Merge branch 'main' into jamiemagee/sentry-ruby

ylecuyer · Jan 23, 2024 · b3d05b5 · b3d05b5
2 parents 428e8a9 + 34f9389
commit b3d05b5
Show file tree

Hide file tree

Showing 14 changed files with 208 additions and 91 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -19,7 +19,7 @@ PATH
       bundler (>= 1.16, < 3.0.0)
       commonmarker (>= 0.20.1, < 0.24.0)
       docker_registry2 (~> 1.18.0)
-      excon (~> 0.96, < 0.105)
+      excon (~> 0.109)
       faraday (= 2.7.11)
       faraday-retry (= 2.2.0)
       gitlab (= 4.19.0)
@@ -165,7 +165,7 @@ GEM
       rest-client (>= 1.8.0)
     domain_name (0.6.20231109)
     erubi (1.12.0)
-    excon (0.104.0)
+    excon (0.109.0)
     faraday (2.7.11)
       base64
       faraday-net_http (>= 2.0, < 3.1)

diff --git a/common/dependabot-common.gemspec b/common/dependabot-common.gemspec
@@ -31,7 +31,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "bundler", ">= 1.16", "< 3.0.0"
   spec.add_dependency "commonmarker", ">= 0.20.1", "< 0.24.0"
   spec.add_dependency "docker_registry2", "~> 1.18.0"
-  spec.add_dependency "excon", "~> 0.96", "< 0.105"
+  spec.add_dependency "excon", "~> 0.109"
   spec.add_dependency "faraday", "2.7.11"
   spec.add_dependency "faraday-retry", "2.2.0"
   spec.add_dependency "gitlab", "4.19.0"

diff --git a/common/lib/dependabot/pull_request_creator.rb b/common/lib/dependabot/pull_request_creator.rb
@@ -389,7 +389,7 @@ def branch_namer
         BranchNamer.new(
           dependencies: dependencies,
           files: files,
-          target_branch: T.must(source.branch),
+          target_branch: source.branch,
           dependency_group: dependency_group,
           separator: branch_name_separator,
           prefix: branch_name_prefix,

diff --git a/common/spec/dependabot/pull_request_creator_spec.rb b/common/spec/dependabot/pull_request_creator_spec.rb
@@ -210,6 +210,21 @@
       end
     end
 
+    context "with a GitHub source and no target branch" do
+      let(:source) { Dependabot::Source.new(provider: "github", repo: "gc/bp") }
+      let(:dummy_creator) { instance_double(described_class::Github) }
+
+      it "delegates to PullRequestCreator::Github with a branch name that does not include any branch" do
+        expect(described_class::Github)
+          .to receive(:new)
+          .with(
+            a_hash_including(branch_name: "dependabot/bundler/business-1.5.0")
+          ).and_return(dummy_creator)
+        expect(dummy_creator).to receive(:create)
+        creator.create
+      end
+    end
+
     context "with a GitLab source" do
       let(:source) { Dependabot::Source.new(provider: "gitlab", repo: "gc/bp", branch: "main") }
       let(:dummy_creator) { instance_double(described_class::Gitlab) }

diff --git a/nuget/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/SdkPackageUpdaterTests.cs b/nuget/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/SdkPackageUpdaterTests.cs
@@ -187,6 +187,69 @@ public static IEnumerable<object[]> GetDependencyUpdates()
             "Newtonsoft.Json", "12.0.1", "13.0.1", false // isTransitive
         };
 
+        // Make sure we don't update if there are incoherent versions
+        yield return new object[] {
+            new []
+            {
+                (Path: "src/Project.csproj", Content: """
+                    <Project Sdk="Microsoft.NET.Sdk">
+                        <PropertyGroup>
+                            <TargetFramework>netcoreapp2.1</TargetFramework>
+                        </PropertyGroup>
+                        <ItemGroup>
+                            <PackageReference Include="Microsoft.Extensions.Primitives" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Options" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Logging" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Configuration" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Caching.Abstractions" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.EntityFrameworkCore.Relational" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.EntityFrameworkCore.Analyzers" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.EntityFrameworkCore.Abstractions" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.EntityFrameworkCore" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.AspNetCore.App" Version="2.1.0" />
+                            <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="2.1.0" />
+                        </ItemGroup>
+                    </Project>
+                    """)
+            }, // starting contents
+            new []
+            {
+                (Path: "src/Project.csproj", Content: """
+                    <Project Sdk="Microsoft.NET.Sdk">
+                        <PropertyGroup>
+                            <TargetFramework>netcoreapp2.1</TargetFramework>
+                        </PropertyGroup>
+                        <ItemGroup>
+                            <PackageReference Include="Microsoft.Extensions.Primitives" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Options" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Logging" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Configuration" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Caching.Abstractions" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.EntityFrameworkCore.Relational" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.EntityFrameworkCore.Analyzers" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.EntityFrameworkCore.Abstractions" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.EntityFrameworkCore" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.AspNetCore.App" Version="2.1.0" />
+                            <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="2.1.0" />
+                        </ItemGroup>
+                    </Project>
+                    """)
+            }, // expected contents
+            "Microsoft.EntityFrameworkCore.SqlServer", "2.1.0", "2.2.0", false // isTransitive
+        };
+
         // PackageReference with Version as child element
         yield return new object[]
         {

