SK-2870: Upgrade Android SDK dependencies to modern stable versions#185
Open
saileshwar-skyflow wants to merge 7 commits into
Open
SK-2870: Upgrade Android SDK dependencies to modern stable versions#185saileshwar-skyflow wants to merge 7 commits into
saileshwar-skyflow wants to merge 7 commits into
Conversation
- AGP 7.4.2 → 9.2.0; Gradle wrapper 7.6 → 9.4.1
- Kotlin plugin cleanup: remove stale ext.kotlin_version=1.6.0-M1, duplicate
kotlin-gradle-plugin classpath, and android-maven-gradle-plugin (obsolete)
- compileSdk/targetSdk 31 → 35; compileOptions VERSION_1_8 → VERSION_17;
migrate kotlinOptions to kotlin { compilerOptions {} } DSL (AGP 9 requirement)
- core-ktx 1.6.0 → 1.16.0; okhttp 4.9.0 → 4.12.0 (security patches);
robolectric 4.6.1 → 4.14.1; mockk 1.8.5 → 1.14.11
- Remove unused SDK deps: appcompat, material, constraintlayout, gson,
coroutines-android, kotlin-stdlib-jdk7, mockito-core, espresso-core,
duplicate robolectric in androidTest scope
- samples: remove resolutionStrategy force on core-ktx:1.6.0, remove
dangerous core-ktx:+ wildcard; upgrade appcompat→1.7.0, material→1.12.0,
constraintlayout→2.2.1, coroutines→1.8.1
- CI: all workflows upgraded to actions/checkout@v4, setup-java@v4 with
Temurin JDK 17 (AGP 9 requires JDK 17 minimum), wrapper-validation→v3;
github-script@v6→v7 (fixes CVE-2023-45133 @babel/core CRITICAL)
- .gitignore: add /android to ignore CucumberTestingAndroid directory
- settings.gradle: add missing include ':samples' module
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
✅ Gitleaks Findings: No secrets detected. Safe to proceed! |
|
Semgrep Findings: Issues with Error level severity are found (Error is Highest severity in Semgrep), Please resolve the issues before merging. |
….gradle
AGP plugins (com.android.library, com.android.application) live on Google
Maven, not the Gradle Plugin Portal. Without a pluginManagement block,
Gradle's plugins {} DSL only searches the Plugin Portal and fails to resolve
them. Adding pluginManagement with google() + mavenCentral() + gradlePluginPortal()
fixes the CI build failure.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
✅ Gitleaks Findings: No secrets detected. Safe to proceed! |
|
Semgrep Findings: Issues with Error level severity are found (Error is Highest severity in Semgrep), Please resolve the issues before merging. |
- samples: guard local.properties load with file.exists() check so CI
builds without local.properties no longer throw FileNotFoundException
- samples: add namespace "com.Skyflow" (AGP 9 requires namespace in build.gradle)
- samples: add buildFeatures.buildConfig = true (AGP 8+ disables BuildConfig
generation by default; samples uses buildConfigField in debug build type)
- Skyflow: add namespace "com.skyflow_android" (same AGP 9 requirement)
- Skyflow: add buildFeatures.buildConfig = true (uses buildConfigField for
SDK_NAME and SDK_VERSION in both release and debug build types)
- Skyflow: declare android.publishing.singleVariant('release') with
withSourcesJar() — required by AGP 8+ for components.release to be
available in afterEvaluate publishing block
- Skyflow: remove manual androidSourcesJar task (superseded by withSourcesJar())
- gradle.properties: remove android.enableJetifier=true (deprecated in AGP 9,
removed in AGP 10; SDK uses only AndroidX, Jetifier not needed)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
✅ Gitleaks Findings: No secrets detected. Safe to proceed! |
|
Semgrep Findings: Issues with Error level severity are found (Error is Highest severity in Semgrep), Please resolve the issues before merging. |
- Replace String.toLowerCase() with String.lowercase() in TextField.kt (lines 256, 257, 273, 274) and SkyflowValidateExpireDate.kt (line 39): toLowerCase() was deprecated in Kotlin 1.5 and elevated to ERROR level in Kotlin 1.9+; K2 compiler now fails the build on these calls - Remove package= attribute from Skyflow and samples AndroidManifest.xml: AGP 9 ignores the package attribute in source manifests (namespace is now declared in build.gradle); leaving it generates a build warning Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
✅ Gitleaks Findings: No secrets detected. Safe to proceed! |
|
Semgrep Findings: Issues with Error level severity are found (Error is Highest severity in Semgrep), Please resolve the issues before merging. |
…operties These flags require migrating all R class references across the codebase before they can be enabled. The samples module references R.font.roboto_light which is defined in the :Skyflow module; with nonTransitiveRClass=true that reference becomes unresolved. Enabling these flags is a separate migration task, not part of this dependency upgrade. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
✅ Gitleaks Findings: No secrets detected. Safe to proceed! |
|
Semgrep Findings: Issues with Error level severity are found (Error is Highest severity in Semgrep), Please resolve the issues before merging. |
samples module references font resources from the SDK module which are not accessible in AGP 9 without complex resource duplication. CI validates the SDK library, not the samples demo app. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
✅ Gitleaks Findings: No secrets detected. Safe to proceed! |
|
Semgrep Findings: Issues with Error level severity are found (Error is Highest severity in Semgrep), Please resolve the issues before merging. |
The Skyflow module styles.xml uses Material TextInputLayout attributes (boxStrokeColor, boxBackgroundColor), so material is a required runtime dependency. Upgrade from 1.4.0 to 1.12.0 (latest stable). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
✅ Gitleaks Findings: No secrets detected. Safe to proceed! |
|
Semgrep Findings: Issues with Error level severity are found (Error is Highest severity in Semgrep), Please resolve the issues before merging. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
The SDK's build toolchain and dependencies had not been updated since 2021–2022. Key issues:
Goal
Testing