Fix updating global locks with updateDependencies set

aughr · aughr · commit 3eac7b2a55ad · 2016-02-08T16:32:04.000-05:00
Because dependencies are "transitive" in the global context, we need to ensure
that anything a project directly depends on is not excluded from the list of
forces.
diff --git a/src/main/groovy/nebula/plugin/dependencylock/DependencyLockPlugin.groovy b/src/main/groovy/nebula/plugin/dependencylock/DependencyLockPlugin.groovy
@@ -371,12 +371,22 @@ class DependencyLockPlugin implements Plugin<Project> {
         }
     }
 
+    boolean isTopLevel(info, deps) {
+        // If this is not listed as being depended on at all, it must be a top-level dependency
+        if (info.transitive == null) return true
+
+        // If a dependency is listed as being depended on by something that we know is a project, then it must be a top-level dependency
+        return info.transitive.any {
+            deps[it]?.project
+        }
+    }
+
     void applyLock(File dependenciesLock, Map overrides, Collection<String> updates = []) {
         logger.info("Using ${dependenciesLock.name} to lock dependencies")
         def locks = loadLock(dependenciesLock)
 
         if (updates) {
-            locks = locks.collectEntries { configurationName, deps -> [(configurationName): deps.findAll { coord, info -> (info.transitive == null) && !updates.contains(coord) }]}
+            locks = locks.collectEntries { configurationName, deps -> [(configurationName): deps.findAll { coord, info -> isTopLevel(info, deps) && !updates.contains(coord) }]}
         }
 
         def isDeprecatedFormat = locks.every { it.key ==~ /[^:]+:.+/ } // in the old format, all first level props were groupId:artifactId
diff --git a/src/test/groovy/nebula/plugin/dependencylock/DependencyLockLauncherSpec.groovy b/src/test/groovy/nebula/plugin/dependencylock/DependencyLockLauncherSpec.groovy
@@ -1209,6 +1209,95 @@ class DependencyLockLauncherSpec extends IntegrationSpec {
         new File(projectDir, 'build/dependencies.lock').text == updatedLock
     }
 
+    def 'only the update dependency and its transitives are updated when using a global lock'() {
+        addSubproject('sub1', """\
+            dependencies {
+                compile 'test.example:bar:1.+'
+                compile 'test.example:qux:latest.release'
+            }
+        """.stripIndent())
+        buildFile << """\
+            allprojects {
+                ${applyPlugin(DependencyLockPlugin)}
+                group = 'test'
+            }
+            subprojects {
+                apply plugin: 'java'
+                repositories { maven { url '${Fixture.repo}' } }
+            }
+            dependencyLock {
+                includeTransitives = true
+            }
+        """.stripIndent()
+
+        def lockFile = new File(projectDir, 'global.lock')
+        def lockText = '''\
+                {
+                    "_global_": {
+                        "test.example:bar": {
+                            "locked": "1.0.0",
+                            "requested": "1.+",
+                            "transitive": [
+                                "test:sub1"
+                            ]
+                        },
+                        "test.example:qux": {
+                            "locked": "1.0.0",
+                            "requested": "latest.release",
+                            "transitive": [
+                                "test:sub1"
+                            ]
+                        },
+                        "test.example:foo": {
+                            "locked": "1.0.0",
+                            "transitive": [
+                                "test.example:bar",
+                                "test.example:qux"
+                            ]
+                        },
+                        "test:sub1": {
+                            "project": true
+                        }
+                    }
+                }'''.stripIndent()
+        lockFile.text = lockText
+
+        def updatedLock = '''\
+                {
+                    "_global_": {
+                        "test.example:bar": {
+                            "locked": "1.1.0",
+                            "transitive": [
+                                "test:sub1"
+                            ]
+                        },
+                        "test.example:foo": {
+                            "locked": "1.0.1",
+                            "transitive": [
+                                "test.example:bar",
+                                "test.example:qux"
+                            ]
+                        },
+                        "test.example:qux": {
+                            "locked": "1.0.0",
+                            "transitive": [
+                                "test:sub1"
+                            ]
+                        },
+                        "test:sub1": {
+                            "project": true
+                        }
+                    }
+                }'''.stripIndent()
+
+        when:
+        def results = runTasksSuccessfully('updateGlobalLock', '-PdependencyLock.updateDependencies=test.example:bar')
+
+        then:
+        println results.standardOutput
+        new File(projectDir, 'build/global.lock').text == updatedLock
+    }
+
     @Ignore
     def 'diff the generated lock with the existing lock '() {
         def dependenciesLock = new File(projectDir, 'dependencies.lock')
