dependabot-nuget 0.315.0 → 0.316.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Cli.Test/EntryPointTests.Run.cs +1 -1
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/WorkspaceDiscoveryResult.cs +6 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/ExperimentsManager.cs +3 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/ClosePullRequest.cs +15 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/CreatePullRequest.cs +47 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/DependencyGroup.cs +60 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/Job.cs +151 -23
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/JobErrorBase.cs +4 -18
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/PullRequestExistsForSecurityUpdate.cs +15 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/SecurityUpdateDependencyNotFound.cs +9 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/SecurityUpdateIgnored.cs +10 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/SecurityUpdateNotFound.cs +11 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/SecurityUpdateNotPossible.cs +13 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/UpdatePullRequest.cs +6 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ModifiedFilesTracker.cs +151 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/PullRequestTextGenerator.cs +78 -32
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/RunWorker.cs +99 -111
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/CreateSecurityUpdatePullRequestHandler.cs +169 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/GroupUpdateAllVersionsHandler.cs +271 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/IUpdateHandler.cs +22 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/RefreshGroupUpdatePullRequestHandler.cs +192 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/RefreshSecurityUpdatePullRequestHandler.cs +187 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/RefreshVersionUpdatePullRequestHandler.cs +175 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/UpdateOperationBase.cs +43 -2
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/ILogger.cs +17 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs +15 -9
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MarkdownListBuilder.cs +65 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/ApiModel/JobTests.cs +405 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/EndToEndTests.cs +92 -82
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/HttpApiHandlerTests.cs +5 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/MessageReportTests.cs +67 -1
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/MiscellaneousTests.cs +445 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/PullRequestMessageTests.cs +1 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/PullRequestTextTests.cs +260 -20
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/RunWorkerTests.cs +30 -2
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/SerializationTests.cs +69 -10
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/UpdateHandlers/CreateSecurityUpdatePullRequestHandlerTests.cs +766 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/UpdateHandlers/GroupUpdateAllVersionsHandlerTests.cs +636 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/UpdateHandlers/RefreshGroupUpdatePullRequestHandlerTests.cs +513 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/UpdateHandlers/RefreshSecurityUpdatePullRequestHandlerTests.cs +806 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/UpdateHandlers/RefreshVersionUpdatePullRequestHandlerTests.cs +589 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/UpdateHandlers/UpdateHandlerSelectionTests.cs +183 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/UpdateHandlers/UpdateHandlersTestsBase.cs +43 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/UpdatedDependencyListTests.cs +2 -2
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateOperationBaseTests.cs +121 -7
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.Mixed.cs +6 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.PackagesConfig.cs +2 -2
