-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reconsider adding support for jitpack.io repositories #16310
Comments
There are different reasons why we're very reluctant on adding Jitpack.io as a first-level supported construct. In general, we even think it's not a good idea for any build to use Jitpack:
So we're not saying that there are not good use cases for Jitpack (there are, testing early releases without publishing is one), but that it doesn't make a good reason to make it too convenient to use given the risks. |
Another con is that it's unreliable and sometimes even appears broken as a build is done the first time a version is requested, if that build takes too long, Gradle remembers it is not there even if it then is until the cache period is over or you use And one more, as partly the commit id is used as version, version ordering is not only useless but might prefer an older dependency in a conflict resolution just because it is lexicographically newer. |
To be fair to Jitpack, you could argue that there are stability issues with JCenter too but we still included it as first party. Same for Google which has a number of problems like not listing versions properly. This is really a tradeoff. The questions we need to answer are:
So not everything is against Jitpack, for some use cases it's pretty handy. But as a build tool we have a responsibility to make sure to promote good practices. At this stage I'm not clear about what the good practices for Jitpack would be. I'm sure there are some. |
Yes, JCenter has (had) reliability issues as well. Another big con (currently) of JitPack is, that it destroys some aspects in the Gradle Module Metadata while trying to rewrite it for changed coordinates, but that is more a bug that hopefully gets fixed at some point. From my personal point of view JitPack is nice for short experiments while I would usually prefer composite builds or source dependencies if possible, but should never be used for serious publishing of release artifacts. Popularity-wise JitPack may indeed be a candidate for a built-in convenience method. |
|
Summoning Jitpack to get some of the main concerns put to the right eyes... @ajermakovics In my world view, plenty of open source projects depend on Jitpack's building and serving of their dependencies, and for projects that might not have publishing (or in extreme cases, their platform is offline) Jitpack helps to provide that for them. Jitpack's documentation even explicitly states that it's repo should be put last in your build.gradle:
I want to further understand the stance against Jitpack, there are going to be issues with every platform at a really high level and to not "accept" Jitpack because of it's accessibility to the internet seems a little wrong to me. |
Closing because of reasons stated in #16310 (comment) |
In 2015 @championswimmer implemented a PR #551
It has been declined then due to low popularity of JitPack.io.
Some arguments for reconsideration:
repositories { maven { url "https://jitpack.io" } }
vs.
It would be consistent if
jitpack()
gets merged. Such an inconsistency is a PITA for library developers using JitPack.If there is a will to merge such a change now I can create a PR.
Pinging @pioterj and @jitpack-io because they were involved in the discussion.
P.S. Sorry for creating a "duplicate" to aforementioned PR, I was afraid that response there would be ignored.
The text was updated successfully, but these errors were encountered: