Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(#3461,#3487) Prevent dependency resolution from downgrading packages #3486

Merged
merged 14 commits into from
Sep 27, 2024
Merged

(#3461,#3487) Prevent dependency resolution from downgrading packages #3486

merged 14 commits into from
Sep 27, 2024

Conversation

corbob
Copy link
Member

@corbob corbob commented Jul 16, 2024
edited
Loading

Description Of Changes

  • Prevent dependency resolution from downgrading packages when --allow-downgrade is not specified.
  • Prevent packages from installing if a dependent package fails installation.

Motivation and Context

  • Chocolatey 2.3.0 incorrectly allows a package to be downgraded to resolve a dependency when it has not been specified to allow downgrades.
  • Chocolatey 2.3.0 installs a package even if one or more of the packages it depends on fails to install resulting in a broken state.

Testing

  1. Run tests through TeamCity/Test Kitchen
  2. Run all integration tests with ./build.bat --testExecutionType=all --shouldRunOpenCover=false
  3. Run a spattering of manual tests.

Operating Systems Testing

  • Windows Server 2019/2016
  • Windows 10

Change Types Made

  • Bug fix (non-breaking change).
  • Feature / Enhancement (non-breaking change).
  • Breaking change (fix or feature that could cause existing functionality to change).
  • Documentation changes.
  • PowerShell code changes.

Change Checklist

  • Requires a change to the documentation.
  • Documentation has been updated.
  • Tests to cover my changes, have been added.
  • All new and existing tests passed?
  • PowerShell code changes: PowerShell v3 compatibility checked?

Related Issue

@corbob
Copy link
Member Author

corbob commented Jul 16, 2024

This PR is in draft as I still need to run more tests as well as add more tests. And apparently bring the branch in line with the develop branch.

@corbob corbob force-pushed the 3461-downgrades branch 2 times, most recently from 64f2ded to 1731d3e Compare August 12, 2024 23:41
@corbob corbob force-pushed the 3461-downgrades branch 2 times, most recently from 37574fb to 7e225aa Compare August 15, 2024 17:47
@corbob
Copy link
Member Author

corbob commented Aug 15, 2024

This PR is currently based upon #3500, while this will make a review of it prior to #3500 being merged a little awkward, the fix from #3500 is required for some of the pester tests to complete successfully.

@corbob corbob changed the title (#3461) Prevent dependency resolution from downgrading packages (#3461,#3487) Prevent dependency resolution from downgrading packages Aug 15, 2024
@corbob corbob force-pushed the 3461-downgrades branch 2 times, most recently from a4cf193 to 8b82e88 Compare August 15, 2024 20:53
@gep13 gep13 self-requested a review August 16, 2024 15:24
@gep13
Copy link
Member

gep13 commented Aug 22, 2024

@corbob I am going to rebase this PR onto the head of develop, since my PR has now been merged, which will make reviewing this PR easier.

gep13
gep13 reviewed Aug 22, 2024
View reviewed changes
Copy link
Member

@gep13 gep13 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have left a few comments for review.

src/chocolatey/infrastructure.app/services/NugetService.cs Outdated Show resolved Hide resolved
src/chocolatey/infrastructure.app/services/NugetService.cs Outdated Show resolved Hide resolved
src/chocolatey/infrastructure.app/services/NugetService.cs Outdated Show resolved Hide resolved
src/chocolatey/infrastructure.app/services/NugetService.cs Outdated Show resolved Hide resolved
src/chocolatey/infrastructure.app/services/NugetService.cs Outdated Show resolved Hide resolved
tests/packages/failingdependency/tools/chocolateyinstall.ps1 Outdated Show resolved Hide resolved
tests/packages/upgradedowngradesdependency/Readme.md Outdated Show resolved Hide resolved
tests/packages/upgradedowngradesdependency/Readme.md Outdated Show resolved Hide resolved
tests/packages/upgradedowngradesdependency/Readme.md Outdated Show resolved Hide resolved
tests/pester-tests/commands/choco-install.Tests.ps1 Outdated Show resolved Hide resolved
@corbob
Copy link
Member Author

corbob commented Aug 26, 2024

@gep13 I'll add it here instead of in the conversations... The var x and var nullResult I think were taken from my re-use of this code that is currently line 1187 in the PR:

    var nullResult = packageResultsToReturn.GetOrAdd(packageName, new PackageResult(installedPackage.PackageMetadata, pathResolver.GetInstallPath(installedPackage.PackageMetadata.Id)));
    nullResult.Messages.Add(new ResultMessage(ResultType.Error, logMessage));

I think, I did the var x as while debugging I wanted to investiage the object to see if there was anything I could do with it in lieu of what I was.

