Fixed the scanners being executed in a loop that then causes all scans to be updated in a single run and the marker to be wrong

Author: Jenson3210

rewrite-gradle/src/main/java/org/openrewrite/gradle/UpgradeDependencyVersion.java

@@ -418,10 +418,26 @@ public boolean isAcceptable(SourceFile sf, ExecutionContext ctx) {
                     if ((tree != t || updateLockFile.isAcceptable(sf, ctx)) && projectMarker.isPresent()) {
                         GradleProject gradleProject = projectMarker.get();
                         Map<GroupArtifact, Set<String>> configurationsPerGa = acc.getConfigurationPerGAPerModule().getOrDefault(getGradleProjectKey(gradleProject), emptyMap());
-                        for (Map.Entry<GroupArtifact, Object> newVersion : acc.getGaToNewVersion().entrySet()) {
-                            if (newVersion.getValue() instanceof String) {
-                                GroupArtifactVersion gav = new GroupArtifactVersion(newVersion.getKey().getGroupId(), newVersion.getKey().getArtifactId(), (String) newVersion.getValue());
-                                gradleProject = replaceVersion(gradleProject, ctx, gav, configurationsPerGa.getOrDefault(gav.asGroupArtifact(), emptySet()));
+                        if (acc.getGaToNewVersion().isEmpty()) {
+                            DependencyMatcher matcher = new DependencyMatcher(groupId, artifactId, null);
+                            DependencyVersionSelector versionSelector = new DependencyVersionSelector(metadataFailures, gradleProject, null);
+                            for (GroupArtifact groupArtifact : configurationsPerGa.keySet()) {
+                                if (!matcher.matches(groupArtifact.getGroupId(), groupArtifact.getArtifactId())) {
+                                    continue;
+                                }
+                                try {
+                                    String selectedVersion = versionSelector.select(groupArtifact, null, newVersion, versionPattern, ctx);
+                                    GroupArtifactVersion gav = new GroupArtifactVersion(groupArtifact.getGroupId(), groupArtifact.getArtifactId(), selectedVersion);
+                                    gradleProject = replaceVersion(gradleProject, ctx, gav, configurationsPerGa.getOrDefault(gav.asGroupArtifact(), emptySet()));
+                                } catch (MavenDownloadingException ignore) {}
+                            }
+
+                        } else {
+                            for (Map.Entry<GroupArtifact, Object> newVersion : acc.getGaToNewVersion().entrySet()) {
+                                if (newVersion.getValue() instanceof String) {
+                                    GroupArtifactVersion gav = new GroupArtifactVersion(newVersion.getKey().getGroupId(), newVersion.getKey().getArtifactId(), (String) newVersion.getValue());
+                                    gradleProject = replaceVersion(gradleProject, ctx, gav, configurationsPerGa.getOrDefault(gav.asGroupArtifact(), emptySet()));
+                                }
                             }
                         }
                         if (projectMarker.get() != gradleProject) {
@@ -886,6 +902,9 @@ public static GradleProject replaceVersion(GradleProject gp, ExecutionContext ct
     private static org.openrewrite.maven.tree.Dependency maybeUpdateDependency(
             org.openrewrite.maven.tree.Dependency dep,
             org.openrewrite.maven.tree.Dependency newDep) {
+        if (Objects.equals(dep.getGroupId(), newDep.getGroupId()) && Objects.equals(dep.getArtifactId(), newDep.getArtifactId()) && Objects.equals(dep.getVersion(), newDep.getVersion())) {
+            return dep;
+        }
         if (Objects.equals(dep.getGroupId(), newDep.getGroupId()) && Objects.equals(dep.getArtifactId(), newDep.getArtifactId())) {
             return newDep;
         }
@@ -910,6 +929,9 @@ private static ResolvedDependency maybeUpdateResolvedDependency(
         if (traversalHistory.contains(dep)) {
             return dep;
         }
+        if (Objects.equals(dep.getGroupId(), newDep.getGroupId()) && Objects.equals(dep.getArtifactId(), newDep.getArtifactId()) && Objects.equals(dep.getVersion(), newDep.getVersion())) {
+            return dep;
+        }
         if (Objects.equals(dep.getGroupId(), newDep.getGroupId()) && Objects.equals(dep.getArtifactId(), newDep.getArtifactId())) {
             return newDep;
         }

rewrite-gradle/src/main/java/org/openrewrite/gradle/UpgradeTransitiveDependencyVersion.java

@@ -56,6 +56,7 @@
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.stream.Collectors;
 
+import static java.util.Collections.emptyMap;
 import static java.util.Collections.singletonMap;
 import static java.util.Objects.requireNonNull;
 import static org.openrewrite.Preconditions.not;
@@ -337,6 +338,7 @@ public boolean isAcceptable(SourceFile sourceFile, ExecutionContext ctx) {
 
