Gradle Check Unused Dependencies



Gradle Check Unused Dependencies

Apr 12, 2013 IDE for example have dependencies diagram representation of dependencies in Maven - where you can use Ctrl(Cmd)+F - find action to search for a specific dependency. You can also explore the transitive dependencies (that direct dependencies provide to project), please see Work with Maven transitive dependencies. It does do some limited analysis of runtime dependencies (such as noting if a dependency provides Java ServiceLoaders), but otherwise elides this domain. As such, you may see incorrect advice (“remove X dependency, it’s unused”) if that dependency is only used at runtime. An example of this is if the dependency is only used via reflection. You should not have any unused dependencies defined or used undeclared dependencies. Always ensure that you maintain a clean application POM file. This website uses cookies and other tracking technology to analyse traffic, personalise ads and learn how we can. Some unused crates might not be detected. This includes crates used by std and its dependencies as well as crates that are already being used by dependencies of the studied crate. Crates are currently only handled on a per name basis. Two crates with the same name but different versions would be a problem. This method is a bit `brut-force`-like since it runs a gradle task for each dependency removal one by one, but it gives a good example on how to parse gradle files for fetching all dependencies using groovy libraries. Hope it will help anyone get inspired and make something even better.

Check

Our testsuite on Cloud Build was taking about ten minutes to run 700+ Java and 410+ JavaScript tests with every merge to master, so we considered using Kaniko cache to save the dependencies into a Docker image, but it felt that we might end up with stale dependencies, given that sanity checking the contents of a docker image is a nontrivial task. So, inspired by the cache implementation in Github Actions, we decided to save and restore our gradle and npm dependencies ($HOME/.gradle and $HOME/.npm) into GCS, by adding two additional steps to our cloudbuild.yaml:

To make this work, we created a persistent volume mapped to /home/cache to store the cached dependencies between build steps.

./save-cache and ./restore-cache are quite straightforward:

We compressed both folders into .tgz files, and you may have noticed the additional timestamp. This helps to avoid accumulating unused dependencies, for example if we change versions of gradle or individual libraries.

If the timestamp is missing or the cache is too old, we skip the restore-cache step and recreate the whole thing from scratch.

Gradle

This process saved us 2 minutes of execution time per build, and it helped us reassess the size of our container images (saved 30s) and how many steps we could run in parallel (around 3 minutes per build). In the end, we could reduce from ten minutes to almost five, but your mileage may vary. Let us know your own results at @koliseoapi.

  • Status:Resolved
  • Affects Version/s:0.9.1
Gradle check unused dependencies applications

I have a project with a large number of dependencies in the build file. The dependencies have been configured to come from a local installation of Nexus, which will then proxy various external repos as well as our own hosted repositories.

Often, when running a simple task (or just calling 'gradle depenencies'), gradle will pause for a very long time (often up to 5 minutes) while it displays messages about retrieving various pom files for other internal projects. It seemed an unusually long time to pause, so I started wireshark to see what was happening: it appears that for every jar file we depend on, gradle will also do a HTTP HEAD request on various associated artifacts. For example, to retrieve a
jar called DataType, the following requests are made:

HEAD /nexus/content/groups/public/com/example/DataType/1.0.94/DataType-1.0.94.pom HTTP/1.1
GET /nexus/content/groups/public/com/example/DataType/1.0.94/DataType-1.0.94.pom HTTP/1.1
HEAD /nexus/content/groups/public/com/example/DataType/1.0.94/DataType-1.0.94.jar HTTP/1.1
HEAD /nexus/content/groups/public/com/example/DataType/1.0.94/DataType-1.0.94-sources.jar HTTP/1.1
HEAD /nexus/content/groups/public/com/example/DataType/1.0.94/DataType-1.0.94-src.jar HTTP/1.1
HEAD /nexus/content/groups/public/com/example/DataType/1.0.94/DataType-1.0.94-javadoc.jar HTTP/1.1
GET /nexus/content/groups/public/com/example/DataType/1.0.94/DataType-1.0.94.jar HTTP/1.1

The problem is that DataType-1.0.94-sources.jar, DataType-1.0.94-src.jar and DataType-1.0.94-javadoc.jar do not exist. Because gradle requested them, Nexus realises that it doesn't have them locally, and then searches the external repositories for them, which takes a long time (sometimes up to 10 seconds). Multiple this by about 20 different dependencies, this adds an enormous amount of time to what I would have expected to be a quick task.

Gradle Exclude Jar Dependencies

Gradle should not be requesting the '-sources', '-src' and '-javadoc' artifacts when it doesn't need them.

Gradle Dependency Tree

Votes:
2Vote for this issue
Watchers:
3Start watching this issue




Comments are closed.