Migrate settings.gradle to KTS and add the dependency resolutions#2328
Conversation
tonidero
left a comment
There was a problem hiding this comment.
Looking good! Just a question
| includeGroupByRegex("com\\.google\\.firebase(\\..*|)") | ||
| includeGroupByRegex("com\\.google\\.gms(\\..*|)") | ||
| includeGroupByRegex("com\\.google\\.prefab") | ||
| includeGroupByRegex("com\\.google\\.testing\\.platform") |
There was a problem hiding this comment.
Hmm I do wonder if it's worth adding this... Don't think we earn much and in case google adds some other dependency here that we need to include we would need to update this... But then again, a win is a win, and adding dependencies is probably not going to happen often, so I don't think it's a blocker 👍
There was a problem hiding this comment.
Thank you for reviewing this, Toni! This dependency filtering feature also helps prevent potential vulnerabilities caused by resolving incorrect artifacts since Gradle retrieves dependencies based on the order of declared repositories, so it may be more trustworthy for our customers. Now it's the default configuration as you can see it will be added automatically when you create a new Android project 😄
There was a problem hiding this comment.
Yea I think the supply-chain vulnerability is a good reason to include this. Gradle Syncs should also be slightly faster, as it won't try to e.g. get Coil from the google repo (referring to dependencyResolutionManagement below).
I see Toni's point about potentially having to keep this up to date manually, but I'm assuming that any issues would be compile-time, right?
There was a problem hiding this comment.
Ohh I actually didn't know that, make sense, thank you for explaining! This makes sense then 👍
And yeah, if there are any issues, I would assume them to be at compile-time so I don't think it would be a bit issue at all. Let's ship this! 💪
JayShortway
left a comment
There was a problem hiding this comment.
Much better! Thanks for taking care of this!
| } | ||
|
|
||
| dependencyResolutionManagement { | ||
| repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS) |
| includeGroupByRegex("com\\.google\\.firebase(\\..*|)") | ||
| includeGroupByRegex("com\\.google\\.gms(\\..*|)") | ||
| includeGroupByRegex("com\\.google\\.prefab") | ||
| includeGroupByRegex("com\\.google\\.testing\\.platform") |
There was a problem hiding this comment.
Yea I think the supply-chain vulnerability is a good reason to include this. Gradle Syncs should also be slightly faster, as it won't try to e.g. get Coil from the google repo (referring to dependencyResolutionManagement below).
I see Toni's point about potentially having to keep this up to date manually, but I'm assuming that any issues would be compile-time, right?
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #2328 +/- ##
=======================================
Coverage 80.34% 80.34%
=======================================
Files 281 281
Lines 9964 9964
Branches 1417 1417
=======================================
Hits 8006 8006
Misses 1346 1346
Partials 612 612 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
**This is an automatic release.** ## RevenueCat SDK ### 🐞 Bugfixes * Add missing response fields to `CustomerInfo`. Including transaction Prices (#2128) via Cesar de la Vega (@vegaro) ## RevenueCatUI SDK ### Paywallv2 #### 🐞 Bugfixes * [Paywalls v2] Fixes timeline layout when width is Fit (#2354) via JayShortway (@JayShortway) * [Paywalls V2] Improves fuzzy matching locale when the region doesn't match (#2355) via JayShortway (@JayShortway) * [Paywalls V2] Norwegian Bokmål and Norwegian Nynorsk fall back to Norwegian. (#2329) via JayShortway (@JayShortway) ### Customer Center #### 🐞 Bugfixes * Clean up on restoring functionality in customer center (#2316) via Cesar de la Vega (@vegaro) ### 🔄 Other Changes * [Paywalls v2] Adds the unsupported Background type to the error message (#2350) via JayShortway (@JayShortway) * [Paywalls v2] Uses a fixed date for template previews to avoid daily changes. (#2351) via JayShortway (@JayShortway) * [Paywalls v2] Adds a default case to `Background` and `ButtonComponent` (#2347) via JayShortway (@JayShortway) * [Paywalls v2] Improves `PaywallComponentsTemplatePreviewRecorder` stability (#2352) via JayShortway (@JayShortway) * [Paywalls v2] Adds a default case to most enums and sealed types (#2346) via JayShortway (@JayShortway) * Adds `EnumDeserializerWithDefault` and `SealedDeserializerWithDefault` (#2345) via JayShortway (@JayShortway) * [Paywalls V2] Renders template previews in a fixed resolution using Paparazzi (#2214) via JayShortway (@JayShortway) * Bump fastlane from 2.227.0 to 2.227.1 (#2344) via dependabot[bot] (@dependabot[bot]) * Migrate root gradle file to KTS (#2343) via Jaewoong Eum (@skydoves) * Migrate tester modules to KTS format (#2340) via Jaewoong Eum (@skydoves) * Introduce purchases-bom package (#2339) via Jaewoong Eum (@skydoves) * [AUTOMATIC][Paywalls V2] Updates paywall-preview-resources submodule (#2338) via RevenueCat Git Bot (@RCGitBot) * [Diagnostics] Removes Android 7 requirement (#2335) via JayShortway (@JayShortway) * [Paywalls v2] Fixes `update-paywall-preview-resources-submodule` CI job (#2337) via JayShortway (@JayShortway) * Make purchases module to transitive dependency for the ui module (#2334) via Jaewoong Eum (@skydoves) * Migrate settings.gradle to KTS and add the dependency resolutions (#2328) via Jaewoong Eum (@skydoves) Co-authored-by: revenuecat-ops <ops@revenuecat.com>
Motivation
Migrate settings.gradle to KTS and add the dependency resolutions.