     @Override
     public TreeVisitor<?, ExecutionContext> getVisitor(DependencyVersionState acc) {
+        final DependencyMatcher dependencyMatcher = new DependencyMatcher(groupId, artifactId, null);
         return Preconditions.check(new FindGradleProject(FindGradleProject.SearchCriteria.Marker), new TreeVisitor<Tree, ExecutionContext>() {
             private final UpdateGradle updateGradle = new UpdateGradle(acc.getUpdatesPerProject());
             private final UpdateDependencyLock updateLockFile = new UpdateDependencyLock();
@@ -376,6 +378,9 @@ private GradleProject updatedModel(GradleProject gradleProject, Map<GroupArtifac
                         .collect(Collectors.toSet());
                 Set<GroupArtifactVersion> gavs = new LinkedHashSet<>();
                 for (Map.Entry<GroupArtifact, Map<GradleDependencyConfiguration, String>> update : toUpdate.entrySet()) {
+                    if (!dependencyMatcher.matches(update.getKey().getGroupId(), update.getKey().getArtifactId())) {
+                        continue;
+                    }
                     Map<GradleDependencyConfiguration, String> configs = update.getValue();
                     String groupId = update.getKey().getGroupId();
                     String artifactId = update.getKey().getArtifactId();
@@ -397,6 +402,7 @@ private GradleProject updatedModel(GradleProject gradleProject, Map<GroupArtifac
     private class UpdateGradle extends JavaVisitor<ExecutionContext> {
 
         final Map<String, Map<GroupArtifact, Map<GradleDependencyConfiguration, String>>> updatesPerProject;
+        final DependencyMatcher dependencyMatcher = new DependencyMatcher(groupId, artifactId, null);
 
         @SuppressWarnings("NotNullFieldNotInitialized")
         GradleProject gradleProject;
@@ -407,7 +413,11 @@ public J visit(@Nullable Tree tree, ExecutionContext ctx) {
                 JavaSourceFile cu = (JavaSourceFile) tree;
                 gradleProject = cu.getMarkers().findFirst(GradleProject.class).orElseThrow(() -> new IllegalStateException("Unable to find GradleProject marker."));
 
-                if (!updatesPerProject.get(getGradleProjectKey(gradleProject)).isEmpty()) {
+                Map<GroupArtifact, Map<GradleDependencyConfiguration, String>> projectRequiredUpdates = updatesPerProject.getOrDefault(getGradleProjectKey(gradleProject), emptyMap());
+                if (!projectRequiredUpdates.isEmpty()) {
+                    if (projectRequiredUpdates.keySet().stream().noneMatch(ga -> dependencyMatcher.matches(ga.getGroupId(), ga.getArtifactId()))) {
+                        return cu;
+                    }
                     cu = (JavaSourceFile) Preconditions.check(
                             not(new JavaIsoVisitor<ExecutionContext>() {
                                 @Override
@@ -432,7 +442,10 @@ public J.MethodInvocation visitMethodInvocation(J.MethodInvocation method, Execu
                             new AddConstraintsBlock(cu instanceof K.CompilationUnit)
                     ).visitNonNull(cu, ctx);
 
-                    for (Map.Entry<GroupArtifact, Map<GradleDependencyConfiguration, String>> update : updatesPerProject.get(getGradleProjectKey(gradleProject)).entrySet()) {
+                    for (Map.Entry<GroupArtifact, Map<GradleDependencyConfiguration, String>> update : projectRequiredUpdates.entrySet()) {
+                        if (!dependencyMatcher.matches(update.getKey().getGroupId(), update.getKey().getArtifactId())) {
+                            continue;
+                        }
                         Map<GradleDependencyConfiguration, String> configs = update.getValue();
                         for (Map.Entry<GradleDependencyConfiguration, String> config : configs.entrySet()) {
                             cu = (JavaSourceFile) new AddConstraint(cu instanceof K.CompilationUnit, config.getKey().getName(), new GroupArtifactVersion(update.getKey().getGroupId(),

rewrite-gradle/src/test/java/org/openrewrite/gradle/UpgradeDependencyVersionTest.java

@@ -1440,7 +1440,7 @@ void kotlinDslStringInterpolation() {
     @Test
     void lockFileGetsUpdated() {
         rewriteRun(
-          spec -> spec.recipe(new UpgradeDependencyVersion("org.apache.tomcat.embed", "*", "latest.patch", null)),
+          spec -> spec.recipe(new UpgradeDependencyVersion("org.apache.tomcat.embed", "*", "10.0.27", null)),
           //language=groovy
           buildGradle(
             """
@@ -1483,7 +1483,7 @@ void lockFileGetsUpdated() {
     @Test
     void multimoduleProjectLockFile() {
         rewriteRun(spec ->
-            spec.recipe(new UpgradeDependencyVersion("org.apache.tomcat.embed", "*", "latest.patch", null)),
+            spec.recipe(new UpgradeDependencyVersion("org.apache.tomcat.embed", "*", "10.0.27", null)),
           settingsGradle(
             """
             rootProject.name = 'my-project'
@@ -1716,7 +1716,7 @@ void jacksonBomGetsUpdatedInLockFile() {
     @Test
     void multiProject() {
         rewriteRun(
-            spec -> spec.recipe(new UpgradeDependencyVersion("org.apache.tomcat.embed", "*", "latest.patch", null)),
+            spec -> spec.recipe(new UpgradeDependencyVersion("org.apache.tomcat.embed", "*", "10.0.27", null)),
           buildGradle(
             """
               plugins { id 'java' }

rewrite-gradle/src/test/java/org/openrewrite/gradle/UpgradeTransitiveDependencyVersionTest.java

@@ -15,9 +15,11 @@
  */
 package org.openrewrite.gradle;
 
+import lombok.EqualsAndHashCode;
+import lombok.Value;
+import org.jspecify.annotations.Nullable;
 import org.junit.jupiter.api.Test;
-import org.openrewrite.DocumentExample;
-import org.openrewrite.Issue;
+import org.openrewrite.*;
 import org.openrewrite.test.RecipeSpec;
 import org.openrewrite.test.RewriteTest;
 
@@ -917,4 +919,82 @@ void addConstraintUpdatesLockfile() {
           )
         );
     }
+
+    @Test
+    void canHandleNullScannedAccumulator() {
+        UpgradeTransitiveDependencyVersion updateClassgraph = new UpgradeTransitiveDependencyVersion("io.github.classgraph", "classgraph", "4.8.112", null, null, null);
+        UpgradeTransitiveDependencyVersion updateJackson = new UpgradeTransitiveDependencyVersion("com.fasterxml*", "jackson-core", "2.12.5", null, "CVE-2024-BAD", null);
+        rewriteRun(
+          spec -> spec.recipe(new ScanningAccumulatedUpgradeRecipe(updateClassgraph, updateJackson)),
+          buildGradle(
+            """
+              plugins {
+                id 'java'
+              }
+              repositories { mavenCentral() }
+              
+              dependencies {
+                  implementation 'org.openrewrite:rewrite-java:7.0.0'
+              }
+              """,
+            """
+              plugins {
+                id 'java'
+              }
+              repositories { mavenCentral() }
+              
+              dependencies {
+                  constraints {
+                      implementation('com.fasterxml.jackson.core:jackson-core:2.12.5') {
+                          because 'CVE-2024-BAD'
+                      }
+                  }
+              
+                  implementation 'org.openrewrite:rewrite-java:7.0.0'
+              }
+              """
+          )
+        );
+    }
+
+    @Value
+    @EqualsAndHashCode(callSuper = false)
+    public static class ScanningAccumulatedUpgradeRecipe extends ScanningRecipe<UpgradeTransitiveDependencyVersion.DependencyVersionState> {
+        @Override
+        public String getDisplayName() {
+            return "Accumulation-scanned recipe";
+        }
+
+        @Override
+        public String getDescription() {
+            return "Some recipes hava loop to determine all updates and add them to the scanner. This cycle/recipe only can update for the provided dependency.";
+        }
+
+        private final UpgradeTransitiveDependencyVersion scanAlsoFor;
+        private final UpgradeTransitiveDependencyVersion upgradeDependency;
+
+        @Override
+        public UpgradeTransitiveDependencyVersion.DependencyVersionState getInitialValue(ExecutionContext ctx) {
+            return new UpgradeTransitiveDependencyVersion.DependencyVersionState();
+        }
+
+        @Override
+        public TreeVisitor<?, ExecutionContext> getScanner(UpgradeTransitiveDependencyVersion.DependencyVersionState acc) {
+            return new TreeVisitor<>() {
+                @Override
+                public @Nullable Tree visit(@Nullable Tree tree, ExecutionContext ctx) {
+                    if (tree instanceof SourceFile) {
+                        tree = scanAlsoFor.getScanner(acc).visit(tree, ctx);
+                        tree = upgradeDependency.getScanner(acc).visit(tree, ctx);
+                    }
+                    return tree;
+                }
+            };
+        }
+
+        @Override
+        public TreeVisitor<?, ExecutionContext> getVisitor(UpgradeTransitiveDependencyVersion.DependencyVersionState acc) {
+            return upgradeDependency.getVisitor(acc);
+        }
+    }
 }