The Android SDK does not pin the version of its React Native dependency.
At the source code level, the RN version is pinned by package.json. At the binary level, the RN version is pinned by the .pom file deployed with that binary.
React Native dependencies are not available in a public repository, other than Jitsi’s own repository.
npm install, the RN Maven artifact is in node_modules/react-native. We just deploy it to our github:jitsi/jitsi-maven-repository to reference it in the SDK .pom file.
I’m not really sure whether you’re talking about the RN artifact itself or the artifacts of our third-party react-native dependencies such as react-native-fetch-blob, etc:
These are again installed with the above
npm install and then we issue
./gradlew :react-native-fetch-blob:assembleRelease followed by
./gradlew :react-native-fetch-blob:publish. Again their origin and version are pinned/locked by package.json and package-lock.json.
Jitsi’s own repository does currently not include version 0.55.4 or the React Native artifact.
Correct. We deploy the RN artifact from node_modules/react-native only when we reference it in a .pom file. There’s currently no such .pom file at github:jitsi/jitsi-maven-repository.
Could all third-party dependencies of the Android SDK be published please?
I’m afraid I’m not really sure what is left to be published. The binaries we publish stem from the SDK binary and what its .pom references. We don’t publish dependency binaries unless they are referenced by a SDK .pom. So in the timeframe between the last SDK release and current development third-party dependencies may be upgraded in dev but will no binaries will be published because no SDK .pom will reference them.
The Android SDK dependencies remain a bit of a floating target, making it hard for projects to work with it. I’m not sure if version pinning would help, but it would be great if continuous integration could detect and prevent problems with the availability of dependencies.
You should not be mixing source and binary versions. In source code form, the Android SDK dependencies are locked/pinned by package.json and package-lock.json. In binary form, the Android SDK dependencies are pinned by the SDK’s published .pom file. I’m afraid I don’t fully understand your requirement here.