fix: fix resolution of transitive dependencies in POM

Don't use `resolutionStrategy` since it doesn't affect generated POMs. See these links for discussion: * https://discuss.gradle.org/t/maven-publish-doesnt-take-resolutionstrategy-into-account/1771/4 * https://issues.gradle.org/browse/GRADLE-3120 * gradle/gradle#3594 `dependencies.constraints` also don't work due to gradle/gradle#4979
grv87 · Jul 3, 2018 · 2614f47 · 2614f47
1 parent 0dc1360
commit 2614f47
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 22 deletions.
diff --git a/gradle/dependencies-compile.gradle b/gradle/dependencies-compile.gradle
@@ -48,39 +48,60 @@ dependencies {
   addDependencies org.fidata.gradle.GroovyBaseProjectPluginDependees.PLUGIN_DEPENDEES
   addDependencies org.fidata.gradle.GradlePluginPluginDependees.PLUGIN_DEPENDEES
 
-  api(group: 'org.spdx', name: 'spdx-tools', version: 'latest.release')
+  api(group: 'org.spdx', name: 'spdx-tools', version: 'latest.release') {
+    /*
+     * WORKAROUND:
+     * https://github.com/spdx/tools/issues/163
+     * spdx-tools uses old json-simple dependency which includes JUnit dependency and has a lot of other issues
+     * <grv87 2018-06-24>
+     */
+    exclude(group: 'com.googlecode.json-simple', module: 'json-simple')
+  }
+  implementation(group: 'com.github.cliftonlabs', name: 'json-simple', version: '[2, 3)')
+
   implementation(group: 'com.github.zafarkhaja', name: 'java-semver', version: 'latest.release')
   implementation(group: 'com.google.guava', name: 'guava', version: '25.1-jre')
 
+  /*
+   * CAVEAT:
+   * Gradle doesn't handle dependencyManagement (BOM) strictly.
+   * See https://github.com/gradle/gradle/issues/4979
+   * So, we have to use direct dependency instead of constraints
+   */
+  implementation(group: 'xerces', name: 'xercesImpl', version: '2.12.0')
+
   /*
    * WORKAROUND:
-   * org.codehaus.plexus:plexus-container-default still has google-collections dependency
-   * which is superseded by Guava
+   * org.apache.maven:maven-ant-tasks has old plexus dependency which have undesired JUnit dependency
    * <grv87 2018-06-24>
    */
-  modules.module('com.google.collections:google-collections') {
-    replacedBy('com.google.guava:guava', 'google-collections is now part of Guava')
-  }
-}
-configurations.all {
-  resolutionStrategy {
-    force 'xerces:xercesImpl:[2,3)'
+  implementation(group: 'org.codehaus.plexus', name: 'plexus-container-default', version: 'latest.release') {
     /*
      * WORKAROUND:
-     * https://github.com/spdx/tools/issues/163
-     * spdx-tools uses old json-simple dependency which includes JUnit dependency and has a lot of other issues
+     * org.codehaus.plexus:plexus-container-default still has google-collections dependency
+     * which is superseded by Guava
      * <grv87 2018-06-24>
      */
+    exclude group: 'com.google.collections', module: 'google-collections'
+  }
+
+  constraints {
+    annotationProcessor(group: 'org.projectlombok', name: 'lombok', version: 'latest.release')
+    compileOnly(group: 'org.projectlombok', name: 'lombok', version: 'latest.release')
+    testAnnotationProcessor(group: 'org.projectlombok', name: 'lombok', version: 'latest.release')
+    testCompileOnly(group: 'org.projectlombok', name: 'lombok', version: 'latest.release')
+  }
+}
+
+/*
+ * WORKAROUND:
+ * dependencySubstitution is still needed, or come configurations (i.e. codenarc) are not resolved
+ * <grv87 2018-07-03>
+ */
+configurations.all {
+  resolutionStrategy {
     dependencySubstitution {
-      substitute module('com.googlecode.json-simple:json-simple') with module('com.github.cliftonlabs:json-simple:[2,3)')
+      substitute module('com.googlecode.json-simple:json-simple') with module('com.github.cliftonlabs:json-simple:[2, 3)')
     }
-    /*
-     * WORKAROUND:
-     * org.apache.maven:maven-ant-tasks has old plexus dependencies which have undesired JUnit dependency
-     * <grv87 2018-06-24>
-     */
-    force 'org.codehaus.plexus:plexus-container-default:[1,2)'
-    force 'org.codehaus.plexus:plexus-component-api:[1,2)'
-    force 'org.projectlombok:lombok:[1,2)'
   }
 }
diff --git a/src/plugin-dependencies/groovy/org/fidata/gradle/JVMBasePluginDependees.groovy b/src/plugin-dependencies/groovy/org/fidata/gradle/JVMBasePluginDependees.groovy
@@ -21,6 +21,7 @@ package org.fidata.gradle
 
 import groovy.transform.CompileStatic
 import org.fidata.gradle.utils.PluginDependee
+import org.fidata.gradle.utils.PluginDependeeExclusion
 
 /**
  * List of dependees of org.fidata.base.jvm plugin
@@ -38,7 +39,18 @@ final class JVMBasePluginDependees {
       configurationName: 'implementation',
       group: 'com.jfrog.bintray.gradle',
       module: 'gradle-bintray-plugin',
-      enabled: false
+      enabled: false,
+      excludes: [
+        /*
+         * WORKAROUND:
+         * org.apache.maven:maven-ant-tasks has old plexus dependency which have undesired JUnit dependency
+         * <grv87 2018-06-24>
+         */
+        new PluginDependeeExclusion(
+          group: 'org.codehaus.plexus',
+          module: 'plexus-container-default'
+        )
+      ]
     ),
   ]