RubyGems - dependabot-nuget - Versions diffs - 0.322.2 → 0.325.0 - Mend

dependabot-nuget 0.322.2 → 0.325.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (80) hide show

data/lib/dependabot/nuget/metadata_finder.rb DELETED Viewed

@@ -1,197 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-require "nokogiri"
-require "sorbet-runtime"
-require "dependabot/metadata_finders"
-require "dependabot/metadata_finders/base"
-require "dependabot/registry_client"
-module Dependabot
-  module Nuget
-    class MetadataFinder < Dependabot::MetadataFinders::Base
-      extend T::Sig
-      sig do
-        override
-          .params(
-            dependency: Dependabot::Dependency,
-            credentials: T::Array[Dependabot::Credential]
-          )
-          .void
-      end
-      def initialize(dependency:, credentials:)
-        @dependency_nuspec_file = T.let(nil, T.nilable(Nokogiri::XML::Document))
-        super
-      end
-      private
-      sig { override.returns(T.nilable(Dependabot::Source)) }
-      def look_up_source
-        return Source.from_url(dependency_source_url) if dependency_source_url
-        if dependency_nuspec_file
-          src_repo = look_up_source_in_nuspec(T.must(dependency_nuspec_file))
-          return src_repo if src_repo
-        end
-        # Fallback to getting source from the search result's projectUrl or licenseUrl.
-        # GitHub Packages doesn't support getting the `.nuspec`, switch to getting
-        # that instead once it is supported.
-        src_repo_from_project
-      rescue StandardError
-        # At this point in the process the PR is ready to be posted, we tried to gather commit
-        # and release notes, but have encountered an exception. So let's eat it since it's
-        # better to have a PR with no info than error out.
-        nil
-      end
-      sig { returns(T.nilable(Dependabot::Source)) }
-      def src_repo_from_project
-        source = dependency.requirements.find { |r| r.fetch(:source) }&.fetch(:source)
-        return unless source
-        # Query the service index e.g. https://nuget.pkg.github.com/ORG/index.json
-        response = Dependabot::RegistryClient.get(
-          url: source.fetch(:url),
-          headers: { **auth_header, "Accept" => "application/json" }
-        )
-        return unless response.status == 200
-        # Extract the query url e.g. https://nuget.pkg.github.com/ORG/query
-        search_base = extract_search_url(response.body)
-        return unless search_base
-        response = Dependabot::RegistryClient.get(
-          url: search_base + "?q=#{dependency.name.downcase}&prerelease=true&semVerLevel=2.0.0",
-          headers: { **auth_header, "Accept" => "application/json" }
-        )
-        return unless response.status == 200
-        # Find a projectUrl or licenseUrl that look like a source URL
-        extract_source_repo(response.body)
-      rescue JSON::ParserError
-        # Ignored, this is expected for some registries that don't handle these request.
-      end
-      sig { params(body: String).returns(T.nilable(String)) }
-      def extract_search_url(body)
-        JSON.parse(body)
-            .fetch("resources", [])
-            .find { |r| r.fetch("@type") == "SearchQueryService" }
-            &.fetch("@id")
-      end
-      sig { params(body: String).returns(T.nilable(Dependabot::Source)) }
-      def extract_source_repo(body)
-        JSON.parse(body).fetch("data", []).each do |search_result|
-          next unless search_result["id"].casecmp(dependency.name).zero?
-          if search_result.key?("projectUrl")
-            source = Source.from_url(search_result.fetch("projectUrl"))
-            return source if source
-          end
-          if search_result.key?("licenseUrl")
-            source = Source.from_url(search_result.fetch("licenseUrl"))
-            return source if source
-          end
-        end
-        # failed to find a source URL
-        nil
-      end
-      sig { params(nuspec: Nokogiri::XML::Document).returns(T.nilable(Dependabot::Source)) }
-      def look_up_source_in_nuspec(nuspec)
-        potential_source_urls = [
-          nuspec.at_css("package > metadata > repository")
-                &.attribute("url")&.value,
-          nuspec.at_css("package > metadata > repository > url")&.content,
-          nuspec.at_css("package > metadata > projectUrl")&.content,
-          nuspec.at_css("package > metadata > licenseUrl")&.content
-        ].compact
-        source_url = potential_source_urls.find { |url| Source.from_url(url) }
-        source_url ||= source_from_anywhere_in_nuspec(nuspec)
-        Source.from_url(source_url)
-      end
-      sig { params(nuspec: Nokogiri::XML::Document).returns(T.nilable(String)) }
-      def source_from_anywhere_in_nuspec(nuspec)
-        github_urls = []
-        nuspec.to_s.force_encoding(Encoding::UTF_8)
-              .scan(Source::SOURCE_REGEX) do
-          github_urls << Regexp.last_match.to_s
-        end
-        github_urls.find do |url|
-          repo = T.must(Source.from_url(url)).repo
-          repo.downcase.end_with?(dependency.name.downcase)
-        end
-      end
-      sig { returns(T.nilable(Nokogiri::XML::Document)) }
-      def dependency_nuspec_file
-        return @dependency_nuspec_file unless @dependency_nuspec_file.nil?
-        return if dependency_nuspec_url.nil?
-        response = Dependabot::RegistryClient.get(
-          url: T.must(dependency_nuspec_url),
-          headers: auth_header
-        )
-        @dependency_nuspec_file = Nokogiri::XML(response.body)
-      end
-      sig { returns(T.nilable(String)) }
-      def dependency_nuspec_url
-        source = dependency.requirements
-                           .find { |r| r.fetch(:source) }&.fetch(:source)
-        source.fetch(:nuspec_url) if source&.key?(:nuspec_url)
-      end
-      sig { returns(T.nilable(String)) }
-      def dependency_source_url
-        source = dependency.requirements
-                           .find { |r| r.fetch(:source) }&.fetch(:source)
-        return unless source
-        return source.fetch(:source_url) if source.key?(:source_url)
-        source.fetch("source_url")
-      end
-      # rubocop:disable Metrics/PerceivedComplexity
-      sig { returns(T::Hash[String, String]) }
-      def auth_header
-        source = dependency.requirements
-                           .find { |r| r.fetch(:source) }&.fetch(:source)
-        url = source&.fetch(:url, nil) || source&.fetch("url")
-        token = credentials
-                .select { |cred| cred["type"] == "nuget_feed" }
-                .find { |cred| cred["url"] == url }
-                &.fetch("token", nil)
-        return {} unless token
-        if token.include?(":")
-          encoded_token = Base64.encode64(token).delete("\n")
-          { "Authorization" => "Basic #{encoded_token}" }
-        elsif Base64.decode64(token).ascii_only? &&
-              Base64.decode64(token).include?(":")
-          { "Authorization" => "Basic #{token.delete("\n")}" }
-        else
-          { "Authorization" => "Bearer #{token}" }
-        end
-      end
-      # rubocop:enable Metrics/PerceivedComplexity
-    end
-  end
-end
-Dependabot::MetadataFinders.register("nuget", Dependabot::Nuget::MetadataFinder)

data/lib/dependabot/nuget/native_helpers.rb DELETED Viewed

@@ -1,364 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-require "shellwords"
-require "sorbet-runtime"
-require_relative "nuget_config_credential_helpers"
-module Dependabot
-  module Nuget
-    module NativeHelpers
-      extend T::Sig
-      sig { returns(String) }
-      def self.job_id
-        ENV.fetch("DEPENDABOT_JOB_ID")
-      end
-      sig { returns(String) }
-      def self.native_helpers_root
-        helpers_root = ENV.fetch("DEPENDABOT_NATIVE_HELPERS_PATH", nil)
-        return File.join(helpers_root, "nuget") unless helpers_root.nil?
-        File.expand_path("../../../helpers", __dir__)
-      end
-      sig { params(project_tfms: T::Array[String], package_tfms: T::Array[String]).returns(T::Boolean) }
-      def self.run_nuget_framework_check(project_tfms, package_tfms)
-        exe_path = File.join(native_helpers_root, "NuGetUpdater", "NuGetUpdater.Cli")
-        command_parts = [
-          exe_path,
-          "framework-check",
-          "--project-tfms",
-          *project_tfms,
-          "--package-tfms",
-          *package_tfms
-        ]
-        command = Shellwords.join(command_parts)
-        fingerprint = [
-          exe_path,
-          "framework-check",
-          "--project-tfms",
-          "<project-tfms>",
-          "--package-tfms",
-          "<package-tfms>"
-        ].join(" ")
-        puts "running NuGet updater:\n" + command
-        output = SharedHelpers.run_shell_command(command, allow_unsafe_shell_command: true, fingerprint: fingerprint)
-        puts output
-        # Exit code == 0 means that all project frameworks are compatible
-        true
-      rescue Dependabot::SharedHelpers::HelperSubprocessFailed
-        # Exit code != 0 means that not all project frameworks are compatible
-        false
-      end
-      sig do
-        params(
-          job_path: String,
-          repo_root: String,
-          workspace_path: String,
-          output_path: String
-        ).returns([String, String])
-      end
-      def self.get_nuget_discover_tool_command(job_path:, repo_root:, workspace_path:, output_path:)
-        exe_path = File.join(native_helpers_root, "NuGetUpdater", "NuGetUpdater.Cli")
-        command_parts = [
-          exe_path,
-          "discover",
-          "--job-id",
-          job_id,
-          "--job-path",
-          job_path,
-          "--repo-root",
-          repo_root,
-          "--workspace",
-          workspace_path,
-          "--output",
-          output_path
-        ].compact
-        command = Shellwords.join(command_parts)
-        fingerprint = [
-          exe_path,
-          "discover",
-          "--job-id",
-          "<job-id>",
-          "--job-path",
-          "<job-path>",
-          "--repo-root",
-          "<repo-root>",
-          "--workspace",
-          "<path-to-workspace>",
-          "--output",
-          "<path-to-output>"
-        ].compact.join(" ")
-        [command, fingerprint]
-      end
-      sig do
-        params(
-          job_path: String,
-          repo_root: String,
-          workspace_path: String,
-          output_path: String,
-          credentials: T::Array[Dependabot::Credential]
-        ).void
-      end
-      def self.run_nuget_discover_tool(job_path:, repo_root:, workspace_path:, output_path:, credentials:)
-        (command, fingerprint) = get_nuget_discover_tool_command(job_path: job_path,
-                                                                 repo_root: repo_root,
-                                                                 workspace_path: workspace_path,
-                                                                 output_path: output_path)
-        puts "running NuGet discovery:\n" + command
-        NuGetConfigCredentialHelpers.patch_nuget_config_for_action(credentials) do
-          output = SharedHelpers.run_shell_command(command, allow_unsafe_shell_command: true, fingerprint: fingerprint)
-          puts output
-        end
-      end
-      sig do
-        params(job_path: String, repo_root: String, discovery_file_path: String, dependency_file_path: String,
-               analysis_folder_path: String).returns([String, String])
-      end
-      def self.get_nuget_analyze_tool_command(job_path:, repo_root:, discovery_file_path:, dependency_file_path:,
-                                              analysis_folder_path:)
-        exe_path = File.join(native_helpers_root, "NuGetUpdater", "NuGetUpdater.Cli")
-        command_parts = [
-          exe_path,
-          "analyze",
-          "--job-id",
-          job_id,
-          "--job-path",
-          job_path,
-          "--repo-root",
-          repo_root,
-          "--discovery-file-path",
-          discovery_file_path,
-          "--dependency-file-path",
-          dependency_file_path,
-          "--analysis-folder-path",
-          analysis_folder_path
-        ].compact
-        command = Shellwords.join(command_parts)
-        fingerprint = [
-          exe_path,
-          "analyze",
-          "--job-id",
-          "<job-id>",
-          "--job-path",
-          "<job-path>",
-          "--discovery-file-path",
-          "<discovery-file-path>",
-          "--dependency-file-path",
-          "<dependency-file-path>",
-          "--analysis-folder-path",
-          "<analysis_folder_path>"
-        ].compact.join(" ")
-        [command, fingerprint]
-      end
-      sig do
-        params(
-          job_path: String, repo_root: String, discovery_file_path: String, dependency_file_path: String,
-          analysis_folder_path: String, credentials: T::Array[Dependabot::Credential]
-        ).void
-      end
-      def self.run_nuget_analyze_tool(job_path:, repo_root:, discovery_file_path:, dependency_file_path:,
-                                      analysis_folder_path:, credentials:)
-        (command, fingerprint) = get_nuget_analyze_tool_command(job_path: job_path,
-                                                                repo_root: repo_root,
-                                                                discovery_file_path: discovery_file_path,
-                                                                dependency_file_path: dependency_file_path,
-                                                                analysis_folder_path: analysis_folder_path)
-        puts "running NuGet analyze:\n" + command
-        NuGetConfigCredentialHelpers.patch_nuget_config_for_action(credentials) do
-          output = SharedHelpers.run_shell_command(command, allow_unsafe_shell_command: true, fingerprint: fingerprint)
-          puts output
-        end
-      end
-      # rubocop:disable Metrics/MethodLength
-      sig do
-        params(job_path: String, repo_root: String, proj_path: String, dependency: Dependency,
-               is_transitive: T::Boolean, result_output_path: String).returns([String, String])
-      end
-      def self.get_nuget_updater_tool_command(job_path:, repo_root:, proj_path:, dependency:, is_transitive:,
-                                              result_output_path:)
-        exe_path = File.join(native_helpers_root, "NuGetUpdater", "NuGetUpdater.Cli")
-        command_parts = [
-          exe_path,
-          "update",
-          "--job-id",
-          job_id,
-          "--job-path",
-          job_path,
-          "--repo-root",
-          repo_root,
-          "--solution-or-project",
-          proj_path,
-          "--dependency",
-          dependency.name,
-          "--new-version",
-          dependency.version,
-          "--previous-version",
-          dependency.previous_version,
-          is_transitive ? "--transitive" : nil,
-          "--result-output-path",
-          result_output_path
-        ].compact
-        command = Shellwords.join(command_parts)
-        fingerprint = [
-          exe_path,
-          "update",
-          "--job-id",
-          "<job-id>",
-          "--job-path",
-          "<job-path>",
-          "--repo-root",
-          "<repo-root>",
-          "--solution-or-project",
-          "<path-to-solution-or-project>",
-          "--dependency",
-          "<dependency-name>",
-          "--new-version",
-          "<new-version>",
-          "--previous-version",
-          "<previous-version>",
-          is_transitive ? "--transitive" : nil,
-          "--result-output-path",
-          "<result-output-path>"
-        ].compact.join(" ")
-        [command, fingerprint]
-      end
-      # rubocop:enable Metrics/MethodLength
-      sig { returns(String) }
-      def self.update_result_file_path
-        File.join(Dir.tmpdir, "update-result.json")
-      end
-      sig do
-        params(
-          job_path: String,
-          repo_root: String,
-          proj_path: String,
-          dependency: Dependency,
-          is_transitive: T::Boolean,
-          credentials: T::Array[Dependabot::Credential]
-        ).void
-      end
-      def self.run_nuget_updater_tool(job_path:, repo_root:, proj_path:, dependency:, is_transitive:, credentials:)
-        (command, fingerprint) = get_nuget_updater_tool_command(job_path: job_path, repo_root: repo_root,
-                                                                proj_path: proj_path, dependency: dependency,
-                                                                is_transitive: is_transitive,
-                                                                result_output_path: update_result_file_path)
-        puts "running NuGet updater:\n" + command
-        NuGetConfigCredentialHelpers.patch_nuget_config_for_action(credentials) do
-          output = SharedHelpers.run_shell_command(command,
-                                                   allow_unsafe_shell_command: true,
-                                                   fingerprint: fingerprint)
