact]
if (approvalCode == null) {
throw new GradleException("Use of unapproved dependency (${requestedArtifact})")
}
logger.lifecycle("Requested dependency (${requestedArtifact}) is approved: ${approvalCode}")
return details
}
}
}
// lets fake some action that would trigger dependency resolution
configurations.eachWithIndex { Configuration entry, int index ->
if (entry.canBeResolved) {
entry.resolve()
print("Resolved index: ${index}")
}
}
现在,如果我们 运行 ./gradlew clean build 我们会收到错误消息,因为添加了未经批准的依赖项。
$ ./gradlew clean build
> Configure project :
Requested dependency (junit:junit:4.12) is approved: APPROVAL-1234
FAILURE: Build failed with an exception.
* Where:
Build file '/Users/jonstanford/dev/Whosebug/q52427676/build.gradle' line: 36
* What went wrong:
A problem occurred evaluating root project 'q52427676'.
> Could not resolve all dependencies for configuration ':audited'.
> There was an error while evaluating a component metadata rule for org.mockito:mockito-android:2.22.0.
> Use of unapproved dependency (org.mockito:mockito-android:2.22.0)
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
* Get more help at https://help.gradle.org
BUILD FAILED in 0s
当然,您可以将此功能移至自定义插件等,但我认为基本想法成立。
这就是我在 build.gradle
// Dependency Versioning
apply plugin: 'io.spring.dependency-management'
dependencyManagement {
imports {
mavenBom 'org.springframework.cloud:spring-cloud-dependencies:Edgware.RELEASE'
mavenBom 'io.pivotal.spring.cloud:spring-cloud-services-dependencies:1.5.0.RELEASE'
mavenBom 'org.springframework.boot:spring-boot-dependencies:1.5.15.RELEASE'
}
dependencies {
dependency 'io.springfox:springfox-swagger2:2.8.0'
dependency 'io.springfox:springfox-swagger-ui:2.8.0'
dependency 'org.flywaydb:flyway-core:4.2.0'
dependency 'com.microsoft.sqlserver:mssql-jdbc:6.2.2.jre8'
}
}
我希望为每个依赖项添加一个自定义编号。这个数字是我们的架构团队提供的批准号,用于批准在我们的企业中使用该依赖项..
假设我的架构团队已批准使用 io.springfox:springfox-swagger2:2.8.0 依赖项并且批准编号为 APPL-1054 那么我必须将此编号也作为 metadata 添加到依赖项中标签,我将有一个不同的 gradle 任务来消耗这些数字
看起来像 dependency 'io.springfox:springfox-swagger2:2.8.0' : APPL-1054
请帮忙出出主意
您可以在 Map 中设置批准,然后使用依赖项解析来验证批准。该地图可以来自某些 Web 资源,只要您可以通过某种方式将其获取到地图即可。这是一个简单的例子
buildscript {
repositories {
jcenter()
}
dependencies {
gradleApi()
}
}
group 'com.Whosebug'
version '1.0-SNAPSHOT'
repositories {
jcenter()
}
configurations {
audited.extendsFrom(compile)
}
Map<String, Object> approvedDeps = [
'junit:junit:4.12': 'APPROVAL-1234'
]
dependencies {
compile gradleApi()
audited 'junit:junit:4.12'
audited 'org.mockito:mockito-android:2.22.0'
}
dependencies {
components {
all { ComponentMetadataDetails details ->
String requestedArtifact = "${details.id.group}:${details.id.name}:${details.id.version}"
String approvalCode = approvedDeps[requestedArtifact]
if (approvalCode == null) {
throw new GradleException("Use of unapproved dependency (${requestedArtifact})")
}
logger.lifecycle("Requested dependency (${requestedArtifact}) is approved: ${approvalCode}")
return details
}
}
}
// lets fake some action that would trigger dependency resolution
configurations.eachWithIndex { Configuration entry, int index ->
if (entry.canBeResolved) {
entry.resolve()
print("Resolved index: ${index}")
}
}
现在,如果我们 运行 ./gradlew clean build 我们会收到错误消息,因为添加了未经批准的依赖项。
$ ./gradlew clean build
> Configure project :
Requested dependency (junit:junit:4.12) is approved: APPROVAL-1234
FAILURE: Build failed with an exception.
* Where:
Build file '/Users/jonstanford/dev/Whosebug/q52427676/build.gradle' line: 36
* What went wrong:
A problem occurred evaluating root project 'q52427676'.
> Could not resolve all dependencies for configuration ':audited'.
> There was an error while evaluating a component metadata rule for org.mockito:mockito-android:2.22.0.
> Use of unapproved dependency (org.mockito:mockito-android:2.22.0)
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
* Get more help at https://help.gradle.org
BUILD FAILED in 0s
当然,您可以将此功能移至自定义插件等,但我认为基本想法成立。