Dependency Management

This project uses Version Catalogs and automated dependency updates to maintain a clean and up-to-date dependency management system.

Version Catalog

Dependencies and versions are centrally managed in gradle/libs.versions.toml. This file serves as a single source of truth for:

• Library dependencies
• Plugin versions
• Project configuration
• SDK versions

Structure

The version catalog is organized into several sections:

1. Versions

   [versions]
   # Core versions
   java = "21"
   kotlin = "2.1.10"
   
   # SDK Configuration
   minSdk = "24"
   compileSdk = "35"
   targetSdk = "35"
   

2. Plugins

   [plugins]
   kotlin = { id = "org.jetbrains.kotlin.android", version.ref = "kotlin" }
   android-library = { id = "com.android.library", version.ref = "androidGradlePlugin" }
   

3. Libraries

   [libraries]
   androidx-core-ktx = { group = "androidx.core", name = "core-ktx", version.ref = "androidxCore" }
   

[!NOTE] Some versions in the catalog, like java and SDK versions, are not direct dependencies but are used by convention plugins and build configuration.

Using Dependencies

In your module's build.gradle.kts:

dependencies {
    implementation(libs.androidx.core.ktx)
    implementation(platform(libs.androidx.compose.bom))
}

For plugins:

plugins {
    alias(libs.plugins.kotlin)
    alias(libs.plugins.android.library)
}

Automated Dependency Updates

This project uses both Renovate and Dependabot to automate dependency updates.

Renovate Setup

The project includes a renovate.json configuration:

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "config:base",
    "group:all",
    ":dependencyDashboard",
    "schedule:daily"
  ]
}

To enable Renovate, install the Renovate app in your repository

Dependabot Setup

The project includes a .github/dependabot.yml configuration:

version: 2
updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"

  - package-ecosystem: "gradle"
    directory: "/"
    schedule:
      interval: "weekly"
    groups:
      kotlin-ksp-compose:
        patterns:
          - "org.jetbrains.kotlin:*"
          - "com.google.devtools.ksp"
          - "androidx.compose.compiler:compiler"

To enable Dependabot, ensure Dependabot is enabled in your repository settings

[!TIP] You can group dependencies that you want to get updated together in dependabot config as it has been done for the kotlin-ksp-group.

Best Practices

1. Version Organization:

   • Group related versions together
   • Use comments to separate sections
   • Keep SDK configurations in a dedicated section

2. Version References:

   [versions]
   compose-compiler = "1.5.3"
   
   [libraries]
   compose-compiler = { group = "androidx.compose.compiler", name = "compiler", version.ref = "compose-compiler" }
   

3. Version Bundles: Use BOM (Bill of Materials) when available:

   [libraries]
   compose-bom = { group = "androidx.compose", name = "compose-bom", version.ref = "androidxComposeBom" }
   

4. Custom Properties: Store important project configuration in the version catalog:

   [versions]
   minSdk = "24"
   compileSdk = "35"
   targetSdk = "35"
   

[!WARNING] Don't mix different versions of the same library family. Use BOMs when available to ensure compatibility.

Adding New Dependencies

1. Add the version to [versions] section if needed
2. Add the library definition to [libraries] section
3. Use the new dependency in your module:

dependencies {
    implementation(libs.your.new.dependency)
}

Further Reading

• Architecture Overview: Understand the architecture and design principles
• Design Philosophy: Learn about the design philosophy behind the project
• Adding New Features: Get started with adding new features to the project
• Performance Optimization: Learn about performance optimization techniques
• Useful Tips & Tricks: Explore useful tips and tricks for Android development