Merge pull request #28 from nexB/errors-and-nuget-config

Process Errors and nuget config
Also implement a new nuget resolver for PackageReferences

Author: pombredanne

CHANGELOG.rst

@@ -3,6 +3,47 @@ Changelog
 
 
 
+v0.9.7
+-------
+
+This is a major feature update release with these updates and API breaking changes:
+
+* Use the full tree of nuget.config files that exist, including any package
+  mappings. See details on how to create nuget config files:
+
+  * https://learn.microsoft.com/en-us/nuget/reference/nuget-config-file
+  * https://learn.microsoft.com/en-us/nuget/consume-packages/configuring-nuget-behavior
+
+* Report and fail on errors. We now collect errors and warnings in the JSON
+  output at the top level or at the dependency level and fail the execution if
+  there is a problem reported.
+
+* Add new dependency resolver that works best for modern PackageReference-based
+  projects. 
+
+* Remove the "--nuget-url" command line option to configure an alternative
+  NuGet API URL. A nuget.config should be used instead, either the standard one,
+  or a provided one with the proper NuGet API repository sources
+
+* Add new "--with-details" command line option to optionally include package
+  metadata details (such as checksum and size) when available.
+  The SHA512 and size are no longer automatically provided. These are
+  expensive API calls that are not used by NuGet as explained in this issue
+  https://github.com/NuGet/NuGetGallery/issues/9433
+
+* Add new "--with-fallback" command line option to optionally use a plain XML
+  project file parser as fallback from failures." when parsing a project file
+  using the NuGet and MSBuild APIs and this parsing fails. As a result the
+  processing of some project file will fail without this option.
+
+* Improve caching of NuGet API calls.
+
+* Drop one-at-a-time dependency resolution which is mostly useless in practice.
+
+* Use a cleaner build that does not include path to the original build machine
+  in the binaries: we strip paths from the build now.
+
+
 v0.9.6
 -------
 

README.rst

@@ -62,6 +62,8 @@ Portions Copyright (c) 2018 Black Duck Software, Inc.
 
 Portions Copyright (c) Mario Rivis https://github.com/dxworks
 
+Portions Copyright (c) 2016 Andrei Marukovich https://github.com/Dropcraft/Dropcraft
+
 SPDX-License-Identifier: Apache-2.0 AND MIT
 
 
@@ -113,6 +115,8 @@ Here are credits for some of these key projects without which it would not exist
   https://github.com/veracode/verademo-dotnet
   https://github.com/veracode/verademo-dotnetcore
 
+- ``dropcraft`` from Andrei Marukovich
+  https://github.com/Dropcraft/Dropcraft
 
 These projects are used either in the built executables, at build time or for
 testing. The built executables are designed to be self-contained exes that do

build.sh

@@ -17,6 +17,6 @@ dotnet publish \
   --runtime linux-x64 \
   --self-contained true \
   --configuration Release \
-  -p:Version=0.9.6 \
+  -p:Version=0.9.7 \
   --output build \
   src/nuget-inspector/nuget-inspector.csproj

release.sh

@@ -16,7 +16,7 @@
 rm -rf release/
 mkdir release
 
-VERSION=0.9.6
+VERSION=0.9.7
 
 TARGET_BASE=nuget-inspector-$(git describe)
 

setup.cfg

@@ -1,7 +1,7 @@
 [bumpversion]
 commit = False
 tag = False
-current_version = 0.9.6
+current_version = 0.9.7
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)(\-(?P<release>[a-z]+))?
 serialize = 
 	{major}.{minor}.{patch}-{release}

src/Directory.Build.props

@@ -0,0 +1,7 @@
+<Project>
+   <PropertyGroup>
+      <Deterministic>true</Deterministic>
+      <DeterministicSourcePaths>true</DeterministicSourcePaths>
+      <PathMap>$([System.IO.Path]::GetFullPath('$(MSBuildThisFileDirectory)'))=./</PathMap>
+   </PropertyGroup>
+</Project>

src/nuget-inspector/Config.cs

@@ -2,9 +2,12 @@ namespace NugetInspector;
 
 public static class Config
 {
+    #pragma warning disable CA2211
     public static bool TRACE = false;
+    public static bool TRACE_ARGS = false;
     public static bool TRACE_NET = false;
     public static bool TRACE_DEEP = false;
     public static bool TRACE_META = false;
-    public static string NUGET_INSPECTOR_VERSION = "0.9.6";
+    public const string NUGET_INSPECTOR_VERSION = "0.9.7";
+    #pragma warning restore CA2211
 }

src/nuget-inspector/DependencyResolution.cs

@@ -3,23 +3,22 @@
 internal interface IDependencyProcessor
 {
     /// <summary>
-    /// RProcess and resolve dependencies and return a DependencyResolution
+    /// Process and resolve dependencies and return a DependencyResolution
     /// </summary>
     /// <returns>DependencyResolution</returns>
     DependencyResolution Resolve();
 }
 
 public class DependencyResolution
 {
+    public bool Success { get; set; } = true;
+    public List<BasePackage> Dependencies { get; set; } = new();
+
     public DependencyResolution() {}
 
-    public DependencyResolution(bool Success)
+    public DependencyResolution(bool success)
     {
-        this.Success = Success;
+        Success = success;
     }
 
-    public bool Success { get; set; } = true;
-    public string? ProjectVersion { get; set; }
-    public string? ErrorMessage { get; set; } = "";
-    public List<BasePackage> Dependencies { get; set; } = new();
 }

src/nuget-inspector/FrameworkFinder.cs

@@ -0,0 +1,99 @@
+using System.Xml;
+using NuGet.Frameworks;
+
+namespace NugetInspector;
+
+/// <summary>
+/// Helper module to fidn the proper project frameworj
+/// </summary>
+public static class FrameworkFinder
+{
+    /// <summary>
+    /// Return a tuple of (warning message or null, NuGetFramework) using either
+    /// the requested framework or a found framework or a fallback to "any".
+    /// </summary>
+    public static (string?, NuGetFramework) GetFramework(string? RequestedFramework, string ProjectFilePath)
+    {
+        string? framework_warning = null;
+        NuGetFramework project_framework;
+        // Force using the provided framework if present
+        if (!string.IsNullOrWhiteSpace(RequestedFramework))
+        {
+            project_framework = NuGetFramework.ParseFolder(folderName: RequestedFramework.ToLower());
+            if (project_framework == NuGetFramework.UnsupportedFramework)
+            {
+                framework_warning = $"Unsupported framework requested: {RequestedFramework}, falling back to 'any' framework.";
+                project_framework = NuGetFramework.AnyFramework;
+            }
+        }
+        else
+        {
+            // TODO: Use the project model instead to obtain the framework
+            // Or use the first framework found in the project
+            string framework_moniker;
+            (framework_moniker, project_framework) = FindProjectTargetFramework(ProjectFilePath);
+            if (project_framework == NuGetFramework.UnsupportedFramework)
+            {
+                project_framework = NuGetFramework.AnyFramework;
+                framework_warning = 
+                    $"Unsupported framework found: {framework_moniker} in {ProjectFilePath}, " +
+                    $"falling back to '{project_framework.GetShortFolderName()}' framework.";
+            }
+        }
+
+        if (Config.TRACE)
+            Console.WriteLine($"Effective project framework: {project_framework.GetShortFolderName()} {framework_warning}");
+
+        return (framework_warning, project_framework);
+    }
+
+    /// <summary>
+    /// Return the first NuGetFramework found in the *.*proj XML file or Any.
+    /// Handles new and legacy style target framework references.
+    /// </summary>
+    /// <param name="project_file_path"></param>
+    /// <returns></returns>
+    public static (string, NuGetFramework) FindProjectTargetFramework(string project_file_path)
+    {
+        var doc = new XmlDocument();
+        doc.Load(filename: project_file_path);
+
+        var target_framework = doc.GetElementsByTagName(name: "TargetFramework");
+        foreach (XmlNode tf in target_framework)
+        {
+            var framework_moniker = tf.InnerText.Trim();
+            if (!string.IsNullOrWhiteSpace(framework_moniker))
+            {
+                return (framework_moniker, NuGetFramework.ParseFolder(framework_moniker));
+            }
+        }
+
+        var target_framework_version = doc.GetElementsByTagName(name: "TargetFrameworkVersion");
+        foreach (XmlNode tfv in target_framework_version)
+        {
+            var framework_version = tfv.InnerText.Trim();
+            if (!string.IsNullOrWhiteSpace(framework_version))
+            {
+                var version = Version.Parse(framework_version.Trim('v', 'V'));
+                return (framework_version, new NuGetFramework(FrameworkConstants.FrameworkIdentifiers.Net, version));
+            }
+        }
+
+        var target_frameworks = doc.GetElementsByTagName(name: "TargetFrameworks");
+        foreach (XmlNode tf in target_frameworks)
+        {
+            var framework_monikers = tf.InnerText.Trim();
+            if (!string.IsNullOrWhiteSpace(framework_monikers))
+            {
+                var monikers = framework_monikers.Split(";", StringSplitOptions.RemoveEmptyEntries);
+                foreach (var moniker in monikers)
+                {
+                     if (!string.IsNullOrWhiteSpace(moniker))
+                        return (moniker, NuGetFramework.ParseFolder(moniker.Trim()));
+                }
+            }
+        }
+        // fallback to any if none are specified
+        return ("any", NuGetFramework.AnyFramework);
+    }
+}