-          puts output
-          result_contents = File.read(update_result_file_path)
-          Dependabot.logger.info("update result: #{result_contents}")
-          result_json = T.let(JSON.parse(result_contents), T::Hash[String, T.untyped])
-          ensure_no_errors(result_json)
-        end
-      end
-      sig { void }
-      def self.normalize_file_names
-        # environment variables are required and the following will generate an actionable error message if they're not
-        _dependabot_repo_contents_path = ENV.fetch("DEPENDABOT_REPO_CONTENTS_PATH")
-        # this environment variable is directly used
-        dependabot_home = ENV.fetch("DEPENDABOT_HOME")
-        command = [
-          "pwsh",
-          "#{dependabot_home}/dependabot-updater/bin/normalize-file-names.ps1"
-        ].join(" ")
-        output = SharedHelpers.run_shell_command(command)
-        puts output
-      end
-      sig { void }
-      def self.install_dotnet_sdks
-        return unless Dependabot::Experiments.enabled?(:nuget_install_dotnet_sdks)
-        # environment variables are required and the following will generate an actionable error message if they're not
-        _dependabot_job_path = ENV.fetch("DEPENDABOT_JOB_PATH")
-        _dependabot_repo_contents_path = ENV.fetch("DEPENDABOT_REPO_CONTENTS_PATH")
-        _dotnet_install_script_path = ENV.fetch("DOTNET_INSTALL_SCRIPT_PATH")
-        _dotnet_install_dir = ENV.fetch("DOTNET_INSTALL_DIR")
-        # this environment variable is directly used
-        dependabot_home = ENV.fetch("DEPENDABOT_HOME")
-        command = [
-          "pwsh",
-          "#{dependabot_home}/dependabot-updater/bin/install-sdks.ps1"
-        ].join(" ")
-        output = SharedHelpers.run_shell_command(command)
-        puts output
-      end
-      # rubocop:disable Metrics/AbcSize
-      sig { params(json: T::Hash[String, T.untyped]).void }
-      def self.ensure_no_errors(json)
-        error = T.let(json.fetch("Error", nil), T.nilable(T::Hash[String, T.untyped]))
-        return if error.nil?
-        error_type = T.let(error.fetch("error-type"), String)
-        error_details = T.let(error.fetch("error-details", {}), T::Hash[String, T.untyped])
-        case error_type
-        when "dependency_file_not_found"
-          file_path = T.let(error_details.fetch("file-path"), String)
-          message = T.let(error_details.fetch("message", nil), T.nilable(String))
-          raise DependencyFileNotFound.new(file_path, message)
-        when "dependency_file_not_parseable"
-          file_path = T.let(error_details.fetch("file-path"), String)
-          message = T.let(error_details.fetch("message", nil), T.nilable(String))
-          raise DependencyFileNotParseable.new(file_path, message)
-        when "dependency_not_found"
-          source = T.let(error_details.fetch("source"), String)
-          raise DependencyNotFound, source
-        when "illformed_requirement"
-          raise BadRequirementError, T.let(error_details.fetch("message"), String)
-        when "private_source_authentication_failure"
-          raise PrivateSourceAuthenticationFailure, T.let(error_details.fetch("source"), String)
-        when "private_source_bad_response"
-          raise PrivateSourceBadResponse, T.let(error_details.fetch("source"), String)
-        when "update_not_possible"
-          raise UpdateNotPossible, T.let(error_details.fetch("dependencies"), T::Array[String])
-        when "unknown_error"
-          raise DependabotError, error_details.to_json
-        else
-          raise "Unexpected error type from native tool: #{error_type}: #{error_details}"
-        end
-      end
-      # rubocop:enable Metrics/AbcSize
-    end
-  end
-end

data/lib/dependabot/nuget/nuget_config_credential_helpers.rb DELETED Viewed

@@ -1,88 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-require "sorbet-runtime"
-module Dependabot
-  module Nuget
-    module NuGetConfigCredentialHelpers
-      extend T::Sig
-      sig { returns(String) }
-      def self.user_nuget_config_path
-        home_directory = Dir.home
-        File.join(home_directory, ".nuget", "NuGet", "NuGet.Config")
-      end
-      sig { returns(String) }
-      def self.temporary_nuget_config_path
-        user_nuget_config_path + "_ORIGINAL"
-      end
-      sig { params(credentials: T::Array[Dependabot::Credential]).void }
-      def self.add_credentials_to_nuget_config(credentials)
-        return unless File.exist?(user_nuget_config_path)
-        nuget_credentials = credentials.select { |cred| cred["type"] == "nuget_feed" }
-        return if nuget_credentials.empty?
