Generic Top

I just announced the new Learn Spring course, focused on the fundamentals of Spring 5 and Spring Boot 2:

>> CHECK OUT THE COURSE

1. Overview

Sometimes during development, we might end up adding more dependencies than we use.

In this quick tutorial, we’re going to see how to use the Gradle Nebula Lint plugin to identify and fix problems like these.

2. Setup and Configuration

We're using a multi-module Gradle 5 setup in our examples.

This plugin only works for Groovy-based build files.

Let's configure it in the root project build file:

plugins {
    id "nebula.lint" version "16.9.0"
}

description = "Gradle 5 root project"

allprojects {
    apply plugin :"java"
    apply plugin :"nebula.lint"
    gradleLint {
        rules=['unused-dependency']
    }
    group = "com.baeldung"
    version = "0.0.1"
    sourceCompatibility = "1.8"
    targetCompatibility = "1.8"

    repositories {
        jcenter()
    }
}

We can only configure it this way for multi-project builds for the time being. This means we can't apply it separately in each module.

Next, let’s configure our module dependencies:

description = "Gradle Unused Dependencies example"

dependencies {
    implementation('com.google.guava:guava:29.0-jre')
    testImplementation('junit:junit:4.12')
}

Now let’s add a simple main class in our module sources:

public class UnusedDependencies {

    public static void main(String[] args) {
        System.out.println("Hello world");
    }
}

We’ll build on this a bit later and see how the plugin works.

3. Detection Scenarios and Reports

The plugin searches the output jars to detect whether a dependency is used or not.

However, depending on several conditions, it can give us different results.

We'll explore the more interesting cases in the next sections.

3.1. Unused Dependencies

Now that we have our setup, let's see the basic use-case. We're interested in unused dependencies.

Let's run the lintGradle task:

$ ./gradlew lintGradle

> Task :lintGradle FAILED
# failure output omitted

warning   unused-dependency                  this dependency is unused and can be removed
unused-dependencies/build.gradle:6
implementation('com.google.guava:guava:29.0-jre')

✖ 1 problem (0 errors, 1 warning)

To apply fixes automatically, run fixGradleLint, review, and commit the changes.
# some more failure output

Let's see what happened. We have an unused dependency (guava) in our compileClasspath configuration.

If we run fixGradleLint task as the plugin suggests, the dependency is automatically removed from our build.gradle.

However, let's use some dummy logic with our dependency instead:

public static void main(String[] args) {
    System.out.println("Hello world");
    useGuava();
}

private static void useGuava() {
    List<String> list = ImmutableList.of("Baledung", "is", "cool");
    System.out.println(list.stream().collect(Collectors.joining(" ")));
}

If we rerun it we get no more errors:

$ ./gradlew lintGradle

BUILD SUCCESSFUL in 559ms
3 actionable tasks: 1 executed, 2 up-to-date

3.2. Using Transitive Dependencies

Let's now include another dependency:

dependencies {
    implementation('com.google.guava:guava:29.0-jre')
    implementation('org.apache.httpcomponents:httpclient:4.5.12')
    testImplementation('junit:junit:4.12')
}

This time, let's use something from a transitive dependency:

public static void main(String[] args) {
    System.out.println("Hello world");
    useGuava();
    useHttpCore();
}

// other methods

private static void useHttpCore() {
    SSLContextBuilder.create();
}

Let's see what happens:

$ ./gradlew lintGradle

> Task :lintGradle FAILED
# failure output omitted 

warning   unused-dependency                  one or more classes in org.apache.httpcomponents:httpcore:4.4.13 
are required by your code directly (no auto-fix available)
warning   unused-dependency                  this dependency is unused and can be removed 
unused-dependencies/build.gradle:8
implementation('org.apache.httpcomponents:httpclient:4.5.12')

✖ 2 problems (0 errors, 2 warnings)

We get two errors. The first error roughly says we should reference httpcore directly.

The SSLContextBuilder in our sample is actually part of it.

The second error says we're not using anything from httpclient.

If we use a transitive dependency, the plugin tells us to make it a direct one.

Let's take a peek at our dependency tree:

$ ./gradlew unused-dependencies:dependencies --configuration compileClasspath

> Task :unused-dependencies:dependencies

------------------------------------------------------------
Project :unused-dependencies - Gradle Unused Dependencies example
------------------------------------------------------------

compileClasspath - Compile classpath for source set 'main'.
+--- com.google.guava:guava:29.0-jre
|    +--- com.google.guava:failureaccess:1.0.1
|    +--- com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
|    +--- com.google.code.findbugs:jsr305:3.0.2
|    +--- org.checkerframework:checker-qual:2.11.1
|    +--- com.google.errorprone:error_prone_annotations:2.3.4
|    \--- com.google.j2objc:j2objc-annotations:1.3
\--- org.apache.httpcomponents:httpclient:4.5.12
     +--- org.apache.httpcomponents:httpcore:4.4.13
     +--- commons-logging:commons-logging:1.2
     \--- commons-codec:commons-codec:1.11

In this case, we can see that httpcore is brought in by httpclient.

3.3. Using Dependencies with Reflection

What about when we use reflection?

Let's enhance our example a bit:

public static void main(String[] args) {
    System.out.println("Hello world");
    useGuava();
    useHttpCore();
    useHttpClientWithReflection();
}

// other methods

private static void useHttpClientWithReflection() {
    try {
        Class<?> httpBuilder = Class.forName("org.apache.http.impl.client.HttpClientBuilder");
        Method create = httpBuilder.getMethod("create", null);
        create.invoke(httpBuilder, null);
    } catch (Exception e) {
        e.printStackTrace();
    }
}

Now let's rerun the Gradle task:

$ ./gradlew lintGradle

> Task :lintGradle FAILED
# failure output omitted

warning   unused-dependency                  one or more classes in org.apache.httpcomponents:httpcore:4.4.13 
are required by your code directly (no auto-fix available)

warning   unused-dependency                  this dependency is unused and can be removed
unused-dependencies/build.gradle:9
implementation('org.apache.httpcomponents:httpclient:4.5.12')

✖ 2 problems (0 errors, 2 warnings)

What happened? We used HttpClientBuilder from our dependency (httpclient) but still got errors.

If we use a library with reflection, the plugin does not detect its usage.

As a result, we can see the same two errors.

In general, we should configure such dependencies as runtimeOnly.

3.4. Generating Reports

For big projects, the number of errors returned in a terminal becomes challenging to handle.

Let's configure the plugin to give us a report instead:

allprojects {
    apply plugin :"java"
    apply plugin :"nebula.lint"
    gradleLint {
        rules=['unused-dependency']
        reportFormat = 'text'
    }
    // other  details omitted
}

Let's run the generateGradleLintReport task and check our build output:

$ ./gradlew generateGradleLintReport
# task output omitted

$ cat unused-dependencies/build/reports/gradleLint/unused-dependencies.txt

CodeNarc Report - Jun 20, 2020, 3:25:28 PM

Summary: TotalFiles=1 FilesWithViolations=1 P1=0 P2=3 P3=0

File: /home/user/tutorials/gradle-5/unused-dependencies/build.gradle
    Violation: Rule=unused-dependency P=2 Line=null Msg=[one or more classes in org.apache.httpcomponents:httpcore:4.4.13 
                                                         are required by your code directly]
    Violation: Rule=unused-dependency P=2 Line=9 Msg=[this dependency is unused and can be removed] 
                                                 Src=[implementation('org.apache.httpcomponents:httpclient:4.5.12')]
    Violation: Rule=unused-dependency P=2 Line=17 Msg=[this dependency is unused and can be removed] 
                                                  Src=[testImplementation('junit:junit:4.12')]

[CodeNarc (http://www.codenarc.org) v0.25.2]

Now it detects unused dependencies on the testCompileClasspath configuration.

This is, unfortunately, an inconsistent behavior of the plugin. As a result, we now get three errors.

4. Conclusion

In this tutorial, we saw how to find unused dependencies on Gradle builds.

First, we explained the general setup. After that, we explored the errors reported with different dependencies and their usage.

Finally, we saw how to generate text-based reports.

As usual, we can find the complete code samples over on GitHub.

Generic bottom

I just announced the new Learn Spring course, focused on the fundamentals of Spring 5 and Spring Boot 2:

>> CHECK OUT THE COURSE
Comments are closed on this article!