dependabot-nuget 0.277.0 → 0.279.0

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/UpdaterWorker.cs

@@ -25,48 +25,19 @@ public class UpdaterWorker
 
     public async Task RunAsync(string repoRootPath, string workspacePath, string dependencyName, string previousDependencyVersion, string newDependencyVersion, bool isTransitive, string? resultOutputPath = null)
     {
-        MSBuildHelper.RegisterMSBuild(Environment.CurrentDirectory, repoRootPath);
-        UpdateOperationResult result;
-
-        if (!Path.IsPathRooted(workspacePath) || !File.Exists(workspacePath))
-        {
-            workspacePath = Path.GetFullPath(Path.Join(repoRootPath, workspacePath));
-        }
-
+        UpdateOperationResult result = new(); // assumed to be ok until proven otherwise
         try
         {
-            if (!isTransitive)
-            {
-                await DotNetToolsJsonUpdater.UpdateDependencyAsync(repoRootPath, workspacePath, dependencyName, previousDependencyVersion, newDependencyVersion, _logger);
-                await GlobalJsonUpdater.UpdateDependencyAsync(repoRootPath, workspacePath, dependencyName, previousDependencyVersion, newDependencyVersion, _logger);
-            }
-
-            var extension = Path.GetExtension(workspacePath).ToLowerInvariant();
-            switch (extension)
-            {
-                case ".sln":
-                    await RunForSolutionAsync(repoRootPath, workspacePath, dependencyName, previousDependencyVersion, newDependencyVersion, isTransitive);
-                    break;
-                case ".proj":
-                    await RunForProjFileAsync(repoRootPath, workspacePath, dependencyName, previousDependencyVersion, newDependencyVersion, isTransitive);
-                    break;
-                case ".csproj":
-                case ".fsproj":
-                case ".vbproj":
-                    await RunForProjectAsync(repoRootPath, workspacePath, dependencyName, previousDependencyVersion, newDependencyVersion, isTransitive);
-                    break;
-                default:
-                    _logger.Log($"File extension [{extension}] is not supported.");
-                    break;
-            }
-
-            result = new(); // all ok
-            _logger.Log("Update complete.");
+            result = await RunAsync(repoRootPath, workspacePath, dependencyName, previousDependencyVersion, newDependencyVersion, isTransitive);
         }
         catch (HttpRequestException ex)
         when (ex.StatusCode == HttpStatusCode.Unauthorized || ex.StatusCode == HttpStatusCode.Forbidden)
         {
-            // TODO: consolidate this error handling between AnalyzeWorker, DiscoveryWorker, and UpdateWorker
+            if (!Path.IsPathRooted(workspacePath) || !File.Exists(workspacePath))
+            {
+                workspacePath = Path.GetFullPath(Path.Join(repoRootPath, workspacePath));
+            }
+
             result = new()
             {
                 ErrorType = ErrorType.AuthenticationFailure,
@@ -82,13 +53,52 @@ public class UpdaterWorker
             };
         }
 
-        _processedProjectPaths.Clear();
         if (resultOutputPath is { })
         {
             await WriteResultFile(result, resultOutputPath, _logger);
         }
     }
 
+    public async Task<UpdateOperationResult> RunAsync(string repoRootPath, string workspacePath, string dependencyName, string previousDependencyVersion, string newDependencyVersion, bool isTransitive)
+    {
+        MSBuildHelper.RegisterMSBuild(Environment.CurrentDirectory, repoRootPath);
+
+        if (!Path.IsPathRooted(workspacePath) || !File.Exists(workspacePath))
+        {
+            workspacePath = Path.GetFullPath(Path.Join(repoRootPath, workspacePath));
+        }
+
+        if (!isTransitive)
+        {
+            await DotNetToolsJsonUpdater.UpdateDependencyAsync(repoRootPath, workspacePath, dependencyName, previousDependencyVersion, newDependencyVersion, _logger);
+            await GlobalJsonUpdater.UpdateDependencyAsync(repoRootPath, workspacePath, dependencyName, previousDependencyVersion, newDependencyVersion, _logger);
+        }
+
+        var extension = Path.GetExtension(workspacePath).ToLowerInvariant();
+        switch (extension)
+        {
+            case ".sln":
+                await RunForSolutionAsync(repoRootPath, workspacePath, dependencyName, previousDependencyVersion, newDependencyVersion, isTransitive);
+                break;
+            case ".proj":
+                await RunForProjFileAsync(repoRootPath, workspacePath, dependencyName, previousDependencyVersion, newDependencyVersion, isTransitive);
+                break;
+            case ".csproj":
+            case ".fsproj":
+            case ".vbproj":
+                await RunForProjectAsync(repoRootPath, workspacePath, dependencyName, previousDependencyVersion, newDependencyVersion, isTransitive);
+                break;
+            default:
+                _logger.Log($"File extension [{extension}] is not supported.");
+                break;
+        }
+
+        _logger.Log("Update complete.");
+
+        _processedProjectPaths.Clear();
+        return new UpdateOperationResult();
+    }
+
     internal static async Task WriteResultFile(UpdateOperationResult result, string resultOutputPath, Logger logger)
     {
         logger.Log($"  Writing update result to [{resultOutputPath}].");
@@ -189,5 +199,11 @@ public class UpdaterWorker
 
         // Some repos use a mix of packages.config and PackageReference
         await SdkPackageUpdater.UpdateDependencyAsync(repoRootPath, projectPath, dependencyName, previousDependencyVersion, newDependencyVersion, isTransitive, _logger);
+
+        // Update lock file if exists
+        if (File.Exists(Path.Combine(Path.GetDirectoryName(projectPath), "packages.lock.json")))
+        {
+            await LockFileUpdater.UpdateLockFileAsync(repoRootPath, projectPath, _logger);
+        }
     }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs

@@ -322,7 +322,7 @@ internal static partial class MSBuildHelper
         try
         {
             var tempProjectPath = await CreateTempProjectAsync(tempDirectory, repoRoot, projectPath, targetFramework, packages);
-            var (exitCode, stdOut, stdErr) = await ProcessEx.RunAsync("dotnet", $"restore \"{tempProjectPath}\"", workingDirectory: tempDirectory.FullName);
+            var (exitCode, stdOut, stdErr) = await ProcessEx.RunAsync("dotnet", ["restore", tempProjectPath], workingDirectory: tempDirectory.FullName);
 
             // NU1608: Detected package version outside of dependency constraint
 
@@ -359,7 +359,7 @@ internal static partial class MSBuildHelper
         try
         {
             string tempProjectPath = await CreateTempProjectAsync(tempDirectory, repoRoot, projectPath, targetFramework, packages);
-            var (exitCode, stdOut, stdErr) = await ProcessEx.RunAsync("dotnet", $"restore \"{tempProjectPath}\"", workingDirectory: tempDirectory.FullName);
+            var (exitCode, stdOut, stdErr) = await ProcessEx.RunAsync("dotnet", ["restore", tempProjectPath], workingDirectory: tempDirectory.FullName);
 
             // Add Dependency[] packages to List<PackageToUpdate> existingPackages
             List<PackageToUpdate> existingPackages = packages
@@ -515,7 +515,7 @@ internal static partial class MSBuildHelper
         try
         {
             var tempProjectPath = await CreateTempProjectAsync(tempDirectory, repoRoot, projectPath, targetFramework, packages);
-            var (exitCode, stdOut, stdErr) = await ProcessEx.RunAsync("dotnet", $"restore \"{tempProjectPath}\"", workingDirectory: tempDirectory.FullName);
+            var (exitCode, stdOut, stdErr) = await ProcessEx.RunAsync("dotnet", ["restore", tempProjectPath], workingDirectory: tempDirectory.FullName);
             ThrowOnUnauthenticatedFeed(stdOut);
 
             // simple cases first
@@ -540,7 +540,7 @@ internal static partial class MSBuildHelper
             foreach ((string PackageName, NuGetVersion packageVersion) in badPackagesAndVersions)
             {
                 // this command dumps a JSON object with all versions of the specified package from all package sources
-                (exitCode, stdOut, stdErr) = await ProcessEx.RunAsync("dotnet", $"package search {PackageName} --exact-match --format json", workingDirectory: tempDirectory.FullName);
+                (exitCode, stdOut, stdErr) = await ProcessEx.RunAsync("dotnet", ["package", "search", PackageName, "--exact-match", "--format", "json"], workingDirectory: tempDirectory.FullName);
                 if (exitCode != 0)
                 {
                     continue;
@@ -770,7 +770,7 @@ internal static partial class MSBuildHelper
             var topLevelPackagesNames = packages.Select(p => p.Name).ToHashSet(StringComparer.OrdinalIgnoreCase);
             var tempProjectPath = await CreateTempProjectAsync(tempDirectory, repoRoot, projectPath, targetFramework, packages);
 
-            var (exitCode, stdout, stderr) = await ProcessEx.RunAsync("dotnet", $"build \"{tempProjectPath}\" /t:_ReportDependencies", workingDirectory: tempDirectory.FullName);
+            var (exitCode, stdout, stderr) = await ProcessEx.RunAsync("dotnet", ["build", tempProjectPath, "/t:_ReportDependencies"], workingDirectory: tempDirectory.FullName);
             ThrowOnUnauthenticatedFeed(stdout);
 
             if (exitCode == 0)

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/NuGetHelper.cs

@@ -26,7 +26,7 @@ internal static class NuGetHelper
         try
         {
             var tempProjectPath = await MSBuildHelper.CreateTempProjectAsync(tempDirectory, repoRoot, projectPath, "netstandard2.0", packages, usePackageDownload: true);
-            var (exitCode, stdOut, stdErr) = await ProcessEx.RunAsync("dotnet", $"restore \"{tempProjectPath}\"");
+            var (exitCode, stdOut, stdErr) = await ProcessEx.RunAsync("dotnet", ["restore", tempProjectPath]);
 
             return exitCode == 0;
         }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/PathHelper.cs

@@ -25,8 +25,42 @@ internal static class PathHelper
             : Path.Combine(path1, path2);
     }
 
+    public static string EnsurePrefix(this string s, string prefix) => s.StartsWith(prefix) ? s : prefix + s;
+
     public static string NormalizePathToUnix(this string path) => path.Replace("\\", "/");
 
+    public static string NormalizeUnixPathParts(this string path)
+    {
+        var parts = path.Split('/');
+        var resultantParts = new List<string>();
+        foreach (var part in parts)
+        {
+            switch (part)
+            {
+                case "":
+                case ".":
+                    break;
+                case "..":
+                    if (resultantParts.Count > 0)
+                    {
+                        resultantParts.RemoveAt(resultantParts.Count - 1);
+                    }
+                    break;
+                default:
+                    resultantParts.Add(part);
+                    break;
+            }
+        }
+
+        var result = string.Join("/", resultantParts);
+        if (path.StartsWith("/") && !result.StartsWith("/"))
+        {
+            result = "/" + result;
+        }
+
+        return result;
+    }
+
     public static string GetFullPathFromRelative(string rootPath, string relativePath)
         => Path.GetFullPath(JoinPath(rootPath, relativePath.NormalizePathToUnix()));
 

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/ProcessExtensions.cs

@@ -5,17 +5,15 @@ namespace NuGetUpdater.Core;
 
 public static class ProcessEx
 {
-    public static Task<(int ExitCode, string Output, string Error)> RunAsync(string fileName, string arguments = "", string? workingDirectory = null)
+    public static Task<(int ExitCode, string Output, string Error)> RunAsync(string fileName, IEnumerable<string>? arguments = null, string? workingDirectory = null)
     {
         var tcs = new TaskCompletionSource<(int, string, string)>();
 
         var redirectInitiated = new ManualResetEventSlim();
         var process = new Process
         {
-            StartInfo =
+            StartInfo = new ProcessStartInfo(fileName, arguments ?? [])
             {
-                FileName = fileName,
-                Arguments = arguments,
                 UseShellExecute = false, // required to redirect output
                 RedirectStandardOutput = true,
                 RedirectStandardError = true,

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Analyze/RequirementTests.cs

@@ -46,11 +46,14 @@ public class RequirementTests
     }
 
     [Theory]
+    [InlineData("> *", "> 0")] // standard wildcard, no digits
     [InlineData("> 1.*", "> 1.0")] // standard wildcard, single digit
     [InlineData("> 1.2.*", "> 1.2.0")] // standard wildcard, multiple digit
+    [InlineData("> a", "> 0")] // alternate wildcard, no digits
     [InlineData("> 1.a", "> 1.0")] // alternate wildcard, single digit
     [InlineData("> 1.2.a", "> 1.2.0")] // alternate wildcard, multiple digit
-    public void Parse_ConvertsWildcardInVersion(string givenRequirementString, string expectedRequirementString)
+    [InlineData(">= 1.40.0, ", ">= 1.40.0")] // empty string following comma
+    public void Parse_Requirement(string givenRequirementString, string expectedRequirementString)
     {
         var parsedRequirement = Requirement.Parse(givenRequirementString);
         var actualRequirementString = parsedRequirement.ToString();

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/MockNuGetPackage.cs

@@ -315,7 +315,7 @@ namespace NuGetUpdater.Core.Test
                     </Project>
                     """
                 );
-                var (exitCode, stdout, stderr) = ProcessEx.RunAsync("dotnet", $"msbuild {projectPath} /t:_ReportCurrentSdkVersion").Result;
+                var (exitCode, stdout, stderr) = ProcessEx.RunAsync("dotnet", ["msbuild", projectPath, "/t:_ReportCurrentSdkVersion"]).Result;
                 if (exitCode != 0)
                 {
                     throw new Exception($"Failed to report the current SDK version:\n{stdout}\n{stderr}");
@@ -391,6 +391,7 @@ namespace NuGetUpdater.Core.Test
             WellKnownReferencePackage("Microsoft.AspNetCore.App", "net6.0"),
             WellKnownReferencePackage("Microsoft.AspNetCore.App", "net7.0"),
             WellKnownReferencePackage("Microsoft.AspNetCore.App", "net8.0"),
+            WellKnownReferencePackage("Microsoft.AspNetCore.App", "net9.0"),
             WellKnownReferencePackage("Microsoft.NETCore.App", "net6.0",
             [
                 ("data/FrameworkList.xml", Encoding.UTF8.GetBytes("""
@@ -412,9 +413,17 @@ namespace NuGetUpdater.Core.Test
                     </FileList>
                     """))
             ]),
+            WellKnownReferencePackage("Microsoft.NETCore.App", "net9.0",
+            [
+                ("data/FrameworkList.xml", Encoding.UTF8.GetBytes("""
+                    <FileList TargetFrameworkIdentifier=".NETCoreApp" TargetFrameworkVersion="9.0" FrameworkName="Microsoft.NETCore.App" Name=".NET Runtime">
+                    </FileList>
+                    """))
+            ]),
             WellKnownReferencePackage("Microsoft.WindowsDesktop.App", "net6.0"),
             WellKnownReferencePackage("Microsoft.WindowsDesktop.App", "net7.0"),
             WellKnownReferencePackage("Microsoft.WindowsDesktop.App", "net8.0"),
+            WellKnownReferencePackage("Microsoft.WindowsDesktop.App", "net9.0"),
         ];
     }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/RunWorkerTests.cs

@@ -0,0 +1,315 @@
+using System.Text;
+using System.Text.Json;
+using System.Xml.Linq;
+
+using NuGetUpdater.Core.Run;
+using NuGetUpdater.Core.Run.ApiModel;
+using NuGetUpdater.Core.Test.Update;
+
+using Xunit;
+
+namespace NuGetUpdater.Core.Test.Run;
+
+using TestFile = (string Path, string Content);
+
+public class RunWorkerTests
+{
+    [Fact]
+    public async Task UpdateSinglePackageProducedExpectedAPIMessages()
+    {
+        var repoMetadata = XElement.Parse("""<repository type="git" url="https://nuget.example.com/some-package" />""");
+        await RunAsync(
+            packages:
+            [
+                MockNuGetPackage.CreateSimplePackage("Some.Package", "1.0.0", "net8.0", additionalMetadata: [repoMetadata]),
+                MockNuGetPackage.CreateSimplePackage("Some.Package", "1.0.1", "net8.0", additionalMetadata: [repoMetadata]),
+            ],
+            job: new Job()
+            {
+                PackageManager = "nuget",
+                Source = new()
+                {
+                    Provider = "github",
+                    Repo = "test/repo",
+                    Directory = "some-dir",
+                },
+                AllowedUpdates =
+                [
+                    new() { UpdateType = "all" }
+                ]
+            },
+            files:
+            [
+                ("some-dir/project.csproj", """
+                    <Project Sdk="Microsoft.NET.Sdk">
+                      <PropertyGroup>
+                        <TargetFramework>net8.0</TargetFramework>
+                      </PropertyGroup>
+                      <ItemGroup>
+                        <PackageReference Include="Some.Package" Version="1.0.0" />
+                      </ItemGroup>
+                    </Project>
+                    """)
+            ],
+            expectedResult: new RunResult()
+            {
+                Base64DependencyFiles =
+                [
+                    new DependencyFile()
+                    {
+                        Directory = "/some-dir",
+                        Name = "project.csproj",
+                        Content = Convert.ToBase64String(Encoding.UTF8.GetBytes("""
+                            <Project Sdk="Microsoft.NET.Sdk">
+                              <PropertyGroup>
+                                <TargetFramework>net8.0</TargetFramework>
+                              </PropertyGroup>
+                              <ItemGroup>
+                                <PackageReference Include="Some.Package" Version="1.0.0" />
+                              </ItemGroup>
+                            </Project>
+                            """))
+                    }
+                ],
+                BaseCommitSha = "TEST-COMMIT-SHA",
+            },
+            expectedApiMessages:
+            [
+                new UpdatedDependencyList()
+                {
+                    Dependencies =
+                    [
+                        new ReportedDependency()
+                        {
+                            Name = "Some.Package",
+                            Version = "1.0.0",
+                            Requirements =
+                            [
+                                new ReportedRequirement()
+                                {
+                                    Requirement = "1.0.0",
+                                    File = "/some-dir/project.csproj",
+                                    Groups = ["dependencies"],
+                                }
+                            ]
+                        }
+                    ],
+                    DependencyFiles = ["/some-dir/project.csproj"],
+                },
+                new IncrementMetric()
+                {
+                    Metric = "updater.started",
+                    Tags = new()
+                    {
+                        ["operation"] = "group_update_all_versions"
+                    }
+                },
+                new CreatePullRequest()
+                {
+                    Dependencies =
+                    [
+                        new ReportedDependency()
+                        {
+                            Name = "Some.Package",
+                            Version = "1.0.1",
+                            Requirements =
+                            [
+                                new ReportedRequirement()
+                                {
+                                    Requirement = "1.0.1",
+                                    File = "/some-dir/project.csproj",
+                                    Groups = ["dependencies"],
+                                    Source = new()
+                                    {
+                                        SourceUrl = "https://nuget.example.com/some-package",
+                                        Type = "nuget_repo",
+                                    }
+                                }
+                            ],
+                            PreviousVersion = "1.0.0",
+                            PreviousRequirements =
+                            [
+                                new ReportedRequirement()
+                                {
+                                    Requirement = "1.0.0",
+                                    File = "/some-dir/project.csproj",
+                                    Groups = ["dependencies"],
+                                }
+                            ],
+                        }
+                    ],
+                    UpdatedDependencyFiles =
+                    [
+                        new DependencyFile()
+                        {
+                            Name = "project.csproj",
+                            Directory = "some-dir",
+                            Content = """
+                                <Project Sdk="Microsoft.NET.Sdk">
+                                  <PropertyGroup>
+                                    <TargetFramework>net8.0</TargetFramework>
+                                  </PropertyGroup>
+                                  <ItemGroup>
+                                    <PackageReference Include="Some.Package" Version="1.0.1" />
+                                  </ItemGroup>
+                                </Project>
+                                """,
+                        },
+                    ],
+                    BaseCommitSha = "TEST-COMMIT-SHA",
+                    CommitMessage = "TODO: message",