-        File.rename(user_nuget_config_path, temporary_nuget_config_path)
-        package_sources = ["    <add key=\"nuget.org\" value=\"https://api.nuget.org/v3/index.json\" />"]
-        package_source_credentials = []
-        nuget_credentials.each_with_index do |c, i|
-          source_name = "nuget_source_#{i + 1}"
-          package_sources << "    <add key=\"#{source_name}\" value=\"#{c['url']}\" />"
-          next unless c["token"]
-          package_source_credentials << "    <#{source_name}>"
-          package_source_credentials << "      <add key=\"Username\" value=\"user\" />"
-          package_source_credentials << "      <add key=\"ClearTextPassword\" value=\"#{c['token']}\" />"
-          package_source_credentials << "    </#{source_name}>"
-        end
-        nuget_config = <<~NUGET_XML
-          <?xml version="1.0" encoding="utf-8"?>
-          <configuration>
-            <packageSources>
-          #{package_sources.join("\n")}
-            </packageSources>
-            <packageSourceCredentials>
-          #{package_source_credentials.join("\n")}
-            </packageSourceCredentials>
-          </configuration>
-        NUGET_XML
-        File.write(user_nuget_config_path, nuget_config)
-      end
-      sig { void }
-      def self.restore_user_nuget_config
-        return unless File.exist?(temporary_nuget_config_path)
-        File.delete(user_nuget_config_path)
-        File.rename(temporary_nuget_config_path, user_nuget_config_path)
-      end
-      sig { params(credentials: T::Array[Dependabot::Credential], _block: T.proc.void).void }
-      def self.patch_nuget_config_for_action(credentials, &_block)
-        add_credentials_to_nuget_config(credentials)
-        begin
-          yield
-        rescue DependabotError
-          # forward these
-          raise
-        rescue StandardError => e
-          log_message =
-            <<~LOG_MESSAGE
-              Block argument of NuGetConfigCredentialHelpers::patch_nuget_config_for_action causes an exception #{e}:
-              #{e.message}
-            LOG_MESSAGE
-          Dependabot.logger.error(log_message)
-          puts log_message
-        ensure
-          restore_user_nuget_config
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/nuget/package_manager.rb DELETED Viewed

@@ -1,51 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-require "sorbet-runtime"
-require "dependabot/nuget/version"
-require "dependabot/ecosystem"
-require "dependabot/nuget/requirement"
-module Dependabot
-  module Nuget
-    ECOSYSTEM = "dotnet"
-    SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
-    DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
-    class NugetPackageManager < Dependabot::Ecosystem::VersionManager
-      extend T::Sig
-      NAME = "nuget"
-      SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
-      DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
-      sig do
-        params(
-          raw_version: T.nilable(String)
-        ).void
-      end
-      def initialize(raw_version)
-        super(
-          name: NAME,
-          version: Version.new(raw_version),
-          deprecated_versions: DEPRECATED_VERSIONS,
-          supported_versions: SUPPORTED_VERSIONS
-       )
-      end
-      sig { override.returns(T::Boolean) }
-      def deprecated?
-        false
-      end
-      sig { override.returns(T::Boolean) }
-      def unsupported?
-        false
-      end
-    end
-  end
-end