Add updateLock task

It is now possible to update only a subset of the locked dependencies
rather than updating them all at once by regenerating the lock file.

 nebula-plugins#42

README.md

@@ -37,8 +37,9 @@ To include, add the following to your build.gradle
 
 Command line overrides via `-PdependencyLock.override` or `-PdependencyLock.overrideFile` will apply.
 
-* generateLock - Generate a lock file into the build directory, any existing `dependency.lock` file will be ignored
-* saveLock - copies generated lock into the project directory
+* generateLock - Generate a lock file into the build directory. Any existing `dependency.lock` file will be ignored.
+* updateLock - Update dependencies from the lock file into the build directory. By default, this task does the same thing as the `generateLock` task. This task also exposes an option `--dependencies` allowing the user to specify a comma-separated list, in the format `<group>:<artifact>`, of dependencies to update.
+* saveLock - Copy the generated lock into the project directory.
 * commitLock - If a [gradle-scm-plugin](https://github.com/nebula-plugins/gradle-scm-plugin) implementation is applied. Will commit dependencies.lock to the configured SCM. Exists only on the rootProject. Assumes scm root is at the same level as the root build.gradle.
 
 #### Common Command Line Overrides
@@ -49,6 +50,8 @@ Revert to normal gradle behavior even with plugin applied.
 
 ### Common Workflows
 
+Generate lock:
+
 1. `./gradlew generateLock saveLock`
 2. `./gradlew test`
 3. if 2 passes `./gradlew commitLock`
@@ -59,6 +62,11 @@ or
 2. `./gradlew -PdependencyLock.useGeneratedLock=true test`
 3. `./gradlew saveLock commitLock`
 
+Update lock (the lock must still be saved/committed):
+
+* `./gradlew updateLock --dependencies com.example:foo,com.example:bar`
+
+
 ### Extensions Provided
 
 #### dependencyLock Extension
@@ -68,15 +76,17 @@ or
 * lockFile - This field takes a String. The default is `dependencies.lock`. This filename will be what is generated by `generateLock` and read when locking dependencies.
 * configurationNames - This field takes a List<String>. Defaults to the `testRuntime` conf which will include `compile`, `runtime`, and `testCompile`. These will be the configurations that are read when locking.
 * dependencyFilter - This field can be assigned a Closure that is used to filter the set of top-level dependencies as they are retrieved from the configurations. This happens before overrides are applied and before any dependencies are skipped. The Closure must accept the dependency's `group`, `name`, and `version` as its 3 parameters. The default implementation returns `true`, meaning all dependencies are used.
+* updateDependencies - This field takes a List<String> denoting the dependencies that should be updated when the `updateLock` task is run. If any dependencies are specified via the `--dependencies` option, this field is ignored. If any dependencies are listed during execution of the `updateLock` task either via the `--dependencies` option or this field, the `dependencyFilter` is bypassed.
 * skippedDependencies - This field takes a List<String>. Defaults to empty. This list is used to list dependencies as ones that will never be locked. Strings should be of the format `<group>:<artifact>`
 * includeTransitives - This field is a boolean. Defaults to false. False will only lock direct dependencies. True will lock the entire transitive graph.
 
-Use the extension if you wish to configure. Each project where gradle-dependency-lock will have its own dependencyLock extension.
+Use the extension if you wish to configure. Each project where gradle-dependency-lock is applied will have its own dependencyLock extension.
 
     dependencyLock {
       lockFile = 'dependencies.lock'
       configurationNames = ['testRuntime']
       dependencyFilter = { String group, String name, String version -> true }
+      updateDependencies = []
       skippedDependencies = []
       includeTransitives = false
     }

gradle.properties

@@ -1 +1 @@
-version=1.12.4-SNAPSHOT
+version=1.12.5-SNAPSHOT

src/main/groovy/nebula/plugin/dependencylock/DependencyLockExtension.groovy

@@ -19,6 +19,7 @@ class DependencyLockExtension {
     String lockFile = 'dependencies.lock'
     Set<String> configurationNames = ['testRuntime'] as Set
     Closure dependencyFilter = { String group, String name, String version -> true }
+    Set<String> updateDependencies = [] as Set
     Set<String> skippedDependencies = [] as Set
     boolean includeTransitives = false
 }

src/main/groovy/nebula/plugin/dependencylock/DependencyLockPlugin.groovy

@@ -19,6 +19,7 @@ import groovy.json.JsonSlurper
 import nebula.plugin.dependencylock.tasks.CommitLockTask
 import nebula.plugin.dependencylock.tasks.GenerateLockTask
 import nebula.plugin.dependencylock.tasks.SaveLockTask
+import nebula.plugin.dependencylock.tasks.UpdateLockTask
 import nebula.plugin.scm.ScmPlugin
 import org.gradle.api.GradleException
 import org.gradle.api.Plugin
@@ -42,27 +43,37 @@ class DependencyLockPlugin implements Plugin<Project> {
         }
 
         Map overrides = loadOverrides()
-        GenerateLockTask lockTask = configureLockTask(clLockFileName, extension, overrides)
+
+        GenerateLockTask genLockTask = project.tasks.create('generateLock', GenerateLockTask)
+        configureLockTask(genLockTask, clLockFileName, extension, overrides)
         if (project.hasProperty('dependencyLock.useGeneratedLock')) {
-            clLockFileName = lockTask.getDependenciesLock().path
+            clLockFileName = genLockTask.getDependenciesLock().path
             logger.lifecycle(clLockFileName)
         }
-        SaveLockTask saveTask = configureSaveTask(lockTask, extension)
+
+        UpdateLockTask updateLockTask = project.tasks.create('updateLock', UpdateLockTask)
+        configureLockTask(updateLockTask, clLockFileName, extension, overrides)
+        configureUpdateTask(updateLockTask, extension)
+
+        SaveLockTask saveTask = configureSaveTask(clLockFileName, extension)
+        saveTask.mustRunAfter genLockTask, updateLockTask
+
         configureCommitTask(clLockFileName, saveTask, extension, commitExtension)
 
         project.gradle.taskGraph.whenReady { taskGraph ->
             File dependenciesLock = new File(project.projectDir, clLockFileName ?: extension.lockFile)
 
-            if (taskGraph.hasTask(lockTask)) {
+            def hasLockingTask = taskGraph.hasTask(genLockTask) || taskGraph.hasTask(updateLockTask)
+
+            if (hasLockingTask) {
                 project.configurations.all {
                     resolutionStrategy {
                         cacheDynamicVersionsFor 0, 'seconds'
                     }
                 }
             }
 
-            if (!taskGraph.hasTask(lockTask) && dependenciesLock.exists() &&
-                    !shouldIgnoreDependencyLock()) {
+            if (!hasLockingTask && dependenciesLock.exists() && !shouldIgnoreDependencyLock()) {
                 applyLock(dependenciesLock, overrides)
             } else if (!shouldIgnoreDependencyLock()) {
                 applyOverrides(overrides)
@@ -104,13 +115,12 @@ class DependencyLockPlugin implements Plugin<Project> {
         }
     }
 
-    private SaveLockTask configureSaveTask(GenerateLockTask lockTask, DependencyLockExtension extension) {
+    private SaveLockTask configureSaveTask(String clLockFileName, DependencyLockExtension extension) {
         SaveLockTask saveTask = project.tasks.create('saveLock', SaveLockTask)
         saveTask.conventionMapping.with {
-            generatedLock = { lockTask.dependenciesLock }
+            generatedLock = { new File(project.buildDir, clLockFileName ?: extension.lockFile) }
             outputLock = { new File(project.projectDir, extension.lockFile) }
         }
-        saveTask.mustRunAfter lockTask
         saveTask.outputs.upToDateWhen {
             if (saveTask.generatedLock.exists() && saveTask.outputLock.exists()) {
                 saveTask.generatedLock.text == saveTask.outputLock.text
@@ -122,8 +132,7 @@ class DependencyLockPlugin implements Plugin<Project> {
         saveTask
     }
 
-    private GenerateLockTask configureLockTask(String clLockFileName, DependencyLockExtension extension, Map overrides) {
-        GenerateLockTask lockTask = project.tasks.create('generateLock', GenerateLockTask)
+    private GenerateLockTask configureLockTask(GenerateLockTask lockTask, String clLockFileName, DependencyLockExtension extension, Map overrides) {
         lockTask.conventionMapping.with {
             dependenciesLock = {
                 new File(project.buildDir, clLockFileName ?: extension.lockFile)
@@ -138,6 +147,14 @@ class DependencyLockPlugin implements Plugin<Project> {
         lockTask
     }
 
+    private configureUpdateTask(UpdateLockTask lockTask, DependencyLockExtension extension) {
+        // You can't read a property at the same time you define the convention mapping ∞
+        def updatesFromOption = lockTask.dependencies
+        lockTask.conventionMapping.dependencies = { updatesFromOption ?: extension.updateDependencies }
+
+        lockTask
+    }
+
     void applyOverrides(Map overrides) {
         if (project.hasProperty('dependencyLock.overrideFile')) {
             logger.info("Using override file ${project['dependencyLock.overrideFile']} to lock dependencies")

src/main/groovy/nebula/plugin/dependencylock/tasks/GenerateLockTask.groovy

@@ -15,15 +15,14 @@
  */
 package nebula.plugin.dependencylock.tasks
 
-import groovy.transform.EqualsAndHashCode
 import org.gradle.api.artifacts.Configuration
 import org.gradle.api.artifacts.Dependency
 import org.gradle.api.artifacts.ExternalDependency
 import org.gradle.api.artifacts.ResolvedDependency
 import org.gradle.api.tasks.TaskAction
 
 class GenerateLockTask extends AbstractLockTask {
-    String description = 'Create a lock file in build/<configured name>'
+    String description = 'Create a lock file in build/<specified name>'
     Closure filter = { group, name, version -> true }
     Set<String> configurationNames
     Set<String> skippedDependencies = []
@@ -51,7 +50,7 @@ class GenerateLockTask extends AbstractLockTask {
             def filteredExternalDependencies = externalDependencies.findAll { Dependency dependency ->
                 filter(dependency.group, dependency.name, dependency.version)
             }
-            filteredExternalDependencies.each { Dependency dependency ->
+            filteredExternalDependencies.each { ExternalDependency dependency ->
                 def key = new LockKey(group: dependency.group, artifact: dependency.name)
                 deps[key].requested = dependency.version
             }
@@ -149,7 +148,7 @@ class GenerateLockTask extends AbstractLockTask {
         deps[key].transitive << parent
     }
 
-    private void writeLock(deps) {
+    void writeLock(deps) {
         def strings = deps.findAll { !getSkippedDependencies().contains(it.key.toString()) }
                 .collect { LockKey k, Map v -> stringifyLock(k, v) }
         strings = strings.sort()
@@ -186,15 +185,4 @@ class GenerateLockTask extends AbstractLockTask {
 
         return lockLine.toString()
     }
-
-    @EqualsAndHashCode
-    private static class LockKey {
-        String group
-        String artifact
-
-        @Override
-        String toString() {
-            "${group}:${artifact}"
-        }
-    }
 }

src/main/groovy/nebula/plugin/dependencylock/tasks/LockKey.groovy

@@ -0,0 +1,17 @@
+package nebula.plugin.dependencylock.tasks
+
+import groovy.transform.EqualsAndHashCode
+
+/**
+ * Map key for locked dependencies.
+ */
+@EqualsAndHashCode
+class LockKey {
+    String group
+    String artifact
+
+    @Override
+    String toString() {
+        "${group}:${artifact}"
+    }
+}

src/main/groovy/nebula/plugin/dependencylock/tasks/UpdateLockTask.groovy

@@ -0,0 +1,99 @@
+package nebula.plugin.dependencylock.tasks
+
+import groovy.json.JsonSlurper
+import org.gradle.api.artifacts.ResolvedDependency
+import org.gradle.api.logging.Logger
+import org.gradle.api.logging.Logging
+
+import java.lang.Override
+import org.gradle.api.GradleException
+import org.gradle.api.internal.tasks.options.Option
+
+/**
+ * The update task is a generate task, it simply reads in the old locked dependencies and then overwrites the desired
+ * dependencies per user request.
+ */
+class UpdateLockTask extends GenerateLockTask {
+    private static Logger logger = Logging.getLogger(UpdateLockTask)
+
+    String description = 'Apply updates to a preexisting lock file and write to build/<specified name>'
+    Set<String> dependencies
+
+    @Option(option = "dependencies", description = "Specify which dependencies to update via a comma-separated list")
+    void setDependencies(String depsFromOption) {
+        setDependencies(depsFromOption.tokenize(',') as Set)
+    }
+
+    void setDependencies(Set<String> dependencyList) {
+        this.dependencies = dependencyList
+    }
+
+    @Override
+    void lock() {
+        // If the user specifies dependencies to update, ignore any filter specified by the build file and use our
+        // own generated from the list of dependencies.
+        def updates = getDependencies()
+
+        if (updates) {
+            filter = { group, artifact, version ->
+                updates.contains("${group}:${artifact}".toString())
+            }
+        }
+        super.lock()
+    }
+
+    @Override
+    void writeLock(updated) {
+        File currentLock = new File(project.projectDir, dependenciesLock.name)
+        def locked = loadLock(currentLock)
+        def pruned = pruneDeps(locked)
+        super.writeLock(pruned + (updated as Map))
+    }
+
+    private pruneDeps(locked) {
+        Set keys = []
+        Set visited = []
+
+        // Visit all nodes in a list of dependency trees once and record the lock key.
+        Closure addKeysFrom
+        addKeysFrom = { Set<ResolvedDependency> nodes ->
+            keys += nodes.collect { ResolvedDependency dep ->
+                visited += dep
+                new LockKey(group: dep.moduleGroup, artifact: dep.moduleName)
+            }
+            Set unvisited = nodes*.children.flatten() - visited
+            if (unvisited.size() > 0) {
+                addKeysFrom.trampoline(unvisited)
+            }  // bounce..
+        }.trampoline()
+
+        // Recursively generate keys for the entire dependency tree.
+        Set dependencies = project.configurations*.resolvedConfiguration.firstLevelModuleDependencies.flatten()
+        addKeysFrom(dependencies)
+
+        // Prune dependencies from the lock file that are not needed by dependencies in the current build script.
+        locked.findAll {
+            keys.contains(it.key)
+        }
+    }
+
+    private static loadLock(File lock) {
+        def json
+        try {
+            json = new JsonSlurper().parseText(lock.text)
+        } catch (ex) {
+            logger.debug('Unreadable json file: ' + lock.text)
+            logger.error('JSON unreadable')
+            throw new GradleException("${lock.name} is unreadable or invalid json, terminating run", ex)
+        }
+        // Load the dependencies in the same form as they are read from the configurations.
+        def lockKeyMap = [:].withDefault {
+            [transitive: [] as Set, firstLevelTransitive: [] as Set, childrenVisited: false]
+        }
+        json.each { key, value ->
+            def (group, artifact) = key.tokenize(':')
+            lockKeyMap.put(new LockKey(group: group, artifact: artifact), value)
+        }
+        lockKeyMap
+    }
+}