Support Is(Absolute)Latest for SemVer2 + semVerLevel for SearchService #3842
Conversation
xavierdecoster
requested review from
scottbommarito,
joelverhagen,
ryuyu and
skofman1
xavierdecoster
force-pushed
the
dev-issue3708
branch
from
94f9909
to
a5683da
Compare
src/NuGetGallery/NuGetGallery.csproj
Outdated
| @@ -450,7 +450,7 @@ | |||
| <Private>True</Private> | |||
| </Reference> | |||
| <Reference Include="NuGet.Versioning, Version=4.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"> | |||
| <HintPath>..\..\packages\NuGet.Versioning.4.3.0-preview1-2507\lib\net45\NuGet.Versioning.dll</HintPath> | |||
| <HintPath>..\..\packages\NuGet.Versioning.4.3.0-preview1-2524\lib\net45\NuGet.Versioning.dll</HintPath> | |||
| </Reference> | |||
There was a problem hiding this comment.
Note PR #3820 added dependency on NuGet.Protocol for NuGetVersionConverter. We'll need to update that version as well on merge to dev.
See:
There was a problem hiding this comment.
Thanks for the pointer! Pinned NuGet.Protocol version 4.3.0-preview1-2524 on the feed and updated the dependency.
| { | ||
| // If there's a specific version given, don't bother filtering by prerelease. You could be asking for a prerelease package. | ||
| packagesQuery = packagesQuery.Where(p => !p.IsPrerelease); | ||
| package = FindPackageByIdAndVersionStrict(id, version); |
There was a problem hiding this comment.
Previously, this query filtered if !allowPrerelease... so I'm wondering if queries could be slower in that case?
There was a problem hiding this comment.
The new FindPackageByIdAndVersionStrict API is strictly looking for the provided package version, which may be a prerelease.
The old FindPackageByIdAndVersion method (which I changed in this PR) was having fallback behavior to find the latest version if none provided, given a set of constraints, including the allowPrerelease argument which was true by default.
In other words: previous behavior was to first check if a version was provided, and - if not provided - only then check the allowPrerelease argument. If a version was provided, we ignored the allowPrerelease argument and always included prerelease packages in the first query.
In many cases, this change should actually perform better, as we no longer fetch all package versions matching the package registration ID.
| .Include(p => p.LicenseReports) | ||
| .Include(p => p.PackageRegistration) | ||
| .Where(p => (p.PackageRegistration.Id == id)); | ||
|
|
There was a problem hiding this comment.
This base query is duplicated between the various FindPackage* APIs. Should we extract it into a helper?
There was a problem hiding this comment.
Yep, fixed in d415e5d
| p => p.PackageRegistration.Id.Equals(id, StringComparison.OrdinalIgnoreCase) && | ||
| ( | ||
| String.Equals(p.NormalizedVersion, NuGetVersionNormalizer.Normalize(version), StringComparison.OrdinalIgnoreCase) | ||
| string.Equals(p.NormalizedVersion, NuGetVersionNormalizer.Normalize(version), StringComparison.OrdinalIgnoreCase) | ||
| )); |
There was a problem hiding this comment.
Could version equality be done in the DB, before ToList()? Assuming SQL Azure defaults to case insensitive collation. Would optimize the query for packages with many versions.
| else | ||
| { | ||
| package = packageVersions.FirstOrDefault(p => p.IsLatest); | ||
| } |
There was a problem hiding this comment.
Would also filter these before ToList(), to filter at the DB.
There was a problem hiding this comment.
No idea why this .ToList() call was there before, but fixed in 2c6587c :)
|
|
||
| var latestSemVer2Package = FindPackage( | ||
| packageRegistration.Packages, | ||
| p => !p.Deleted && p.Listed && p.SemVerLevelKey == SemVerLevelKey.SemVer2); |
There was a problem hiding this comment.
Should latestSemVer2 also include SemVerLevelKey.Unknown? I thought we were filtering semver2 versions from legacy/v2 search, but not the other way around. ?
There was a problem hiding this comment.
