repeatable builds with libraries that have version ranges

Skip to first unread message

Vasco Figueira

Nov 6, 2014, 8:36:08 AM11/6/14
Hi all,

This is fairly specific question.

A the start of a pipeline (we're using Go) we ground a build, i.e. fixate the versions to make it repeatable. There's one library that we depend on that defines in its POM a version range. In our dependency tree it appears like so:

[INFO] |  +- com.theoryinpractise:halbuilder-json:jar:3.1.1:compile
[INFO] |  |  +- com.theoryinpractise:halbuilder-api:jar:2.2.1:compile (version selected from constraint [2.1.0,3.0.0))
[INFO] |  |  \- com.theoryinpractise:halbuilder-core:jar:3.1.3:compile (version selected from constraint [3.0.0,4.0.0))

The resolve-ranges goal of the versions-maven-plugin does allow you to fixate these versions if they're your direct dependencies, but if they're transitive it does not add to your POM an "override" to fixate those.

Has anyone come up with solution for this other than manually pulling that particular range definition to our POM?

Thank you.



Johan Rydström

May 1, 2015, 3:07:44 PM5/1/15
Maybe I misunderstand but isn't that a non-issue? The direct dependency you are "fixating" will be on a specific version which is one unique build; that build should also only be able to have one version of a child bound (at one time), no?

Or is your problem that you are USING code from the indirect dependency without declaring it? Maybe you could declare & fixate that transitive dependency directly in your pom.

Johan Rydström
Reply all
Reply to author
0 new messages