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/MSBuildHelperTests.cs +51 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/MarkdownListBuilderTests.cs +42 -0
- metadata +26 -4
@@ -0,0 +1,806 @@
|
|
1
|
+
using System.Collections.Immutable;
|
2
|
+
|
3
|
+
using NuGet.Versioning;
|
4
|
+
|
5
|
+
using NuGetUpdater.Core.Analyze;
|
6
|
+
using NuGetUpdater.Core.Discover;
|
7
|
+
using NuGetUpdater.Core.Run.ApiModel;
|
8
|
+
using NuGetUpdater.Core.Run.UpdateHandlers;
|
9
|
+
using NuGetUpdater.Core.Updater;
|
10
|
+
|
11
|
+
using Xunit;
|
12
|
+
|
13
|
+
namespace NuGetUpdater.Core.Test.Run.UpdateHandlers;
|
14
|
+
|
15
|
+
public class RefreshSecurityUpdatePullRequestHandlerTests : UpdateHandlersTestsBase
|
16
|
+
{
|
17
|
+
[Fact]
|
18
|
+
public async Task GeneratesUpdatePullRequest()
|
19
|
+
{
|
20
|
+
await TestAsync(
|
21
|
+
job: new Job()
|
22
|
+
{
|
23
|
+
Dependencies = ["Some.Dependency"],
|
24
|
+
ExistingPullRequests = [new() { Dependencies = [new() { DependencyName = "Some.Dependency", DependencyVersion = NuGetVersion.Parse("2.0.0") }] }],
|
25
|
+
SecurityAdvisories = [new() { DependencyName = "Some.Dependency", AffectedVersions = [Requirement.Parse("= 1.0.0")] }],
|
26
|
+
SecurityUpdatesOnly = true,
|
27
|
+
Source = CreateJobSource("/src"),
|
28
|
+
UpdatingAPullRequest = true,
|
29
|
+
},
|
30
|
+
files: [
|
31
|
+
("src/project.csproj", "initial contents"),
|
32
|
+
],
|
33
|
+
discoveryWorker: TestDiscoveryWorker.FromResults(
|
34
|
+
("/src", new WorkspaceDiscoveryResult()
|
35
|
+
{
|
36
|
+
Path = "/src",
|
37
|
+
Projects = [
|
38
|
+
new()
|
39
|
+
{
|
40
|
+
FilePath = "project.csproj",
|
41
|
+
Dependencies = [
|
42
|
+
new("Some.Dependency", "1.0.0", DependencyType.PackageReference, TargetFrameworks: ["net9.0"]),
|
43
|
+
new("Unrelated.Dependency", "3.0.0", DependencyType.PackageReference, TargetFrameworks: ["net9.0"]),
|
44
|
+
],
|
45
|
+
ImportedFiles = [],
|
46
|
+
AdditionalFiles = [],
|
47
|
+
}
|
48
|
+
],
|
49
|
+
})
|
50
|
+
),
|
51
|
+
analyzeWorker: new TestAnalyzeWorker(input =>
|
52
|
+
{
|
53
|
+
var repoRoot = input.Item1;
|
54
|
+
var discovery = input.Item2;
|
55
|
+
var dependencyInfo = input.Item3;
|
56
|
+
if (dependencyInfo.Name != "Some.Dependency")
|
57
|
+
{
|
58
|
+
throw new NotImplementedException($"Test didn't expect to update dependency {dependencyInfo.Name}");
|
59
|
+
}
|
60
|
+
|
61
|
+
return Task.FromResult(new AnalysisResult()
|
62
|
+
{
|
63
|
+
CanUpdate = true,
|
64
|
+
UpdatedVersion = "2.0.0",
|
65
|
+
UpdatedDependencies = [],
|
66
|
+
});
|
67
|
+
}),
|
68
|
+
updaterWorker: new TestUpdaterWorker(async input =>
|
69
|
+
{
|
70
|
+
var repoRoot = input.Item1;
|
71
|
+
var workspacePath = input.Item2;
|
72
|
+
var dependencyName = input.Item3;
|
73
|
+
var previousVersion = input.Item4;
|
74
|
+
var newVersion = input.Item5;
|
75
|
+
var isTransitive = input.Item6;
|
76
|
+
|
77
|
+
await File.WriteAllTextAsync(Path.Join(repoRoot, workspacePath), "updated contents");
|
78
|
+
|
79
|
+
return new UpdateOperationResult()
|
80
|
+
{
|
81
|
+
UpdateOperations = [new DirectUpdate() { DependencyName = "Some.Dependency", NewVersion = NuGetVersion.Parse("2.0.0"), UpdatedFiles = ["/src/project.csproj"] }],
|
82
|
+
};
|
83
|
+
}),
|
84
|
+
expectedUpdateHandler: RefreshSecurityUpdatePullRequestHandler.Instance,
|
85
|
+
expectedApiMessages: [
|
86
|
+
new UpdatedDependencyList()
|
87
|
+
{
|
88
|
+
Dependencies = [
|
89
|
+
new()
|
90
|
+
{
|
91
|
+
Name = "Some.Dependency",
|
92
|
+
Version = "1.0.0",
|
93
|
+
Requirements = [
|
94
|
+
new() { Requirement = "1.0.0", File = "/src/project.csproj", Groups = ["dependencies"] },
|
95
|
+
],
|
96
|
+
},
|
97
|
+
new()
|
98
|
+
{
|
99
|
+
Name = "Unrelated.Dependency",
|
100
|
+
Version = "3.0.0",
|
101
|
+
Requirements = [
|
102
|
+
new() { Requirement = "3.0.0", File = "/src/project.csproj", Groups = ["dependencies"] },
|
103
|
+
],
|
104
|
+
},
|
105
|
+
],
|
106
|
+
DependencyFiles = ["/src/project.csproj"],
|
107
|
+
},
|
108
|
+
new IncrementMetric()
|
109
|
+
{
|
110
|
+
Metric = "updater.started",
|
111
|
+
Tags = new()
|
112
|
+
{
|
113
|
+
["operation"] = "update_security_pr",
|
114
|
+
}
|
115
|
+
},
|
116
|
+
new UpdatePullRequest()
|
117
|
+
{
|
118
|
+
DependencyNames = ["Some.Dependency"],
|
119
|
+
DependencyGroup = null,
|
120
|
+
UpdatedDependencyFiles = [
|
121
|
+
new()
|
122
|
+
{
|
123
|
+
Directory = "/src",
|
124
|
+
Name = "project.csproj",
|
125
|
+
Content = "updated contents",
|
126
|
+
}
|
127
|
+
],
|
128
|
+
BaseCommitSha = "TEST-COMMIT-SHA",
|
129
|
+
CommitMessage = RunWorkerTests.TestPullRequestCommitMessage,
|
130
|
+
PrTitle = RunWorkerTests.TestPullRequestTitle,
|
131
|
+
PrBody = RunWorkerTests.TestPullRequestBody,
|
132
|
+
},
|
133
|
+
new MarkAsProcessed("TEST-COMMIT-SHA"),
|
134
|
+
]
|
135
|
+
);
|
136
|
+
}
|
137
|
+
|
138
|
+
[Fact]
|
139
|
+
public async Task GeneratesUpdatePullRequest_UpdatingOneProjectImplicitlyUpdatesTheOther()
|
140
|
+
{
|
141
|
+
await TestAsync(
|
142
|
+
job: new Job()
|
143
|
+
{
|
144
|
+
Dependencies = ["Some.Dependency"],
|
145
|
+
ExistingPullRequests = [new() { Dependencies = [new() { DependencyName = "Some.Dependency", DependencyVersion = NuGetVersion.Parse("2.0.0") }] }],
|
146
|
+
SecurityAdvisories = [new() { DependencyName = "Some.Dependency", AffectedVersions = [Requirement.Parse("= 1.0.0")] }],
|
147
|
+
SecurityUpdatesOnly = true,
|
148
|
+
Source = CreateJobSource("/src"),
|
149
|
+
UpdatingAPullRequest = true,
|
150
|
+
},
|
151
|
+
files: [
|
152
|
+
("src/Directory.Packages.props", "initial contents"),
|
153
|
+
("src/project1.csproj", "initial contents"),
|
154
|
+
("src/project2.csproj", "initial contents"),
|
155
|
+
],
|
156
|
+
discoveryWorker: TestDiscoveryWorker.FromResults(
|
157
|
+
("/src", new WorkspaceDiscoveryResult()
|
158
|
+
{
|
159
|
+
Path = "/src",
|
160
|
+
Projects = [
|
161
|
+
new()
|
162
|
+
{
|
163
|
+
FilePath = "project1.csproj",
|
164
|
+
Dependencies = [
|
165
|
+
new("Some.Dependency", "1.0.0", DependencyType.PackageReference, TargetFrameworks: ["net9.0"]),
|
166
|
+
],
|
167
|
+
ImportedFiles = ["Directory.Packages.props"],
|
168
|
+
AdditionalFiles = [],
|
169
|
+
},
|
170
|
+
new()
|
171
|
+
{
|
172
|
+
FilePath = "project2.csproj",
|
173
|
+
Dependencies = [
|
174
|
+
new("Some.Dependency", "1.0.0", DependencyType.PackageReference, TargetFrameworks: ["net9.0"]),
|
175
|
+
],
|
176
|
+
ImportedFiles = ["Directory.Packages.props"],
|
177
|
+
AdditionalFiles = [],
|
178
|
+
},
|
179
|
+
],
|
180
|
+
})
|
181
|
+
),
|
182
|
+
analyzeWorker: new TestAnalyzeWorker(input =>
|
183
|
+
{
|
184
|
+
var repoRoot = input.Item1;
|
185
|
+
var discovery = input.Item2;
|
186
|
+
var dependencyInfo = input.Item3;
|
187
|
+
if (dependencyInfo.Name != "Some.Dependency")
|
188
|
+
{
|
189
|
+
throw new NotImplementedException($"Test didn't expect to update dependency {dependencyInfo.Name}");
|
190
|
+
}
|
191
|
+
|
192
|
+
return Task.FromResult(new AnalysisResult()
|
193
|
+
{
|
194
|
+
CanUpdate = true,
|
195
|
+
UpdatedVersion = "2.0.0",
|
196
|
+
UpdatedDependencies = [],
|
197
|
+
});
|
198
|
+
}),
|
199
|
+
updaterWorker: new TestUpdaterWorker(async input =>
|
200
|
+
{
|
201
|
+
var repoRoot = input.Item1;
|
202
|
+
var workspacePath = input.Item2;
|
203
|
+
var dependencyName = input.Item3;
|
204
|
+
var previousVersion = input.Item4;
|
205
|
+
var newVersion = input.Item5;
|
206
|
+
var isTransitive = input.Item6;
|
207
|
+
|
208
|
+
await File.WriteAllTextAsync(Path.Join(repoRoot, "src/Directory.Packages.props"), "updated contents");
|
209
|
+
|
210
|
+
// only report an update performed on the first project
|
211
|
+
ImmutableArray<UpdateOperationBase> updateOperations = workspacePath.EndsWith("project1.csproj")
|
212
|
+
? [new DirectUpdate() { DependencyName = "Some.Dependency", NewVersion = NuGetVersion.Parse("2.0.0"), UpdatedFiles = ["/src/Directory.Packages.csproj"] }]
|
213
|
+
: [];
|
214
|
+
|
215
|
+
return new UpdateOperationResult()
|
216
|
+
{
|
217
|
+
UpdateOperations = updateOperations,
|
218
|
+
};
|
219
|
+
}),
|
220
|
+
expectedUpdateHandler: RefreshSecurityUpdatePullRequestHandler.Instance,
|
221
|
+
expectedApiMessages: [
|
222
|
+
new UpdatedDependencyList()
|
223
|
+
{
|
224
|
+
Dependencies = [
|
225
|
+
new()
|
226
|
+
{
|
227
|
+
Name = "Some.Dependency",
|
228
|
+
Version = "1.0.0",
|
229
|
+
Requirements = [
|
230
|
+
new() { Requirement = "1.0.0", File = "/src/project1.csproj", Groups = ["dependencies"] },
|
231
|
+
],
|
232
|
+
},
|
233
|
+
new()
|
234
|
+
{
|
235
|
+
Name = "Some.Dependency",
|
236
|
+
Version = "1.0.0",
|
237
|
+
Requirements = [
|
238
|
+
new() { Requirement = "1.0.0", File = "/src/project2.csproj", Groups = ["dependencies"] },
|
239
|
+
],
|
240
|
+
},
|
241
|
+
],
|
242
|
+
DependencyFiles = ["/src/Directory.Packages.props", "/src/project1.csproj", "/src/project2.csproj"],
|
243
|
+
},
|
244
|
+
new IncrementMetric()
|
245
|
+
{
|
246
|
+
Metric = "updater.started",
|
247
|
+
Tags = new()
|
248
|
+
{
|
249
|
+
["operation"] = "update_security_pr",
|
250
|
+
}
|
251
|
+
},
|
252
|
+
new UpdatePullRequest()
|
253
|
+
{
|
254
|
+
DependencyNames = ["Some.Dependency"],
|
255
|
+
DependencyGroup = null,
|
256
|
+
UpdatedDependencyFiles = [
|
257
|
+
new()
|
258
|
+
{
|
259
|
+
Directory = "/src",
|
260
|
+
Name = "Directory.Packages.props",
|
261
|
+
Content = "updated contents",
|
262
|
+
}
|
263
|
+
],
|
264
|
+
BaseCommitSha = "TEST-COMMIT-SHA",
|
265
|
+
CommitMessage = RunWorkerTests.TestPullRequestCommitMessage,
|
266
|
+
PrTitle = RunWorkerTests.TestPullRequestTitle,
|
267
|
+
PrBody = RunWorkerTests.TestPullRequestBody,
|
268
|
+
},
|
269
|
+
new MarkAsProcessed("TEST-COMMIT-SHA"),
|
270
|
+
]
|
271
|
+
);
|
272
|
+
}
|
273
|
+
|
274
|
+
[Fact]
|
275
|
+
public async Task GeneratesClosePullRequest_DependenciesRemoved()
|
276
|
+
{
|
277
|
+
await TestAsync(
|
278
|
+
job: new Job()
|
279
|
+
{
|
280
|
+
Dependencies = ["Some.Dependency"],
|
281
|
+
ExistingPullRequests = [new() { Dependencies = [new() { DependencyName = "Some.Dependency", DependencyVersion = NuGetVersion.Parse("2.0.0") }] }],
|
282
|
+
SecurityAdvisories = [new() { DependencyName = "Some.Dependency", AffectedVersions = [Requirement.Parse("= 1.0.0")] }],
|
283
|
+
SecurityUpdatesOnly = true,
|
284
|
+
Source = CreateJobSource("/src"),
|
285
|
+
UpdatingAPullRequest = true,
|
286
|
+
},
|
287
|
+
files: [
|
288
|
+
("src/project.csproj", "initial contents"),
|
289
|
+
],
|
290
|
+
discoveryWorker: TestDiscoveryWorker.FromResults(
|
291
|
+
("/src", new WorkspaceDiscoveryResult()
|
292
|
+
{
|
293
|
+
Path = "/src",
|
294
|
+
Projects = [
|
295
|
+
new()
|
296
|
+
{
|
297
|
+
FilePath = "project.csproj",
|
298
|
+
Dependencies = [
|
299
|
+
new("Unrelated.Dependency", "1.0.0", DependencyType.PackageReference, TargetFrameworks: ["net9.0"]),
|
300
|
+
],
|
301
|
+
ImportedFiles = [],
|
302
|
+
AdditionalFiles = [],
|
303
|
+
}
|
304
|
+
],
|
305
|
+
})
|
306
|
+
),
|
307
|
+
analyzeWorker: new TestAnalyzeWorker(input => throw new NotImplementedException("test shouldn't get this far")),
|
308
|
+
updaterWorker: new TestUpdaterWorker(input => throw new NotImplementedException("test shouldn't get this far")),
|
309
|
+
expectedUpdateHandler: RefreshSecurityUpdatePullRequestHandler.Instance,
|
310
|
+
expectedApiMessages: [
|
311
|
+
new UpdatedDependencyList()
|
312
|
+
{
|
313
|
+
Dependencies = [
|
314
|
+
new()
|
315
|
+
{
|
316
|
+
Name = "Unrelated.Dependency",
|
317
|
+
Version = "1.0.0",
|
318
|
+
Requirements = [
|
319
|
+
new() { Requirement = "1.0.0", File = "/src/project.csproj", Groups = ["dependencies"] },
|
320
|
+
],
|
321
|
+
}
|
322
|
+
],
|
323
|
+
DependencyFiles = ["/src/project.csproj"],
|
324
|
+
},
|
325
|
+
new IncrementMetric()
|
326
|
+
{
|
327
|
+
Metric = "updater.started",
|
328
|
+
Tags = new()
|
329
|
+
{
|
330
|
+
["operation"] = "update_security_pr",
|
331
|
+
}
|
332
|
+
},
|
333
|
+
new ClosePullRequest() { DependencyNames = ["Some.Dependency"], Reason = "dependencies_removed" },
|
334
|
+
new MarkAsProcessed("TEST-COMMIT-SHA"),
|
335
|
+
]
|
336
|
+
);
|
337
|
+
}
|
338
|
+
|
339
|
+
[Fact]
|
340
|
+
public async Task GeneratesClosePullRequest_DependencyRemoved()
|
341
|
+
{
|
342
|
+
await TestAsync(
|
343
|
+
job: new Job()
|
344
|
+
{
