RubyGems - dependabot-nuget - Versions diffs - 0.290.0 → 0.291.0 - Mend

dependabot-nuget 0.290.0 → 0.291.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

data/lib/dependabot/nuget/file_parser.rb CHANGED Viewed

@@ -7,6 +7,8 @@ require "dependabot/file_parsers/base"
 require "dependabot/nuget/discovery/discovery_json_reader"
 require "dependabot/nuget/native_helpers"
 require "sorbet-runtime"
+require "dependabot/nuget/package_manager"
+require "dependabot/nuget/language"
 # For details on how dotnet handles version constraints, see:
 # https://docs.microsoft.com/en-us/nuget/reference/package-versioning
@@ -22,11 +24,40 @@ module Dependabot
         dependencies
       end
+      sig { returns(Ecosystem) }
+      def ecosystem
+        @ecosystem ||= T.let(
+          Ecosystem.new(
+            name: ECOSYSTEM,
+            package_manager: package_manager,
+            language: language
+          ),
+          T.nilable(Ecosystem)
+        )
+      end
       private
+      sig { returns(T.nilable(T::Array[String])) }
+      def content_json
+        @content_json ||= T.let(begin
+          directory = source&.directory || "/"
+          discovery_json_reader = DiscoveryJsonReader.run_discovery_in_directory(
+            repo_contents_path: T.must(repo_contents_path),
+            directory: directory,
+            credentials: credentials
+          )
+          discovery_json_reader.workspace_discovery&.projects&.map do |framework|
+            T.let(framework.instance_variable_get(:@target_frameworks), T::Array[String]).compact.join(",")
+          end
+        end, T.nilable(T::Array[String]))
+      end
       sig { returns(T::Array[Dependabot::Dependency]) }
       def dependencies
         @dependencies ||= T.let(begin
+          NativeHelpers.install_dotnet_sdks
           directory = source&.directory || "/"
           discovery_json_reader = DiscoveryJsonReader.run_discovery_in_directory(
             repo_contents_path: T.must(repo_contents_path),
@@ -53,6 +84,65 @@ module Dependabot
           "No project file."
         )
       end
+      sig { returns(T.nilable(Ecosystem::VersionManager)) }
+      def language
+        # Historically new version of language is released with incremental update of
+        # .Net version, so we tie the language with framework version for metric collection
+        nomenclature = "#{language_type} #{framework_version&.join(',')}".strip.tr(" ", "-")
+        Dependabot.logger.info("Detected language and framework #{nomenclature}")
+        case language_type
+        when CSharpLanguage::TYPE
+          CSharpLanguage.new(nomenclature)
+        when VBLanguage::TYPE
+          VBLanguage.new(nomenclature)
+        when FSharpLanguage::TYPE
+          FSharpLanguage.new(nomenclature)
+        when DotNet::TYPE
+          DotNet.new(nomenclature)
+        end
+      end
+      sig { returns(T.nilable(T::Array[String])) }
+      def framework_version
+        content_json
+      rescue StandardError
+        nil
+      end
+      sig { returns(T.nilable(String)) }
+      def language_type
+        requirement_files = dependencies.flat_map do |dep|
+          dep.requirements.map { |r| T.let(r.fetch(:file), String) }
+        end.uniq
+        return "cs" if requirement_files.any? { |f| File.basename(f).match?(/\.csproj$/) }
+        return "vb" if requirement_files.any? { |f| File.basename(f).match?(/\.vbproj$/) }
+        return "fs" if requirement_files.any? { |f| File.basename(f).match?(/\.fsproj$/) }
+        # return a fallback to avoid falling to exception
+        "dotnet"
+      end
+      sig { returns(Ecosystem::VersionManager) }
+      def package_manager
+        NugetPackageManager.new(T.must(nuget_version))
+      end
+      sig { returns(T.nilable(String)) }
+      def nuget_version
+        SharedHelpers.run_shell_command("dotnet nuget --version").split("Command Line").last&.strip
+      rescue StandardError
+        nil
+      end
     end
   end
 end