Yep! Good catch. Fixed with 9ecf59f
| <package id="NuGet.Services.KeyVault" version="1.0.0.0" targetFramework="net46" /> | ||
| <package id="NuGet.Services.Platform.Client" version="3.0.29-r-master" targetFramework="net46" /> | ||
| <package id="NuGet.Versioning" version="4.3.0-preview1-2507" targetFramework="net46" /> | ||
| <package id="NuGet.Versioning" version="4.3.0-preview1-2524" targetFramework="net46" /> | ||
| <package id="ODataNullPropagationVisitor" version="0.5.4237.2641" targetFramework="net46" /> |
There was a problem hiding this comment.
See earlier comment about NuGet.Protocol reference update on merge to dev
There was a problem hiding this comment.
Thanks. Tracked by https://github.com/NuGet/Engineering/issues/434 as part of shims update. This PR contains up-to-date, pinned package versions, and has now been rebased on latest dev to include the NuGet.Protocol change.
| @@ -424,21 +424,21 @@ | |||
| <HintPath>..\..\packages\Newtonsoft.Json.9.0.1\lib\net45\Newtonsoft.Json.dll</HintPath> | |||
| </Reference> | |||
| <Reference Include="NuGet.Common, Version=4.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"> | |||
| <HintPath>..\..\packages\NuGet.Common.4.3.0-preview1-2507\lib\net45\NuGet.Common.dll</HintPath> | |||
| <HintPath>..\..\packages\NuGet.Common.4.3.0-preview1-2524\lib\net45\NuGet.Common.dll</HintPath> | |||
There was a problem hiding this comment.
this might cause an issue with Shims. Please verify there are no runtime crashes: https://microsoft.sharepoint.com/teams/NuGet/_layouts/OneNote.aspx?id=%2Fteams%2FNuGet%2FTeam%2FNugetServer%2FNugetServerTeamNote&wd=target%28Get%20Start%28ed%5C%29.one%7C67313EFC-166A-4F46-8DEC-78A00D26F970%2FRunning%20Gallery%20with%20Shims%7CF53F10CD-0156-4D1C-9266-F21CD0AA815B%2F%29
onenote:https://microsoft.sharepoint.com/teams/NuGet/Team/NugetServer/NugetServerTeamNote/Get%20Start(ed).one#Running%20Gallery%20with%20Shims§ion-id={67313EFC-166A-4F46-8DEC-78A00D26F970}&page-id={F53F10CD-0156-4D1C-9266-F21CD0AA815B}&object-id={48902CF4-95DE-02F1-36E0-230FB6DF16D0}&10
There was a problem hiding this comment.
Good catch! Tracking here: https://github.com/NuGet/Engineering/issues/434
xavierdecoster
force-pushed
the
feature/semver2
branch
from
bef3dd4
to
43c2269
Compare
xavierdecoster
force-pushed
the
dev-issue3708
branch
2 times, most recently
from
a100d89
to
15853ae
Compare
| return package; | ||
| } | ||
|
|
||
| public virtual Package FindPackageByIdAndVersionStrict(string id, string version) |
There was a problem hiding this comment.
FindPackageByIdAndVersionStrict [](start = 31, length = 31)
We need comments about when to use "strict" vs. non-strict.
There was a problem hiding this comment.
Are the comments on the IPackageService insufficient? https://github.com/NuGet/NuGetGallery/pull/3842/files#diff-0c5ddab8598b91918ff5489f9b139d33
Shouldn't we use package.Version here? Refers to: src/NuGetGallery/Controllers/ApiController.cs:178 in 9ecf59f. [](commit_id = 9ecf59f6b40b9f218e161db56d8f294ba1603557, deletion_comment = False) |
| @@ -819,7 +912,13 @@ private void NotifyIndexingService() | |||
|
|
|||
| public async Task IncrementDownloadCountAsync(string id, string version, bool commitChanges = true) | |||
| { | |||
| var package = FindPackageByIdAndVersion(id, version); | |||
| if (string.IsNullOrEmpty(version)) | |||
There was a problem hiding this comment.
IsNullOrEmpty [](start = 23, length = 13)
When would this be null or empty?
There was a problem hiding this comment.
It's only used in a single place, and the logical flow will never have this value be null or empty. Removed in 386e8d5
| var searchFilter = SearchAdaptor.GetSearchFilter( | ||
| q, | ||
| page, | ||
| null, |
There was a problem hiding this comment.
null [](start = 20, length = 4)
Name null arguments
| { | ||
| if (!(String.Equals(packageMetadata.Id, formData.Id, StringComparison.OrdinalIgnoreCase) | ||
| && String.Equals(packageMetadata.Version.ToNormalizedString(), formData.Version, StringComparison.OrdinalIgnoreCase))) | ||
| && String.Equals(packageMetadata.Version.OriginalVersion, formData.OriginalVersion, StringComparison.OrdinalIgnoreCase))) |
There was a problem hiding this comment.
( [](start = 40, length = 1)
Should we also compare the Version as we do today?
There was a problem hiding this comment.
Added it back to ensure formData.Version has not been tampered with in any way. 6317dea
| @@ -49,6 +51,8 @@ public PackageViewModel(Package package) | |||
| public DateTime LastUpdated { get; set; } | |||
| public bool LatestVersion { get; set; } | |||
| public bool LatestStableVersion { get; set; } | |||
| public bool LatestVersionSemVer2 { get; set; } | |||
| public bool LatestStableVersionSemVer2 { get; set; } | |||
There was a problem hiding this comment.
LatestStableVersionSemVer2 [](start = 20, length = 26)
Where are these being used? Won't the web UI always just see the "semVerLevel=2.0.0" view?
There was a problem hiding this comment.
They're not used today, but may be used later to indicate this package version is the Latest(Stable)SemVer2. The UI will indeed have the default semver2 view at some point, but I'm not sure if we want to mark somehow that the package is the latest. I can remove it for now, easy to add later when needed.
There was a problem hiding this comment.
Actually, I didn't immediately find any usages for LatestVersion or LatestStableVersion on this viewmodel either...
Won't we want to show build metadata to the user in the web UI? Refers to: src/NuGetGallery/ViewModels/PackageViewModel.cs:17 in 9ecf59f. [](commit_id = 9ecf59f6b40b9f218e161db56d8f294ba1603557, deletion_comment = False) |
| @@ -79,7 +84,7 @@ | |||
| <legend>Verify Package Details</legend> | |||
| <ul id="packageDetails" style="border-bottom: 1px solid gray; margin-bottom: 1em;"> | |||
| <li>@ReadOnlyField("Package ID", "Id", Model.Id)</li> | |||
There was a problem hiding this comment.
Id [](start = 53, length = 2)
Can the user fiddle with these values using browser dev tools and make weird things happen?
There was a problem hiding this comment.
This has always been the case and imho is yet another reason to get rid of the Edit-Package-Immediately-After-Upload flow.
The controller does verification when verifying the package. See https://github.com/NuGet/NuGetGallery/blob/dev-issue3708/src/NuGetGallery/Controllers/PackagesController.cs#L1136
There was a problem hiding this comment.
I see, as long as all of the immutable fields are verified as unchanged, seems fine.
| @@ -28,7 +28,16 @@ public static class NuGetVersionExtensions | |||
|
|
|||
| public static string ToNormalizedStringSafe(this NuGetVersion self) | |||
There was a problem hiding this comment.
ToNormalizedStringSafe [](start = 29, length = 22)
It seems a bit weird to have code paths that can have null NuGetVersion and still want to get a string -- when would this be? Typically a null version implies latest, right?
There was a problem hiding this comment.
I did not touch that code in this PR as I don't know the implications of returning null.
This extension method is called in two places, both within ApiController.CreatePackageInternal, and each time, the NuGetVersion is the result of a call to NuspecReader.GetVersion() which may return null.
| // However, the rest of the version string should be normalized, | ||
| // which NuGetVersion.ToFullString does not do for non-SemVer2 packages. | ||
| // Hence the conditional call to ToNormalizedString for non-SemVer2 packages. | ||
| return self != null ? (self.IsSemVer2 ? self.ToFullString() : self.ToNormalizedString()) : string.Empty; |
There was a problem hiding this comment.
return [](start = 12, length = 6)
I don't understand why this necessary. From the GetFullString code it looks like this already implied:
https://github.com/NuGet/NuGet.Client/blob/4cccb13833ad29d6a0bcff055460d964f1b49cfe/src/NuGet.Core/NuGet.Versioning/VersionFormatter.cs#L108
There was a problem hiding this comment.
The clue is in this comment.
When the original version includes leading zeros in non-semver2 package versions, they were stripped off. This caused an existing test to fail (can't immediately find which one it was), which expected the leading zeros not to be removed.
There was a problem hiding this comment.
Weird. Thanks for filling me in.
There was a problem hiding this comment.
I'm still a little bit confused here. As far as i can tell, it looks like ToFullString and ToNormalizedString should behave the same for semVer versions.
When the NuGetVersion called Format (https://github.com/NuGet/NuGet.Client/blob/4cccb13833ad29d6a0bcff055460d964f1b49cfe/src/NuGet.Core/NuGet.Versioning/VersionFormatter.cs#L162), it checks if it's a "legacy" version.
If we go to check what legacy version means (https://github.com/NuGet/NuGet.Client/blob/4cccb13833ad29d6a0bcff055460d964f1b49cfe/src/NuGet.Core/NuGet.Versioning/NuGetVersion.cs#L179), it appears to mean that it's a System.Version version.
Am I missing something here? Also, on a broader note, should the test even be expecting leading zeros? Isn't that bad semVer?
There was a problem hiding this comment.
The test was checking behavior on a non-semver2 version, having leading zeros.
e.g. 01.0.42
There was a problem hiding this comment.
Actually, I just ran all tests again with the following line of code, and they all passed, let me fix it up. Not sure where I spotted this one (couldn't find the failing test again), but it will surely surface at some point during the build if it still fails :)
public static string ToFullStringSafe(this NuGetVersion self)
{
return self != null ? self.ToFullString() : string.Empty;
}
|
🕐 |
xavierdecoster
force-pushed
the
dev-issue3708
branch
from
e00db5c
to
42bc69e
Compare
* Fixed Report Abuse Page's Accessibility (#4001) Fixes #4002. Relevant to [VSTS #395879](https://devdiv.visualstudio.com/DefaultCollection/DevDiv/_workitems?id=395879&_a=edit). This help-text bug was for the sign-in page, but this also affects the Report Abuse page. * Fixed accessibility of email field in report abuse page * Fixed signature accessibility * Use ServerCommon's Response Code Processor (#3999) * Added Nuget.Services.Logging; moved to TelemetryResponseCodeProcessor * Added binding redirect for AI * Removing the "WITH(ONLINE=ON)" from the index creation as per #3952 (#4004) * Removing the "WITH(ONLINE=ON)" from the index creation as per #3952 (#4004) (#4030) * Remove validation rules that block uploading valid semver2 versions #3645 (#3757) * Add support for semVerLevel query parameter to V2 endpoints (#3714) * adding new optional semVerLevel query parameter to v2 odata endpoints * adding new optional semVerLevel query parameter to v2 autocomplete endpoints * Applying semVerLevel filter on v2 OData endpoints * Use [FromUri] attribute on semVerLevel (avoids having single quotes in the parameter value) * Ensure navigation links on v2 feeds use normalized version * Clarifying comment on Get(Id=,Version=) v2 API * Properly default to semver2 inclusion on Get(Id=,Version=) * Compare NormalizedVersion to be able to retrieve matching SemVer2 package versions for a given normalized version string. * Code review feedback * Update and fix broken test data * Keep legacy version compliance checks in place for non-SemVer2 versions (#3761) * Keep legacy version compatibility checks in place for non-semver2 versions * Added comment to clarify the reasons behind the legacy version check. * Fix typo * Rename test for clarity * code review feedback * Set SemVerLevelKey after setting Dependencies * #3861 V2 NuGetEntityTypeSerializer Id link patcher must retain curated feed name (#3864) * Support Is(Absolute)Latest for SemVer2 + semVerLevel for SearchService (#3842) * LuceneIndexingService in Gallery should take into account IsLatest(Stable)SemVer2 (#3863) * POST VerifyPackage version validation should use ToFullString comparison * ODataV2CuratedFeedController should support semver2 by default when requesting a specific version, and compare on NormalizedVersion * Refactor NuGetEntityTypeSerializer + unit test coverage (#3879) * Use NormalizedVersion in URLs contained in PackageAddedNotice (#3886) * Add nullcheck and use TryParse. (#3890) * Show full version on package details page (#3887) * Highlight semver2 packages on package details view (#3893) * Fix bug in IsLatest(Stable)SemVer2 (#3895) * VerifyPackage on ApiController should treat version as optional parameter (#3903) * UpdateIsLatest not resetting IsLatest(Stable)SemVer2 on previous latest versions (#3909) * Fix malformed URL in redirect after package upload (#3915) * Minor fix for search results package URLs (when to use version or not in the URL) * UrlHelper extension for Package should use NormalizedVersion (#3925) * Default to latest stable semver2 on package details page (#3930) * User profile page does not show SemVer 2.0.0 packages #3911 (#3933) * Fix functional test failure SearchMicrosoftDotNetCuratedFeed #3941 (#3942) * Fix System.NotSupportedException on User profile page (#3943) * Fix Functional Test failure for ODataFeeds.V2FeedExtendedTests.FindPackagesByIdTest #3947 (#3948) * Fix load test failure due to incorrect test setup (#3957) * Hijack IsLatest(Stable)Version OData filter when semVerLevel=2.0.0 (#3966) * Detect if package only differ by metadata and show optimal user-facing error message (#3970) * Update Semver2 package details message with final nuget client version #3897 (#3988) * On package validation failure an actionable error message should be displayed. #3916 (#4031) * Make downloads link on home page a proper link (#4052) * Fix the date format on stats page (#4057) * Update telemetry processors (#4059) * Reorder SemVer2Latest migration to match deployment history (#4062) * Average download shown incorrectly when its 1.x #4039 (#4040) * Average download shown incorrectly when its 1.x #4039 * Moved logic to viewmodel and added UTs * Port latest changes made to package details page * SemVer2 - Missing db index on Packages table #498 (#4073) * SemVer2 - Missing db index on Packages table #498 * SemVer2 - Missing db index on Packages table for partial search #499 (#4074) * Package-Versions autocomplete endpoint does not properly handle semVerLevel when using the db #4086 (#4087) * v2 package-versions auto-complete endpoint should exclude deleted versions #4092 (#4093) * Remove auto-refresh AJAX call for total stats on home page #4090 (#4091) * Fix merge conflicts
* Fixed Report Abuse Page's Accessibility (#4001) Fixes #4002. Relevant to [VSTS #395879](https://devdiv.visualstudio.com/DefaultCollection/DevDiv/_workitems?id=395879&_a=edit). This help-text bug was for the sign-in page, but this also affects the Report Abuse page. * Fixed accessibility of email field in report abuse page * Fixed signature accessibility * Use ServerCommon's Response Code Processor (#3999) * Added Nuget.Services.Logging; moved to TelemetryResponseCodeProcessor * Added binding redirect for AI * Removing the "WITH(ONLINE=ON)" from the index creation as per #3952 (#4004) * Removing the "WITH(ONLINE=ON)" from the index creation as per #3952 (#4004) (#4030) * Remove validation rules that block uploading valid semver2 versions #3645 (#3757) * Add support for semVerLevel query parameter to V2 endpoints (#3714) * adding new optional semVerLevel query parameter to v2 odata endpoints * adding new optional semVerLevel query parameter to v2 autocomplete endpoints * Applying semVerLevel filter on v2 OData endpoints * Use [FromUri] attribute on semVerLevel (avoids having single quotes in the parameter value) * Ensure navigation links on v2 feeds use normalized version * Clarifying comment on Get(Id=,Version=) v2 API * Properly default to semver2 inclusion on