Speed up ModuleHasDependency and RepositoryHasDependency by removing DependencyInsight#176
Open
steve-aom-elliott wants to merge 1 commit intomainfrom
Open
Conversation
…DependencyInsight Both recipes ran a fresh DependencyInsight visitor against every source file during scanning, which performs exhaustive Gradle + Maven dependency analysis just to answer a binary yes/no question about whether the module contains a given GAV. Replace the visitor with a direct check against MavenResolutionResult.findDependencies for Maven modules, and against GradleProject's configurations + ResolvedDependency.findDependency for Gradle modules. This mirrors the pattern Sam applied to the single-build-system versions of ModuleHasDependency in openrewrite/rewrite (commit 919c9f5 / PR #6664). These recipes are used as preconditions in many declarative migration recipes. Avoiding the DependencyInsight allocation + traversal per source file substantially reduces scanner time on repositories with many Java files.
Jenson3210
approved these changes
Apr 22, 2026
github-project-automation
Bot
moved this from In Progress
to Ready to Review
in OpenRewrite
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Both
org.openrewrite.java.dependencies.search.ModuleHasDependencyandRepositoryHasDependencyran a freshDependencyInsightvisitor against every source file during scanning, just to answer a binary yes/no question about whether the module contains a given GAV.Replace the visitor with a direct check against:
MavenResolutionResult.findDependencies(groupId, artifactId, scope)for Maven modules, andGradleProject's configurations +ResolvedDependency.findDependencywalk for Gradle modules.This mirrors the pattern Sam applied to the single-build-system
ModuleHasDependencyclasses inopenrewrite/rewrite(commit919c9f5/ PR #6664) — these cross-build-system versions weren't updated alongside.Why
These recipes are used as preconditions in many declarative migration recipes — in the Spring Boot 4 recipe tree alone,
ModuleHasDependencyis a precondition in 11+ places acrossmockito.yml,spring-boot-20.yml,spring-boot-25.yml, andspring-cloud-2025.yml.Allocating a
DependencyInsightand running its Gradle + Maven visitors per source file is wasteful when all we need is a single boolean per module. With Sam's fix in place for the single-build-system versions, the cross-build-system wrappers became the remaining hot path.How
ModuleHasDependency#hasDependency(Tree)andRepositoryHasDependency#hasDependency(Tree)now:MavenResolutionResulton the tree's markers. If present, usefindDependencies(g, a, scope)with version-comparator filtering.GradleProjectand walkGradleDependencyConfiguration#getDirectResolved(), callingResolvedDependency#findDependency(g, a)to catch matches in the transitive tree.Tests
rewrite-java-dependencies:testsuite passes.ModuleHasDependencyTestandRepositoryHasDependencyTestcover Maven-only, Gradle-only, mixed multi-module, direct/transitive, and version-glob cases.