zec
/
secant-android-wallet
mirror of https://github.com/zcash/secant-android-wallet.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
secant-android-wallet/.github/ISSUE_TEMPLATE/dependency.md

1.4 KiB
Raw Blame History

name about title labels assignees
Dependency update Update existing dependency to a new version. dependencies

For a Gradle dependency:

  1. Update the dependency version in the root gradle.properties
  2. Update the dependency locks
    1. For Gradle plugins: ./gradlew dependencies --write-locks
    2. For Gradle dependencies: ./gradlew resolveAndLockAll --write-locks
  3. Verify no unexpected entries appear in the lockfiles. A supply chain attack could occur during this stage. The lockfile narrows the supply chain attack window to this very moment (as opposed to every time a build occurs)
  4. Are there any new APIs or possible migrations for this dependency?

For Gradle itself:

  1. Run ./gradle wrapper --gradle-version $X
  2. Add distributionSha256Sum= in gradle/wrapper/gradle-wrapper.properties, referencing Gradle Release Checksums
  3. Update the continuous integration server environment variables with the updated SHA for the Gradle wrapper, referencing Gradle Release Checksums. Note: Bitrise builds for other branches may temporarily fail since only a single checksum at a time is currently supported. The wrapper is not updated with every Gradle version so in practice this problem should occur infrequently.
  4. Are there any new APIs or possible migrations?