Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

return counts from RestoreTask for PackageReference projects #6049

Merged
merged 4 commits into from
Oct 1, 2024
Merged

return counts from RestoreTask for PackageReference projects #6049

merged 4 commits into from
Oct 1, 2024

Conversation

zivkan
Copy link
Member

@zivkan zivkan commented Sep 24, 2024

Bug

Fixes: NuGet/Home#13778

Description

Add properties output properties RestoreProjectCount, RestoreSkippedCount, and RestoreProjectsAuditedCount to RestoreTask (non-static graph version). Static graph version will be implemented later, and including packages.config projects is waiting for customer feedback.

The tests demonstrate how to to fail a restore if NuGetAudit was not enabled for at least 1 project.

PR Checklist

@zivkan zivkan requested a review from a team as a code owner September 24, 2024 03:53
jeffkl
jeffkl previously approved these changes Sep 24, 2024
View reviewed changes
src/NuGet.Core/NuGet.Commands/RestoreCommand/Utility/AuditUtility.cs Outdated
@@ -51,6 +51,9 @@ internal class AuditUtility
internal int DistinctAdvisoriesSuppressedCount { get; private set; }
internal int TotalWarningsSuppressedCount { get; private set; }

/// <inheritdoc cref="RestoreSummary.AuditRan"/>
internal bool AuditRan { get; private set; }
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would just have CheckPackageVulnerabilitiesAsync() return Task<bool> and then save the value here to be returned. Just my vote

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree, it's pretty much done that way anyways in the 3 places we return.

nkolev92
nkolev92 reviewed Sep 24, 2024
View reviewed changes
src/NuGet.Core/NuGet.Commands/RestoreCommand/RestoreSummary.cs Show resolved Hide resolved
src/NuGet.Core/NuGet.Commands/RestoreCommand/Utility/AuditUtility.cs Outdated
@@ -51,6 +51,9 @@ internal class AuditUtility
internal int DistinctAdvisoriesSuppressedCount { get; private set; }
internal int TotalWarningsSuppressedCount { get; private set; }

/// <inheritdoc cref="RestoreSummary.AuditRan"/>
internal bool AuditRan { get; private set; }
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree, it's pretty much done that way anyways in the 3 places we return.

test/TestUtilities/Test.Utility/FileSystemBackedV3MockServer.cs Show resolved Hide resolved
jeffkl
jeffkl previously approved these changes Sep 27, 2024
View reviewed changes
nkolev92
nkolev92 reviewed Sep 27, 2024
View reviewed changes
src/NuGet.Core/NuGet.Build.Tasks.Console/MSBuildStaticGraphRestore.cs
@@ -138,7 +138,8 @@ static bool HasProjectToRestore(DependencyGraphSpec dgSpec, bool restorePackages

try
{
bool result = await BuildTasksUtility.RestoreAsync(
// todo: need to return Restore task output properties, like in NuGet.targets
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO's need to be linked to issues.

Sorry I missed this in the first review.

martinrrm
martinrrm previously approved these changes Sep 30, 2024
View reviewed changes
@zivkan zivkan dismissed stale reviews from martinrrm and jeffkl via 115008f September 30, 2024 20:51
jeffkl
jeffkl previously approved these changes Sep 30, 2024
View reviewed changes
nkolev92
nkolev92 previously approved these changes Sep 30, 2024
View reviewed changes
@zivkan zivkan dismissed stale reviews from nkolev92 and jeffkl via 221e068 October 1, 2024 01:47
@zivkan zivkan requested review from nkolev92 and jeffkl October 1, 2024 01:47
donnie-msft
donnie-msft approved these changes Oct 1, 2024
View reviewed changes
src/NuGet.Core/NuGet.Commands/RestoreCommand/RestoreSummary.cs
/// <summary>
/// A boolean that specifies if NuGetAudit verified packages for known vulnerabilities
/// </summary>
/// <remarks>This could be false if NuGetAudit is disabled, if
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/// <remarks>This could be false if NuGetAudit is disabled, if
/// <remarks>This could be false if:

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll try to remember to fix this when I implement the static graph restore counts

src/NuGet.Core/NuGet.Build.Tasks/BuildTasksUtility.cs
@@ -289,7 +289,7 @@ public static async Task<bool> RestoreAsync(
{
RestoreSummary.Log(log, restoreSummaries);
}
return restoreSummaries.All(x => x.Success);
return restoreSummaries;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this fixing other bugs with restore around logging what specifically failed during a failed restore? Before, if any summary indicated failure, then the entire collection wasn't returned, therefore client couldn't tell the customer any details of what failed.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, it's still expected that any project that does not have a successful restore to have logged its errors.

test/NuGet.Core.FuncTests/Dotnet.Integration.Test/DotnetRestoreTests.cs
// Second restore is no-op, so should be skipped, and audit not run
_dotnetFixture.RunDotnetExpectSuccess(pathContext.SolutionRoot, "restore -p:ExpectedRestoreProjectCount=1 -p:ExpectedRestoreSkippedCount=1 -p:ExpectedRestoreProjectsAuditedCount=0");

mockServer.Stop();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dispose already does this.

test/NuGet.Core.FuncTests/Dotnet.Integration.Test/DotnetRestoreTests.cs
}

[Fact]
public async Task DotnetRestore_WithServerWithoutAuditData_RestoreTaskReturnsCountProperties()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't follow this test name well, but reading the test, my interpretation is it's expecting 1 restore, then 1 no-op restore. In neither case is audit count expected to tick.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, you're right. It does two restores, the second is a no-op. No-op (should) never run NuGetAudit, and the first restore does not run audit because the server did not provide a vulnerability database ("audit data").

I couldn't think of a way to write this in a name without it being unreasonably long.

@zivkan zivkan merged commit db35f73 into dev Oct 1, 2024
28 checks passed
@zivkan zivkan deleted the dev-zivkan-did-audit-run branch October 1, 2024 21:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@donnie-msft donnie-msft donnie-msft approved these changes

@nkolev92 nkolev92 nkolev92 approved these changes

@martinrrm martinrrm Awaiting requested review from martinrrm

@jeffkl jeffkl Awaiting requested review from jeffkl

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Detect if restore used NuGetAudit or not for PackageReference projects
5 participants
@zivkan @nkolev92 @jeffkl @martinrrm @donnie-msft