Getting Gradle versions from gradle.properties

[MarounMaroun]

My build.gradle has dependencies like:

dependency "org.assertj:assertj-core:${assertJVersion}"

The variable assertJVersion is resolved from the gradle.properties file.

Is there a way to configure the bot to resolve the version from this file?

[meck93]

Another option would be to resolve the variable assertJVersion via the
ext { assertJVersion = '1.1.1.1' } section in the build.gradle.

I'm also not sure if this currently works? Does anyone know?

[mirland]

From my point of view this is one of the most important issues of this bot, so I think this shouldn't be closed.

[mercuriete]

I have dependencies like:

    def daggerVersion = 2.20
    implementation "com.google.dagger:dagger:$daggerVersion"
    implementation "com.google.dagger:dagger-android:$daggerVersion"
    implementation "com.google.dagger:dagger-android-support:$daggerVersion"
    kapt "com.google.dagger:dagger-android-processor:$daggerVersion"
    kapt "com.google.dagger:dagger-compiler:$daggerVersion"
    kapt "com.google.dagger:dagger-android-support:$daggerVersion"
    kaptTest "com.google.dagger:dagger-compiler:$daggerVersion"

So in this case is mandatory to bump lots of dependencies to the same version and not one by one.

I understand this problem is difficult to resolve, thank in advance!

In the meantime I think is better to hardcode all dependencies to the same version and let dependabot tries to do whatever it wanted to do.

Thank for this project 👍

[ashughes]

@mercuriete I was very pleasantly surprised that this worked!

[mercuriete]

Sorry for the noise if this is offtopic

@ashughes what do you mean about "this worked"?
The snipped that I put was from some tutorial from internet, I am doing something wrong?

The problem is dependabot is not intelligent enough to search def variables and create a PR with my example.

If you mean the workaround that I proposed... I didn't test it yet. I am not sure that dependabot is working with hardcoded versions per each line I dont want to change my master branch to do that test, probably I will end up doing a test on an copy of my repository.

Thanks to the dependabot team for the amazing work.

[ashughes]

@mercuriete I wasn't sure whether or not you were suggesting this as working, but I tried it and it did work, so I assumed you were. 😛

I have 3 dependencies that all use the same version, but they each specified the version individually:

implementation 'com.fasterxml.jackson.core:jackson-core:2.8.4'
implementation 'com.fasterxml.jackson.core:jackson-annotations:2.8.4'
implementation 'com.fasterxml.jackson.core:jackson-databind:2.8.4'

Dependabot created 3 PRs to change each of these individually. After reading your comment I changed the above to the following on my main branch:

def jacksonVersion = "2.8.4"
implementation "com.fasterxml.jackson.core:jackson-core:$jacksonVersion"
implementation "com.fasterxml.jackson.core:jackson-annotations:$jacksonVersion"
implementation "com.fasterxml.jackson.core:jackson-databind:$jacksonVersion"

Then Dependabot closed all 3 of the previous PRs and opened a new one that just changed jacksonVersion to 2.11.1! And it even included the release notes for all 3 of the dependencies (well, at least as much as it did on the individual PRs).

Basically, doing this appears to be a great workaround for #1296.

[mercuriete]

@ashughes thanks for the clarification I need to investigate more, because that is what is not working for me.
Maybe I need more coffee xD.

[mercuriete]

@ashughes
Sorry for the noise...
I just changed my snippet from the one is described above... for this one:mercuriete/android-musician-tools@a4de664

build.gradle on root folder

    ext.dagger_version = '2.20'

build.gradle on app folder

    implementation "com.google.dagger:dagger:$dagger_version"
    implementation "com.google.dagger:dagger-android:$dagger_version"
    implementation "com.google.dagger:dagger-android-support:$dagger_version"
    kapt "com.google.dagger:dagger-android-processor:$dagger_version"
    kapt "com.google.dagger:dagger-compiler:$dagger_version"
    kapt "com.google.dagger:dagger-android-support:$dagger_version"
    kaptTest "com.google.dagger:dagger-compiler:$dagger_version"

and it started to work.
So sorry for the noise that I introduced here but dependabot works for my use case.

Thanks to all the people involved in this issue.

[StefanOltmann]

Any updates on this?

I also define my versions in gradle.properties as this feels very right to do so.

[sschuberth]

IMO the only sane way to address this is by implementing:

• Fully Featured Gradle Support with the Gradle Tooling API #1164

[marcindabrowski]

I have versions defined as below:

project.ext.versions = [
        kotlin                       : '1.5.0',
        kotlin_logging               : '1.12.5',
        wiremock                     : '2.28.0',
]

and dependencies :

dependencies {
    implementation group: 'io.github.microutils', name: 'kotlin-logging', version: versions.kotlin_logging
    implementation group: 'org.jetbrains.kotlin', name: 'kotlin-reflect', version: versions.kotlin
    implementation group: 'org.jetbrains.kotlin', name: 'kotlin-stdlib', version: versions.kotlin
    implementation group: 'org.jetbrains.kotlin', name: 'kotlin-stdlib-jdk8', version: versions.kotlin
    integration group: 'com.github.tomakehurst', name: 'wiremock-jre8-standalone', version: versions.wiremock
}

and it didn't bump kotlin to 1.5.10

[cricketsamya]

Try this out
https://www.sameerkulkarni.de/posts/dependabot-with-gradle/

[patkujawa-wf]

Try this out https://cricketsamya.github.io/posts/dependabot-with-gradle/

@cricketsamya I'm giving that a try, thanks! The url markdown was malformed, though. https://www.sameerkulkarni.de/posts/dependabot-with-gradle/ is the link.

After updating, I ran dependabot and got this error, though the logs seem to indicate all is well (and up to date)

Dependabot encountered an unknown error
Dependabot failed to update your dependencies because an unexpected error occured. See the logs for more details.

Might need to wait until the next kotlin or spring release to see if it works or broke things for my project.

[cricketsamya]

@patkujawa-wf sorry for the link! If possible just downgrade one of the dependencies and run dependabot again to see the results.

[patkujawa-wf]

Just saw it work with Kotlin 1.6.0! Thanks again for the tip.

[mccartney]

https://www.sameerkulkarni.de/posts/dependabot-with-gradle/ is the link.

For anyone curious, this gives 404 now.
Web Archive has this post: https://web.archive.org/web/20220125120756/https://www.sameerkulkarni.de/posts/dependabot-with-gradle/

[SimonScholz]

https://www.sameerkulkarni.de/posts/dependabot-with-gradle/ is the link.

For anyone curious, this gives 404 now. Web Archive has this post: https://web.archive.org/web/20220125120756/https://www.sameerkulkarni.de/posts/dependabot-with-gradle/

Thanks for sharing this, but IMHO this should be addressed by Dependabot.
If Gradle can read the versions from the gradle.properties file then Dependabot should also be capable of doing so.

[JakubLedworowski]

Hi, what is the status of this - is Dependabot's plan to address reading from gradle.properties?
I saw an effort being completed here #6249 which is a nice way of organizing dependencies, but I just wondered if the gradle.properties way is also on the roadmap. Thanks.