Skip to content

Improve performance of transitive dependency checks #904

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 9, 2025
Merged

Improve performance of transitive dependency checks #904

merged 3 commits into from
Jul 9, 2025

Conversation

@harrisric
Copy link
Contributor

@harrisric harrisric commented Jul 2, 2025

Keep track of artifacts already validated during transitive dependency enforcement, so that we don't check the same ones multiple times.
In an example that I have we see the validation of ~19,000 artifacts where only ~1,300 are distinct.
This change keeps track of already checked artifacts and skips the validation.
I had tried to skip all the children of an already validated artifact but this did not achieve exactly the same result (some of the distinct artifacts no longer appeared in the validated set) and didn't actually seem to improve the performance much above the simple approach.
As Artifact (and specifically org.apache.maven.artifact.DefaultArtifact) doesn't include scope in its equals method I couldn't simply track a Set<Artifact> and created a class local to ArtifactMatcher for the purpose instead.

Following this checklist to help us incorporate your
contribution quickly and easily:

  • Your pull request should address just one issue, without pulling in other changes.
  • Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
  • Each commit in the pull request should have a meaningful subject line and body.
    Note that commits might be squashed by a maintainer on merge.
  • Write unit tests that match behavioral changes, where the tests fail if the changes to the runtime are not applied.
    This may not always be possible but is a best-practice.
  • Run mvn verify to make sure basic checks pass.
    A more thorough check will be performed on your pull request automatically.
  • You have run the integration tests successfully (mvn -Prun-its verify).

If your pull request is about ~20 lines of code you don't need to sign an
Individual Contributor License Agreement if you are unsure
please ask on the developers list.

To make clear that you license your contribution under
the Apache License Version 2.0, January 2004
you have to acknowledge this by using the following check-box.

@harrisric
Merge branch 'master' into improve-performance-transitive-dependencyc…
ded2a67 
…hecks

# Conflicts:
#	enforcer-rules/src/main/java/org/apache/maven/enforcer/rules/utils/ArtifactMatcher.java
@slawekjaranowski slawekjaranowski merged commit d58be76 into apache:master Jul 9, 2025
26 checks passed
@github-actions
Copy link

github-actions bot commented Jul 9, 2025

@slawekjaranowski Please assign appropriate label to PR according to the type of change.

@github-actions github-actions bot added this to the 3.6.1 milestone Jul 9, 2025
@slawekjaranowski slawekjaranowski added the enhancement New feature or request label Jul 9, 2025
@apache apache deleted a comment from github-actions bot Jul 9, 2025
@dongjoon-hyun dongjoon-hyun mentioned this pull request Aug 28, 2025
Closed
dongjoon-hyun added a commit to apache/orc that referenced this pull request Aug 28, 2025
@dongjoon-hyun
ORC-1978: Upgrade maven-enforcer-plugin to 3.6.1
9d9ba5c 
### What changes were proposed in this pull request?

This PR aims to upgrade `maven-enforcer-plugin` to 3.6.1.

### Why are the changes needed?

To use the latest improvement and bug fixed version:
- https://github.com/apache/maven-enforcer/releases/tag/enforcer-3.6.1
  - apache/maven-enforcer#904
  - apache/maven-enforcer#905
  - apache/maven-enforcer#910

### How was this patch tested?

Pass the CIs.

### Was this patch authored or co-authored using generative AI tooling?

No.

Closes #2335

Closes #2366 from dongjoon-hyun/ORC-1978.

Authored-by: Dongjoon Hyun <[email protected]>
Signed-off-by: Dongjoon Hyun <[email protected]>
dongjoon-hyun added a commit to apache/orc that referenced this pull request Aug 28, 2025
@dongjoon-hyun
ORC-1978: Upgrade maven-enforcer-plugin to 3.6.1
4a8fc86 
### What changes were proposed in this pull request?

This PR aims to upgrade `maven-enforcer-plugin` to 3.6.1.

### Why are the changes needed?

To use the latest improvement and bug fixed version:
- https://github.com/apache/maven-enforcer/releases/tag/enforcer-3.6.1
  - apache/maven-enforcer#904
  - apache/maven-enforcer#905
  - apache/maven-enforcer#910

### How was this patch tested?

Pass the CIs.

### Was this patch authored or co-authored using generative AI tooling?

No.

Closes #2335

Closes #2366 from dongjoon-hyun/ORC-1978.

Authored-by: Dongjoon Hyun <[email protected]>
Signed-off-by: Dongjoon Hyun <[email protected]>
(cherry picked from commit 9d9ba5c)
Signed-off-by: Dongjoon Hyun <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@slawekjaranowski slawekjaranowski slawekjaranowski approved these changes

Assignees

@slawekjaranowski slawekjaranowski

Labels

enhancement New feature or request

Projects

None yet

Milestone

3.6.1

Development

Successfully merging this pull request may close these issues.

2 participants

@harrisric @slawekjaranowski