Get(Id=,Version=) * Compare NormalizedVersion to be able to retrieve matching SemVer2 package versions for a given normalized version string. * Code review feedback * Update and fix broken test data * Keep legacy version compliance checks in place for non-SemVer2 versions (#3761) * Keep legacy version compatibility checks in place for non-semver2 versions * Added comment to clarify the reasons behind the legacy version check. * Fix typo * Rename test for clarity * code review feedback * Set SemVerLevelKey after setting Dependencies * #3861 V2 NuGetEntityTypeSerializer Id link patcher must retain curated feed name (#3864) * Support Is(Absolute)Latest for SemVer2 + semVerLevel for SearchService (#3842) * LuceneIndexingService in Gallery should take into account IsLatest(Stable)SemVer2 (#3863) * POST VerifyPackage version validation should use ToFullString comparison * ODataV2CuratedFeedController should support semver2 by default when requesting a specific version, and compare on NormalizedVersion * Refactor NuGetEntityTypeSerializer + unit test coverage (#3879) * Use NormalizedVersion in URLs contained in PackageAddedNotice (#3886) * Add nullcheck and use TryParse. (#3890) * Show full version on package details page (#3887) * Highlight semver2 packages on package details view (#3893) * Fix bug in IsLatest(Stable)SemVer2 (#3895) * VerifyPackage on ApiController should treat version as optional parameter (#3903) * UpdateIsLatest not resetting IsLatest(Stable)SemVer2 on previous latest versions (#3909) * Fix malformed URL in redirect after package upload (#3915) * Minor fix for search results package URLs (when to use version or not in the URL) * UrlHelper extension for Package should use NormalizedVersion (#3925) * Default to latest stable semver2 on package details page (#3930) * User profile page does not show SemVer 2.0.0 packages #3911 (#3933) * Fix functional test failure SearchMicrosoftDotNetCuratedFeed #3941 (#3942) * Fix System.NotSupportedException on User profile page (#3943) * Fix Functional Test failure for ODataFeeds.V2FeedExtendedTests.FindPackagesByIdTest #3947 (#3948) * Fix load test failure due to incorrect test setup (#3957) * Hijack IsLatest(Stable)Version OData filter when semVerLevel=2.0.0 (#3966) * Detect if package only differ by metadata and show optimal user-facing error message (#3970) * Update Semver2 package details message with final nuget client version #3897 (#3988) * On package validation failure an actionable error message should be displayed. #3916 (#4031) * Make downloads link on home page a proper link (#4052) * Fix the date format on stats page (#4057) * Update telemetry processors (#4059) * Reorder SemVer2Latest migration to match deployment history (#4062) * Average download shown incorrectly when its 1.x #4039 (#4040) * Average download shown incorrectly when its 1.x #4039 * Moved logic to viewmodel and added UTs * SemVer2 - Missing db index on Packages table #498 (#4073) * SemVer2 - Missing db index on Packages table #498 * SemVer2 - Missing db index on Packages table for partial search #499 (#4074) * Package-Versions autocomplete endpoint does not properly handle semVerLevel when using the db #4086 (#4087) * Package-Versions autocomplete endpoint does not properly handle semVerLevel when using the db #4086 (#4087) * v2 package-versions auto-complete endpoint should exclude deleted versions #4092 (#4093) * Remove auto-refresh AJAX call for total stats on home page #4090 (#4091) * v2 package-versions auto-complete endpoint should exclude unlisted versions #4092 (#4099) * Support for policy propagation (#4061) - Added inline confirmation when adding new package owner - Added package URL link to package owner request emails - Added new notification to co-owners when package owner request is confirmed - Added secure push policy messaging to communication above (confirmation, request, and notification) - Added secure push policy messaging to package view for owners and admins - Fixed bug on security policy admin view where toggle all broken if multiple subscriptions - Updated security policy admin view to not reload page on update postback * Preserve original 409 exception in AI logs (#4136) * System.ArgumentNullException GET packages/DisplayPackage #4204 (#4210) * Resolve merge conflicts
Fixes:
Single PR as one couldn't be fixed without the other.