Automating dependency updates in a Compose project | by Jose Alcérreca | Android Developers | Mar, 2023 | Tech Zen

We suggest utilizing the newest libraries in your Android initiatives as they’ve extra options and bug fixes. Nevertheless, bumping variations and fixing breaking modifications could be an intricate course of, particularly for those who attempt to repair many on the similar time. Automating this course of reduces errors however there are some concerns to take note of for those who use Compose.

As a result of upkeep can really feel like a thankless activity, it is best to attempt to automate as a lot of it as potential by:

• Having a Steady Integration system to make sure that the code is consistently in a wholesome state.
• Operating automated exams to provide your workforce quick suggestions on how the app behaves after modifications, catching regressions.
• Automating the technology of updates, which is what this put up is about.

Bumping variations typically means opening the construct file the place you outline your dependencies or their variations after which going to both Google’s Maven repository or Maven Central to determine which one it is best to use. Often:

• In case you are utilizing a steady model of a library, you normally bump to the newest steady (e.g. 2.5.0 to 2.6.2).
• If you happen to’re on an unstable monitor, you select both a more moderen steady model, or a more moderen unstable artifact of the identical model (e.g. 1.2.0-alpha05 would transfer to 1.2.0-beta01 or 1.2.1, however to not 1.2.2-alpha01).
• If there’s a brand new main model of a library, there are most likely breaking modifications and it is best to try this replace in its personal PR (e.g. 1.2.5 to 2.0.1).

Android Studio supplies hints with proposed library updates (and Model Catalogs assist is coming in Android Studio Giraffe!) however you may as well automate this course of in two alternative ways:

For Structure samples, we favor to not pollute construct recordsdata with plugins that builders may not use, so we went with an exterior service. In our explicit case we’re utilizing Renovate as a result of Dependabot doesn’t assist dependency grouping, which is essential for those who use Compose.

The model bumping algorithm described above is easy, however it doesn’t at all times work with the default setup. For instance, computerized updates would possibly fail when utilizing Compose dependencies. The reason being that the Compose Compiler has a strict mapping to particular variations of Kotlin. You could find the desk right here. Sometimes, these two dependencies aren’t launched on the similar time, so there’s a delay of a number of days between Kotlin’s new model and the corresponding Compose Compiler. This implies which you could’t replace Kotlin to the newest model if the Compose Compiler hasn’t been launched but.

With Renovate we group all updates in a single PR utilizing the group:all directive (see it in motion in one in all our configuration recordsdata). This makes upkeep even simpler as a result of we solely need to approve one PR each week. Nevertheless, doing which means that each time there’s a Kotlin launch, our Compose challenge would break till the Compose compiler is launched. This wouldn’t be an enormous deal if it wasn’t for the truth that when your construct is damaged the remainder of the updates should wait.

To repair this, you possibly can group updates collectively. The thought is to separate the Kotlin updates from the opposite modifications so as to hold updating your different dependencies.

In Renovate, that’s achieved with packageRules:

"packageRules": [

"matchPackagePatterns": [
"androidx.compose.compiler:compiler"
],
"groupName": "kotlin"
,

"matchPackagePatterns": [
"org.jetbrains.kotlin.*"
],
"groupName": "kotlin"
,

"matchPackagePatterns": [
"com.google.devtools.ksp"
],
"groupName": "kotlin"

]

These guidelines create a gaggle title referred to as “kotlin” and add Kotlin itself, the Compose compiler and KSP.

With this, Renovate will generate two totally different PRs per department. One for the “kotlin” group, and the opposite for the remainder of the dependencies.

The Kotlin PR solely comprises updates associated to Kotlin as anticipated:

Which means that when a brand new model of Kotlin is on the market, this PR might be created and its construct will initially fail till the Compose Compiler is on the market. Having a failing PR for some time may not be best and there are characteristic requests that appear to deal with the same downside, however I personally don’t thoughts it as a reminder {that a} new Kotlin model is coming.

An necessary characteristic of Renovate is that for those who add a decide to one in all its PRs, the bot will cease making an attempt to replace it, letting you make tweaks. The day-to-day is configured in a intelligent dashboard (see instance) and it has a large set of configuration choices.

Renovate has been working flawlessly and we’re including it to extra Structure repositories. Nevertheless, I believe that the documentation may benefit from extra use-case primarily based examples as I discovered myself relying a bit an excessive amount of on Stackoverflow and snippets discovered on Github points.

In conclusion, establishing a system to maintain your dependencies recent is a good funding. It doesn’t matter which system you utilize so long as it reduces the upkeep burden of your initiatives so that you could be extra productive… or go residence early.