Question

这就是我在build.gradle

中添加依赖项的方式

 // Dependency Versioning
    apply plugin: 'io.spring.dependency-management'
    dependencyManagement {
        imports {
            mavenBom 'org.springframework.cloud:spring-cloud-dependencies:Edgware.RELEASE'
            mavenBom 'io.pivotal.spring.cloud:spring-cloud-services-dependencies:1.5.0.RELEASE'
            mavenBom 'org.springframework.boot:spring-boot-dependencies:1.5.15.RELEASE'

        }
        dependencies {

            dependency 'io.springfox:springfox-swagger2:2.8.0'
            dependency 'io.springfox:springfox-swagger-ui:2.8.0'

            dependency 'org.flywaydb:flyway-core:4.2.0'
            dependency 'com.microsoft.sqlserver:mssql-jdbc:6.2.2.jre8'
        }
    }

我希望为每个依赖项添加一个自定义编号。此编号是我们的架构团队提供的批准编号，用于批准在企业中使用该依赖项。

说，如果我的体系结构团队已批准使用io.springfox:springfox-swagger2:2.8.0依赖项，并且批准号为APPL-1054，那么我还必须在依赖项标记中将该数字也添加为metadata，我将有一个不同的gradle任务来消耗这些数字

类似dependency 'io.springfox:springfox-swagger2:2.8.0' : APPL-1054

的东西

请帮助您提出想法

Answer 1

您可以在地图中设置批准，然后使用依赖性解析来验证批准。只要您能以某种方式将其获取到地图，该地图就可以来自某些Web来源。这是一个简单的例子

buildscript {
    repositories {
        jcenter()
    }
    dependencies {
        gradleApi()
    }
}

group 'com.stackoverflow'
version '1.0-SNAPSHOT'

repositories {
    jcenter()
}

configurations {
    audited.extendsFrom(compile)
}

Map<String, Object> approvedDeps = [
        'junit:junit:4.12': 'APPROVAL-1234'
]

dependencies {
    compile gradleApi()
    audited 'junit:junit:4.12'
    audited 'org.mockito:mockito-android:2.22.0'
}
dependencies {
    components {
        all { ComponentMetadataDetails details ->
            String requestedArtifact = "${details.id.group}:${details.id.name}:${details.id.version}"
            String approvalCode = approvedDeps[requestedArtifact]
            if (approvalCode == null) {
                throw new GradleException("Use of unapproved dependency (${requestedArtifact})")
            }
            logger.lifecycle("Requested dependency (${requestedArtifact}) is approved: ${approvalCode}")
            return details
        }
    }
}

// lets fake some action that would trigger dependency resolution
configurations.eachWithIndex { Configuration entry, int index ->
    if (entry.canBeResolved) {
        entry.resolve()
        print("Resolved index: ${index}")
    }

}

现在，如果我们运行./gradlew clean build，则会添加一个未经批准的依赖项，从而导致错误。

$ ./gradlew clean build

> Configure project :
Requested dependency (junit:junit:4.12) is approved: APPROVAL-1234

FAILURE: Build failed with an exception.

* Where:
Build file '/Users/jonstanford/dev/stackoverflow/q52427676/build.gradle' line: 36

* What went wrong:
A problem occurred evaluating root project 'q52427676'.
> Could not resolve all dependencies for configuration ':audited'.
   > There was an error while evaluating a component metadata rule for org.mockito:mockito-android:2.22.0.
      > Use of unapproved dependency (org.mockito:mockito-android:2.22.0)

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.

* Get more help at https://help.gradle.org

BUILD FAILED in 0s

当然，您可以将此功能移至自定义插件等，但我认为基本思想仍然成立。

Gradle依赖项描述符中的自定义元数据

1 个答案: