From 74088b2ad4865bd0d06516414091f5e098b6313f Mon Sep 17 00:00:00 2001 From: modmuss50 Date: Wed, 16 Jun 2021 19:16:47 +0100 Subject: [PATCH 1/2] Ensure deps are reproducible. This prevents them from being updated without us knowing. --- build.gradle | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index ff50ae2b..9b66773f 100644 --- a/build.gradle +++ b/build.gradle @@ -47,6 +47,12 @@ configurations { runtimeClasspath.extendsFrom bootstrap } +configurations.all { + resolutionStrategy { + failOnNonReproducibleResolution() + } +} + dependencies { implementation gradleApi() @@ -85,7 +91,27 @@ dependencies { implementation ('org.benf:cfr:0.151') // source code remapping - implementation ('org.cadixdev:mercury:0.1.0-rc1') + implementation ('org.cadixdev:mercury:[0.1.0-rc1]') + + // Mercury pulls all of these deps in, however eclipse does not specify the exact version to use so they can get updated without us knowing. + // Depend specifically on these versions to prevent them from being updated under our feet. + implementation ('org.eclipse.jdt:org.eclipse.jdt.core:[3.21.0]') + implementation ('org.eclipse.platform:org.eclipse.compare.core:[3.6.1000]') + implementation ('org.eclipse.platform:org.eclipse.core.commands:[3.9.800]') + implementation ('org.eclipse.platform:org.eclipse.core.contenttype:[3.7.900]') + implementation ('org.eclipse.platform:org.eclipse.core.expressions:[3.7.100]') + implementation ('org.eclipse.platform:org.eclipse.core.filesystem:[1.7.700]') + implementation ('org.eclipse.platform:org.eclipse.core.jobs:[3.10.1100]') + implementation ('org.eclipse.platform:org.eclipse.core.resources:[3.14.0]') + implementation ('org.eclipse.platform:org.eclipse.core.runtime:[3.20.100]') + implementation ('org.eclipse.platform:org.eclipse.equinox.app:[1.5.100]') + implementation ('org.eclipse.platform:org.eclipse.equinox.common:[3.14.100]') + implementation ('org.eclipse.platform:org.eclipse.equinox.preferences:[3.8.200]') + implementation ('org.eclipse.platform:org.eclipse.equinox.registry:[3.10.100]') + implementation ('org.eclipse.platform:org.eclipse.osgi:[3.16.200]') + implementation ('org.eclipse.platform:org.eclipse.team.core:[3.8.1100]') + implementation ('org.eclipse.platform:org.eclipse.text:[3.11.0]') + // Kapt integration compileOnly('org.jetbrains.kotlin:kotlin-gradle-plugin:1.5.0') From 3c42e9288100b119ac993df9af20beb47b0bf926 Mon Sep 17 00:00:00 2001 From: modmuss50 Date: Wed, 16 Jun 2021 23:16:44 +0100 Subject: [PATCH 2/2] Patch all eclipse deps to use a strict version --- build.gradle | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/build.gradle b/build.gradle index 9b66773f..d3ebb50e 100644 --- a/build.gradle +++ b/build.gradle @@ -95,6 +95,7 @@ dependencies { // Mercury pulls all of these deps in, however eclipse does not specify the exact version to use so they can get updated without us knowing. // Depend specifically on these versions to prevent them from being updated under our feet. + // The POM is also patched later on to as this strict versioning does not make it through. implementation ('org.eclipse.jdt:org.eclipse.jdt.core:[3.21.0]') implementation ('org.eclipse.platform:org.eclipse.compare.core:[3.6.1000]') implementation ('org.eclipse.platform:org.eclipse.core.commands:[3.9.800]') @@ -194,6 +195,18 @@ import org.w3c.dom.Document import org.w3c.dom.Element import org.w3c.dom.Node +def patchPom(groovy.util.Node node) { + node.dependencies.first().each { + def groupId = it.get("groupId").first().value().first() + + // Patch all eclipse deps to use a strict version + if (groupId.startsWith("org.eclipse.")) { + def version = it.get("version").first().value().first() + it.get("version").first().value = new groovy.util.NodeList(["[$version]"]) + } + } +} + publishing { publications { plugin(MavenPublication) { publication -> @@ -205,6 +218,10 @@ publishing { artifact sourcesJar artifact javadocJar + + pom.withXml { + patchPom(asNode()) + } } // Also publish a snapshot so people can use the latest version if they wish @@ -217,6 +234,10 @@ publishing { artifact sourcesJar artifact javadocJar + + pom.withXml { + patchPom(asNode()) + } } // Manually crate the plugin marker for snapshot versions