Login/Register
Is gradle possible to use maven repository with higher priority than jcenter
Asked Answered
Solved mavengradlejcenter
S

2

9

Gradle can set multiple repositories, e.g. maven and jcenter. But I realized gradle always use jcenter first even if I put maven before jcenter (as below). Is it possible to make maven (local repo, and faster) have higher priority?

## in file build.gradle
allprojects {
    repositories {
    maven { url "http://nexus.mucompany.com/nexus/service/local/repositories/releases/content/" }
    jcenter()
}
Scission answered 4/11, 2015 at 17:30 Comment(3)
I just answered a very similar question today. You use a binary repository to avoid going to jcenter or mavenCentral directly. Configure your Nexus to proxy jcenter and use only it.Incubator
It is a good idea to simplify conf and usage. I will try. Thanks.Scission
you're more than welcomed to vote on the answer to the linked question :)Incubator
L
11

I would like to ask this as a comment, but haven't got enough rep yet :-/

Can you post the output from gradle --debug that makes you think it resolving from jcenter in preference?

The gradle docs contain the following:

A project can have multiple repositories. Gradle will look for a dependency in each repository in the order they are specified, stopping at the first repository that contains the requested module.

An quick confirmation locally shows that the order is being honored between custom maven repositories and jcenter()

Lorineloriner answered 4/11, 2015 at 18:23 Comment(3)
Add gradle debug log (partial log) above. It shows searching 5 repo in order, MavenLocal, maven, BintrayJcenter, maven2, and maven3. My maven local and my company's maven repo do not have the required jar, so it always goes to jcenter.Scission
Adding logs that were originally added from the previous comment: pastebinLorineloriner
Looking at the logs(above) it looks like you have more than the two repositories specified in your question. Perhaps you have some extra repos being added (maybe an errant init.gradle or settings.gradle somewhere in your project or home dir, or a custom enterprise plugin is adding them). For contrast, my clean gradle build with the two repos gives this output: 18:17:20.637 [DEBUG] [org.gradle.api.internal.artifacts.ivyservice.ivyresolve.RepositoryChainComponentMetaDataResolver] Attempting to resolve component for joda-time:joda-time:2.9 using repositories [BintrayJCenter, maven]Lorineloriner
L
4

aside the fact, that at least in newer gradle versions the order matters:

It’s even more important when considering that order of repositories matter.

✨ The order of declaration determines how Gradle will check for dependencies at runtime. If Gradle finds a module descriptor in a particular repository, it will attempt to download all of the artifacts for that module from the same repository. You can learn more about the inner workings of Gradle’s resolution mechanism.

source: gradle 5.4.1 Declaring multiple repositories

or it's a bug in your specific gradle version - my answer might come "a bit late" that day 2k19 as you question was from '15 ;D

(at least in Gradle 3.5 it was defined similar

A project can have multiple repositories. Gradle will look for a dependency in each repository in the order they are specified, stopping at the first repository that contains the requested module.

source: gradle 3.5 Dependency Management for Java Projects )

a common problem is, that higher priorized repository AND / OR local cache are corrupt! Often enough artifactory jcenter proxy contains unwillingly POM declarations but no jars. You have then to cleanup the artifactory. Similar to local repositories.

you can try to ignore local caches by running gradle with --refresh-dependencies and best case -i logging enabled to see where requests go to and what are the results.

have a look at How can I force gradle to redownload dependencies?

Second option: as of gradle 5.1 you can always declare filters

see gradle 5.4.1 Declaring a repository filter

for me, I ignore any com.android packages from jcenter, which speeds up searching a bit and reduces the known problem mentioned above

Launderette answered 19/6, 2019 at 14:55 Comment(1)
I prefer this answer better than the accepted answer for this question. The issue with depending on gradle feature of order of repositories can be dangerous from security point of view , viz even if have cloned the standard jars in my company's private maven repo and mentioned this repo as top in the order, in-case my companyes repor is unreachable, gradle will silently fallback to public repo thus potentially downloading from repos we decided not to trust persistenly. Declaring the repository filter using gradle 5.4.1 plugin seems much better to avoid this.Dives

© 2022 - 2025 — McMap. All rights reserved.