dependabot-nuget 0.322.2 → 0.325.0

data/helpers/lib/NuGetUpdater/NuGetUpdater.Cli.Test/EntryPointTests.Update.cs

@@ -1,226 +0,0 @@
-using System.IO;
-using System.Text;
-
-using NuGetUpdater.Core;
-using NuGetUpdater.Core.Test;
-using NuGetUpdater.Core.Test.Update;
-
-using Xunit;
-
-namespace NuGetUpdater.Cli.Test;
-
-public partial class EntryPointTests
-{
-    public class Update : UpdateWorkerTestBase
-    {
-        [Fact]
-        public async Task WithProject()
-        {
-            await Run(path =>
-                [
-                    "update",
-                    "--job-id",
-                    "TEST-JOB-ID",
-                    "--job-path",
-                    Path.Combine(path, "job.json"),
-                    "--repo-root",
-                    path,
-                    "--solution-or-project",
-                    Path.Combine(path, "path/to/my.csproj"),
-                    "--dependency",
-                    "Some.Package",
-                    "--new-version",
-                    "13.0.1",
-                    "--previous-version",
-                    "7.0.1"
-                ],
-                packages:
-                [
-                    MockNuGetPackage.CreateSimplePackage("Some.Package", "7.0.1", "net45"),
-                    MockNuGetPackage.CreateSimplePackage("Some.Package", "13.0.1", "net45"),
-                ],
-                initialFiles:
-                [
-                    ("path/to/my.csproj", """
-                        <Project ToolsVersion="15.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-                          <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
-                          <PropertyGroup>
-                            <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
-                          </PropertyGroup>
-                          <ItemGroup>
-                            <None Include="packages.config" />
-                          </ItemGroup>
-                          <ItemGroup>
-                            <Reference Include="Some.Package">
-                              <HintPath>packages\Some.Package.7.0.1\lib\net45\Some.Package.dll</HintPath>
-                              <Private>True</Private>
-                            </Reference>
-                          </ItemGroup>
-                          <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
-                        </Project>
-                        """),
-                    ("path/to/packages.config", """
-                        <packages>
-                          <package id="Some.Package" version="7.0.1" targetFramework="net45" />
-                        </packages>
-                        """)
-                ],
-                expectedFiles:
-                [
-                    ("path/to/my.csproj", """
-                        <Project ToolsVersion="15.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-                          <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
-                          <PropertyGroup>
-                            <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
-                          </PropertyGroup>
-                          <ItemGroup>
-                            <None Include="packages.config" />
-                          </ItemGroup>
-                          <ItemGroup>
-                            <Reference Include="Some.Package">
-                              <HintPath>packages\Some.Package.13.0.1\lib\net45\Some.Package.dll</HintPath>
-                              <Private>True</Private>
-                            </Reference>
-                          </ItemGroup>
-                          <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
-                        </Project>
-                        """),
-                    ("path/to/packages.config", """
-                        <?xml version="1.0" encoding="utf-8"?>
-                        <packages>
-                          <package id="Some.Package" version="13.0.1" targetFramework="net45" />
-                        </packages>
-                        """)
-                ]
-            );
-        }
-
-        [Theory]
-        [InlineData(null)]
-        [InlineData("src")]
-        public async Task UpdaterDoesNotUseRepoGlobalJsonForMSBuildTasks(string? workingDirectoryPath)
-        {
-            // This is a _very_ specific scenario where the `NuGetUpdater.Cli` tool might pick up a `global.json` from
-            // the root of the repo under test and use it's `sdk` property when trying to locate MSBuild.  To properly
-            // test this, it must be tested in a new process where MSBuild has not been loaded yet and the runner tool
-            // must be started with its working directory at the test repo's root.
-            using var tempDir = new TemporaryDirectory();
-
-            MockNuGetPackage[] testPackages =
-            [
-                MockNuGetPackage.CreateSimplePackage("Some.Package", "7.0.1", "net8.0"),
-                MockNuGetPackage.CreateSimplePackage("Some.Package", "13.0.1", "net8.0"),
-            ];
-            await MockNuGetPackagesInDirectory(testPackages, tempDir.DirectoryPath);
-            await MockJobFileInDirectory(tempDir.DirectoryPath);
-
-            var globalJsonPath = Path.Join(tempDir.DirectoryPath, "global.json");
-            var srcGlobalJsonPath = Path.Join(tempDir.DirectoryPath, "src", "global.json");
-            string globalJsonContent = """
-                {
-                  "sdk": {
-                    "version": "99.99.99"
-                  }
-                }
-                """;
-            await File.WriteAllTextAsync(globalJsonPath, globalJsonContent, TestContext.Current.CancellationToken);
-            Directory.CreateDirectory(Path.Join(tempDir.DirectoryPath, "src"));
-            await File.WriteAllTextAsync(srcGlobalJsonPath, globalJsonContent, TestContext.Current.CancellationToken);
-            var projectPath = Path.Join(tempDir.DirectoryPath, "src", "project.csproj");
-            await File.WriteAllTextAsync(projectPath, """
-                <Project Sdk="Microsoft.NET.Sdk">
-                  <PropertyGroup>
-                    <TargetFramework>net8.0</TargetFramework>
-                  </PropertyGroup>
-                  <ItemGroup>
-                    <PackageReference Include="Some.Package" Version="7.0.1" />
-                  </ItemGroup>
-                </Project>
-                """, TestContext.Current.CancellationToken);
-            await File.WriteAllTextAsync(Path.Join(Path.GetDirectoryName(projectPath)!, "Directory.Build.props"), "<Project />", TestContext.Current.CancellationToken);
-            await File.WriteAllTextAsync(Path.Join(Path.GetDirectoryName(projectPath)!, "Directory.Build.targets"), "<Project />", TestContext.Current.CancellationToken);
-            await File.WriteAllTextAsync(Path.Join(Path.GetDirectoryName(projectPath)!, "Directory.Packages.props"), """
-                <Project>
-                  <PropertyGroup>
-                    <ManagePackageVersionsCentrally>false</ManagePackageVersionsCentrally>
-                  </PropertyGroup>
-                </Project>
-                """, TestContext.Current.CancellationToken);
-            var executableName = Path.Join(Path.GetDirectoryName(GetType().Assembly.Location), "NuGetUpdater.Cli.dll");
-            IEnumerable<string> executableArgs = [
-                executableName,
-                "update",
-                "--job-id",
-                "TEST-JOB-ID",
-                "--job-path",
-                Path.Combine(tempDir.DirectoryPath, "job.json"),
-                "--repo-root",
-                tempDir.DirectoryPath,
-                "--solution-or-project",
-                projectPath,
-                "--dependency",
-                "Some.Package",
-                "--new-version",
-                "13.0.1",
-                "--previous-version",
-                "7.0.1"
-            ];
-
-            // verify base run
-            var workingDirectory = tempDir.DirectoryPath;
-            if (workingDirectoryPath is not null)
-            {
-                workingDirectory = Path.Join(workingDirectory, workingDirectoryPath);
-            }
-
-            var (exitCode, output, error) = await ProcessEx.RunDotnetWithoutMSBuildEnvironmentVariablesAsync(executableArgs, workingDirectory, new ExperimentsManager() { InstallDotnetSdks = false });
-            Assert.True(exitCode == 0, $"Error running update on unsupported SDK.\nSTDOUT:\n{output}\nSTDERR:\n{error}");
-
-            // verify project update
-            var updatedProjectContents = await File.ReadAllTextAsync(projectPath, TestContext.Current.CancellationToken);
-            Assert.Contains("13.0.1", updatedProjectContents);
-
-            // verify `global.json` untouched
-            var updatedGlobalJsonContents = await File.ReadAllTextAsync(globalJsonPath, TestContext.Current.CancellationToken);
-            Assert.Contains("99.99.99", updatedGlobalJsonContents);
-
-            // verify `src/global.json` untouched
-            var updatedSrcGlobalJsonContents = await File.ReadAllTextAsync(srcGlobalJsonPath, TestContext.Current.CancellationToken);
-            Assert.Contains("99.99.99", updatedGlobalJsonContents);
-        }
-
-        private static async Task Run(Func<string, string[]> getArgs, (string Path, string Content)[] initialFiles, (string, string)[] expectedFiles, MockNuGetPackage[]? packages = null)
-        {
-            var actualFiles = await RunUpdate(initialFiles, async path =>
-            {
-                var sb = new StringBuilder();
-                var writer = new StringWriter(sb);
-
-                var originalOut = Console.Out;
-                var originalErr = Console.Error;
-                Console.SetOut(writer);
-                Console.SetError(writer);
-
-                try
-                {
-                    await MockJobFileInDirectory(path);
-                    await MockNuGetPackagesInDirectory(packages, path);
-
-                    var args = getArgs(path);
-                    var result = await Program.Main(args);
-                    if (result != 0)
-                    {
-                        throw new Exception($"Program exited with code {result}.\nOutput:\n\n{sb}");
-                    }
-                }
-                finally
-                {
-                    Console.SetOut(originalOut);
-                    Console.SetError(originalErr);
-                }
-            });
-
-            AssertContainsFiles(expectedFiles, actualFiles);
-        }
-    }
-}

