You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
and this Sunday morning, Gradle can't downloads the Gradle plugins probably due to a Gradle outage
This, without any change on my side.
This all boils down to the massive use of latest.release as the version of dependencies in the codebase which makes builds non reproducible and very brittle as soon as the latest release has problems or incompatibility issues with the codebase.
Wondering if it would be better to switch to hardcoded versions and using Dependabot to suggest the updates automatically?
That should make the builds more solid and at least a build of the exact same code would lead to the same result from one day to another.
The text was updated successfully, but these errors were encountered:
We can commit to once-a-day dependency locking, but we will not rely on Dependabot as it is not nearly sophisticated enough to deal with Gradle dependency management. We can craft a Github action workflow to attempt to update dependencies once a day, and if the tests pass, commit the new lock.
Hi,
I had two build issues trying to build OpenRewrite lately:
This, without any change on my side.
This all boils down to the massive use of
latest.release
as the version of dependencies in the codebase which makes builds non reproducible and very brittle as soon as the latest release has problems or incompatibility issues with the codebase.Wondering if it would be better to switch to hardcoded versions and using Dependabot to suggest the updates automatically?
That should make the builds more solid and at least a build of the exact same code would lead to the same result from one day to another.
The text was updated successfully, but these errors were encountered: