Is there a Gradle equivalent of "mvn dependency:analyze"?

ae6rt · November 9, 2012, 3:24pm

Is there a Gradle equivalent to

mvn dependency:analyze

which will give me an idea of whether I’m using dependencies that I am not declaring?

Thank you.

Peter_Niederwieser · November 9, 2012, 4:18pm

There is ‘gradle dependencies’, and starting from 1.3 also ‘gradle dependencyInsight’.

Benjamin_Manes · November 9, 2012, 10:42pm

It would be great to add a dependency report that determines if updates are available, e.g.

mvn versions:display-dependency-updates
mvn versions:display-plugin-updates

I’ve had to evolve the checkLibVersions task to handle more scenarios, but it doesn’t feel fully baked.

ae6rt · November 10, 2012, 2:59pm

Thanks.

I looked at the latest nightly build of Gradle (v 1.4). The dependencyInsight task requires a dependency named on the command line to query. That’s not exactly what I had in mind. I am more interested in a report of what classes I’m using from transitive dependencies. Or maybe I misunderstood what dependencyInsight offers.

Peter_Niederwieser · November 10, 2012, 3:11pm

Gradle doesn’t currently ship with anything like ‘mvn dependency:analyze’. I had initially thought that you were looking for the equivalent of ‘mvn dependency:tree’.

ae6rt · November 10, 2012, 3:20pm

Got it. Thanks.

The tree output is beautiful, btw. That’s also super useful.

ae6rt · November 14, 2012, 4:02am

I’m new to programming to the Gradle API itself, but I want to try my hand at it. I’ve taken a look at the API docs, and see that on Project I can acquire a collection of Dependencies. That is

def d = project.configurations.getByName(“compile”).allDependencies

I’m not certain this is the right track toward acquiring transitive dependencies of this project, however.

Would someone be kind enough to offer a bit of guidance on how to approach this?

Thanks.

Peter_Niederwieser · November 14, 2012, 4:15am

‘Configuration.getDependencies/getAllDependencies’ only gives declared dependencies. You’ll either have to use ‘Configuration.getResolvedConfiguration’ or ‘Configuration.getIncoming’. I think the latter is more recent and more capable.

ae6rt · November 14, 2012, 2:15pm

Thank you.

I got this to print what appears to be promising output:

class AnalyzeDependencyPlugin implements Plugin<Project> {
    void apply(Project project) {
        project.task('analyzeDeps') << {
            def compileConfiguration = project.configurations.getByName("compile")
            def resolvedConfiguration = compileConfiguration.resolvedConfiguration
            def resolvedArtifacts = resolvedConfiguration.resolvedArtifacts
            resolvedArtifacts.each { dp ->
                def rd = dp.resolvedDependency
                printf("%s\n", rd.name)
            }
              // is a Set<ResolvedDependency>
            def firstLevelResolvedDependencies = resolvedConfiguration.firstLevelModuleDependencies
        }
    }
}

I think I can use ASM to acquire a list of classes L referenced by my code (ASM would operate on output produced by the “classes” task), then verify that each class in L is contained in a jar-artifact in the firstLevelResolvedDependencies set. I think.

Thanks again.

kellyrob · December 19, 2012, 5:29am

Awhile back I wrote https://gist.github.com/4334483 and it just wraps the default behaviour of maven dependency:analyze for the ASM component. You can try it out by adding this to your build script:

apply from : 'https://gist.github.com/raw/4334483/dd3ee0cd99522cae8d296e3bb9e00f7646ccc4b4/gradle-dependency-analyze.gradle'

This was written mostly back in Gradle 0.9 days, and could probably benefit from the better approach you’re taking to working with the dependencies. Anyhow, hopefully it will at least give you some ideas.

kellyrob · December 19, 2012, 5:29am

Well that link didn’t work

https://gist.github.com/4334483

ae6rt · December 19, 2012, 1:53pm

Thank you very kindly. I will read through your work.

Marcel_Overdijk · December 20, 2012, 11:35am

Related to this I wonder if Gradle has some API to check the latest version available for a given dependency.

E.g. having this:

dependencies {
    compile "commons-lang:commons-lang:2.+"
}

and then in a task to display the latest version available in the 2.+ scope.

The use case for this might not be interesting for everybody, but in our project we are using this 2.+ and using a external forcedModule config we are ‘locking’ the version. Now it would be nice to be able to check the latest version available and print then. Don’t know the Gradle has a convenient API for that?

mattkhan · December 20, 2012, 1:33pm

this plugin may help on that front - https://github.com/ben-manes/gradle-versions-plugin

Pedro_Dusso · October 29, 2014, 12:58pm

I got the following when using your code:

FAILURE: Build failed with an exception.

Where: Script ‘https://gist.githubusercontent.com/kellyrob99/4334483/raw/dd3ee0cd99522cae8d296e3bb9e00f7646ccc4b4/gradle-dependency-analyze.gradle’ line: 77
What went wrong: Execution failed for task ‘:analyze’. > Exception evaluating property ‘resolvedDependency’ for java.util.LinkedHashSet, Reason: groovy.lang.MissingPropertyException: No such property: resolvedDependency for class: org.gradle.api.internal.artifacts.DefaultResolvedArtifact

Wesley_Hartford · February 27, 2015, 5:08pm

I’ve taken the Gist provided by kellyrob and wrapped it up as a gradle plugin available at https://github.com/wfhartford/gradle-dependency-anayze