data/lib/dependabot/nuget/analysis/analysis_json_reader.rb

@@ -1,65 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-
-require "dependabot/dependency"
-require "dependabot/nuget/analysis/dependency_analysis"
-require "dependabot/nuget/discovery/discovery_json_reader"
-require "json"
-require "sorbet-runtime"
-
-module Dependabot
-  module Nuget
-    class AnalysisJsonReader
-      extend T::Sig
-
-      sig { returns(String) }
-      def self.temp_directory
-        d = File.join(Dir.tmpdir, "analysis")
-        FileUtils.mkdir_p(d)
-        d
-      end
-
-      sig { params(dependency_name: String).returns(String) }
-      def self.analysis_file_path(dependency_name:)
-        File.join(temp_directory, "#{dependency_name}.json")
-      end
-
-      sig { params(dependency_name: String).returns(T.nilable(DependencyFile)) }
-      def self.analysis_json(dependency_name:)
-        file_path = analysis_file_path(dependency_name: dependency_name)
-        return unless File.exist?(file_path)
-
-        DependencyFile.new(
-          name: Pathname.new(file_path).cleanpath.to_path,
-          directory: temp_directory,
-          type: "file",
-          content: File.read(file_path)
-        )
-      end
-
-      sig { params(analysis_json: DependencyFile).void }
-      def initialize(analysis_json:)
-        @analysis_json = analysis_json
-      end
-
-      sig { returns(DependencyAnalysis) }
-      def dependency_analysis
-        @dependency_analysis ||= T.let(begin
-          raise Dependabot::DependencyFileNotParseable, analysis_json.path unless analysis_json.content
-
-          Dependabot.logger.info("#{File.basename(analysis_json.path)} analysis content: #{analysis_json.content}")
-
-          parsed_json = T.let(JSON.parse(T.must(analysis_json.content)), T::Hash[String, T.untyped])
-          DependencyAnalysis.from_json(parsed_json)
-        end, T.nilable(DependencyAnalysis))
-      rescue JSON::ParserError
-        raise Dependabot::DependencyFileNotParseable, analysis_json.path
-      end
-
-      private
-
-      sig { returns(DependencyFile) }
-      attr_reader :analysis_json
-    end
-  end
-end

data/lib/dependabot/nuget/analysis/dependency_analysis.rb

@@ -1,66 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-
-require "dependabot/nuget/version"
-require "dependabot/nuget/native_helpers"
-require "sorbet-runtime"
-
-module Dependabot
-  module Nuget
-    class DependencyAnalysis
-      extend T::Sig
-
-      sig { params(json: T::Hash[String, T.untyped]).returns(DependencyAnalysis) }
-      def self.from_json(json)
-        Dependabot::Nuget::NativeHelpers.ensure_no_errors(json)
-
-        updated_version = T.let(json.fetch("UpdatedVersion"), String)
-        can_update = T.let(json.fetch("CanUpdate"), T::Boolean)
-        version_comes_from_multi_dependency_property = T.let(json.fetch("VersionComesFromMultiDependencyProperty"),
-                                                             T::Boolean)
-        updated_dependencies = T.let(json.fetch("UpdatedDependencies"),
-                                     T::Array[T::Hash[String, T.untyped]]).map do |dep|
-          DependencyDetails.from_json(dep)
-        end
-
-        DependencyAnalysis.new(
-          updated_version: updated_version,
-          can_update: can_update,
-          version_comes_from_multi_dependency_property: version_comes_from_multi_dependency_property,
-          updated_dependencies: updated_dependencies
-        )
-      end
-
-      sig do
-        params(updated_version: String,
-               can_update: T::Boolean,
-               version_comes_from_multi_dependency_property: T::Boolean,
-               updated_dependencies: T::Array[DependencyDetails]).void
-      end
-      def initialize(updated_version:, can_update:, version_comes_from_multi_dependency_property:,
-                     updated_dependencies:)
-        @updated_version = updated_version
-        @can_update = can_update
-        @version_comes_from_multi_dependency_property = version_comes_from_multi_dependency_property
-        @updated_dependencies = updated_dependencies
-      end
-
-      sig { returns(String) }
-      attr_reader :updated_version
-
-      sig { returns(T::Boolean) }
-      attr_reader :can_update
-
-      sig { returns(T::Boolean) }
-      attr_reader :version_comes_from_multi_dependency_property
-
-      sig { returns(T::Array[DependencyDetails]) }
-      attr_reader :updated_dependencies
-
-      sig { returns(Dependabot::Nuget::Version) }
-      def numeric_updated_version
-        @numeric_updated_version ||= T.let(Version.new(updated_version), T.nilable(Dependabot::Nuget::Version))
-      end
-    end
-  end
-end

