linsui
June 23, 2022, 8:58am
1
The dependencies solved by gradle is changing even though I locked it. I thought the reason is that snapshot versions of deps are used. Could you please don’t use snapshot at least in release? Is there any way to pin it? Thanks!
Hm, have you tried the dependency locking in gradle Locking dependency versions ?
linsui
June 23, 2022, 3:35pm
3
Yes, I tried that. But it only locks dynamic version while snapshot is a changing version as said in the doc.
Dependency locking makes sense only with dynamic versions . It will have no impact on changing versions (like -SNAPSHOT) whose coordinates remain the same, though the content may change. Gradle will even emit a warning when persisting lock state and changing dependencies are present in the resolution result.
I see, however I don’t think it’s possible at the moment https://github.com/gradle/gradle/issues/8627
The only workaround is that you download the snapshot versions and put them in the libs folder.
linsui
June 24, 2022, 2:21am
5
How about using 'com.github.sialcasa.mvvmFX:mvvmfx-validation:f195849ca9' from jitpack.io ?
Thanks, that could work, will try this
I’ve created a PR:
JabRef:main ← JabRef:testremovelog4j
opened 07:05PM - 23 Jun 22 UTC
Refs https://discourse.jabref.org/t/cant-build-jabref-reproducibly/3427
<!-… -
Describe the changes you have made here: what, why, ...
Link issues that are fixed, e.g. "Fixes #333".
If you fixed a koppor issue, link it, e.g. "Fixes https://github.com/koppor/jabref/issues/47".
The title of the PR must not reference an issue, because GitHub does not support autolinking there.
-->
<!--
- Go through the list below. Please don't remove any items.
- [x] done; [ ] not done / not applicable
-->
- [ ] Change in `CHANGELOG.md` described in a way that is understandable for the average user (if applicable)
- [ ] Tests created for changes (if applicable)
- [ ] Manually tested changed features in running JabRef (always required)
- [ ] Screenshots added in PR description (for UI changes)
- [ ] [Checked developer's documentation](https://devdocs.jabref.org/): Is the information available and up to date? If not, I outlined it in this pull request.
- [ ] [Checked documentation](https://docs.jabref.org/): Is the information available and up to date? If not, I created an issue at <https://github.com/JabRef/user-documentation/issues> or, even better, I submitted a pull request to the documentation repository.
1 Like
Can you test if this works for you?
linsui
June 24, 2022, 4:15pm
8
I thought I need a gradle.lockfile. It can be generated with gradle dependencies --write-locks.
Okay, I added one. We just need to see how it works with dependabot and updating the deps.
linsui
June 25, 2022, 4:44am
10
I can’t build jabref on NixOS because openjdk 18 hasn’t been packaged yet. So I can’t test it, sorry.
linsui
February 8, 2023, 2:03pm
11
Hi, 5.9 introduced 2 new deps with snapshot version. Could you please pin them to a commit? Thanks!