dependabot-nuget 0.265.0 → 0.267.0

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/UpdaterWorker.cs

@@ -1,3 +1,10 @@
+using System.Net;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+
+using NuGetUpdater.Core.Analyze;
+using NuGetUpdater.Core.Updater;
+
 namespace NuGetUpdater.Core;
 
 public class UpdaterWorker
@@ -5,48 +12,89 @@ public class UpdaterWorker
     private readonly Logger _logger;
     private readonly HashSet<string> _processedProjectPaths = new(StringComparer.OrdinalIgnoreCase);
 
+    internal static readonly JsonSerializerOptions SerializerOptions = new()
+    {
+        WriteIndented = true,
+        Converters = { new JsonStringEnumConverter() },
+    };
+
     public UpdaterWorker(Logger logger)
     {
         _logger = logger;
     }
 
-    public async Task RunAsync(string repoRootPath, string workspacePath, string dependencyName, string previousDependencyVersion, string newDependencyVersion, bool isTransitive)
+    public async Task RunAsync(string repoRootPath, string workspacePath, string dependencyName, string previousDependencyVersion, string newDependencyVersion, bool isTransitive, string? resultOutputPath = null)
     {
         MSBuildHelper.RegisterMSBuild(Environment.CurrentDirectory, repoRootPath);
+        UpdateOperationResult result;
 
         if (!Path.IsPathRooted(workspacePath) || !File.Exists(workspacePath))
         {
             workspacePath = Path.GetFullPath(Path.Join(repoRootPath, workspacePath));
         }
 
-        if (!isTransitive)
+        try
+        {
+            if (!isTransitive)
+            {
+                await DotNetToolsJsonUpdater.UpdateDependencyAsync(repoRootPath, workspacePath, dependencyName, previousDependencyVersion, newDependencyVersion, _logger);
+                await GlobalJsonUpdater.UpdateDependencyAsync(repoRootPath, workspacePath, dependencyName, previousDependencyVersion, newDependencyVersion, _logger);
+            }
+
+            var extension = Path.GetExtension(workspacePath).ToLowerInvariant();
+            switch (extension)
+            {
+                case ".sln":
+                    await RunForSolutionAsync(repoRootPath, workspacePath, dependencyName, previousDependencyVersion, newDependencyVersion, isTransitive);
+                    break;
+                case ".proj":
+                    await RunForProjFileAsync(repoRootPath, workspacePath, dependencyName, previousDependencyVersion, newDependencyVersion, isTransitive);
+                    break;
+                case ".csproj":
+                case ".fsproj":
+                case ".vbproj":
+                    await RunForProjectAsync(repoRootPath, workspacePath, dependencyName, previousDependencyVersion, newDependencyVersion, isTransitive);
+                    break;
+                default:
+                    _logger.Log($"File extension [{extension}] is not supported.");
+                    break;
+            }
+
+            result = new(); // all ok
+            _logger.Log("Update complete.");
+        }
+        catch (HttpRequestException ex)
+        when (ex.StatusCode == HttpStatusCode.Unauthorized || ex.StatusCode == HttpStatusCode.Forbidden)
+        {
+            // TODO: consolidate this error handling between AnalyzeWorker, DiscoveryWorker, and UpdateWorker
+            result = new()
+            {
+                ErrorType = ErrorType.AuthenticationFailure,
+                ErrorDetails = "(" + string.Join("|", NuGetContext.GetPackageSourceUrls(workspacePath)) + ")",
+            };
+        }
+        catch (MissingFileException ex)
         {
-            await DotNetToolsJsonUpdater.UpdateDependencyAsync(repoRootPath, workspacePath, dependencyName, previousDependencyVersion, newDependencyVersion, _logger);
-            await GlobalJsonUpdater.UpdateDependencyAsync(repoRootPath, workspacePath, dependencyName, previousDependencyVersion, newDependencyVersion, _logger);
+            result = new()
+            {
+                ErrorType = ErrorType.MissingFile,
+                ErrorDetails = ex.FilePath,
+            };
         }
 
-        var extension = Path.GetExtension(workspacePath).ToLowerInvariant();
-        switch (extension)
+        _processedProjectPaths.Clear();
+        if (resultOutputPath is { })
         {
-            case ".sln":
-                await RunForSolutionAsync(repoRootPath, workspacePath, dependencyName, previousDependencyVersion, newDependencyVersion, isTransitive);
-                break;
-            case ".proj":
-                await RunForProjFileAsync(repoRootPath, workspacePath, dependencyName, previousDependencyVersion, newDependencyVersion, isTransitive);
-                break;
-            case ".csproj":
-            case ".fsproj":
-            case ".vbproj":
-                await RunForProjectAsync(repoRootPath, workspacePath, dependencyName, previousDependencyVersion, newDependencyVersion, isTransitive);
-                break;
-            default:
-                _logger.Log($"File extension [{extension}] is not supported.");
-                break;
+            await WriteResultFile(result, resultOutputPath, _logger);
         }
+    }
 
-        _logger.Log("Update complete.");
+    internal static async Task WriteResultFile(UpdateOperationResult result, string resultOutputPath, Logger logger)
+    {
+        logger.Log($"  Writing update result to [{resultOutputPath}].");
 
-        _processedProjectPaths.Clear();
+        var resultJson = JsonSerializer.Serialize(result, SerializerOptions);
+        await File.WriteAllTextAsync(resultOutputPath, resultJson);
     }
 
     private async Task RunForSolutionAsync(

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs

@@ -185,8 +185,9 @@ internal static partial class MSBuildHelper
                 var versionSpecification = packageItem.Metadata.FirstOrDefault(m => m.Name.Equals("Version", StringComparison.OrdinalIgnoreCase))?.Value
                                            ?? packageItem.Metadata.FirstOrDefault(m => m.Name.Equals("VersionOverride", StringComparison.OrdinalIgnoreCase))?.Value
                                            ?? string.Empty;
-                foreach (var attributeValue in new[] { packageItem.Include, packageItem.Update })
+                foreach (var rawAttributeValue in new[] { packageItem.Include, packageItem.Update })
                 {
+                    var attributeValue = rawAttributeValue?.Trim();
                     if (!string.IsNullOrWhiteSpace(attributeValue))
                     {
                         if (packageInfo.TryGetValue(attributeValue, out var existingInfo))
@@ -312,6 +313,7 @@ internal static partial class MSBuildHelper
         {
             var tempProjectPath = await CreateTempProjectAsync(tempDirectory, repoRoot, projectPath, targetFramework, packages);
             var (exitCode, stdOut, stdErr) = await ProcessEx.RunAsync("dotnet", $"restore \"{tempProjectPath}\"", workingDirectory: tempDirectory.FullName);
+            ThrowOnUnauthenticatedFeed(stdOut);
 
             // simple cases first
             // if restore failed, nothing we can do
@@ -506,6 +508,7 @@ internal static partial class MSBuildHelper
                 <TargetFramework>{targetFramework}</TargetFramework>
                 <GenerateDependencyFile>true</GenerateDependencyFile>
                 <RunAnalyzers>false</RunAnalyzers>
+                <NuGetInteractive>false</NuGetInteractive>
               </PropertyGroup>
               <ItemGroup>
                 {packageReferences}
@@ -565,6 +568,7 @@ internal static partial class MSBuildHelper
             var tempProjectPath = await CreateTempProjectAsync(tempDirectory, repoRoot, projectPath, targetFramework, packages);
 
             var (exitCode, stdout, stderr) = await ProcessEx.RunAsync("dotnet", $"build \"{tempProjectPath}\" /t:_ReportDependencies", workingDirectory: tempDirectory.FullName);
+            ThrowOnUnauthenticatedFeed(stdout);
 
             if (exitCode == 0)
             {
@@ -602,6 +606,30 @@ internal static partial class MSBuildHelper
         }
     }
 
+    internal static void ThrowOnUnauthenticatedFeed(string stdout)
+    {
+        var unauthorizedMessageSnippets = new string[]
+        {
+            "The plugin credential provider could not acquire credentials",
+            "401 (Unauthorized)",
+            "error NU1301: Unable to load the service index for source",
+        };
+        if (unauthorizedMessageSnippets.Any(stdout.Contains))
+        {
+            throw new HttpRequestException(message: stdout, inner: null, statusCode: System.Net.HttpStatusCode.Unauthorized);
+        }
+    }
+
+    internal static void ThrowOnMissingFile(string output)
+    {
+        var missingFilePattern = new Regex(@"The imported project \""(?<FilePath>.*)\"" was not found");
+        var match = missingFilePattern.Match(output);
+        if (match.Success)
+        {
+            throw new MissingFileException(match.Groups["FilePath"].Value);
+        }
+    }
+
     internal static bool TryGetGlobalJsonPath(string repoRootPath, string workspacePath, [NotNullWhen(returnValue: true)] out string? globalJsonPath)
     {
         globalJsonPath = PathHelper.GetFileInDirectoryOrParent(workspacePath, repoRootPath, "global.json", caseSensitive: false);

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Analyze/AnalyzeWorkerTestBase.cs

@@ -18,7 +18,8 @@ public class AnalyzeWorkerTestBase
         WorkspaceDiscoveryResult discovery,
         DependencyInfo dependencyInfo,
         ExpectedAnalysisResult expectedResult,
-        MockNuGetPackage[]? packages = null)
+        MockNuGetPackage[]? packages = null,
+        TestFile[]? extraFiles = null)
     {
         var relativeDependencyPath = $"./dependabot/dependency/{dependencyInfo.Name}.json";
 
@@ -27,7 +28,8 @@ public class AnalyzeWorkerTestBase
             (relativeDependencyPath, JsonSerializer.Serialize(dependencyInfo, AnalyzeWorker.SerializerOptions)),
         ];
 
-        var actualResult = await RunAnalyzerAsync(dependencyInfo.Name, files, async directoryPath =>
+        var allFiles = files.Concat(extraFiles ?? []).ToArray();
+        var actualResult = await RunAnalyzerAsync(dependencyInfo.Name, allFiles, async directoryPath =>
         {
             await UpdateWorkerTestBase.MockNuGetPackagesInDirectory(packages, directoryPath);
 
@@ -50,6 +52,8 @@ public class AnalyzeWorkerTestBase
         Assert.Equal(expectedResult.VersionComesFromMultiDependencyProperty, actualResult.VersionComesFromMultiDependencyProperty);
         ValidateDependencies(expectedResult.UpdatedDependencies, actualResult.UpdatedDependencies);
         Assert.Equal(expectedResult.ExpectedUpdatedDependenciesCount ?? expectedResult.UpdatedDependencies.Length, actualResult.UpdatedDependencies.Length);
+        Assert.Equal(expectedResult.ErrorType, actualResult.ErrorType);
+        Assert.Equal(expectedResult.ErrorDetails, actualResult.ErrorDetails);
 
         return;