data/lib/dependabot/nuget/cache_manager.rb

@@ -1,29 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-
-require "sorbet-runtime"
-
-require "dependabot/file_fetchers"
-require "dependabot/file_fetchers/base"
-
-module Dependabot
-  module Nuget
-    class CacheManager
-      extend T::Sig
-
-      sig { returns(T::Boolean) }
-      def self.caching_disabled?
-        ENV["DEPENDABOT_NUGET_CACHE_DISABLED"] == "true"
-      end
-
-      sig { params(name: String).returns(T::Hash[String, T.untyped]) }
-      def self.cache(name)
-        return {} if caching_disabled?
-
-        @cache ||= T.let({}, T.nilable(T::Hash[String, T.untyped]))
-        @cache[name] ||= {}
-        @cache[name]
-      end
-    end
-  end
-end

data/lib/dependabot/nuget/discovery/dependency_details.rb

@@ -1,102 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-
-require "dependabot/nuget/discovery/evaluation_details"
-require "sorbet-runtime"
-
-module Dependabot
-  module Nuget
-    class DependencyDetails
-      extend T::Sig
-
-      sig { params(json: T::Hash[String, T.untyped]).returns(DependencyDetails) }
-      def self.from_json(json)
-        name = T.let(json.fetch("Name"), String)
-        version = T.let(json.fetch("Version"), T.nilable(String))
-        type = T.let(json.fetch("Type"), String)
-        evaluation = EvaluationDetails
-                     .from_json(T.let(json.fetch("EvaluationResult"), T.nilable(T::Hash[String, T.untyped])))
-        target_frameworks = T.let(json.fetch("TargetFrameworks"), T.nilable(T::Array[String]))
-        is_dev_dependency = T.let(json.fetch("IsDevDependency"), T::Boolean)
-        is_direct = T.let(json.fetch("IsDirect"), T::Boolean)
-        is_transitive = T.let(json.fetch("IsTransitive"), T::Boolean)
-        is_override = T.let(json.fetch("IsOverride"), T::Boolean)
-        is_update = T.let(json.fetch("IsUpdate"), T::Boolean)
-        info_url = T.let(json.fetch("InfoUrl"), T.nilable(String))
-
-        DependencyDetails.new(name: name,
-                              version: version,
-                              type: type,
-                              evaluation: evaluation,
-                              target_frameworks: target_frameworks,
-                              is_dev_dependency: is_dev_dependency,
-                              is_direct: is_direct,
-                              is_transitive: is_transitive,
-                              is_override: is_override,
-                              is_update: is_update,
-                              info_url: info_url)
-      end
-
-      sig do
-        params(name: String,
-               version: T.nilable(String),
-               type: String,
-               evaluation: T.nilable(EvaluationDetails),
-               target_frameworks: T.nilable(T::Array[String]),
-               is_dev_dependency: T::Boolean,
-               is_direct: T::Boolean,
-               is_transitive: T::Boolean,
-               is_override: T::Boolean,
-               is_update: T::Boolean,
-               info_url: T.nilable(String)).void
-      end
-      def initialize(name:, version:, type:, evaluation:, target_frameworks:, is_dev_dependency:, is_direct:,
-                     is_transitive:, is_override:, is_update:, info_url:)
-        @name = name
-        @version = version
-        @type = type
-        @evaluation = evaluation
-        @target_frameworks = target_frameworks
-        @is_dev_dependency = is_dev_dependency
-        @is_direct = is_direct
-        @is_transitive = is_transitive
-        @is_override = is_override
-        @is_update = is_update
-        @info_url = info_url
-      end
-
-      sig { returns(String) }
-      attr_reader :name
-
-      sig { returns(T.nilable(String)) }
-      attr_reader :version
-
-      sig { returns(String) }
-      attr_reader :type
-
-      sig { returns(T.nilable(EvaluationDetails)) }
-      attr_reader :evaluation
-
-      sig { returns(T.nilable(T::Array[String])) }
-      attr_reader :target_frameworks
-
-      sig { returns(T::Boolean) }
-      attr_reader :is_dev_dependency
-
-      sig { returns(T::Boolean) }
-      attr_reader :is_direct
-
-      sig { returns(T::Boolean) }
-      attr_reader :is_transitive
-
-      sig { returns(T::Boolean) }
-      attr_reader :is_override
-
-      sig { returns(T::Boolean) }
-      attr_reader :is_update
-
-      sig { returns(T.nilable(String)) }
-      attr_reader :info_url
-    end
-  end
-end

data/lib/dependabot/nuget/discovery/dependency_file_discovery.rb

@@ -1,122 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-
-require "dependabot/nuget/discovery/dependency_details"
-require "sorbet-runtime"
-
-module Dependabot
-  module Nuget
-    class DependencyFileDiscovery
-      extend T::Sig
-
-      sig do
-        params(json: T.nilable(T::Hash[String, T.untyped]),
-               directory: String).returns(T.nilable(DependencyFileDiscovery))
-      end
-      def self.from_json(json, directory)
-        return nil if json.nil?
-
-        file_path = File.join(directory, T.let(json.fetch("FilePath"), String))
-        dependencies = T.let(json.fetch("Dependencies"), T::Array[T::Hash[String, T.untyped]]).map do |dep|
-          DependencyDetails.from_json(dep)
-        end
-
-        DependencyFileDiscovery.new(file_path: file_path,
-                                    dependencies: dependencies)
-      end
-
-      sig do
-        params(file_path: String,
-               dependencies: T::Array[DependencyDetails]).void
-      end
-      def initialize(file_path:, dependencies:)
-        @file_path = file_path
-        @dependencies = dependencies
-      end
-
-      sig { returns(String) }
-      attr_reader :file_path
-
-      sig { returns(T::Array[DependencyDetails]) }
-      attr_reader :dependencies
-
-      sig { overridable.returns(Dependabot::FileParsers::Base::DependencySet) }
-      def dependency_set # rubocop:disable Metrics/PerceivedComplexity
-        dependency_set = Dependabot::FileParsers::Base::DependencySet.new
-
-        file_name = Pathname.new(file_path).cleanpath.to_path
-        dependencies.each do |dependency|
-          next if dependency.name.casecmp("Microsoft.NET.Sdk")&.zero?
-
-          # If the version string was evaluated it must have been successfully resolved
-          if dependency.evaluation && dependency.evaluation&.result_type != "Success"
-            logger.warn "Dependency '#{dependency.name}' excluded due to unparsable version: #{dependency.version}"
-            next
-          end
-
-          # Exclude any dependencies using version ranges or wildcards
-          next if dependency.version&.include?(",") ||
-                  dependency.version&.include?("*")
-
-          # Exclude any dependencies specified using interpolation
-          next if dependency.name.include?("%(") ||
-                  dependency.version&.include?("%(")
-
-          # Exclude any dependencies which reference an item type
-          next if dependency.name.include?("@(")
-
-          dependency_set << build_dependency(file_name, dependency)
-        end
-
-        dependency_set
-      end
-
-      private
-
-      sig { returns(::Logger) }
-      def logger
-        Dependabot.logger
-      end
-
-      sig { params(file_name: String, dependency_details: DependencyDetails).returns(Dependabot::Dependency) }
-      def build_dependency(file_name, dependency_details)
-        requirement = build_requirement(file_name, dependency_details)
-        requirements = requirement.nil? ? [] : [requirement]
-
-        version = dependency_details.version&.gsub(/[\(\)\[\]]/, "")&.strip
-        version = nil if version&.empty?
-
-        Dependency.new(
-          name: dependency_details.name,
-          version: version,
-          package_manager: "nuget",
-          requirements: requirements
-        )
-      end
-
-      sig do
-        params(file_name: String, dependency_details: DependencyDetails)
-          .returns(T.nilable(T::Hash[Symbol, T.untyped]))
-      end
-      def build_requirement(file_name, dependency_details)
-        return if dependency_details.is_transitive
-
-        version = dependency_details.version
-        version = nil if version&.empty?
-
-        requirement = {
-          requirement: version,
-          file: file_name,
-          groups: [dependency_details.is_dev_dependency ? "devDependencies" : "dependencies"],
-          source: nil
-        }
-
-        property_name = dependency_details.evaluation&.root_property_name
-        return requirement unless property_name
-
-        requirement[:metadata] = { property_name: property_name }
-        requirement
-      end
-    end
-  end
-end