dependabot-nuget 0.287.0 → 0.289.0

data/lib/dependabot/nuget/native_discovery/native_discovery_json_reader.rb

@@ -2,6 +2,8 @@
 # frozen_string_literal: true
 
 require "dependabot/dependency"
+require "dependabot/file_parsers/base/dependency_set"
+require "dependabot/nuget/cache_manager"
 require "dependabot/nuget/native_discovery/native_workspace_discovery"
 require "json"
 require "sorbet-runtime"
@@ -12,114 +14,169 @@ module Dependabot
       extend T::Sig
 
       sig { returns(T::Hash[String, NativeDiscoveryJsonReader]) }
-      def self.discovery_result_cache
-        T.let(CacheManager.cache("discovery_json_cache"), T::Hash[String, NativeDiscoveryJsonReader])
+      def self.cache_directory_to_discovery_json_reader
+        CacheManager.cache("cache_directory_to_discovery_json_reader")
       end
 
-      sig { returns(T::Hash[String, String]) }
-      def self.discovery_path_cache
-        T.let(CacheManager.cache("discovery_path_cache"), T::Hash[String, String])
+      sig { returns(T::Hash[String, NativeDiscoveryJsonReader]) }
+      def self.cache_dependency_file_paths_to_discovery_json_reader
+        CacheManager.cache("cache_dependency_file_paths_to_discovery_json_reader")
       end
 
-      sig do
-        params(
-          dependency_files: T::Array[Dependabot::DependencyFile]
-        ).returns(NativeDiscoveryJsonReader)
+      sig { returns(T::Hash[String, String]) }
+      def self.cache_dependency_file_paths_to_discovery_json_path
+        CacheManager.cache("cache_dependency_file_paths_to_discovery_json_path")
       end
-      def self.get_discovery_from_dependency_files(dependency_files)
-        key = create_cache_key(dependency_files)
-        discovery_json = discovery_result_cache[key]
-        raise "No discovery result for specified dependency files: #{key}" unless discovery_json
 
-        discovery_json
+      sig { void }
+      def self.testonly_clear_caches
+        cache_directory_to_discovery_json_reader.clear
+        cache_dependency_file_paths_to_discovery_json_reader.clear
+        cache_dependency_file_paths_to_discovery_json_path.clear
       end
 
-      sig do
-        params(
-          dependency_files: T::Array[Dependabot::DependencyFile],
-          discovery: NativeDiscoveryJsonReader
-        ).void
+      sig { void }
+      def self.testonly_clear_discovery_files
+        # this will get recreated when necessary
+        FileUtils.rm_rf(discovery_directory)
       end
-      def self.set_discovery_from_dependency_files(dependency_files:, discovery:)
-        key = create_cache_key(dependency_files)
-        discovery_result_cache[key] = discovery
+
+      sig { params(error_if_missing: T::Boolean).void }
+      def self.debug_report_discovery_files(error_if_missing:)
+        if File.exist?(discovery_map_file_path)
+          Dependabot.logger.info("Discovery map file (#{discovery_map_file_path}) contents: " \
+                                 "#{File.read(discovery_map_file_path)}")
+          Dependabot.logger.info("Discovery files: #{Dir.glob(File.join(discovery_directory, '*'))}")
+        elsif error_if_missing
+          Dependabot.logger.error("discovery map file missing")
+        end
       end
 
+      # Runs NuGet dependency discovery in the given directory and returns a new instance of NativeDiscoveryJsonReader.
+      # The location of the resultant JSON file is saved.
       sig do
         params(
-          dependency_files: T::Array[Dependabot::DependencyFile]
-        ).returns(String)
+          repo_contents_path: String,
+          directory: String,
+          credentials: T::Array[Dependabot::Credential]
+        ).returns(NativeDiscoveryJsonReader)
       end
-      def self.get_discovery_file_path_from_dependency_files(dependency_files)
-        key = create_cache_key(dependency_files)
-        discovery_path = discovery_path_cache[key]
-        raise "No discovery path found for specified dependency files: #{key}" unless discovery_path
+      def self.run_discovery_in_directory(repo_contents_path:, directory:, credentials:)
+        # run discovery
+        job_file_path = ENV.fetch("DEPENDABOT_JOB_PATH")
+        discovery_json_path = discovery_file_path_from_workspace_path(directory)
+        unless File.exist?(discovery_json_path)
+          NativeHelpers.run_nuget_discover_tool(job_path: job_file_path,
+                                                repo_root: repo_contents_path,
+                                                workspace_path: directory,
+                                                output_path: discovery_json_path,
+                                                credentials: credentials)
 
