Blog Infos
Author
Published
Topics
Published
Topics

Photo by Roman Synkevych on Unsplash

 

As Android engineers, one of the key challenges we face is keeping our project’s dependencies up-to-date. Doing it is time-consuming and as long as we wait, as long as it will be complicated to migrate dependencies to the latest version.

Fortunately, there are powerful tools available to simplify this process and ensure app is using the latest and most secure libraries.

Today I want to share how Gradle Version Catalog and Github’s Dependabot saved me a lot of work in my Android projects.

Disclaimer: the repository needs to be hosted on Github

Version Catalog

Gradle Version Catalog is a feature that provides a centralized and consistent way to manage dependency versions. It has been released as an experimental feature in version Gradle 7.0 and promoted to stable in version 7.4.

Create a Version Catalog

To get started we need to create a libs.versions.toml file in root project’s gradle folder.

libs is the default name but we can have multiple version catalogs and/or use another name but it will require more config and won’t be covered in this article.

Version Catalog file has 4 sections:

[versions]
[libraries]
[bundles]
[plugins]
  • In the versions section, define variables that hold the versions of dependencies and plugins. Variables can be shared between multiple dependencies.
  • In the libraries, define dependencies
  • In the bundles, define group of dependencies
  • In the plugins, define plugin

In this article, we will focus on versions and libraries. Check documentation for more info.

Declare dependencies

Now we need to declare dependencies:

[versions]
kotlin-coroutines = "1.7.0"
junit = "5.10.0"
[libraries]
kotlin-coroutines-core = { module = "org.jetbrains.kotlinx:kotlinx-coroutines-core", version.ref = "kotlin-coroutines" }
kotlin-coroutines-test = { module = "org.jetbrains.kotlinx:kotlinx-coroutines-test", version.ref = "kotlin-coroutines" }
junit-bom = { module = "org.junit:junit-bom", version.ref = "junit" }

OUR VIDEO RECOMMENDATION

, ,

Becoming and Staying a Productive Developer with Build Scans, Build Validation Scripts and Gradle

We will start by discussing some of the top Gradle issues that affect the productivity of Android developers. We will cover build cache misses and configuration cache issues as well as how to debug and…
Watch Video

Becoming and Staying a Productive Developer with Build Scans, Build Validation Scripts and Gradle

Etienne Studer & Nelson Osacky
SVP of Engineering & Lead Solutions Engineer
Gradle

Becoming and Staying a Productive Developer with Build Scans, Build Validation Scripts and Gradle

Etienne Studer & N ...
SVP of Engineering & ...
Gradle

Becoming and Staying a Productive Developer with Build Scans, Build Validation Scripts and Gradle

Etienne Studer & ...
SVP of Engineering & Lead ...
Gradle

Jobs

No results found.

The recommended naming is kebab case. Such as kotlin-coroutines-core and not camel case kotlinCoroutinesCore. Type-safe accessors `kotlin-coroutines-core` will be converted to `kotlin.coroutines.core`

Use Version Catalog

Before using Version Catalog, we will need to sync project to make Gradle generate type-safe accessors.

Open app or module build.gradle(.kts) and update the dependencies block:

dependencies {
implementation(libs.kotlin.coroutines.core)
testImplementation(libs.kotlin.coroutines.test)
}

That’s it!

Dependabot

GitHub Dependabot is an automated dependency management tool provided by GitHub. It monitors a project’s dependencies and notifies about outdated versions.
It generates pull requests with information on the updates available.

Dependabot helps to ensure projects are using the latest dependencies.

Since march-23 Dependabot has an official support of Gradle Version Catalog.

How to configure it

To enable version updates, we need to create a dependabot.yml file inside a root project’s .github directory.

This config file tells Dependabot which dependencies management tools we are using and how often it should check for updates.

version: 2
updates:
- package-ecosystem: "gradle"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
view raw dependabot.yml hosted with ❤ by GitHub

Check documentation for all settings.

What’s pull request looks like

Once Dependabot detects new dependencies version it creates a pull request that looks like this:

Coroutines pull request from Dependabot

Pull request description contents release note, change log, and commit to help us identify -breaking- changes.

Dependabot groups all dependencies that use the same version on our Version Catalog.

By default, Dependabot will open up to 5 pull requests with news updates per week but we can change this with the `open-pull-requests-limit` setting.

Dependabot action comments

To be able to easily manage Dependabot’s pull requests, we can use pull requests comment to ask Dependabot to run some actions:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after CI passes on it
  • @dependabot squash and merge will squash and merge this PR after CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block auto merging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot from recreating it (Same result by closing it manually)
  • @dependabot ignore this major version will close this PR and stop Dependabot from creating any more for this major version (unless we reopen the PR or upgrade to it ourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot from creating any more for this minor version. (unless we reopen the PR or upgrade to it ourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot from creating any more for this dependency (unless we reopen the PR or upgrade to it ourself)
Conclusion

By combining the power of Gradle Version Catalog and GitHub’s Dependabot, we can significantly streamline the process of managing dependencies for our Android projects. Centralizing version management with Gradle Version Catalog ensures consistency and ease of updates, while Dependabot automates the detection and application of the latest library releases.

This article was previously published on proandrdoiddev.com

YOU MAY BE INTERESTED IN

YOU MAY BE INTERESTED IN

blog
Managing dependencies in a single module project is pretty simple, but when you start…
READ MORE
blog

Running Instrumented Tests in a Gradle task

During the latest Google I/O, a lot of great new technologies were shown. The…
READ MORE
blog
Many of us have faced Groovy difficulties and used to convert it to Kotlin…
READ MORE
blog
This is the accompanying blog post for my recent Droidcon Berlin 2023 talk “How…
READ MORE

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu