https://kotlinlang.org logo
Channels
100daysofcode
100daysofkotlin
100daysofkotlin-2021
advent-of-code
aem
ai
alexa
algeria
algolialibraries
amsterdam
android
android-architecture
android-databinding
android-studio
androidgithubprojects
androidthings
androidx
androidx-xprocessing
anime
anko
announcements
apollo-kotlin
appintro
arabic
argentina
arkenv
arksemdevteam
armenia
arrow
arrow-contributors
arrow-meta
ass
atlanta
atm17
atrium
austin
australia
austria
awesome-kotlin
ballast
bangladesh
barcelona
bayarea
bazel
beepiz-libraries
belgium
benchmarks
berlin
big-data
books
boston
brazil
brikk
budapest
build
build-tools
bulgaria
bydgoszcz
cambodia
canada
carrat
carrat-dev
carrat-feed
chicago
chile
china
chucker
cincinnati-user-group
cli
clikt
cloudfoundry
cn
cobalt
code-coverage
codeforces
codemash-precompiler
codereview
codingame
codingconventions
coimbatore
collaborations
colombia
colorado
communities
competitive-programming
competitivecoding
compiler
compose
compose-android
compose-desktop
compose-hiring
compose-ios
compose-mp
compose-ui-showcase
compose-wear
compose-web
confetti
connect-audit-events
corda
cork
coroutines
couchbase
coursera
croatia
cryptography
cscenter-course-2016
cucumber-bdd
cyprus
czech
dagger
data2viz
databinding
datascience
dckotlin
debugging
decompose
decouple
denmark
deprecated
detekt
detekt-hint
dev-core
dfw
docs-revamped
dokka
domain-driven-design
doodle
dsl
dublin
dutch
eap
eclipse
ecuador
edinburgh
education
effective-kotlin
effectivekotlin
emacs
embedded-kotlin
estatik
event21-community-content
events
exposed
failgood
fb-internal-demo
feed
firebase
flow
fluid-libraries
forkhandles
forum
fosdem
fp-in-kotlin
framework-elide
freenode
french
fritz2
fuchsia
functional
funktionale
gamedev
ge-kotlin
general-advice
georgia
geospatial
german-lang
getting-started
github-workflows-kt
glance
godot-kotlin
google-io
gradle
graphic
graphkool
graphql
graphql-kotlin
graviton-browser
greece
grpc
gsoc
gui
hackathons
hacktoberfest
hamburg
hamkrest
helios
helsinki
hexagon
hibernate
hikari-cp
hire-me
hiring
hongkong
hoplite
http4k
hungary
hyderabad
image-processing
india
indonesia
inkremental
intellij
intellij-plugins
intellij-tricks
internships
introduce-yourself
io
ios
iran
israel
istanbulcoders
italian
jackson-kotlin
jadx
japanese
jasync-sql
java-to-kotlin-refactoring
javadevelopers
javafx
javalin
javascript
jdbi
jhipster-kotlin
jobsworldwide
jpa
jshdq
juul-libraries
jvm-ir-backend-feedback
jxadapter
k2-early-adopters
kaal
kafka
kakao
kalasim
kapt
karachi
karg
karlsruhe
kash_shell
kaskade
kbuild
kdbc
kgen-doc-tools
kgraphql
kinta
klaxon
klock
kloudformation
kmdc
kmm-español
kmongo
knbt
knote
koalaql
koans
kobalt
kobweb
kodein
kodex
kohesive
koin
koin-dev
komapper
kondor-json
kong
kontent
kontributors
korau
korean
korge
korim
korio
korlibs
korte
kotest
kotest-contributors
kotless
kotlick
kotlin-asia
kotlin-beam
kotlin-by-example
kotlin-csv
kotlin-data-storage
kotlin-foundation
kotlin-fuel
kotlin-in-action
kotlin-inject
kotlin-latam
kotlin-logging
kotlin-multiplatform-contest
kotlin-mumbai
kotlin-native
kotlin-pakistan
kotlin-plugin
kotlin-pune
kotlin-roadmap
kotlin-samples
kotlin-sap
kotlin-serbia
kotlin-spark
kotlin-szeged
kotlin-website
kotlinacademy
kotlinbot
kotlinconf
kotlindl
kotlinforbeginners
kotlingforbeginners
kotlinlondon
kotlinmad
kotlinprogrammers
kotlinsu
kotlintest
kotlintest-devs
kotlintlv
kotlinultimatechallenge
kotlinx-datetime
kotlinx-files
kotlinx-html
kotrix
kotson
kovenant
kprompt
kraph
krawler
kroto-plus
ksp
ktcc
ktfmt
ktlint
ktor
ktp
kubed
kug-leads
kug-torino
kvision
kweb
lambdaworld_cadiz
lanark
language-evolution
language-proposals
latvia
leakcanary
leedskotlinusergroup
lets-have-fun
libgdx
libkgd
library-development
lincheck
linkeddata
lithuania
london
losangeles
lottie
love
lychee
macedonia
machinelearningbawas
madrid
malaysia
mathematics
meetkotlin
memes
meta
metro-detroit
mexico
miami
micronaut
minnesota
minutest
mirror
mockk
moko
moldova
monsterpuzzle
montreal
moonbean
morocco
motionlayout
mpapt
mu
multiplatform
mumbai
munich
mvikotlin
mvrx
myndocs-oauth2-server
naming
navigation-architecture-component
nepal
new-mexico
new-zealand
newname
nigeria
nodejs
norway
npm-publish
nyc
oceania
ohio-kotlin-users
oldenburg
oolong
opensource
orbit-mvi
osgi
otpisani
package-search
pakistan
panamá
pattern-matching
pbandk
pdx
peru
philippines
phoenix
pinoy
pocketgitclient
polish
popkorn
portugal
practical-functional-programming
proguard
prozis-android-backup
pyhsikal
python
python-contributors
quasar
random
re
react
reaktive
realm
realworldkotlin
reductor
reduks
redux
redux-kotlin
refactoring-to-kotlin
reflect
refreshversions
reports
result
rethink
revolver
rhein-main
rocksdb
romania
room
rpi-pico
rsocket
russian
russian_feed
russian-kotlinasfirst
rx
rxjava
san-diego
science
scotland
scrcast
scrimage
script
scripting
seattle
serialization
server
sg-user-group
singapore
skia-wasm-interop-temp
skrape-it
slovak
snake
sofl-user-group
southafrica
spacemacs
spain
spanish
speaking
spek
spin
splitties
spotify-mobius
spring
spring-security
squarelibraries
stackoverflow
stacks
stayhungrystayfoolish
stdlib
stlouis
strife-discord-lib
strikt
students
stuttgart
sudan
swagger-gradle-codegen
swarm
sweden
swing
swiss-user-group
switzerland
talking-kotlin
tallinn
tampa
teamcity
tegal
tempe
tensorflow
terminal
test
testing
testtestest
texas
tgbotapi
thailand
tornadofx
touchlab-tools
training
tricity-kotlin-user-group
trójmiasto
truth
tunisia
turkey
turkiye
twitter-feed
uae
udacityindia
uk
ukrainian
uniflow
unkonf
uruguay
utah
uuid
vancouver
vankotlin
vertx
videos
vienna
vietnam
vim
vkug
vuejs
web-mpp
webassembly
webrtc
wimix_sentry
wwdc
zircon
Powered by
Title
x

xenoterracide

12/21/2017, 3:24 AM
is this the best way to have written this?
g

gildor

12/21/2017, 3:37 AM
What do you mean? Make it more concise?
x

xenoterracide

12/21/2017, 3:38 AM
concise, correct? my first attempt at using this stuff
also I obviously need to figure out why apt isn't working
for example, not convinced
configure<CheckstyleExtension> {
    toolVersion = "8.4"
    sourceSets.addAll(java.sourceSets.filter { it.name != "test" })
}
is the best way to exclude tests, but I didn't see another way to do it, there was just a way to disable it in groovy
g

gildor

12/21/2017, 3:41 AM
Look like everything is mostly fine. You can avoid
buildscript
if use settings.gradle to configure dependency-management-plugin that not published to plugins.gradle.org You also can configure all the tasks inside tasks{} block, but almost the same what you have now
all default plugins could be moved to
plugins
block:
plugin<IdeaPlugin>()
    plugin<CheckstylePlugin>()
    plugin<MavenPublishPlugin>()
    plugin<JavaLibraryPlugin>()
to
plugins {
   idea
   checkstyle
   `maven-publish`
   `java-library`
}
Also, when you move dependency-management-plugin to settings.gradle and use plugins block to apply it, you can configure it with generated extension
dependencyManagement{}
, instead of
configure<StandardDependencyManagementExtension> {}
You don’t need this line:
plugin<SpotBugsPlugin>()
You already applied plugin in
plugins{}
block
If you move checkstyle to plugins block you can use:
checkstyle{}
extension instead of
configure<CheckstyleExtension>
same for
idea
plugin
I’ve played little bit with your config. And what I get, not 100% that everything is correct, just a general idea
And this settings.gradle.kts
anyway, you cannot use snapshot version with plugins block 😞 This is restricted for now
x

xenoterracide

12/21/2017, 6:09 AM
you also can't use latest in the plugins block right?
don't think I was pulling in the snapshot version
and how do you know when to use backticks
`java-library`
    java
    `maven-publish`
    checkstyle
    id(“com.github.spotbugs”) version “1.6.0"
and when not to
g

gildor

12/21/2017, 6:27 AM
autocomplete will help you understand
all the default gradle plugins available as static typed fields
you also can’t use latest in the plugins block right?
yes, just use not snapshot version and not dynamic, not sure why snapshot is restricted, because it can be helpful for testing and deubg
don’t think I was pulling in the snapshot version
Oh, I see, not sure like laste.version works. If you just need release you can remove all the code from settings.gradle.kts and use release
So, just delete all the code from settings.gradle.kts, because io.spring.dependency-management published to plugins.gradle.org: https://plugins.gradle.org/plugin/io.spring.dependency-management
and when not to
You need backticks for characters that not valid for kotlin identifiers (for example dash
-
or space)
anyway, you can add backticks to each name, if you want
you also can’t use latest in the plugins block right
It’s good practice actually, because you have repeatable builds and faster, because gradle doesn’t check for a new version all the time.
x

xenoterracide

12/21/2017, 6:35 AM
I'm sketchy on that last bit mostly because currently it's looking like update headache, but eventually I'm going to figure out how I can write a plugin to manage these plugins in a more unified way
it also means I won't know as soon as a new release breaks something
basically benefits and detractors
and I personally think the detractors are greater than the benefits
g

gildor

12/21/2017, 6:36 AM
Yes, but do you really want to get broken build eventually, just because new version released
also it helps gradle to configure build faster
x

xenoterracide

12/21/2017, 6:38 AM
depends on the thing... (and whether I can choose to do something like 1.^ instead of just latest, so I can theoretically conform to an api, but get bugfixes. and I can see the point on the configuration, but even when doing snapshots IIRC gradle caches for a while?
g

gildor

12/21/2017, 6:39 AM
yes, it cashes snapshots for 24 hours, as I remember
anyway, you cannot use dynamic version for plugins now, only on buildscript that works bad with kotlin-dsl and will probably be deprecated in the future. If you have a good case about dynamic dependencies for plugins block, you should probably report to Gradle - https://github.com/gradle/gradle/issues
x

xenoterracide

12/21/2017, 6:41 AM
yeah, so I'd expect the same thing of requesting latest in a plugin, only check if greater than whatever. having worked with Perl, NPM, and maven, gradle build systems, I'd say perl had the best regarding dealing with updates, in part due to cpantesters that were able to run all kinds of wonky versions against all other kind of wonky versions. So you'd see more real world usage. Where in java everyone uses fixed versions and then you need something like a BOM to actually sort out which versions work together. NPM on the other hand has the worst language dependency management, being the only one where you have do something like while failing try again until it works. java's stuff is good, just seems to be a little more at risk for not working in various configurations, and harder to keep on top of security patches
thanks for the help though 😉 I appreciate it
g

gildor

12/21/2017, 6:44 AM
About security patches there is a few plugins for gradle that check it for you and report if you build app using dependency with security problem
x

xenoterracide

12/21/2017, 6:44 AM
interesting thing about security patches is that only works if they've been reported as security issues
g

gildor

12/21/2017, 6:44 AM
but don’t think that it make a lot of sense for plugin, because plugin is local only thing and in 99% doesn’t affect your application
Yes, they use some DB of security issues in different java libraries
x

xenoterracide

12/21/2017, 6:45 AM
been a few issues that were fixed in the past couple of years, that made headlines for being fixed, but nobody realized they were security issues so they weren't backported
g

gildor

12/21/2017, 6:46 AM
To be honest, I don’t think that use the latest, just released version of library is the most secure way
Depends on library, of course
x

xenoterracide

12/21/2017, 6:46 AM
and for example a security bug I recently helped get fixed, and I said it was a vuln, also wasn't reported with a CVE, reminds me, I need to test that to see if it's really fixed
I guess I just like to roll with the latest major version having seen the behavior of many vendors
g

gildor

12/21/2017, 6:47 AM
yes, sounds like a reasonable strategy
x

xenoterracide

12/21/2017, 6:47 AM
and I can see that argument for plugins except, findbugs does find security issues
g

gildor

12/21/2017, 6:48 AM
again, there are plugins for that too 🙂
I mean who checks you dependency versions explicitly and report if you use old one
x

xenoterracide

12/21/2017, 6:49 AM
well I mean spotbugs finds issues in "my" code 😉 like it can find some variants of sql injection, and if they were to add a new one of those
g

gildor

12/21/2017, 6:50 AM
Anyway, I agree that for some use cases strategy with the latest version can be useful, so would be good to report this case to Gradle
x

xenoterracide

12/21/2017, 6:50 AM
sure
I might
thanks for your help
g

gildor

12/21/2017, 6:51 AM
You are welcome