|
345
|
+
Dependencies = ["Some.Dependency", "Other.Dependency"],
|
346
|
+
ExistingPullRequests = [
|
347
|
+
new() { Dependencies = [new() { DependencyName = "Some.Dependency", DependencyVersion = NuGetVersion.Parse("2.0.0") }] },
|
348
|
+
new() { Dependencies = [new() { DependencyName = "Other.Dependency", DependencyVersion = NuGetVersion.Parse("2.0.0") }] },
|
349
|
+
],
|
350
|
+
SecurityAdvisories = [
|
351
|
+
new() { DependencyName = "Some.Dependency", AffectedVersions = [Requirement.Parse("= 1.0.0")] },
|
352
|
+
new() { DependencyName = "Other.Dependency", AffectedVersions = [Requirement.Parse("= 1.0.0")] },
|
353
|
+
],
|
354
|
+
SecurityUpdatesOnly = true,
|
355
|
+
Source = CreateJobSource("/src"),
|
356
|
+
UpdatingAPullRequest = true,
|
357
|
+
},
|
358
|
+
files: [
|
359
|
+
("src/project.csproj", "initial contents"),
|
360
|
+
],
|
361
|
+
discoveryWorker: TestDiscoveryWorker.FromResults(
|
362
|
+
("/src", new WorkspaceDiscoveryResult()
|
363
|
+
{
|
364
|
+
Path = "/src",
|
365
|
+
Projects = [
|
366
|
+
new()
|
367
|
+
{
|
368
|
+
FilePath = "project.csproj",
|
369
|
+
Dependencies = [
|
370
|
+
new("Some.Dependency", "1.0.0", DependencyType.PackageReference, TargetFrameworks: ["net9.0"]),
|
371
|
+
],
|
372
|
+
ImportedFiles = [],
|
373
|
+
AdditionalFiles = [],
|
374
|
+
}
|
375
|
+
],
|
376
|
+
})
|
377
|
+
),
|
378
|
+
analyzeWorker: new TestAnalyzeWorker(input => throw new NotImplementedException("test shouldn't get this far")),
|
379
|
+
updaterWorker: new TestUpdaterWorker(input => throw new NotImplementedException("test shouldn't get this far")),
|
380
|
+
expectedUpdateHandler: RefreshSecurityUpdatePullRequestHandler.Instance,
|
381
|
+
expectedApiMessages: [
|
382
|
+
new UpdatedDependencyList()
|
383
|
+
{
|
384
|
+
Dependencies = [
|
385
|
+
new()
|
386
|
+
{
|
387
|
+
Name = "Some.Dependency",
|
388
|
+
Version = "1.0.0",
|
389
|
+
Requirements = [
|
390
|
+
new() { Requirement = "1.0.0", File = "/src/project.csproj", Groups = ["dependencies"] },
|
391
|
+
],
|
392
|
+
}
|
393
|
+
],
|
394
|
+
DependencyFiles = ["/src/project.csproj"],
|
395
|
+
},
|
396
|
+
new IncrementMetric()
|
397
|
+
{
|
398
|
+
Metric = "updater.started",
|
399
|
+
Tags = new()
|
400
|
+
{
|
401
|
+
["operation"] = "update_security_pr",
|
402
|
+
}
|
403
|
+
},
|
404
|
+
new ClosePullRequest() { DependencyNames = ["Other.Dependency", "Some.Dependency"], Reason = "dependency_removed" },
|
405
|
+
new MarkAsProcessed("TEST-COMMIT-SHA"),
|
406
|
+
]
|
407
|
+
);
|
408
|
+
}
|
409
|
+
|
410
|
+
[Fact]
|
411
|
+
public async Task GeneratesClosePullRequest_UpToDate()
|
412
|
+
{
|
413
|
+
await TestAsync(
|
414
|
+
job: new Job()
|
415
|
+
{
|
416
|
+
Dependencies = ["Some.Dependency"],
|
417
|
+
ExistingPullRequests = [new() { Dependencies = [new() { DependencyName = "Some.Dependency", DependencyVersion = NuGetVersion.Parse("2.0.0") }] }],
|
418
|
+
SecurityAdvisories = [new() { DependencyName = "Some.Dependency", AffectedVersions = [Requirement.Parse("= 1.0.0")], PatchedVersions = [Requirement.Parse("2.0.0")] }],
|
419
|
+
SecurityUpdatesOnly = true,
|
420
|
+
Source = CreateJobSource("/src"),
|
421
|
+
UpdatingAPullRequest = true,
|
422
|
+
},
|
423
|
+
files: [
|
424
|
+
("src/project.csproj", "initial contents"),
|
425
|
+
],
|
426
|
+
discoveryWorker: TestDiscoveryWorker.FromResults(
|
427
|
+
("/src", new WorkspaceDiscoveryResult()
|
428
|
+
{
|
429
|
+
Path = "/src",
|
430
|
+
Projects = [
|
431
|
+
new()
|
432
|
+
{
|
433
|
+
FilePath = "project.csproj",
|
434
|
+
Dependencies = [
|
435
|
+
new("Some.Dependency", "2.0.0", DependencyType.PackageReference, TargetFrameworks: ["net9.0"]),
|
436
|
+
],
|
437
|
+
ImportedFiles = [],
|
438
|
+
AdditionalFiles = [],
|
439
|
+
}
|
440
|
+
],
|
441
|
+
})
|
442
|
+
),
|
443
|
+
analyzeWorker: new TestAnalyzeWorker(input => throw new NotImplementedException("test shouldn't get this far")),
|
444
|
+
updaterWorker: new TestUpdaterWorker(input => throw new NotImplementedException("test shouldn't get this far")),
|
445
|
+
expectedUpdateHandler: RefreshSecurityUpdatePullRequestHandler.Instance,
|
446
|
+
expectedApiMessages: [
|
447
|
+
new UpdatedDependencyList()
|
448
|
+
{
|
449
|
+
Dependencies = [
|
450
|
+
new()
|
451
|
+
{
|
452
|
+
Name = "Some.Dependency",
|
453
|
+
Version = "2.0.0",
|
454
|
+
Requirements = [
|
455
|
+
new() { Requirement = "2.0.0", File = "/src/project.csproj", Groups = ["dependencies"] },
|
456
|
+
],
|
457
|
+
}
|
458
|
+
],
|
459
|
+
DependencyFiles = ["/src/project.csproj"],
|
460
|
+
},
|
461
|
+
new IncrementMetric()
|
462
|
+
{
|
463
|
+
Metric = "updater.started",
|
464
|
+
Tags = new()
|
465
|
+
{
|
466
|
+
["operation"] = "update_security_pr",
|
467
|
+
}
|
468
|
+
},
|
469
|
+
new ClosePullRequest() { DependencyNames = ["Some.Dependency"], Reason = "up_to_date" },
|
470
|
+
new MarkAsProcessed("TEST-COMMIT-SHA"),
|
471
|
+
]
|
472
|
+
);
|
473
|
+
}
|
474
|
+
|
475
|
+
[Fact]
|
476
|
+
public async Task GeneratesClosePullRequest_UpdateNoLongerPossible()
|
477
|
+
{
|
478
|
+
await TestAsync(
|
479
|
+
job: new Job()
|
480
|
+
{
|
481
|
+
Dependencies = ["Some.Dependency"],
|
482
|
+
ExistingPullRequests = [new() { Dependencies = [new() { DependencyName = "Some.Dependency", DependencyVersion = NuGetVersion.Parse("2.0.0") }] }],
|
483
|
+
SecurityAdvisories = [new() { DependencyName = "Some.Dependency", AffectedVersions = [Requirement.Parse("= 1.0.0")] }],
|
484
|
+
SecurityUpdatesOnly = true,
|
485
|
+
Source = CreateJobSource("/src"),
|
486
|
+
UpdatingAPullRequest = true,
|
487
|
+
},
|
488
|
+
files: [
|
489
|
+
("src/project.csproj", "initial contents"),
|
490
|
+
],
|
491
|
+
discoveryWorker: TestDiscoveryWorker.FromResults(
|
492
|
+
("/src", new WorkspaceDiscoveryResult()
|
493
|
+
{
|
494
|
+
Path = "/src",
|
495
|
+
Projects = [
|
496
|
+
new()
|
497
|
+
{
|
498
|
+
FilePath = "project.csproj",
|
499
|
+
Dependencies = [
|
500
|
+
new("Some.Dependency", "1.0.0", DependencyType.PackageReference, TargetFrameworks: ["net9.0"]),
|
501
|
+
],
|
502
|
+
ImportedFiles = [],
|
503
|
+
AdditionalFiles = [],
|
504
|
+
}
|
505
|
+
],
|
506
|
+
})
|
507
|
+
),
|
508
|
+
analyzeWorker: new TestAnalyzeWorker(input =>
|
509
|
+
{
|
510
|
+
var repoRoot = input.Item1;
|
511
|
+
var discovery = input.Item2;
|
512
|
+
var dependencyInfo = input.Item3;
|
513
|
+
if (dependencyInfo.Name != "Some.Dependency")
|
514
|
+
{
|
515
|
+
throw new NotImplementedException($"Test didn't expect to update dependency {dependencyInfo.Name}");
|
516
|
+
}
|
517
|
+
|
518
|
+
return Task.FromResult(new AnalysisResult()
|
519
|
+
{
|
520
|
+
CanUpdate = false,
|
521
|
+
UpdatedVersion = "1.0.0",
|
522
|
+
UpdatedDependencies = [],
|
523
|
+
});
|
524
|
+
}),
|
525
|
+
updaterWorker: new TestUpdaterWorker(input => throw new NotImplementedException("test shouldn't get this far")),
|
526
|
+
expectedUpdateHandler: RefreshSecurityUpdatePullRequestHandler.Instance,
|
527
|
+
expectedApiMessages: [
|
528
|
+
new UpdatedDependencyList()
|
529
|
+
{
|
530
|
+
Dependencies = [
|
531
|
+
new()
|
532
|
+
{
|
533
|
+
Name = "Some.Dependency",
|
534
|
+
Version = "1.0.0",
|
535
|
+
Requirements = [
|
536
|
+
new() { Requirement = "1.0.0", File = "/src/project.csproj", Groups = ["dependencies"] },
|
537
|
+
],
|
538
|
+
}
|
539
|
+
],
|
540
|
+
DependencyFiles = ["/src/project.csproj"],
|
541
|
+
},
|
542
|
+
new IncrementMetric()
|
543
|
+
{
|
544
|
+
Metric = "updater.started",
|
545
|
+
Tags = new()
|
546
|
+
{
|
547
|
+
["operation"] = "update_security_pr",
|
548
|
+
}
|
549
|
+
},
|
550
|
+
new ClosePullRequest() { DependencyNames = ["Some.Dependency"], Reason = "update_no_longer_possible" },
|
551
|
+
new MarkAsProcessed("TEST-COMMIT-SHA"),
|
552
|
+
]
|
553
|
+
);
|
554
|
+
}
|
555
|
+
|
556
|
+
[Fact]
|
557
|
+
public async Task RecreatesPullRequest()
|
558
|
+
{
|
559
|
+
await TestAsync(
|
560
|
+
job: new Job()
|
561
|
+
{
|
562
|
+
Dependencies = ["Some.Dependency"],
|
563
|
+
ExistingPullRequests = [new() { Dependencies = [new() { DependencyName = "Some.Dependency", DependencyVersion = NuGetVersion.Parse("2.0.0") }] }],
|
564
|
+
SecurityAdvisories = [new() { DependencyName = "Some.Dependency", AffectedVersions = [Requirement.Parse("= 1.0.0")] }],
|
565
|
+
SecurityUpdatesOnly = true,
|
566
|
+
Source = CreateJobSource("/src"),
|
567
|
+
UpdatingAPullRequest = true,
|
568
|
+
},
|
569
|
+
files: [
|
570
|
+
("src/project.csproj", "initial contents"),
|
571
|
+
],
|
572
|
+
discoveryWorker: TestDiscoveryWorker.FromResults(
|
573
|
+
("/src", new WorkspaceDiscoveryResult()
|
574
|
+
{
|
575
|
+
Path = "/src",
|
576
|
+
Projects = [
|
577
|
+
new()
|
578
|
+
{
|
579
|
+
FilePath = "project.csproj",
|
580
|
+
Dependencies = [
|
581
|
+
new("Some.Dependency", "1.0.0", DependencyType.PackageReference, TargetFrameworks: ["net9.0"]),
|
582
|
+
],
|
583
|
+
ImportedFiles = [],
|
584
|
+
AdditionalFiles = [],
|
585
|
+
}
|
586
|
+
],
|
587
|
+
})
|
588
|
+
),
|
589
|
+
analyzeWorker: new TestAnalyzeWorker(input =>
|
590
|
+
{
|
591
|
+
var repoRoot = input.Item1;
|
592
|
+
var discovery = input.Item2;
|
593
|
+
var dependencyInfo = input.Item3;
|
594
|
+
if (dependencyInfo.Name != "Some.Dependency")
|
595
|
+
{
|
596
|
+
throw new NotImplementedException($"Test didn't expect to update dependency {dependencyInfo.Name}");
|
597
|
+
}
|
598
|
+
|
599
|
+
return Task.FromResult(new AnalysisResult()
|
600
|
+
{
|
601
|
+
CanUpdate = true,
|
602
|
+
UpdatedVersion = "2.0.1",
|
603
|
+
UpdatedDependencies = [],
|
604
|
+
});
|
605
|
+
}),
|
606
|
+
updaterWorker: new TestUpdaterWorker(async input =>
|
607
|
+
{
|
608
|
+
var repoRoot = input.Item1;
|
609
|
+
var workspacePath = input.Item2;
|
610
|
+
var dependencyName = input.Item3;
|
611
|
+
var previousVersion = input.Item4;
|
612
|
+
var newVersion = input.Item5;
|
613
|
+
var isTransitive = input.Item6;
|
614
|
+
|
615
|
+
await File.WriteAllTextAsync(Path.Join(repoRoot, workspacePath), "updated contents");
|
616
|
+
|
617
|
+
return new UpdateOperationResult()
|
618
|
+
{
|
619
|
+
UpdateOperations = [new DirectUpdate() { DependencyName = "Some.Dependency", NewVersion = NuGetVersion.Parse("2.0.1"), UpdatedFiles = ["/src/project.csproj"] }],
|
620
|
+
};
|
621
|
+
}),
|
622
|
+
expectedUpdateHandler: RefreshSecurityUpdatePullRequestHandler.Instance,
|
623
|
+
expectedApiMessages: [
|
624
|
+
new UpdatedDependencyList()
|
625
|
+
{
|
626
|
+
Dependencies = [
|
627
|
+
new()
|
628
|
+
{
|
629
|
+
Name = "Some.Dependency",
|
630
|
+
Version = "1.0.0",
|
631
|
+
Requirements = [
|
632
|
+
new() { Requirement = "1.0.0", File = "/src/project.csproj", Groups = ["dependencies"] },
|
633
|
+
],
|
634
|
+
}
|
635
|
+
],
|
636
|
+
DependencyFiles = ["/src/project.csproj"],
|
637
|
+
},
|
638
|
+
new IncrementMetric()
|
639
|
+
{
|
640
|
+
Metric = "updater.started",
|
641
|
+
Tags = new()
|
642
|
+
{
|
643
|
+
["operation"] = "update_security_pr",
|
644
|
+
}
|
645
|
+
},
|
646
|
+
new ClosePullRequest() { DependencyNames = ["Some.Dependency"], Reason = "dependencies_changed" },
|
647
|
+
new CreatePullRequest()
|
648
|
+
{
|
649
|
+
Dependencies = [
|
650
|
+
new()
|
651
|
+
{
|
652
|
+
Name = "Some.Dependency",
|
653
|
+
Version = "2.0.1",
|
654
|
+
Requirements = [
|
655
|
+
new() { Requirement = "2.0.1", File = "/src/project.csproj", Groups = ["dependencies"], Source = new() { SourceUrl = null } },
|
656
|
+
],
|
657
|
+
PreviousVersion = "1.0.0",
|
658
|
+
PreviousRequirements = [
|
659
|
+
new() { Requirement = "1.0.0", File = "/src/project.csproj", Groups = ["dependencies"] },
|
660
|
+
],
|
661
|
+
}
|
662
|
+
],
|
663
|
+
UpdatedDependencyFiles = [
|
664
|
+
new()
|
665
|
+
{
|
666
|
+
Directory = "/src",
|
667
|
+
Name = "project.csproj",
|
668
|
+
Content = "updated contents",
|
669
|
+
}
|
670
|
+
],
|
671
|
+
BaseCommitSha = "TEST-COMMIT-SHA",
|
672
|
+
CommitMessage = RunWorkerTests.TestPullRequestCommitMessage,
|
673
|
+
PrTitle = RunWorkerTests.TestPullRequestTitle,
|
674
|
+
PrBody = RunWorkerTests.TestPullRequestBody,
|
675
|
+
DependencyGroup = null,
|
676
|
+
},
|
677
|
+
new MarkAsProcessed("TEST-COMMIT-SHA"),
|
678
|
+
]
|
679
|
+
);
|
680
|
+
}
|
681
|
+
|
682
|
+
[Fact]
|
683
|
+
public async Task GeneratesCreatePullRequest()
|
684
|
+
{
|
685
|
+
await TestAsync(
|
686
|
+
job: new Job()
|
687
|
+
{
|
688
|
+
Dependencies = ["Some.Dependency"],
