Clone Tools
  • last updated a few seconds ago
Constraints: committers
Constraints: files
Constraints: dates
Remove extra serialized boolean and use real cache layout version

  1. … 2 more files in changeset.
Use real cache layout version

  1. … 1 more file in changeset.
Introduce a checksum file cache service

This service is responsible for caching the checksums computed from

local file system. Because it's also used for dependency verification

writing and checking, this cache uses the existing infrastructure which

makes sure that if a file is updated locally, we expire the entry in

the cache.

This is done because there are lots of places in the code where we

used the legacy `HashUtil` class, which has no caching whatsoever.

It's, however, quite common to have a build which generates sha1

checksums multiple times for the same file. For example, during


  1. … 102 more files in changeset.
Always serialize module sources

Module sources were only serialized in the cache metadata entry.

In practice, they belong to the module metadata, so they are now

properly serialized as part of it. This fixes the "force realize"


  1. … 18 more files in changeset.
Bump layout format

  1. … 6 more files in changeset.
Introduce module metadata verification

This commit introduces verification of metadata files.

For this, another refactoring of the `ModuleSource` concept

was required. Ironically, before this commit, `ModuleSource`

used to be available for serialization in the module metadata

serializer. However, they weren't used in practice, because

all the required data could be reconstructed from the caches.

In particular, there was this "contentHash" which, because

not properly serialized, was actually set as a field on the

component resolve metadata itself, instead of being part

of the module source.

Now, this commit reintroduces serialization of module sources

but takes a different approach by splitting the module sources

in two distinct categories:

- module sources which can be reconstructed from known data,

such as the repository name and repository url

- module sources which have to be serialized alongside component

metadata, because they can't be reconstructed from sources

The latter category includes this "contentHash", serialized with

the descriptor hash module source. It also includes the information

about _which_ actual descriptor file was used to generate the

binary module descriptor (e.g, the source POM, Ivy or module

metadata file). This information does _not_ belong to the module

component resolve metadata itself, so it belongs to its sources.

For this purpose, serialization of module sources has been updated

so that instead of using Java serialization, module sources need

to provide a custom serializer, called a Codec. Those codecs are

uniquely identified by an id which is just an integer. This is

done for performance optimization, in order to avoid to serialize

the name of the codec and have to load it dynamically. Instead,

Gradle knows about the full set of serializers (and there's no

way for a user to add more because in any case it would require

an update of the module metadata store format).

This makes it much more efficient to serialize module sources

(because we can now have an optimized encoder), but it also

permits reconstructing module sources from incomplete information.

In particular, the module source which describes the file from

which a component resolve metadata was sourced contains a link

to the actual file in the local artifact store. However, in order

to be relocatable, we _don't_ want this file path to be stored

in the metadata cache. This means that instead of storing the

path, we actually store the artifact identifier and the hash

of the descriptor so that we can, when loaded from cache, find

its location back.

Currently, metadata verification is enabled for all components.

It's not possible to disable verification of metadata.

  1. … 39 more files in changeset.
Use real cache version

  1. … 1 more file in changeset.
Refactor `ModuleSource`

The `ModuleSource` concept was a bit messy. It was designed in order

to be able to store the origin of an artifact. Over time, it evolved

into storing more information, like snapshot timestamps, repositories

or content hash.

The code was convoluted because each part of the code was expecting

some kind of module source, but because of delegation, it wasn't

really possible to add/mix more sources.

This commit refactors this concept into a `ModuleSources` concept

which allows storing more information about a module source, in

a safe and consistent manner. No more wrapping/unwrapping, and each

code requiring a specific type of module source can query for it.

  1. … 64 more files in changeset.
Handle serialization for shadowed capabilities in the GMM case (#11179)

This is now done in the same way as it is done in the


for cases without GMM

Follow up to: #11118

  1. … 4 more files in changeset.
There can be multiple enforced platform variants for Gradle metadata

Follow up to: #11118

  1. … 3 more files in changeset.
Increase cache layout version

  1. … 1 more file in changeset.
Add compatibility layer for SNAPSHOT metadata

Gradle 5.3 to 5.6 have an issue when publishing a Gradle Module Metadata

with a unique snapshot.