data/lib/dependabot/nuget/language.rb ADDED Viewed

@@ -0,0 +1,82 @@
+# typed: strong
+# frozen_string_literal: true
+require "sorbet-runtime"
+require "dependabot/nuget/version"
+require "dependabot/ecosystem"
+module Dependabot
+  module Nuget
+    class Language < Dependabot::Ecosystem::VersionManager
+      extend T::Sig
+      sig { params(language: String, raw_version: String, requirement: T.nilable(Requirement)).void }
+      def initialize(language, raw_version, requirement = nil)
+        super(language, Version.new(raw_version), [], [], requirement)
+      end
+    end
+    class CSharpLanguage < Dependabot::Ecosystem::VersionManager
+      extend T::Sig
+      LANGUAGE = "CSharp"
+      TYPE = "cs"
+      SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
+      DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
+      sig { params(language: String, requirement: T.nilable(Requirement)).void }
+      def initialize(language, requirement = nil)
+        super(language, Version.new(nil), [], [], requirement)
+      end
+    end
+    class VBLanguage < Dependabot::Ecosystem::VersionManager
+      extend T::Sig
+      LANGUAGE = "VB"
+      TYPE = "vb"
+      SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
+      DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
+      sig { params(language: String, requirement: T.nilable(Requirement)).void }
+      def initialize(language, requirement = nil)
+        super(language, Version.new(nil), [], [], requirement)
+      end
+    end
+    class FSharpLanguage < Dependabot::Ecosystem::VersionManager
+      extend T::Sig
+      LANGUAGE = "FSharp"
+      TYPE = "fs"
+      SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
+      DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
+      sig { params(language: String, requirement: T.nilable(Requirement)).void }
+      def initialize(language, requirement = nil)
+        super(language, Version.new(nil), [], [], requirement)
+      end
+    end
+    class DotNet < Dependabot::Ecosystem::VersionManager
+      extend T::Sig
+      TYPE = "dotnet"
+      SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
+      DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
+      sig { params(language: String, requirement: T.nilable(Requirement)).void }
+      def initialize(language, requirement = nil)
+        super(language, Version.new(nil), [], [], requirement)
+      end
+    end
+  end
+end

data/lib/dependabot/nuget/native_helpers.rb CHANGED Viewed

@@ -269,6 +269,27 @@ module Dependabot
         end
       end
+      sig { void }
+      def self.install_dotnet_sdks
+        return unless Dependabot::Experiments.enabled?(:nuget_install_dotnet_sdks)
+        # environment variables are required and the following will generate an actionable error message if they're not
+        _dependabot_job_path = ENV.fetch("DEPENDABOT_JOB_PATH")
+        _dependabot_repo_contents_path = ENV.fetch("DEPENDABOT_REPO_CONTENTS_PATH")
+        _dotnet_install_script_path = ENV.fetch("DOTNET_INSTALL_SCRIPT_PATH")
+        _dotnet_install_dir = ENV.fetch("DOTNET_INSTALL_DIR")
+        # this environment variable is directly used
+        dependabot_home = ENV.fetch("DEPENDABOT_HOME")
+        command = [
+          "pwsh",
+          "#{dependabot_home}/dependabot-updater/bin/install-sdks.ps1"
+        ].join(" ")
+        output = SharedHelpers.run_shell_command(command)
+        puts output
+      end
       sig { params(json: T::Hash[String, T.untyped]).void }
       def self.ensure_no_errors(json)
         error_type = T.let(json.fetch("ErrorType", nil), T.nilable(String))
@@ -276,6 +297,8 @@ module Dependabot
         case error_type
         when "None", nil
           # no issue
+        when "DependencyFileNotParseable"
+          raise DependencyFileNotParseable, T.must(T.let(error_details, T.nilable(String)))
         when "AuthenticationFailure"
           raise PrivateSourceAuthenticationFailure, T.let(error_details, T.nilable(String))
         when "MissingFile"

data/lib/dependabot/nuget/package_manager.rb ADDED Viewed

@@ -0,0 +1,51 @@
+# typed: strong
+# frozen_string_literal: true
+require "sorbet-runtime"
+require "dependabot/nuget/version"
+require "dependabot/ecosystem"
+require "dependabot/nuget/requirement"
+module Dependabot
+  module Nuget
+    ECOSYSTEM = "dotnet"
+    SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
+    DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
+    class NugetPackageManager < Dependabot::Ecosystem::VersionManager
+      extend T::Sig
+      NAME = "nuget"
+      SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
+      DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
+      sig do
+        params(
+          raw_version: T.nilable(String)
+        ).void
+      end
+      def initialize(raw_version)
+        super(
+          NAME,
+          Version.new(raw_version),
+          SUPPORTED_VERSIONS,
+          DEPRECATED_VERSIONS
+       )
+      end
+      sig { override.returns(T::Boolean) }
+      def deprecated?
+        false
+      end
+      sig { override.returns(T::Boolean) }
+      def unsupported?
+        false
+      end
+    end
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-nuget
 version: !ruby/object:Gem::Version
-  version: 0.290.0
+  version: 0.291.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-12-12 00:00:00.000000000 Z
+date: 2024-12-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.290.0
+        version: 0.291.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.290.0
+        version: 0.291.0
 - !ruby/object:Gem::Dependency
   name: rubyzip
   requirement: !ruby/object:Gem::Requirement
@@ -491,9 +491,11 @@ files:
 - lib/dependabot/nuget/file_fetcher.rb
 - lib/dependabot/nuget/file_parser.rb
 - lib/dependabot/nuget/file_updater.rb
+- lib/dependabot/nuget/language.rb
 - lib/dependabot/nuget/metadata_finder.rb
 - lib/dependabot/nuget/native_helpers.rb
 - lib/dependabot/nuget/nuget_config_credential_helpers.rb
+- lib/dependabot/nuget/package_manager.rb
 - lib/dependabot/nuget/requirement.rb
 - lib/dependabot/nuget/update_checker.rb
 - lib/dependabot/nuget/update_checker/requirements_updater.rb
@@ -503,7 +505,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.290.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.291.0
 post_install_message:
 rdoc_options: []
 require_paths: