Warn when http sources are used in packages.config restore operations

[erdembayar]

Bug

Fixes: https://github.com/NuGet/Client.Engineering/issues/1519

Regression? Last working version:

Description

Pretty straightforward. Contains the same warning as #4552, but obviously with a code since it's restore.

PR Checklist

• PR has a meaningful title

• PR has a linked issue.

• Described changes

• Tests

  • Automated tests added
  • OR
  • Test exception
  • OR
  • N/A

• Documentation

  • Documentation PR or issue filled
  • OR
  • N/A

[jeffkl]

Team Review: Add unit tests for the two other code paths where the warning is logged

[erdembayar]

Team Review: Add unit tests for the two other code paths where the warning is logged

@NuGet/nuget-client
I added tests for 2 other code paths.

[nkolev92]

You're missing packages.config restore in Visual Studio.

[erdembayar]

You're missing packages.config restore in Visual Studio.

I just tested PR restore in Visual Studio and I don't see any warning in "Package Manager console".
It seems restore logging in Visual Studio has a bug.
When I'm debugging packages.config restore in VS, I can see it's logging something but nothing in "Package Manager console".

I can file separate bug for this. Does it sound fair?

[nkolev92]

I just tested PR restore in Visual Studio and I don't see any warning in "Package Manager console".

I assume you mean PC restore right?

When I'm debugging packages.config restore in VS, I can see it's logging something but nothing in "Package Manager console".

Are you looking in PMC?
We have an output window titled Package Manager, check there.

[erdembayar]

I just tested PR restore in Visual Studio and I don't see any warning in "Package Manager console".

I assume you mean PC restore right?

When I'm debugging packages.config restore in VS, I can see it's logging something but nothing in "Package Manager console".

Are you looking in PMC? We have an output window titled Package Manager, check there.

Sorry for naming confusion let me clear it for you.

1. PMUI scenario
I tested both PC and PR with PMUI install scenario, both cases I don't see any warning in Output >> PackageManager, I suspect there is a logging bug here. Would you like me file bug for it?
PR:

PC:

2. PMC scenario
Then I tested both PC and PR in PMC window

PR: I can see asset file include text2xml entry, that means restore did happen.

PC:

By the way I did clean up cache between repro cycles and I used below 2 sources for tests:

[nkolev92]

Installation in packages.config is different from installation in PackageReference.
We discussed shortly in one of the teams channels, it's all restore in PackageReference. In packages.config, they are different gestures.

We'll have a different issue for installation scenarios.

[nkolev92]

I originally thought your branch didn't have my changes, but it seems like now does. How are you testing that the PR scenarios?

I'll do some tests on my end, as that's something I expect to work.

[erdembayar]

I originally thought your branch didn't have my changes, but it seems like now does. How are you testing that the PR scenarios?

I'll do some tests on my end, as that's something I expect to work.

I just tested in VS PMUI and VS PMC with below 2 feeds.

    <add key="nuget" value="http://api.nuget.org/v3/index.json" />
    <add key="myinsecure" value="http://nuget.org/api/v2" />

[nkolev92]

My question is more about what version of VS you are testing. Are you using experimental instance etc.

[erdembayar]

My question is more about what version of VS you are testing. Are you using experimental instance etc.

Yes, it's experimental instance for VS 17.2 Preview 4.

[nkolev92]

@erdembayar

Try using a legacy package reference project.

For SDK based projects, the warnings are added in by the SDK and given that the SDK doesn't know about NU1803 it can't parse it.

Root cause explained: NuGet/Home#7126

[erdembayar]

@erdembayar

Try using a legacy package reference project.

For SDK based projects, the warnings are added in by the SDK and given that the SDK doesn't know about NU1803 it can't parse it.

Root cause explained: NuGet/Home#7126

You're right it works for legacy PR warnings are added.

Does above apply for package PMUI install of packages.config projects too?

[nkolev92]

Does above apply for package PMUI install of packages.config projects too

What does above mean?

[erdembayar]

Does above apply for package PMUI install of packages.config projects too

What does above mean?

Install package to PC project via PMUI, I don't see any warning, but it's not sdk based so just wandering why:

[erdembayar]

Does above apply for package PMUI install of packages.config projects too

What does above mean?

Install package to PC project via PMUI, I don't see any warning, but it's not sdk based so just wandering why: ![image]

Never mind, I was using wrong logger, I changed it. Now both PMC and PMUI warnings are working.

It's ready to review.

[erdembayar]

@NuGet/nuget-client
It's ready to review.

[nkolev92]

When you say you PMC and PMUI warnings work, can you clarify what commands you are running there?

[nkolev92]

Looks pretty good overall.

[nkolev92]

packageRestoreContext has the SourceRepositories. Can we use those?

[kartheekp-ms]

I think we can use packageRestoreContext.SourceRepositories because the collection is populated with sources that are enabled.

NuGet.Client/src/NuGet.Core/NuGet.Protocol/CachingSourceProvider.cs

Lines 33 to 36 in aca9465

	_repositories = _packageSourceProvider.LoadPackageSources()
	.Where(s => s.IsEnabled)
	.Select(CreateRepository)
	.ToList();

[erdembayar]

I had to add back this change, because some code paths sourceRepositories is set explicitly null so we can't use packageRestoreContext.SourceRepositories that case.

NuGet.Client/src/NuGet.Core/NuGet.PackageManagement/IDE/PackageRestoreManager.cs

Line 312 in f52a839

sourceRepositories: null,

[nkolev92]

I'd really love it if we can avoid adding any public methods in NuGetPackageManager.

I tried to follow RestorePackageAsync into NuGetPackageManager and it uses the ISourceRepositoryProvider to get the providers if they are not set on the context.

Maybe we can just set them?

[erdembayar]

@nkolev92 @kartheekp-ms
I addressed PR comments.

[kartheekp-ms]

I think we need to add log code to the warning. Similar to PR restore logic.

NuGet.Client/src/NuGet.Core/NuGet.Commands/RestoreCommand/RestoreCommand.cs

Lines 223 to 224 in f52a839

	await _logger.LogAsync(RestoreLogMessage.CreateWarning(NuGetLogCode.NU1803,
	string.Format(CultureInfo.CurrentCulture, Strings.Warning_HttpServerUsage, "restore", source.Source)));

[nkolev92]

log codes only work in PackageReference.
For consistency we try not to add the log codes in packages.config as none of the resolver warnings/errors have any codes.

[zivkan]

For consistency we try not to add the log codes in packages.config as none of the resolver warnings/errors have any codes.

I don't understand this. With a log code, the customer has something to search for (or in VS, something to click in the Error List window), and then there can be a docs page where we can provide more detailed instructions on how to resolve the error.

Why is consistency with not using log codes matter more than this?

[nkolev92]

You can't suppress warnings or elevate warnings in packages.config. Log codes usually suggest that you can do that.
Also warnings/errors in packages.config and PackageReference are different because pc restore rarely puts any log messages there.

I think the message itself should be actionable enough.