dependabot-nuget 0.290.0 → 0.291.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (27) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/lib/NuGetUpdater/NuGetUpdater.Cli.Test/EntryPointTests.Update.cs +1 -1
  3. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/AnalyzeWorker.cs +3 -0
  4. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/DependencyFinder.cs +2 -0
  5. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/DiscoveryWorker.cs +44 -5
  6. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/PackagesConfigDiscovery.cs +2 -2
  7. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/ProjectDiscoveryResult.cs +2 -0
  8. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/SdkProjectDiscovery.cs +19 -11
  9. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/ErrorType.cs +1 -0
  10. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/ExperimentsManager.cs +3 -0
  11. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/LockFileUpdater.cs +3 -2
  12. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/PackageReferenceUpdater.cs +43 -18
  13. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/UpdaterWorker.cs +1 -1
  14. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs +40 -14
  15. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/NuGetHelper.cs +2 -2
  16. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/ProcessExtensions.cs +45 -7
  17. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTests.cs +41 -0
  18. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/ExpectedDiscoveryResults.cs +1 -0
  19. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/SdkProjectDiscoveryTests.cs +1 -1
  20. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/MockNuGetPackage.cs +2 -1
  21. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/MSBuildHelperTests.cs +246 -60
  22. data/lib/dependabot/nuget/file_fetcher.rb +1 -0
  23. data/lib/dependabot/nuget/file_parser.rb +90 -0
  24. data/lib/dependabot/nuget/language.rb +82 -0
  25. data/lib/dependabot/nuget/native_helpers.rb +23 -0
  26. data/lib/dependabot/nuget/package_manager.rb +51 -0
  27. metadata +7 -5
@@ -7,6 +7,8 @@ require "dependabot/file_parsers/base"
7
7
  require "dependabot/nuget/discovery/discovery_json_reader"
8
8
  require "dependabot/nuget/native_helpers"
9
9
  require "sorbet-runtime"
10
+ require "dependabot/nuget/package_manager"
11
+ require "dependabot/nuget/language"
10
12
 
11
13
  # For details on how dotnet handles version constraints, see:
12
14
  # https://docs.microsoft.com/en-us/nuget/reference/package-versioning
@@ -22,11 +24,40 @@ module Dependabot
22
24
  dependencies
23
25
  end
24
26
 
27
+ sig { returns(Ecosystem) }
28
+ def ecosystem
29
+ @ecosystem ||= T.let(
30
+ Ecosystem.new(
31
+ name: ECOSYSTEM,
32
+ package_manager: package_manager,
33
+ language: language
34
+ ),
35
+ T.nilable(Ecosystem)
36
+ )
37
+ end
38
+
25
39
  private
26
40
 
41
+ sig { returns(T.nilable(T::Array[String])) }
42
+ def content_json
43
+ @content_json ||= T.let(begin
44
+ directory = source&.directory || "/"
45
+ discovery_json_reader = DiscoveryJsonReader.run_discovery_in_directory(
46
+ repo_contents_path: T.must(repo_contents_path),
47
+ directory: directory,
48
+ credentials: credentials
49
+ )
50
+
51
+ discovery_json_reader.workspace_discovery&.projects&.map do |framework|
52
+ T.let(framework.instance_variable_get(:@target_frameworks), T::Array[String]).compact.join(",")
53
+ end
54
+ end, T.nilable(T::Array[String]))
55
+ end
56
+
27
57
  sig { returns(T::Array[Dependabot::Dependency]) }
28
58
  def dependencies
29
59
  @dependencies ||= T.let(begin
60
+ NativeHelpers.install_dotnet_sdks
30
61
  directory = source&.directory || "/"
31
62
  discovery_json_reader = DiscoveryJsonReader.run_discovery_in_directory(
32
63
  repo_contents_path: T.must(repo_contents_path),
@@ -53,6 +84,65 @@ module Dependabot
53
84
  "No project file."
54
85
  )
55
86
  end
87
+
88
+ sig { returns(T.nilable(Ecosystem::VersionManager)) }
89
+ def language
90
+ # Historically new version of language is released with incremental update of
91
+ # .Net version, so we tie the language with framework version for metric collection
92
+
93
+ nomenclature = "#{language_type} #{framework_version&.join(',')}".strip.tr(" ", "-")
94
+
95
+ Dependabot.logger.info("Detected language and framework #{nomenclature}")
96
+
97
+ case language_type
98
+
99
+ when CSharpLanguage::TYPE
100
+ CSharpLanguage.new(nomenclature)
101
+
102
+ when VBLanguage::TYPE
103
+ VBLanguage.new(nomenclature)
104
+
105
+ when FSharpLanguage::TYPE
106
+ FSharpLanguage.new(nomenclature)
107
+
108
+ when DotNet::TYPE
109
+ DotNet.new(nomenclature)
110
+
111
+ end
112
+ end
113
+
114
+ sig { returns(T.nilable(T::Array[String])) }
115
+ def framework_version
116
+ content_json
117
+ rescue StandardError
118
+ nil
119
+ end
120
+
121
+ sig { returns(T.nilable(String)) }
122
+ def language_type
123
+ requirement_files = dependencies.flat_map do |dep|
124
+ dep.requirements.map { |r| T.let(r.fetch(:file), String) }
125
+ end.uniq
126
+
127
+ return "cs" if requirement_files.any? { |f| File.basename(f).match?(/\.csproj$/) }
128
+ return "vb" if requirement_files.any? { |f| File.basename(f).match?(/\.vbproj$/) }
129
+ return "fs" if requirement_files.any? { |f| File.basename(f).match?(/\.fsproj$/) }
130
+
131
+ # return a fallback to avoid falling to exception
132
+ "dotnet"
133
+ end
134
+
135
+ sig { returns(Ecosystem::VersionManager) }
136
+ def package_manager
137
+ NugetPackageManager.new(T.must(nuget_version))
138
+ end
139
+
140
+ sig { returns(T.nilable(String)) }
141
+ def nuget_version
142
+ SharedHelpers.run_shell_command("dotnet nuget --version").split("Command Line").last&.strip
143
+ rescue StandardError
144
+ nil
145
+ end
56
146
  end
57
147
  end
58
148
  end
@@ -0,0 +1,82 @@
1
+ # typed: strong
2
+ # frozen_string_literal: true
3
+
4
+ require "sorbet-runtime"
5
+ require "dependabot/nuget/version"
6
+ require "dependabot/ecosystem"
7
+
8
+ module Dependabot
9
+ module Nuget
10
+ class Language < Dependabot::Ecosystem::VersionManager
11
+ extend T::Sig
12
+
13
+ sig { params(language: String, raw_version: String, requirement: T.nilable(Requirement)).void }
14
+ def initialize(language, raw_version, requirement = nil)
15
+ super(language, Version.new(raw_version), [], [], requirement)
16
+ end
17
+ end
18
+
19
+ class CSharpLanguage < Dependabot::Ecosystem::VersionManager
20
+ extend T::Sig
21
+
22
+ LANGUAGE = "CSharp"
23
+ TYPE = "cs"
24
+
25
+ SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
26
+
27
+ DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
28
+
29
+ sig { params(language: String, requirement: T.nilable(Requirement)).void }
30
+ def initialize(language, requirement = nil)
31
+ super(language, Version.new(nil), [], [], requirement)
32
+ end
33
+ end
34
+
35
+ class VBLanguage < Dependabot::Ecosystem::VersionManager
36
+ extend T::Sig
37
+
38
+ LANGUAGE = "VB"
39
+ TYPE = "vb"
40
+
41
+ SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
42
+
43
+ DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
44
+
45
+ sig { params(language: String, requirement: T.nilable(Requirement)).void }
46
+ def initialize(language, requirement = nil)
47
+ super(language, Version.new(nil), [], [], requirement)
48
+ end
49
+ end
50
+
51
+ class FSharpLanguage < Dependabot::Ecosystem::VersionManager
52
+ extend T::Sig
53
+
54
+ LANGUAGE = "FSharp"
55
+ TYPE = "fs"
56
+
57
+ SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
58
+
59
+ DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
60
+
61
+ sig { params(language: String, requirement: T.nilable(Requirement)).void }
62
+ def initialize(language, requirement = nil)
63
+ super(language, Version.new(nil), [], [], requirement)
64
+ end
65
+ end
66
+
67
+ class DotNet < Dependabot::Ecosystem::VersionManager
68
+ extend T::Sig
69
+
70
+ TYPE = "dotnet"
71
+
72
+ SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
73
+
74
+ DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
75
+
76
+ sig { params(language: String, requirement: T.nilable(Requirement)).void }
77