|
689
|
+
ExistingPullRequests = [new() { Dependencies = [new() { DependencyName = "Unrelated.Dependency", DependencyVersion = NuGetVersion.Parse("2.0.0") }] }],
|
690
|
+
SecurityAdvisories = [new() { DependencyName = "Some.Dependency", AffectedVersions = [Requirement.Parse("= 1.0.0")] }],
|
691
|
+
SecurityUpdatesOnly = true,
|
692
|
+
Source = CreateJobSource("/src"),
|
693
|
+
UpdatingAPullRequest = true,
|
694
|
+
},
|
695
|
+
files: [
|
696
|
+
("src/project.csproj", "initial contents"),
|
697
|
+
],
|
698
|
+
discoveryWorker: TestDiscoveryWorker.FromResults(
|
699
|
+
("/src", new WorkspaceDiscoveryResult()
|
700
|
+
{
|
701
|
+
Path = "/src",
|
702
|
+
Projects = [
|
703
|
+
new()
|
704
|
+
{
|
705
|
+
FilePath = "project.csproj",
|
706
|
+
Dependencies = [
|
707
|
+
new("Some.Dependency", "1.0.0", DependencyType.PackageReference, TargetFrameworks: ["net9.0"]),
|
708
|
+
],
|
709
|
+
ImportedFiles = [],
|
710
|
+
AdditionalFiles = [],
|
711
|
+
}
|
712
|
+
],
|
713
|
+
})
|
714
|
+
),
|
715
|
+
analyzeWorker: new TestAnalyzeWorker(input =>
|
716
|
+
{
|
717
|
+
var repoRoot = input.Item1;
|
718
|
+
var discovery = input.Item2;
|
719
|
+
var dependencyInfo = input.Item3;
|
720
|
+
if (dependencyInfo.Name != "Some.Dependency")
|
721
|
+
{
|
722
|
+
throw new NotImplementedException($"Test didn't expect to update dependency {dependencyInfo.Name}");
|
723
|
+
}
|
724
|
+
|
725
|
+
return Task.FromResult(new AnalysisResult()
|
726
|
+
{
|
727
|
+
CanUpdate = true,
|
728
|
+
UpdatedVersion = "2.0.0",
|
729
|
+
UpdatedDependencies = [],
|
730
|
+
});
|
731
|
+
}),
|
732
|
+
updaterWorker: new TestUpdaterWorker(async input =>
|
733
|
+
{
|
734
|
+
var repoRoot = input.Item1;
|
735
|
+
var workspacePath = input.Item2;
|
736
|
+
var dependencyName = input.Item3;
|
737
|
+
var previousVersion = input.Item4;
|
738
|
+
var newVersion = input.Item5;
|
739
|
+
var isTransitive = input.Item6;
|
740
|
+
|
741
|
+
await File.WriteAllTextAsync(Path.Join(repoRoot, workspacePath), "updated contents");
|
742
|
+
|
743
|
+
return new UpdateOperationResult()
|
744
|
+
{
|
745
|
+
UpdateOperations = [new DirectUpdate() { DependencyName = "Some.Dependency", NewVersion = NuGetVersion.Parse("2.0.0"), UpdatedFiles = ["/src/project.csproj"] }],
|
746
|
+
};
|
747
|
+
}),
|
748
|
+
expectedUpdateHandler: RefreshSecurityUpdatePullRequestHandler.Instance,
|
749
|
+
expectedApiMessages: [
|
750
|
+
new UpdatedDependencyList()
|
751
|
+
{
|
752
|
+
Dependencies = [
|
753
|
+
new()
|
754
|
+
{
|
755
|
+
Name = "Some.Dependency",
|
756
|
+
Version = "1.0.0",
|
757
|
+
Requirements = [
|
758
|
+
new() { Requirement = "1.0.0", File = "/src/project.csproj", Groups = ["dependencies"] },
|
759
|
+
],
|
760
|
+
}
|
761
|
+
],
|
762
|
+
DependencyFiles = ["/src/project.csproj"],
|
763
|
+
},
|
764
|
+
new IncrementMetric()
|
765
|
+
{
|
766
|
+
Metric = "updater.started",
|
767
|
+
Tags = new()
|
768
|
+
{
|
769
|
+
["operation"] = "update_security_pr",
|
770
|
+
}
|
771
|
+
},
|
772
|
+
new CreatePullRequest()
|
773
|
+
{
|
774
|
+
Dependencies = [
|
775
|
+
new()
|
776
|
+
{
|
777
|
+
Name = "Some.Dependency",
|
778
|
+
Version = "2.0.0",
|
779
|
+
Requirements = [
|
780
|
+
new() { Requirement = "2.0.0", File = "/src/project.csproj", Groups = ["dependencies"], Source = new() { SourceUrl = null } },
|
781
|
+
],
|
782
|
+
PreviousVersion = "1.0.0",
|
783
|
+
PreviousRequirements = [
|
784
|
+
new() { Requirement = "1.0.0", File = "/src/project.csproj", Groups = ["dependencies"] },
|
785
|
+
],
|
786
|
+
}
|
787
|
+
],
|
788
|
+
UpdatedDependencyFiles = [
|
789
|
+
new()
|
790
|
+
{
|
791
|
+
Directory = "/src",
|
792
|
+
Name = "project.csproj",
|
793
|
+
Content = "updated contents",
|
794
|
+
}
|
795
|
+
],
|
796
|
+
BaseCommitSha = "TEST-COMMIT-SHA",
|
797
|
+
CommitMessage = RunWorkerTests.TestPullRequestCommitMessage,
|
798
|
+
PrTitle = RunWorkerTests.TestPullRequestTitle,
|
799
|
+
PrBody = RunWorkerTests.TestPullRequestBody,
|
800
|
+
DependencyGroup = null,
|
801
|
+
},
|
802
|
+
new MarkAsProcessed("TEST-COMMIT-SHA"),
|
803
|
+
]
|
804
|
+
);
|
805
|
+
}
|
806
|
+
}
|