Read configured dependencies

Help/Discuss
1

Hello,

I need to implement some logic (to integrate in a CI-CD pipeline) that, when building a Gradle project, extracts information about the project. The data to extract is the following:

  • Project Name
  • Project Group
  • Project Version
  • List of declared dependencies
    • Dependency name
    • Dependency group
    • Dependency version
    • Dependency scope (implementation, compileOnly, etc.)
    • Is Transitive (as bonus :slight_smile: )

It must work both on simple and multi module project, collecting both dependencies declared in “dependencies” and dependencies declared in the “versionCatalogUpdate”.

Using the Tooling API for Java, I’m able to extract the project’s name, group, and version, but I don’t understand how to extract the dependencies list. Please consider that I’m new to Gradle.

Any idea how to reach the goal?

Thank you

2

As you only want the “declared” dependencies you might need to build an own tooling api model that you inject as plugin using an init script when connecting with the tooling api that collects the data you want to have and that you can then request from the tooling api.

Probably not a too beginner-level task. :smiley:

No idea what you mean with versionCatalogUpdate, that is nothing that exists in vanilla Gradle, it is probably from some plugin you apply or something you defined yourself.
With your own tooling api model you can probably also extract that information hopefully. :man_shrugging:

3

First of all, thank you for your feedback

“you might need to build an own tooling api model that you inject as plugin using an init script when connecting with the tooling api”

Is there any documentation I can read to deepen what you have suggested?

In the meantime, I have found a way to get the data I need by using the “Idea Model” provided in the tooling API:

IdeaProject project = connection.getModel(IdeaProject.class);
            for (IdeaModule module : project.getModules()) {
                for (IdeaDependency dep : module.getDependencies()) {
                    if (dep instanceof IdeaSingleEntryLibraryDependency libDep) {
                        IdeaDependencyScope depScope = dep.getScope();
                        GradleModuleVersion modVer = libDep.getGradleModuleVersion();
                        if (modVer != null) {
                            log.info("Found Gradle dependency: {}", modVer.getGroup() + ":" + modVer.getName() + ":"+modVer.getVersion());
                        }
                    }
                }
            }

Anyway, this solution has two drawbacks:

  1. It forces the download of the dependencies jar, introducing potential performance issues. I’m looking forward to a solution that does not imply downloads.
  2. It returns all dependencies, including the transitives.

It seems that, using the Idea model, there is no way to avoid the jar downloads and to discriminate between declared and transitive dependencies.

4

Is there any documentation I can read to deepen what you have suggested?

I have no idea, never used that myself.
But Tooling API says

As the Tooling API is an interface for developers, the Javadoc is the main documentation for it.

so maybe there is not besides the JavaDoc. :man_shrugging:

Maybe you could also instead use an init script to apply the GitHub - gradle/github-dependency-graph-gradle-plugin: Gradle Plugin for Extracting Dependency Information to send to GitHub and let it generate a dependency report. That plugin is, what the dependency graph report GitHub action uses to upload the dependency graph to Github, so maybe that would also be an alternative to consider. :man_shrugging: