Automate Dependencies Upgrades With Releases Hub

 

Using more and more dependencies on Gradle projects is a common practice. Keeping your Gradle project dependencies up to date can be a huge manual task if you have a big project. It’s a bit tedious for developers to manually check for dependencies upgrades, causing a lot of waste of time.

Furthermore, developers don’t perform dependencies upgrades as frequently as they should, harming project quality and security.

In particular, Android projects are not an exception. Google offers a lot of official libraries, in some cases with linked versions, like Firebase or Play Services.

The Releases Hub Gradle Plugin helps developers to keep their dependencies up to date, reducing some tedious manual tasks like remembering to look for dependencies upgrades, upgrading the dependencies on the Gradle configuration and creating a PR with the changes.

The plugin automatically upgrades your Gradle project dependencies and send GitHub pull requests with the changes.

The Plugin

Features

  • Automatic Github Pull Requests creation with dependencies upgrades
  • Useful information on each pull request whenever available: release notes, documentation, source code, issue tracker, library size, Android permissions, etc
  • Support to configure which dependencies include and exclude, where to find their definitions, how many pull requests create and more.
  • Support any java based project using Gradle.

Migrate your dependencies to buildSrc

The first step is to use the buildSrc Gradle directory to define your dependencies.

“The directory buildSrc is treated as an included build. Upon discovery of the directory, Gradle automatically compiles and tests this code and puts it in the classpath of your build script.”

For more info about buildSrc, click here.

For example:

/buildSrc/build.gradle.kts

plugins { 
`kotlin-dsl`
}
repositories {
mavenCentral()
}

/buildSrc/src/main/kotlin/Libs.kt (for your project dependencies)

object Libs {
const val KOTLIN = "org.jetbrains.kotlin:kotlin-stdlib-jdk7:1.3.40"
}

/buildSrc/src/main/kotlin/BuildLibs.kt (for your plugin dependencies)

object BuildLibs {
const val KOTLIN_PLUGIN = "org.jetbrains.kotlin:kotlin-gradle-plugin:1.3.41"
}

/build.gradle

apply plugin: "kotlin"
buildscript {
repositories {
mavenCentral()
}
dependencies {
classpath(BuildLibs.KOTLIN_PLUGIN)
}
}
repositories {
mavenCentral()
}
dependencies {
compile(Libs.KOTLIN)
}

This approach gives some useful benefits:

Classify and centralize all your dependencies
IDE Autocomplete / Go directly to the definition when clicking.
Possibility to add @Deprecated annotations to any dependency for better code documentation

Apply and configure the plugin

The next step is to apply and configure the Releases Hub plugin.

You should add a constant for the plugin on /buildSrc/src/main/kotlin/BuildLibs.kt, replacing X.Y.Z by the latest release version. You see the latest release here.

object BuildLibs {
...
    const val RELEASES_HUB_PLUGIN = "com.releaseshub:releases-hub-gradle-plugin:X.Y.Z"
    ...
}

Then apply the plugin on the root build.gradle

buildscript {
repositories {
mavenCentral() // or gradlePluginPortal()
}
dependencies {
classpath(BuildLibs.RELEASES_HUB_PLUGIN)
}
}

apply plugin: "com.releaseshub.gradle.plugin"

If the default configuration is not enough, you can learn how to configure the plugin here.

You can try the integration executing the following tasks:

  1. ThelistDependencies task to see all your defined dependencies.
  2. The listDependenciesToUpgrade task to see if you have dependencies to upgrade.

Configure your CI tool

Finally, if you want automatic dependencies upgrades, you should configure your CI tool. You need to schedule the invocation of the upgradeDependencies task on your CI tool (daily, weekly, monthly, as you wish).

Remember to configure the gitHubWriteToken property as an environment variable. Don’t pass the token as a command line parameter, because it is a secret.

To enable the pull requests creation, you need to add the pullRequestEnabled command line option as true.

./gradlew upgradeDependencies -PpullRequestEnabled=true

If any of your dependencies is out-of-date, the plugin will create a pull request to update it.

Once you have the PR, you still need to do some manual tasks:

  • read the release notes
  • fix any breaking change
  • verify that your PR CI checks pass
  • perform manual tests
  • merge the PR

Comments

Popular Posts

Versioning Android apps

Circle CI + Android configuration tips

Say bye-bye to Android Jetifier