-        discovery_path
+          Dependabot.logger.info("Discovery JSON content: #{File.read(discovery_json_path)}")
+        end
+        load_discovery_for_directory(repo_contents_path: repo_contents_path, directory: directory)
       end
 
-      sig do
-        params(
-          dependency_files: T::Array[Dependabot::DependencyFile]
-        ).returns(String)
-      end
-      def self.create_discovery_file_path_from_dependency_files(dependency_files)
-        discovery_key = create_cache_key(dependency_files)
-        if discovery_path_cache[discovery_key]
-          raise "Discovery file path already exists for the given dependency files: #{discovery_key}"
+      # Loads NuGet dependency discovery for the given directory and returns a new instance of
+      # NativeDiscoveryJsonReader and caches the resultant object.
+      sig { params(repo_contents_path: String, directory: String).returns(NativeDiscoveryJsonReader) }
+      def self.load_discovery_for_directory(repo_contents_path:, directory:)
+        cache_directory_to_discovery_json_reader[directory] ||= begin
+          discovery_json_reader = discovery_json_reader(repo_contents_path: repo_contents_path,
+                                                        workspace_path: directory)
+          cache_directory_to_discovery_json_reader[directory] = discovery_json_reader
+          dependency_file_cache_key = cache_key_from_dependency_file_paths(discovery_json_reader.dependency_file_paths)
+          cache_dependency_file_paths_to_discovery_json_reader[dependency_file_cache_key] = discovery_json_reader
+          discovery_file_path = discovery_file_path_from_workspace_path(directory)
+          cache_dependency_file_paths_to_discovery_json_path[dependency_file_cache_key] = discovery_file_path
+
+          discovery_json_reader
         end
+      end
 
-        discovery_counter_cache = T.let(CacheManager.cache("discovery_counter_cache"), T::Hash[String, Integer])
-        counter_key = "counter"
-        current_counter = discovery_counter_cache[counter_key] || 0
-        current_counter += 1
-        discovery_counter_cache[counter_key] = current_counter
-        incremeted_discovery_file_path = File.join(temp_directory, "discovery.#{current_counter}.json")
-        discovery_path_cache[discovery_key] = incremeted_discovery_file_path
-        incremeted_discovery_file_path
+      # Retrieves the cached NativeDiscoveryJsonReader object for the given dependency file paths.
+      sig { params(dependency_file_paths: T::Array[String]).returns(NativeDiscoveryJsonReader) }
+      def self.load_discovery_for_dependency_file_paths(dependency_file_paths)
+        dependency_file_cache_key = cache_key_from_dependency_file_paths(dependency_file_paths)
+        T.must(cache_dependency_file_paths_to_discovery_json_reader[dependency_file_cache_key])
       end
 
-      # this is a test-only method
-      sig do
-        params(
-          dependency_files: T::Array[Dependabot::DependencyFile]
-        ).void
+      # Retrieves the cached location of the discovery JSON file for the given dependency file paths.
+      sig { params(dependency_file_paths: T::Array[String]).returns(String) }
+      def self.get_discovery_json_path_for_dependency_file_paths(dependency_file_paths)
+        dependency_file_cache_key = cache_key_from_dependency_file_paths(dependency_file_paths)
+        T.must(cache_dependency_file_paths_to_discovery_json_path[dependency_file_cache_key])
       end
-      def self.clear_discovery_file_path_from_cache(dependency_files)
-        key = create_cache_key(dependency_files)
-        discovery_file_path = discovery_path_cache[key]
-        File.delete(discovery_file_path) if discovery_file_path && File.exist?(discovery_file_path)
-        discovery_path_cache.delete(key)
+
+      sig { params(repo_contents_path: String, dependency_file: Dependabot::DependencyFile).returns(String) }
+      def self.dependency_file_path(repo_contents_path:, dependency_file:)
+        dep_file_path = Pathname.new(File.join(dependency_file.directory, dependency_file.name)).cleanpath.to_path
+        dep_file_path.delete_prefix("#{repo_contents_path}/")
       end
 
-      sig do
-        params(
-          dependency_files: T::Array[Dependabot::DependencyFile]
-        ).returns(String)
+      sig { returns(String) }
+      def self.discovery_map_file_path
+        File.join(discovery_directory, "discovery_map.json")
       end
-      def self.create_cache_key(dependency_files)
-        dependency_files.map { |d| d.to_h.except("content") }.to_s
+
+      sig { params(workspace_path: String).returns(String) }
+      def self.discovery_file_path_from_workspace_path(workspace_path)
+        # Given an update directory (also known as a workspace path), this function returns the path where the discovery
+        # JSON file is located.  This function is called both by methods that need to write the discovery JSON file and
+        # by methods that need to read the discovery JSON file.  This function is also called by multiple processes so
+        # we need a way to retain the data.  This is accomplished by the following steps:
+        #  1. Check a well-known file for a mapping of workspace_path => discovery file path.  If found, return it.
+        #  2. If the path is not found, generate a new path, save it to the well-known file, and return the value.
+        discovery_map_contents = File.exist?(discovery_map_file_path) ? File.read(discovery_map_file_path) : "{}"
+        discovery_map = T.let(JSON.parse(discovery_map_contents), T::Hash[String, String])
+
+        discovery_json_path = discovery_map[workspace_path]
+        if discovery_json_path
+          Dependabot.logger.info("Discovery JSON path for workspace path [#{workspace_path}] found in file " \
+                                 "[#{discovery_map_file_path}] at location [#{discovery_json_path}]")
+          return discovery_json_path
+        end
+
+        # no discovery JSON path found; generate a new one, but first find a suitable location
+        discovery_json_counter = 1
+        new_discovery_json_path = ""
+        loop do
+          new_discovery_json_path = File.join(discovery_directory, "discovery.#{discovery_json_counter}.json")
+          break unless File.exist?(new_discovery_json_path)
+
+          discovery_json_counter += 1
+        end
+
+        discovery_map[workspace_path] = new_discovery_json_path
+
+        File.write(discovery_map_file_path, discovery_map.to_json)
+        Dependabot.logger.info("Discovery JSON path for workspace path [#{workspace_path}] created for file " \
+                               "[#{discovery_map_file_path}] at location [#{new_discovery_json_path}]")
+        new_discovery_json_path
       end
 
-      sig { returns(String) }
-      def self.temp_directory
-        File.join(Dir.tmpdir, ".dependabot")
+      sig { params(dependency_file_paths: T::Array[String]).returns(String) }
+      def self.cache_key_from_dependency_file_paths(dependency_file_paths)
+        dependency_file_paths.sort.join(",")
       end
 
-      sig do
-        params(
-          discovery_json_path: String
-        ).returns(T.nilable(DependencyFile))
+      sig { returns(String) }
+      def self.discovery_directory
+        t = File.join(Dir.home, ".dependabot")
+        FileUtils.mkdir_p(t)
+        t
       end
-      def self.discovery_json_from_path(discovery_json_path)
-        return unless File.exist?(discovery_json_path)
 
-        DependencyFile.new(
-          name: Pathname.new(discovery_json_path).cleanpath.to_path,
-          directory: temp_directory,
+      sig { params(repo_contents_path: String, workspace_path: String).returns(NativeDiscoveryJsonReader) }
+      def self.discovery_json_reader(repo_contents_path:, workspace_path:)
+        discovery_file_path = discovery_file_path_from_workspace_path(workspace_path)
+        discovery_json = DependencyFile.new(
+          name: Pathname.new(discovery_file_path).cleanpath.to_path,
+          directory: discovery_directory,
           type: "file",
-          content: File.read(discovery_json_path)
+          content: File.read(discovery_file_path)
         )
+        NativeDiscoveryJsonReader.new(repo_contents_path: repo_contents_path, discovery_json: discovery_json)
       end
 
       sig { returns(T.nilable(NativeWorkspaceDiscovery)) }
@@ -128,15 +185,23 @@ module Dependabot
       sig { returns(Dependabot::FileParsers::Base::DependencySet) }
       attr_reader :dependency_set
 
-      sig { params(discovery_json: DependencyFile).void }
-      def initialize(discovery_json:)
+      sig { returns(T::Array[String]) }
+      attr_reader :dependency_file_paths
+
+      sig { params(repo_contents_path: String, discovery_json: DependencyFile).void }
+      def initialize(repo_contents_path:, discovery_json:)
+        @repo_contents_path = repo_contents_path
         @discovery_json = discovery_json
         @workspace_discovery = T.let(read_workspace_discovery, T.nilable(Dependabot::Nuget::NativeWorkspaceDiscovery))
         @dependency_set = T.let(read_dependency_set, Dependabot::FileParsers::Base::DependencySet)
+        @dependency_file_paths = T.let(read_dependency_file_paths, T::Array[String])
       end
 
       private
 
+      sig { returns(String) }
+      attr_reader :repo_contents_path
+
       sig { returns(DependencyFile) }
       attr_reader :discovery_json
 
@@ -159,9 +224,6 @@ module Dependabot
         workspace_result.projects.each do |project|
           dependency_set += project.dependency_set
         end
-        if workspace_result.directory_packages_props
-          dependency_set += T.must(workspace_result.directory_packages_props).dependency_set
-        end
         if workspace_result.dotnet_tools_json
           dependency_set += T.must(workspace_result.dotnet_tools_json).dependency_set
         end
@@ -169,6 +231,47 @@ module Dependabot
 
         dependency_set
       end
+
+      sig { returns(T::Array[String]) }
+      def read_dependency_file_paths
+        dependency_file_paths = T.let([], T::Array[T.nilable(String)])
+        dependency_file_paths << dependency_file_path_from_repo_path("global.json") if workspace_discovery&.global_json
+        if workspace_discovery&.dotnet_tools_json
+          dependency_file_paths << dependency_file_path_from_repo_path(".config/dotnet-tools.json")
+        end
+
+        projects = workspace_discovery&.projects || []
+        projects.each do |project|
+          dependency_file_paths << dependency_file_path_from_repo_path(project.file_path)
+          dependency_file_paths += project.imported_files.map do |f|
+            dependency_file_path_from_project_path(project.file_path, f)
+          end
+          dependency_file_paths += project.additional_files.map do |f|
+            dependency_file_path_from_project_path(project.file_path, f)
+          end
+        end
+
+        deduped_dependency_file_paths = T.let(Set.new(dependency_file_paths.compact), T::Set[String])
+        result = deduped_dependency_file_paths.sort
+        result
+      end
+
+      sig { params(path_parts: String).returns(T.nilable(String)) }
+      def dependency_file_path_from_repo_path(*path_parts)
+        path_parts = path_parts.map { |p| p.delete_prefix("/").delete_suffix("/") }
+        normalized_repo_path = Pathname.new(path_parts.join("/")).cleanpath.to_path.delete_prefix("/")
+        full_path = Pathname.new(File.join(repo_contents_path, normalized_repo_path)).cleanpath.to_path
+        return unless File.exist?(full_path)
+
+        normalized_repo_path = "/#{normalized_repo_path}" unless normalized_repo_path.start_with?("/")
+        normalized_repo_path
+      end
+
+      sig { params(project_path: String, relative_file_path: String).returns(T.nilable(String)) }
+      def dependency_file_path_from_project_path(project_path, relative_file_path)
+        project_directory = File.dirname(project_path)
+        dependency_file_path_from_repo_path(project_directory, relative_file_path)
+      end
     end
   end
 end

data/lib/dependabot/nuget/native_discovery/native_project_discovery.rb

@@ -10,6 +10,7 @@ module Dependabot
     class NativeProjectDiscovery < NativeDependencyFileDiscovery
       extend T::Sig
 
+      # rubocop:disable Metrics/AbcSize
       sig do
         override.params(json: T.nilable(T::Hash[String, T.untyped]),
                         directory: String).returns(T.nilable(NativeProjectDiscovery))
@@ -36,26 +37,41 @@ module Dependabot
 
           details
         end
+        imported_files = T.let(json.fetch("ImportedFiles"), T::Array[String])
+        additional_files = T.let(json.fetch("AdditionalFiles"), T::Array[String])
 
         NativeProjectDiscovery.new(file_path: file_path,
                                    properties: properties,
                                    target_frameworks: target_frameworks,
                                    referenced_project_paths: referenced_project_paths,
-                                   dependencies: dependencies)
+                                   dependencies: dependencies,
+                                   imported_files: imported_files,
+                                   additional_files: additional_files)
       end
+      # rubocop:enable Metrics/AbcSize
 
       sig do
         params(file_path: String,
                properties: T::Array[NativePropertyDetails],
                target_frameworks: T::Array[String],
                referenced_project_paths: T::Array[String],
-               dependencies: T::Array[NativeDependencyDetails]).void
+               dependencies: T::Array[NativeDependencyDetails],
+               imported_files: T::Array[String],
+               additional_files: T::Array[String]).void
       end
-      def initialize(file_path:, properties:, target_frameworks:, referenced_project_paths:, dependencies:)
+      def initialize(file_path:,
+                     properties:,
+                     target_frameworks:,
+                     referenced_project_paths:,
+                     dependencies:,
+                     imported_files:,
+                     additional_files:)
         super(file_path: file_path, dependencies: dependencies)
         @properties = properties
         @target_frameworks = target_frameworks
         @referenced_project_paths = referenced_project_paths
+        @imported_files = imported_files
+        @additional_files = additional_files
       end
 
       sig { returns(T::Array[NativePropertyDetails]) }
@@ -67,6 +83,12 @@ module Dependabot
       sig { returns(T::Array[String]) }
       attr_reader :referenced_project_paths
 
+      sig { returns(T::Array[String]) }
+      attr_reader :imported_files
+
+      sig { returns(T::Array[String]) }
+      attr_reader :additional_files
+
       sig { override.returns(Dependabot::FileParsers::Base::DependencySet) }
       def dependency_set
         if target_frameworks.empty? && file_path.end_with?("proj")

data/lib/dependabot/nuget/native_discovery/native_workspace_discovery.rb

@@ -2,7 +2,6 @@
 # frozen_string_literal: true
 
 require "dependabot/nuget/native_discovery/native_dependency_file_discovery"
-require "dependabot/nuget/native_discovery/native_directory_packages_props_discovery"
 require "dependabot/nuget/native_discovery/native_project_discovery"
 require "dependabot/nuget/native_helpers"
 require "sorbet-runtime"
@@ -21,9 +20,6 @@ module Dependabot
         projects = T.let(json.fetch("Projects"), T::Array[T::Hash[String, T.untyped]]).filter_map do |project|
           NativeProjectDiscovery.from_json(project, path)
         end
-        directory_packages_props = NativeDirectoryPackagesPropsDiscovery
-                                   .from_json(T.let(json.fetch("DirectoryPackagesProps"),
-                                                    T.nilable(T::Hash[String, T.untyped])), path)
         global_json = NativeDependencyFileDiscovery
                       .from_json(T.let(json.fetch("GlobalJson"), T.nilable(T::Hash[String, T.untyped])), path)
         dotnet_tools_json = NativeDependencyFileDiscovery
@@ -32,7 +28,6 @@ module Dependabot
 
         NativeWorkspaceDiscovery.new(path: path,
                                      projects: projects,
-                                     directory_packages_props: directory_packages_props,
                                      global_json: global_json,
                                      dotnet_tools_json: dotnet_tools_json)
       end
@@ -40,14 +35,12 @@ module Dependabot
       sig do
         params(path: String,
                projects: T::Array[NativeProjectDiscovery],
-               directory_packages_props: T.nilable(NativeDirectoryPackagesPropsDiscovery),
                global_json: T.nilable(NativeDependencyFileDiscovery),
                dotnet_tools_json: T.nilable(NativeDependencyFileDiscovery)).void
       end
-      def initialize(path:, projects:, directory_packages_props:, global_json:, dotnet_tools_json:)
+      def initialize(path:, projects:, global_json:, dotnet_tools_json:)
         @path = path
         @projects = projects
-        @directory_packages_props = directory_packages_props
         @global_json = global_json
         @dotnet_tools_json = dotnet_tools_json
       end
@@ -58,9 +51,6 @@ module Dependabot
       sig { returns(T::Array[NativeProjectDiscovery]) }
       attr_reader :projects
 
-      sig { returns(T.nilable(NativeDirectoryPackagesPropsDiscovery)) }
-      attr_reader :directory_packages_props
-
       sig { returns(T.nilable(NativeDependencyFileDiscovery)) }
       attr_reader :global_json
 

data/lib/dependabot/nuget/native_helpers.rb

@@ -54,13 +54,20 @@ module Dependabot
       end
 
       sig do
-        params(repo_root: String, workspace_path: String, output_path: String).returns([String, String])
+        params(
+          job_path: String,
+          repo_root: String,
+          workspace_path: String,
+          output_path: String
+        ).returns([String, String])
       end
-      def self.get_nuget_discover_tool_command(repo_root:, workspace_path:, output_path:)
+      def self.get_nuget_discover_tool_command(job_path:, repo_root:, workspace_path:, output_path:)
         exe_path = File.join(native_helpers_root, "NuGetUpdater", "NuGetUpdater.Cli")
         command_parts = [
           exe_path,
           "discover",
+          "--job-path",
+          job_path,
           "--repo-root",
           repo_root,
           "--workspace",
@@ -87,14 +94,16 @@ module Dependabot
 
       sig do
         params(
+          job_path: String,
           repo_root: String,
           workspace_path: String,
           output_path: String,
           credentials: T::Array[Dependabot::Credential]
         ).void
       end
-      def self.run_nuget_discover_tool(repo_root:, workspace_path:, output_path:, credentials:)
-        (command, fingerprint) = get_nuget_discover_tool_command(repo_root: repo_root,
+      def self.run_nuget_discover_tool(job_path:, repo_root:, workspace_path:, output_path:, credentials:)
+        (command, fingerprint) = get_nuget_discover_tool_command(job_path: job_path,
+                                                                 repo_root: repo_root,
                                                                  workspace_path: workspace_path,
                                                                  output_path: output_path)
 

data/lib/dependabot/nuget/native_update_checker/native_update_checker.rb

@@ -89,12 +89,26 @@ module Dependabot
 
       sig { returns(String) }
       def dependency_file_path
-        File.join(NativeDiscoveryJsonReader.temp_directory, "dependency", "#{dependency.name}.json")
+        d = File.join(Dir.tmpdir, "dependency")
+        FileUtils.mkdir_p(d)
+        File.join(d, "#{dependency.name}.json")
+      end
+
+      sig { returns(T::Array[String]) }
+      def dependency_file_paths
+        dependency_files.map do |file|
+          NativeDiscoveryJsonReader.dependency_file_path(
+            repo_contents_path: T.must(repo_contents_path),
+            dependency_file: file
+          )
+        end
       end
 
       sig { returns(AnalysisJsonReader) }
       def request_analysis
-        discovery_file_path = NativeDiscoveryJsonReader.get_discovery_file_path_from_dependency_files(dependency_files)
+        discovery_file_path = NativeDiscoveryJsonReader.get_discovery_json_path_for_dependency_file_paths(
+          dependency_file_paths
+        )
         analysis_folder_path = AnalysisJsonReader.temp_directory
 
         write_dependency_info
@@ -140,8 +154,7 @@ module Dependabot
 
       sig { returns(Dependabot::FileParsers::Base::DependencySet) }
       def discovered_dependencies
-        discovery_json_reader = NativeDiscoveryJsonReader.get_discovery_from_dependency_files(dependency_files)
-        discovery_json_reader.dependency_set
+        NativeDiscoveryJsonReader.load_discovery_for_dependency_file_paths(dependency_file_paths).dependency_set
       end
 
       sig { override.returns(T::Boolean) }