+                    PrTitle = "TODO: title",
+                    PrBody = "TODO: body",
+                },
+                new MarkAsProcessed()
+                {
+                    BaseCommitSha = "TEST-COMMIT-SHA",
+                }
+            ]
+        );
+    }
+
+    [Fact]
+    public async Task PrivateSourceAuthenticationFailureIsForwaredToApiHandler()
+    {
+        static (int, string) TestHttpHandler(string uriString)
+        {
+            var uri = new Uri(uriString, UriKind.Absolute);
+            var baseUrl = $"{uri.Scheme}://{uri.Host}:{uri.Port}";
+            return uri.PathAndQuery switch
+            {
+                // initial request is good
+                "/index.json" => (200, $$"""
+                    {
+                        "version": "3.0.0",
+                        "resources": [
+                            {
+                                "@id": "{{baseUrl}}/download",
+                                "@type": "PackageBaseAddress/3.0.0"
+                            },
+                            {
+                                "@id": "{{baseUrl}}/query",
+                                "@type": "SearchQueryService"
+                            },
+                            {
+                                "@id": "{{baseUrl}}/registrations",
+                                "@type": "RegistrationsBaseUrl"
+                            }
+                        ]
+                    }
+                    """),
+                // all other requests are unauthorized
+                _ => (401, "{}"),
+            };
+        }
+        using var http = TestHttpServer.CreateTestStringServer(TestHttpHandler);
+        await RunAsync(
+            packages:
+            [
+            ],
+            job: new Job()
+            {
+                PackageManager = "nuget",
+                Source = new()
+                {
+                    Provider = "github",
+                    Repo = "test/repo",
+                    Directory = "/",
+                },
+                AllowedUpdates =
+                [
+                    new() { UpdateType = "all" }
+                ]
+            },
+            files:
+            [
+                ("NuGet.Config", $"""
+                    <configuration>
+                      <packageSources>
+                        <clear />
+                        <add key="private_feed" value="{http.BaseUrl.TrimEnd('/')}/index.json" allowInsecureConnections="true" />
+                      </packageSources>
+                    </configuration>
+                    """),
+                ("project.csproj", """
+                    <Project Sdk="Microsoft.NET.Sdk">
+                      <PropertyGroup>
+                        <TargetFramework>net8.0</TargetFramework>
+                      </PropertyGroup>
+                      <ItemGroup>
+                        <PackageReference Include="Some.Package" Version="1.0.0" />
+                      </ItemGroup>
+                    </Project>
+                    """)
+            ],
+            expectedResult: new RunResult()
+            {
+                Base64DependencyFiles = [],
+                BaseCommitSha = "TEST-COMMIT-SHA",
+            },
+            expectedApiMessages:
+            [
+                new PrivateSourceAuthenticationFailure()
+                {
+                    Details = $"({http.BaseUrl.TrimEnd('/')}/index.json)"
+                },
+                new MarkAsProcessed()
+                {
+                    BaseCommitSha = "TEST-COMMIT-SHA",
+                }
+            ]
+        );
+    }
+
+    private static async Task RunAsync(Job job, TestFile[] files, RunResult expectedResult, object[] expectedApiMessages, MockNuGetPackage[]? packages = null)
+    {
+        // arrange
+        using var tempDirectory = new TemporaryDirectory();
+        await UpdateWorkerTestBase.MockNuGetPackagesInDirectory(packages, tempDirectory.DirectoryPath);
+        foreach (var (path, content) in files)
+        {
+            var fullPath = Path.Combine(tempDirectory.DirectoryPath, path);
+            var directory = Path.GetDirectoryName(fullPath)!;
+            Directory.CreateDirectory(directory);
+            await File.WriteAllTextAsync(fullPath, content);
+        }
+
+        // act
+        var testApiHandler = new TestApiHandler();
+        var worker = new RunWorker(testApiHandler, new Logger(verbose: false));
+        var repoContentsPath = new DirectoryInfo(tempDirectory.DirectoryPath);
+        var actualResult = await worker.RunAsync(job, repoContentsPath, "TEST-COMMIT-SHA");
+        var actualApiMessages = testApiHandler.ReceivedMessages.ToArray();
+
+        // assert
+        var actualRunResultJson = JsonSerializer.Serialize(actualResult);
+        var expectedRunResultJson = JsonSerializer.Serialize(expectedResult);
+        Assert.Equal(expectedRunResultJson, actualRunResultJson);
+        for (int i = 0; i < Math.Min(actualApiMessages.Length, expectedApiMessages.Length); i++)
+        {
+            var actualMessage = actualApiMessages[i];
+            var expectedMessage = expectedApiMessages[i];
+            Assert.Equal(expectedMessage.GetType(), actualMessage.Type);
+
+            var expectedContent = SerializeObjectAndType(expectedMessage);
+            var actualContent = SerializeObjectAndType(actualMessage.Object);
+            Assert.Equal(expectedContent, actualContent);
+        }
+
+        if (actualApiMessages.Length > expectedApiMessages.Length)
+        {
+            var extraApiMessages = actualApiMessages.Skip(expectedApiMessages.Length).Select(m => SerializeObjectAndType(m.Object)).ToArray();
+            Assert.Fail($"Expected {expectedApiMessages.Length} API messages, but got {extraApiMessages.Length} extra:\n\t{string.Join("\n\t", extraApiMessages)}");
+        }
+        if (expectedApiMessages.Length > actualApiMessages.Length)
+        {
+            var missingApiMessages = expectedApiMessages.Skip(actualApiMessages.Length).Select(m => SerializeObjectAndType(m)).ToArray();
+            Assert.Fail($"Expected {expectedApiMessages.Length} API messages, but only got {actualApiMessages.Length}; missing:\n\t{string.Join("\n\t", missingApiMessages)}");
+        }
+    }
+
+    private static string SerializeObjectAndType(object obj)
+    {
+        return $"{obj.GetType().Name}:{JsonSerializer.Serialize(obj)}";
+    }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/SerializationTests.cs

@@ -0,0 +1,60 @@
+using NuGetUpdater.Core.Run;
+
+using Xunit;
+
+namespace NuGetUpdater.Core.Test.Run;
+
+public class SerializationTests
+{
+    [Fact]
+    public void DeserializeJob()
+    {
+        var jobWrapper = RunWorker.Deserialize("""
+            {
+              "job": {
+                "package-manager": "nuget",
+                "allowed-updates": [
+                  {
+                    "update-type": "all"
+                  }
+                ],
+                "debug": false,
+                "dependency-groups": [],
+                "dependencies": null,
+                "dependency-group-to-refresh": null,
+                "existing-pull-requests": [],
+                "existing-group-pull-requests": [],
+                "experiments": null,
+                "ignore-conditions": [],
+                "lockfile-only": false,
+                "requirements-update-strategy": null,
+                "security-advisories": [],
+                "security-updates-only": false,
+                "source": {
+                  "provider": "github",
+                  "repo": "some-org/some-repo",
+                  "directory": "specific-sdk",
+                  "hostname": null,
+                  "api-endpoint": null
+                },
+                "update-subdependencies": false,
+                "updating-a-pull-request": false,
+                "vendor-dependencies": false,
+                "reject-external-code": false,
+                "repo-private": false,
+                "commit-message-options": null,
+                "credentials-metadata": [
+                  {
+                    "host": "github.com",
+                    "type": "git_source"
+                  }
+                ],
+                "max-updater-run-time": 0
+              }
+            }
+            """);
+        Assert.Equal("github", jobWrapper.Job.Source.Provider);
+        Assert.Equal("some-org/some-repo", jobWrapper.Job.Source.Repo);
+        Assert.Equal("specific-sdk", jobWrapper.Job.Source.Directory);
+    }
+}