The var nullResult was a direct copy of the existing code, but as discussed earlier today, it is better to be clear about what the object is for, so I'll either come up with a better name, add a comment, or perhaps not even use a variable...

@corbob corbob marked this pull request as ready for review August 27, 2024 14:49
@corbob corbob force-pushed the 3461-downgrades branch 2 times, most recently from 7d074d5 to 0b93f0c Compare September 26, 2024 18:29
AdmiringWorm
AdmiringWorm approved these changes Sep 27, 2024
View reviewed changes
Copy link
Member

@AdmiringWorm AdmiringWorm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@corbob @AdmiringWorm
(maint) Convert common string to constant
4debd46
@corbob @AdmiringWorm
(chocolatey#3461) Prevent downgrade of dependency
d660ca5
@corbob @AdmiringWorm
(chocolatey#3487) Prevent package success on dependency fail
f911382 
When a package dependency fails to install, we will now fail the
package as well.
@corbob @AdmiringWorm
(chocolatey#3461) Add downgrade install pester test
522d520
@corbob @AdmiringWorm
(chocolatey#3461,chocolatey#3487) Add test packages for added tests
4a8479e 
Some of these package already existed on our internal repository, while
some of them have been added for the tests being added.
@corbob @AdmiringWorm
(chocolatey#3461,chocolatey#3487) Add an all packages source for tests
e5c5838 
We have added some tests for the install all command. This adds a new
package source to the testing environment so that we can run the tests
locally and in Test Kitchen.
@corbob @AdmiringWorm
(chocolatey#3461,chocolatey#3487) Add pester tests for dependencies
d77c0bd 
Add a number of tests for dependency scenarios where we did not have
tests before.
@corbob @AdmiringWorm
(maint) Remove unnecessary variable usage
53264d2 
In the NugetService we were using a nullResult variable to allow us to
add messages to the result. We do not need this variable if we're only
adding a single message. This commit removes the unnecessary variables.
@corbob @AdmiringWorm
fixup! (chocolatey#3461,chocolatey#3487) Add pester tests for depende…
acdf0ba 
…ncies
@corbob @AdmiringWorm
fixup! (chocolatey#3461,chocolatey#3487) Add test packages for added …
dc713f1 
…tests
@corbob @AdmiringWorm
(tests) Update Test Package to have description
1becaa7 
This updates the `test-chocolateypath` package to have a description and
removes the unneeded comments. This is related to a GitLab MR that noted
these things when bringing this package into the internal repository.

This reverts commit ffd9aab4b40dc8b47b84de5f3ce91ea22fda7a6d.
@corbob @AdmiringWorm
(chocolatey#3461,chocolatey#3487) Address review comments
a93c0c4 
Address review comments by using full version string for PackageResults,
and use case insensitive compares when determining if a package has
dependencies that failed to install.
@corbob @AdmiringWorm
(maint) Output choco pack failures
930f394 
This adds logic to the Invoke-Tests file to output if a package failed
fail to pack. This allows for improved developer experience by
indicating if packages fail to build. This also allows impromptu
improvement to the developer experience by allowing simple changes to
the script to throw in place of outputting an errorand thus not
allowing tests to run without the full set of test packages.
@corbob @AdmiringWorm
(maint) Remove templated values from test packages
ff7009e 
This commit removes templated values from the test packages being added
in this PR.
@AdmiringWorm AdmiringWorm merged commit 48c93a3 into chocolatey:develop Sep 27, 2024
5 checks passed
@corbob corbob deleted the 3461-downgrades branch November 5, 2024 22:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AdmiringWorm AdmiringWorm AdmiringWorm approved these changes

@gep13 gep13 gep13 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@corbob @gep13 @AdmiringWorm