Uploaded image for project: 'Maven Dependency Plugin'
  1. Maven Dependency Plugin
  2. MDEP-621

New goal to "fix-warnings"

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 3.1.1
    • None
    • analyze
    • None

    Description

      The analyze goal works well in some scenarios, but time and time again I come across a large project (100s modules and 1000s dependenencies) where I want fix the warnings that the "analyze" goal produces. 

      Fixing these dependency issues will make builds faster, and with large projects, Maybe 2-5x  faster. As they reduce IO and CPU usage, allow the reactor more flexibily in build order, so parallel builds can make better usage of the CPU cores. 

      This is hard to automate, and I've tried a few scripts people have written, but they're generally not up to the job, typically they are basic:

      • Only work on one pom, not multi-module projects.
      • Do multi-module, but don't follow reactor order.
      • Try to remove the wrong dependencies.
      • Don't check the removal worked OK, e.g.
        • Removing annotation processors.
        • Removing "magic" jars, those that appear unused, but actually are some how (e.g. some Spring class-path scanning magic).

      My thought is to introduce a new goal that peforms the following steps for each pom in reactor order:

      1. Verify the module isn't broken to start with (clean install).
      2. Check-point (save a backup of the pom.xml).
      3. Perform dependency analysis.
      4. Add in all used undeclared dependencies. 
      5. Verify - check that didn't break anything (clean install) and give up if it did.
      6. Check-point.
      7. Remove all unused declared dependencies (i.e. see if any of them are needed at all, this assumes that there is a good probabily that is the case and is quicker than testing each in order).
      8. Check-point
      9. Verify.
      10. For each unused declared dependency.
      11. Check-point.
      12. Remove.
      13. Validate.

      I'm making a key assumption here that if a module's tests pass, then it's just fine. That's a big assumption, but I see no feasible way to make this work otherwise.

      Many projects have "terminal" modules, i.e. modules that have no downstream dependencies. It would be risky to remove "magic" dependencies, so it maybe the case we want to bookend this process by

      1. Determine "terminal" modules.
      2. For each terminal module, create a list of their dependencies.
      3. Do the fix as discussed above.
      4. For each terminal module, create a list of their dependencies.
      5. Re-instate any that were removed.

      Whadaythink?

       

       

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #1

          Activity

            People

              Unassigned Unassigned
              alexecollins Alex Collins
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 10m
                  10m