Dependency Management

This project uses Version Catalogs and automated dependency updates to maintain a clean and up-to-date dependency management system.

Version Catalog

Dependencies and versions are centrally managed in gradle/libs.versions.toml. This file serves as a single source of truth for:

• Library dependencies
• Plugin versions
• Project configuration
• SDK versions

Structure

The version catalog is organized into several sections:

1. Versions

   [versions]
   # Core versions
   java = "21"
   kotlin = "2.1.10"
   
   # SDK Configuration
   minSdk = "24"
   compileSdk = "35"
   targetSdk = "35"
   

2. Plugins

   [plugins]
   kotlin = { id = "org.jetbrains.kotlin.android", version.ref = "kotlin" }
   android-library = { id = "com.android.library", version.ref = "androidGradlePlugin" }
   

3. Libraries

   [libraries]
   androidx-core-ktx = { group = "androidx.core", name = "core-ktx", version.ref = "androidxCore" }
   

Note

Some versions in the catalog, like java and SDK versions, are not direct dependencies but are used by convention plugins and build configuration.

Using Dependencies

In your module's build.gradle.kts:

dependencies {
    implementation(libs.androidx.core.ktx)
    implementation(platform(libs.androidx.compose.bom))
}

For plugins:

plugins {
    alias(libs.plugins.kotlin)
    alias(libs.plugins.android.library)
}

Automated Dependency Updates

This project uses both Renovate and Dependabot to automate dependency updates.

Renovate Setup

The project includes a renovate.json configuration:

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "config:base",
    "group:all",
    ":dependencyDashboard",
    "schedule:daily"
  ]
}

To enable Renovate, install the Renovate app in your repository

Dependabot Setup

The project includes a .github/dependabot.yml configuration:

version: 2
updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"

  - package-ecosystem: "gradle"
    directory: "/"
    schedule:
      interval: "weekly"
    groups:
      kotlin-ksp-compose:
        patterns:
          - "org.jetbrains.kotlin:*"
          - "com.google.devtools.ksp"
          - "androidx.compose.compiler:compiler"

To enable Dependabot, ensure Dependabot is enabled in your repository settings

Tip

You can group dependencies that you want to get updated together in dependabot config as it has been done for the kotlin-ksp-group.

Best Practices

1. Version Organization:

   • Group related versions together
   • Use comments to separate sections
   • Keep SDK configurations in a dedicated section

2. Version References:

   [versions]
   compose-compiler = "1.5.3"
   
   [libraries]
   compose-compiler = { group = "androidx.compose.compiler", name = "compiler", version.ref = "compose-compiler" }
   

3. Version Bundles: Use BOM (Bill of Materials) when available:

   [libraries]
   compose-bom = { group = "androidx.compose", name = "compose-bom", version.ref = "androidxComposeBom" }
   

4. Custom Properties: Store important project configuration in the version catalog:

   [versions]
   minSdk = "24"
   compileSdk = "35"
   targetSdk = "35"
   

Warning

Don't mix different versions of the same library family. Use BOMs when available to ensure compatibility.

Adding New Dependencies

1. Add the version to [versions] section if needed
2. Add the library definition to [libraries] section
3. Use the new dependency in your module:

dependencies {
    implementation(libs.your.new.dependency)
}

Further Reading

• Architecture Overview: Understand the architecture and design principles
• Design Philosophy: Learn about the design philosophy behind the project
• Adding New Features: Get started with adding new features to the project
• Performance Optimization: Learn about performance optimization techniques
• Useful Tips & Tricks: Explore useful tips and tricks for Android development