Automate Dependencies Upgrades With Releases Hub

Automatically keep your Gradle project dependencies up to date

Maxi Rosson
Oct 22 · 4 min read
Image for post
Image for post

Using more and more dependencies on Gradle projects is a common practice. Keeping your Gradle project dependencies up to date can be a huge manual task if you have a big project. It’s a bit tedious for developers to manually check for dependencies upgrades, causing a lot of waste of time.

Furthermore, developers don’t perform dependencies upgrades as frequently as they should, harming project quality and security.

In particular, Android projects are not an exception. Google offers a lot of official libraries, in some cases with linked versions, like Firebase or Play Services.

The Releases Hub Gradle Plugin helps developers to keep their dependencies up to date, reducing some tedious manual tasks like remembering to look for dependencies upgrades, upgrading the dependencies on the Gradle configuration and creating a PR with the changes.

The plugin automatically upgrades your Gradle project dependencies and send GitHub pull requests with the changes.

The Plugin

  • Automatic Github Pull Requests creation with dependencies upgrades
  • Useful information on each pull request whenever available: release notes, documentation, source code, issue tracker, library size, Android permissions, etc
  • Support to configure which dependencies include and exclude, where to find their definitions, how many pull requests create and more.
  • Support any java based project using Gradle.
Image for post
Image for post

Migrate your dependencies to buildSrc

The first step is to use the buildSrc Gradle directory to define your dependencies.

“The directory buildSrc is treated as an included build. Upon discovery of the directory, Gradle automatically compiles and tests this code and puts it in the classpath of your build script.”

For more info about buildSrc, click here.

For example:

/buildSrc/build.gradle.kts

plugins { 
`kotlin-dsl`
}
repositories {
mavenCentral()
}

/buildSrc/src/main/kotlin/Libs.kt (for your project dependencies)

object Libs {
const val KOTLIN = "org.jetbrains.kotlin:kotlin-stdlib-jdk7:1.3.40"
}

/buildSrc/src/main/kotlin/BuildLibs.kt (for your plugin dependencies)

object BuildLibs {
const val KOTLIN_PLUGIN = "org.jetbrains.kotlin:kotlin-gradle-plugin:1.3.41"
}

/build.gradle

apply plugin: "kotlin"buildscript {
repositories {
mavenCentral()
}
dependencies {
classpath(BuildLibs.KOTLIN_PLUGIN)
}
}
repositories {
mavenCentral()
}
dependencies {
compile(Libs.KOTLIN)
}

This approach gives some useful benefits:

Image for post
Image for post
Classify and centralize all your dependencies
Image for post
Image for post
IDE Autocomplete / Go directly to the definition when clicking.
Image for post
Image for post
Possibility to add @Deprecated annotations to any dependency for better code documentation

Apply and configure the plugin

The next step is to apply and configure the Releases Hub plugin.

You should add a constant for the plugin on /buildSrc/src/main/kotlin/BuildLibs.kt, replacing X.Y.Z by the latest release version. You see the latest release here.

object BuildLibs {
...
const val RELEASES_HUB_PLUGIN = "com.releaseshub:releases-hub-gradle-plugin:X.Y.Z" ...
}

Then apply the plugin on the root build.gradle

buildscript {
repositories {
mavenCentral() // or gradlePluginPortal()
}
dependencies {
classpath(BuildLibs.RELEASES_HUB_PLUGIN)
}
}

apply plugin: "com.releaseshub.gradle.plugin"

If the default configuration is not enough, you can learn how to configure the plugin here.

You can try the integration executing the following tasks:

  1. ThelistDependencies task to see all your defined dependencies.
  2. The listDependenciesToUpgrade task to see if you have dependencies to upgrade.

Configure your CI tool

Finally, if you want automatic dependencies upgrades, you should configure your CI tool. You need to schedule the invocation of the upgradeDependencies task on your CI tool (daily, weekly, monthly, as you wish).

Remember to configure the gitHubWriteToken property as an environment variable. Don’t pass the token as a command line parameter, because it is a secret.

To enable the pull requests creation, you need to add the pullRequestEnabled command line option as true.

./gradlew upgradeDependencies -PpullRequestEnabled=true

If any of your dependencies is out-of-date, the plugin will create a pull request to update it.

Once you have the PR, you still need to do some manual tasks:

  • read the release notes
  • fix any breaking change
  • verify that your PR CI checks pass
  • perform manual tests
  • merge the PR

Boost your Productivity

Maxi Rosson

Written by

Freelance Android Developer | Creator of “Android Topics” Publication (https://medium.com/android-topics) & releaseshub.com

Dipien

Productivity tools & ideas for Android, Kotlin & Gradle developers.

Maxi Rosson

Written by

Freelance Android Developer | Creator of “Android Topics” Publication (https://medium.com/android-topics) & releaseshub.com

Dipien

Productivity tools & ideas for Android, Kotlin & Gradle developers.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store