diff --git a/nuget/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs b/nuget/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs
@@ -263,7 +263,7 @@ internal static async Task<bool> DependenciesAreCoherentAsync(string repoRoot, s
         try
         {
             var tempProjectPath = await CreateTempProjectAsync(tempDirectory, repoRoot, projectPath, targetFramework, packages);
-            var (exitCode, stdOut, stdErr) = await ProcessEx.RunAsync("dotnet", $"build \"{tempProjectPath}\"");
+            var (exitCode, stdOut, stdErr) = await ProcessEx.RunAsync("dotnet", $"restore \"{tempProjectPath}\"");
 
             // NU1608: Detected package version outside of dependency constraint
 
@@ -308,6 +308,7 @@ private static async Task<string> CreateTempProjectAsync(DirectoryInfo tempDir,
                   <PropertyGroup>
                     <TargetFramework>{targetFramework}</TargetFramework>
                     <GenerateDependencyFile>true</GenerateDependencyFile>
+                    <RunAnalyzers>false</RunAnalyzers>
                   </PropertyGroup>
                   <ItemGroup>
                     {packageReferences}

diff --git a/nuget/lib/dependabot/nuget/file_fetcher.rb b/nuget/lib/dependabot/nuget/file_fetcher.rb
@@ -72,7 +72,9 @@ def project_files
             project_files += fsproj_file
             project_files += sln_project_files
             project_files += proj_files
-            project_files += project_files.filter_map { |f| directory_packages_props_file_from_project_file(f) }
+            project_files += project_files.filter_map do |f|
+              named_file_up_tree_from_project_file(f, "Directory.Packages.props")
+            end
             project_files
           end
       rescue Octokit::NotFound, Gitlab::Error::NotFound
@@ -191,28 +193,6 @@ def proj_files
         @proj_files ||= find_and_fetch_with_suffix(".proj")
       end
 
-      def directory_packages_props_file_from_project_file(project_file)
-        # walk up the tree from each project file stopping at the first `Directory.Packages.props` file found
-        # https://learn.microsoft.com/en-us/nuget/consume-packages/central-package-management#central-package-management-rules
-
-        found_directory_packages_props_file = nil
-        directory_path = Pathname.new(directory)
-        full_project_dir = Pathname.new(project_file.directory).join(project_file.name).dirname
-        full_project_dir.ascend.each do |base|
-          break if found_directory_packages_props_file
-
-          candidate_file_path = Pathname.new(base).join("Directory.Packages.props").cleanpath.to_path
-          candidate_directory = Pathname.new(File.dirname(candidate_file_path))
-          relative_candidate_directory = candidate_directory.relative_path_from(directory_path)
-          candidate_file = repo_contents(dir: relative_candidate_directory).find do |f|
-            f.name.casecmp?("Directory.Packages.props")
-          end
-          found_directory_packages_props_file = fetch_file_from_host(candidate_file.name) if candidate_file
-        end
-
-        found_directory_packages_props_file
-      end
-
       def find_and_fetch_with_suffix(suffix)
         repo_contents.select { |f| f.name.end_with?(suffix) }.map { |f| fetch_file_from_host(f.name) }
       end

diff --git a/nuget/spec/dependabot/nuget/file_fetcher_spec.rb b/nuget/spec/dependabot/nuget/file_fetcher_spec.rb
@@ -330,7 +330,7 @@
     # end
   end
 
-  context "NuGet.config can be found when starting in a subdirectory" do
+  context "directory-relative files can be found when starting in a subdirectory" do
     let(:directory) { "/src/some-project/" }
 
     before do
@@ -344,19 +344,24 @@
         "bump",
         "main"
       )
-      stub_request(:get, File.join(url, "src/some-project/.config?ref=sha"))
-        .with(headers: { "Authorization" => "token token" })
-        .to_return(
-          status: 404,
-          body: "{}",
-          headers: { "content-type" => "application/json" }
-        )
+
+      # these files explicitly don't exist
+      ["src/some-project/.config", "src/some-project/Directory.Packages.props"].each do |file|
+        stub_request(:get, File.join(url, "#{file}?ref=sha"))
+          .with(headers: { "Authorization" => "token token" })
+          .to_return(
+            status: 404,
+            body: "{}",
+            headers: { "content-type" => "application/json" }
+          )
+      end
     end
 
     it "fetches the NuGet.config file from several directories up" do
       expect(file_fetcher_instance.files.map(&:name))
         .to match_array(
           %w(
+            ../../Directory.Packages.props
             ../../NuGet.Config
             some-project.csproj
           )

diff --git a/nuget/spec/fixtures/github/csproj_in_subdirectory/Directory.Packages.props b/nuget/spec/fixtures/github/csproj_in_subdirectory/Directory.Packages.props
@@ -0,0 +1,5 @@
+<Project>
+  <PropertyGroup>
+    <ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
+  </PropertyGroup>
+</Project>