Deprecate http usage: restore scenarios promote warning to error for http sources
#5731
Conversation
Nigusu-Allehu
changed the title
nuget push promote warning to error for http sourcesrestore scenarios promote warning to error for http sources
Nigusu-Allehu
force-pushed
the
dev-feature-http-error
branch
from
18162b4
to
faf0a89
Compare
Nigusu-Allehu
force-pushed
the
dev-nyenework-http-error-restore
branch
from
77e06d4
to
1851cf0
Compare
Nigusu-Allehu
force-pushed
the
dev-nyenework-http-error-restore
branch
from
d2054fb
to
1fbf7b3
Compare
Nigusu-Allehu
changed the title
restore scenarios promote warning to error for http sourcesrestore / install scenarios promote warning to error for http sources
test/NuGet.Clients.FuncTests/NuGet.CommandLine.FuncTest/Commands/RestoreCommandTests.cs
Outdated
Show resolved
Hide resolved
test/NuGet.Clients.Tests/NuGet.CommandLine.Test/NuGetInstallCommandTest.cs
Outdated
Show resolved
Hide resolved
test/NuGet.Core.FuncTests/Msbuild.Integration.Test/MsbuildRestoreTaskTests.cs
Outdated
Show resolved
Hide resolved
test/NuGet.Clients.FuncTests/NuGet.CommandLine.FuncTest/Caching/CachingTestContext.cs
Outdated
Show resolved
Hide resolved
test/NuGet.Clients.Tests/NuGet.CommandLine.Test/NuGetInstallCommandTest.cs
Outdated
Show resolved
Hide resolved
Nigusu-Allehu
changed the title
restore / install scenarios promote warning to error for http sourcesrestore scenarios promote warning to error for http sources
test/NuGet.Clients.FuncTests/NuGet.CommandLine.FuncTest/Commands/RestoreCommandTests.cs
Show resolved
Hide resolved
| Assert.Contains($"Added package 'A.1.0.0' to folder '{projectBPackages}'", result.Output); | ||
| Assert.DoesNotContain(warningForHttpsSource, result.Output); | ||
| if (hasHttpWarning) | ||
| Assert.DoesNotContain(errorForHttpsSource, result.AllOutput); |
There was a problem hiding this comment.
Instead of asserting a missing error, why can't this depend on result.Success.Should().BeTrue() ?
There was a problem hiding this comment.
From what I have seen, it is possible for the restore command runner to log an error and still exit code of 0. This is just making sure that is not happening and this error is not logged.
test/NuGet.Clients.FuncTests/NuGet.CommandLine.FuncTest/Commands/RestoreCommandTests.cs
Outdated
Show resolved
Hide resolved
| @@ -66,7 +66,7 @@ public async Task FeedPackagePruning_GivenThatAV3FeedPrunesAPackageDuringRestore | |||
| server.Start(); | |||
|
|
|||
| var feedUrl = server.Uri + "index.json"; | |||
|
|
|||
| pathContext.Settings.AddSource(feedUrl, feedUrl, allowInsecureConnectionsValue: "true"); | |||
There was a problem hiding this comment.
Is there a tracking issue to change all the test dependencies to use HTTPS?
There was a problem hiding this comment.
No. I think that is a good point.
test/NuGet.Core.FuncTests/Msbuild.Integration.Test/MsbuildRestoreTaskTests.cs
Show resolved
Hide resolved
test/NuGet.Core.FuncTests/Msbuild.Integration.Test/MsbuildRestoreTaskTests.cs
Outdated
Show resolved
Hide resolved
test/NuGet.Core.FuncTests/NuGet.Commands.FuncTest/RestoreCommandTests.cs
Outdated
Show resolved
Hide resolved
| <configuration> | ||
| <packageSources> | ||
| <clear /> | ||
| <add key=""http-feed"" value=""{source}"" allowInsecureConnections=""true""/> |
There was a problem hiding this comment.
It looks like allowInsecureConnections setting can also be configured through an environment variable. I guess we need a test to verify that behavior as well. I am okay with addressing this comment in a follow up pull-request.
There was a problem hiding this comment.
Are you referring to setting the config file as follows
<packageSources>
<clear />
<add key="source" value="http://source" allowInsecureConnections="${Allow_Insecure_Connection_Value}" />
</packageSources>There was a problem hiding this comment.
Yes, you are correct Nigusu. However, environment variable syntax is a bit different as I explained below. NuGet uses Environment.ExpandEnvironment .NET API internally.
<packageSources>
<clear />
<add key="source" value="http://source" allowInsecureConnections="%AllowInsecureConnectionValue%" />
</packageSources>There was a problem hiding this comment.
Feel free to address this comment in a separate PR.
There was a problem hiding this comment.
Isn't env var vs a nuget.config value stylistic?
What's the benefit of the env var over the nguet.config.
There was a problem hiding this comment.
I can't think of any benefit with the environment variable for this setting. I added the comment because currently code expands environment variable for this setting also. May be we could remove the environment variable support for this setting because it doesn't add much value to the users.
test/NuGet.Core.FuncTests/NuGet.Commands.FuncTest/RestoreCommandTests.cs
Outdated
Show resolved
Hide resolved
dotnet-policy-service
bot
removed
the
Status:No recent activity
|
@NuGet/nuget-client Any suggestions? |
Bug
Fixes: NuGet/Home#13353
Regression? Last working version:
Description
Promote http source usage warnings in restore scenarios to errors.
PR Checklist
PR has a meaningful title
PR has a linked issue.
Described changes
Tests
Documentation
https://github.com/Add documentation for NU1302 Home#13502