This commit enables Gradle 6+ to consume such metadata files without


Fixes #9462

  1. … 4 more files in changeset.
No more absolute path in metadata cache

Reference to file are now relative to the root of the module cache

instead of being absolute.

This allows moving the full module cache around to be reused with

a different root path.

The path are also normalized, so that they are portable across systems

where the name separator changes.

Issue #1338

  1. … 10 more files in changeset.
Revert "Revert "Merge branch 'release'""

This reverts commit 67b8bb8f18f854f45a2f5ec52cc9c8a25981e2f2.

This restores the merge attempt from earlier.

  1. … 66 more files in changeset.
Revert "Merge branch 'release'"

This reverts commit c7fdc455dcb9a8016af0ae9bc8b4c43fde1e2d06, reversing

changes made to 9f70d52b74dbc8c71381781b6c155474031b3cf8.

The changes need a wrapper as there are API changes. Reverting for now.

  1. … 66 more files in changeset.
Changes in Gradle Module Metadata loading

We no longer define any configurations, like default or the maven ones.

In the past, we still had these defined which allowed partial legacy

selection. But it made no sense since all these configurations would not

have any dependencies for example.

Fixes #10980

  1. … 16 more files in changeset.
Use "real" cache layout version

  1. … 1 more file in changeset.
Fix inconsistent dependency graph state

This commit fixes a problem with _unattached dependencies_ being

incorrectly removed from the dependency graph whenever only the

target of an edge is changed.

This was causing the Gradleception build to fail with strict

dependencies as "forSubgraph", but the problem was already

present (and left unnoticed).

  1. … 5 more files in changeset.
Increase cache layout version

Required for serialization changes in #10368

  1. … 1 more file in changeset.
Support dependency artifact selectors in Gradle Module Metadata

This is a compatibility feature for combining GMM and pure pom/ivy


  1. … 13 more files in changeset.
Increment metadata cache layout version

  1. … 1 more file in changeset.
Add `forSubgraph()` API to version constraints

  1. … 20 more files in changeset.
Further deduplication of serialized metadata

Maven dependency metadata de-duplication now happens as well when

serializing untransformed metadata.

Fixes #8311

  1. … 7 more files in changeset.
Use real cache version

(the previous one was to avoid CI conflicts)

  1. … 1 more file in changeset.
Support requested capabilities on external dependencies

This commit adds support for having requested capabilities

part of the module component selector, for external dependencies.

This means that if a component is using Gradle metadata, we can

read requested capabilities and honor them during selection.

This reworks where requested capabilities are stored, and in

particular moves them to the `ComponentSelector`, making them

properly part of the identity of a dependency. As such, two

dependencies requiring two different variants by using distinct

capabilities will now properly appear as two different dependencies

in the dependency graph, instead of two variants of the same


  1. … 63 more files in changeset.
Move transformer execution history to version specific cache

  1. … 12 more files in changeset.
Use the execution history for artifact transformations

  1. … 11 more files in changeset.
Fix "platform owners" not being serialized

  1. … 5 more files in changeset.
Fix realization of derived variants

This commit changes the way derived variants are handled during serialization.

Before, we used to record only the fact that there were derived variants, and

the realized component metadata class was reproducing what the `getDerivedVariants`

method was doing in the original metadata. Unfortunately, this led to forgetting

about this fact, because in most cases we don't realize all variants eagerly, and

test coverage was missing.

Instead, now, the realized component metadata makes use of the original derived

variants and _serializes_ them. This is only done for Maven metadata now, as this

is the only component type which actually produced derived variants.

This commit also introduces a new test suite called `ForceRealizeTest` which runs

the full integration test suite, but forcing the realization of all variants. This

can be executed typically by running `myProject:integForceRealizeTest`. This test

suite runs in embedded mode by default, in order to be fast.

  1. … 12 more files in changeset.
Bump cache layout version

It is unclear whether this version should have been upgraded before or with this PR,

but this makes the results from cache correct again.

  1. … 1 more file in changeset.