Open Source Ecosystems

image::https://img.shields.io/maven-metadata/v.svg?label=release&metadataUrl=https%3A%2F%2Frepo1.maven.org%2Fmaven2%2Fcom%2Fautonomousapps%2Fdependency-analysis%2Fcom.autonomousapps.dependency-analysis.gradle.plugin%2Fmaven-metadata.xml[Latest version,link="https://mvnrepository.com/artifact/com.autonomousapps.dependency-analysis/com.autonomousapps.dependency-analysis.gradle.plugin"] image::https://img.shields.io/nexus/s/com.autonomousapps/dependency-analysis-gradle-plugin?label=snapshot&server=https%3A%2F%2Foss.sonatype.org[Latest snapshot,link="https://oss.sonatype.org/#nexus-search;gav~com.autonomousapps.dependency-analysis~com.autonomousapps.dependency-analysis.gradle.plugin~~~~kw,versionexpand"] image::https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin/workflows/Main/badge.svg[Build status,link="https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin/actions/workflows/push.yml?query=branch%3Amain"]

== Detect unused and misused dependencies The Dependency Analysis Gradle Plugin (DAGP, née Dependency Analysis Android Gradle Plugin) detects the following:

Unused dependencies.
Used transitive dependencies (which you may want to declare directly).
Dependencies declared on the wrong configuration (api vs implementation vs compileOnly, etc.).

As a side effect, the plugin can also tell you your project's ABI, and produces graphviz files representing various views of your dependency graph, among other things. These side effects are currently mostly undocumented internal behaviors, but they may be interesting for some advanced users.

== Build health

In addition to the dependency-related advice (see above), DAGP provides other advice to help maintain your "build health." This includes the detection of:

Unnecessary plugins (currently only kapt).
Subprojects ("modules") that unnecessarily use the Android plugin, and could instead by "normal" JVM libraries.

== Compatibilities

Please see the https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin/wiki/Compatibilities-&-Limitations[wiki] for information on the versions of Gradle, the Android Gradle Plugin, etc., that this plugin is compatible with.

== Add to your project and use For detailed instructions, see https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin/wiki/Adding-to-your-project[the wiki].

The simplest approach is to add the following:

.root settings.gradle[.kts]
[source,groovy]

plugins {
id("com.autonomousapps.build-health") version "<<latest_version>>"
}

IMPORTANT: If your project uses Kotlin or Android (or both), then those plugins must also be loaded in the settings script classloader (or a parent). See https://github.com/autonomousapps/dependency-analysis-gradle-plugin/wiki/Adding-to-your-project[the wiki] for more information

For a quick start, just run the following:

./gradlew buildHealth

You will probably see output like the following:

Task :buildHealth FAILED

FAILURE: Build failed with an exception.

What went wrong:
Execution failed for task ':buildHealth'.

There were dependency violations. See report at file:///path/to/project/build/reports/dependency-analysis/build-health-report.txt

If you wish to have this (potentially very long) report printed to console, add this to your gradle.properties file:

.gradle.properties
[source]

dependency.analysis.print.build.health=true

== More advanced usage

You do not have to apply this plugin to all projects via the settings script. It can also be applied to only specific subprojects. In this case, it must also be applied to the root build script.

.root build.gradle[.kts]
[source,groovy]

plugins {
id("com.autonomousapps.dependency-analysis") version "<<latest_version>>"
}

.sub/project/build.gradle[.kts]
[source,groovy]

plugins {
id("com.autonomousapps.dependency-analysis")
}

IMPORTANT: If your project uses Kotlin or Android (or both), then those plugins must also be loaded in the root build script classloader (or a parent). See https://github.com/autonomousapps/dependency-analysis-gradle-plugin/wiki/Adding-to-your-project[the wiki] for more information

=== Project Health

The analysis can be run against individual modules with the projectHealth task. For example:

./gradlew app:projectHealth

=== Fix dependency issues automatically

It is common for the plugin to report many issues with your project's dependency declarations. Since fixing manually can be tedious, the plugin also provides a task to auto-remediate all issues.

./gradlew fixDependencies

The fixDependencies task is registered on each project where the plugin is applied. Running it as above will run the task in each subproject. See also https://dev.to/autonomousapps/one-click-dependencies-fix-191p[_One click dependencies fix_].

==== Fix only some dependency issues automatically

In some circumstances, it may be considered infeasible to resolve all issues in one pass. Maybe you have a very large project, or you publish libraries and you know that changing your dependency declarations will also change your libraries' metadata, which might break consumers. To support this use-case, the the fixDependencies task takes an optional flag to tell it to, essentially, make only "safe" changes.

./gradlew fixDependencies --upgrade

With this flag in place, the fixDependencies task will not remove or "downgrade" any dependency declarations. It will only add or "upgrade" declarations (e.g., from implementation to api).

In an incremental rollout scenario, one could imagine using the --upgrade flag, then updating all consumers, then finally removing the flag and removing all unused dependencies.

==== Caveats

If the analysis has any bugs, then fixing the dependency declarations make break your build (but this is also the case with manual fixes). If you encounter this, please https://github.com/autonomousapps/dependency-analysis-gradle-plugin/issues/new/choose[file an issue].

Additionally, the rewriting functionality is based on a simplified Gradle Groovy/Kotlin DSL grammar, which will fail in the presence of complex build scripts. We plan to enhance the Gradle Kotlin DSL grammar soon, since it is the default build script language, but we have no current plans to do the same for Gradle Groovy DSL.

=== Reason

You may be curious why the plugin is emitting (or not emitting) advice regarding some dependency. You can ask it why:

./gradlew lib:reason --id com.squareup.okio:okio:2.2.2 <1>