+ def initialize(language, requirement = nil)
78
+ super(language, Version.new(nil), [], [], requirement)
79
+ end
80
+ end
81
+ end
82
+ end
@@ -269,6 +269,27 @@ module Dependabot
269
269
  end
270
270
  end
271
271
 
272
+ sig { void }
273
+ def self.install_dotnet_sdks
274
+ return unless Dependabot::Experiments.enabled?(:nuget_install_dotnet_sdks)
275
+
276
+ # environment variables are required and the following will generate an actionable error message if they're not
277
+ _dependabot_job_path = ENV.fetch("DEPENDABOT_JOB_PATH")
278
+ _dependabot_repo_contents_path = ENV.fetch("DEPENDABOT_REPO_CONTENTS_PATH")
279
+ _dotnet_install_script_path = ENV.fetch("DOTNET_INSTALL_SCRIPT_PATH")
280
+ _dotnet_install_dir = ENV.fetch("DOTNET_INSTALL_DIR")
281
+
282
+ # this environment variable is directly used
283
+ dependabot_home = ENV.fetch("DEPENDABOT_HOME")
284
+
285
+ command = [
286
+ "pwsh",
287
+ "#{dependabot_home}/dependabot-updater/bin/install-sdks.ps1"
288
+ ].join(" ")
289
+ output = SharedHelpers.run_shell_command(command)
290
+ puts output
291
+ end
292
+
272
293
  sig { params(json: T::Hash[String, T.untyped]).void }
273
294
  def self.ensure_no_errors(json)
274
295
  error_type = T.let(json.fetch("ErrorType", nil), T.nilable(String))
@@ -276,6 +297,8 @@ module Dependabot
276
297
  case error_type
277
298
  when "None", nil
278
299
  # no issue
300
+ when "DependencyFileNotParseable"
301
+ raise DependencyFileNotParseable, T.must(T.let(error_details, T.nilable(String)))
279
302
  when "AuthenticationFailure"
280
303
  raise PrivateSourceAuthenticationFailure, T.let(error_details, T.nilable(String))
281
304
  when "MissingFile"
@@ -0,0 +1,51 @@
1
+ # typed: strong
2
+ # frozen_string_literal: true
3
+
4
+ require "sorbet-runtime"
5
+ require "dependabot/nuget/version"
6
+ require "dependabot/ecosystem"
7
+ require "dependabot/nuget/requirement"
8
+
9
+ module Dependabot
10
+ module Nuget
11
+ ECOSYSTEM = "dotnet"
12
+
13
+ SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
14
+
15
+ DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
16
+
17
+ class NugetPackageManager < Dependabot::Ecosystem::VersionManager
18
+ extend T::Sig
19
+
20
+ NAME = "nuget"
21
+
22
+ SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
23
+
24
+ DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
25
+
26
+ sig do
27
+ params(
28
+ raw_version: T.nilable(String)
29
+ ).void
30
+ end
31
+ def initialize(raw_version)
32
+ super(
33
+ NAME,
34
+ Version.new(raw_version),
35
+ SUPPORTED_VERSIONS,
36
+ DEPRECATED_VERSIONS
37
+ )
38
+ end
39
+
40
+ sig { override.returns(T::Boolean) }
41
+ def deprecated?
42
+ false
43
+ end
44
+
45
+ sig { override.returns(T::Boolean) }
46
+ def unsupported?
47
+ false
48
+ end
49
+ end
50
+ end
51
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-nuget
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.290.0
4
+ version: 0.291.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-12-12 00:00:00.000000000 Z
11
+ date: 2024-12-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.290.0
19
+ version: 0.291.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.290.0
26
+ version: 0.291.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rubyzip
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -491,9 +491,11 @@ files:
491
491
  - lib/dependabot/nuget/file_fetcher.rb
492
492
  - lib/dependabot/nuget/file_parser.rb
493
493
  - lib/dependabot/nuget/file_updater.rb
494
+ - lib/dependabot/nuget/language.rb
494
495
  - lib/dependabot/nuget/metadata_finder.rb
495
496
  - lib/dependabot/nuget/native_helpers.rb
496
497
  - lib/dependabot/nuget/nuget_config_credential_helpers.rb
498
+ - lib/dependabot/nuget/package_manager.rb
497
499
  - lib/dependabot/nuget/requirement.rb
498
500
  - lib/dependabot/nuget/update_checker.rb
499
501
  - lib/dependabot/nuget/update_checker/requirements_updater.rb
@@ -503,7 +505,7 @@ licenses:
503
505
  - MIT
504
506
  metadata:
505
507
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
506
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.290.0
508
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.291.0
507
509
  post_install_message:
508
510
  rdoc_options: []
509
511
  require_paths: