Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

C#: Restore projects and collect dependencies for projects in the same folder sequentially. #16248

Merged
merged 5 commits into from Apr 29, 2024
Merged

C#: Restore projects and collect dependencies for projects in the same folder sequentially. #16248

merged 5 commits into from Apr 29, 2024

Conversation

michaelnebel
Copy link
Contributor

@michaelnebel michaelnebel commented Apr 18, 2024
edited

This is a bugfix.
Prior to this change assets files would overwritten, if multiple projects are restored in the same folder. Now projects in the same folder are restored sequentially and the assets files are parsed immediately.

@github-actions github-actions bot added the C# label Apr 18, 2024
@hvitved hvitved mentioned this pull request Apr 18, 2024
Draft
@michaelnebel michaelnebel force-pushed the csharp/groupsprojectbeforerestore branch from 1db31b6 to e3f130d Compare April 25, 2024 12:13
@michaelnebel michaelnebel changed the title C#: Do not run dotnet restore in parallel for projects in the same fo… C#: Group project restore by folder. Apr 25, 2024
@michaelnebel michaelnebel changed the title C#: Group project restore by folder. C#: Group project restore by folder in the dependency manager. Apr 25, 2024
@michaelnebel michaelnebel added the no-change-note-required This PR does not need a change note label Apr 25, 2024
@michaelnebel michaelnebel force-pushed the csharp/groupsprojectbeforerestore branch from e3f130d to 181a063 Compare April 25, 2024 13:39
@michaelnebel michaelnebel changed the title C#: Group project restore by folder in the dependency manager. C#: Restore projects and collection dependencies for projects in the same folder sequentially. Apr 25, 2024
@michaelnebel michaelnebel changed the title C#: Restore projects and collection dependencies for projects in the same folder sequentially. C#: Restore projects and collect dependencies for projects in the same folder sequentially. Apr 25, 2024
@michaelnebel
Copy link
Contributor Author

michaelnebel commented Apr 25, 2024
edited

I think DCA looks acceptable.

  • Some projects have more extraction errors and some have fewer.
  • There is larger alert diff compared to the nightly wobble, but none of the security related queries lost any results (actually the DCA run found 14 extra security alerts for hardcoded-credentials).
  • No performance regression.

It will be interested to see, if the issue fixed in this PR somewhat fixes the nightly alert wobble. Prior to this change, only a single projects.assets.json would be parsed per directory containing projects and this could potentially be different pr execution as the restores were executed in parallel (and thus no guarantee on which project would have it assets file stored in the folder and used for dependency collection).

@michaelnebel michaelnebel marked this pull request as ready for review April 25, 2024 14:07
@michaelnebel michaelnebel requested a review from a team as a code owner April 25, 2024 14:07
tamasvajk
tamasvajk reviewed Apr 26, 2024
View reviewed changes
Copy link
Contributor

@tamasvajk tamasvajk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. I added some minor comments.

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Assets.cs Outdated
@@ -16,6 +16,11 @@ internal class Assets
{
private readonly ILogger logger;

/// <summary>
/// Contains the dependencies found in the parsed asset files.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: We're mixing asset and assets file in comments. I think it should be assets.

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyContainer.cs Outdated
/// Flatten a list of containers into a single container.
/// </summary>
public static DependencyContainer Flatten(this IEnumerable<DependencyContainer> container) =>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: the parameter name should be plural and then the below c can be renamed to container.

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs Outdated
}
assetFiles.AddRange(res.AssetsFilePaths);
}
lock (sync)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're using the sync object for multiple locking purposes. Maybe you could change the collectedDependencies to be a ConcurrentBag<>.

hvitved
hvitved reviewed Apr 26, 2024
View reviewed changes
Copy link
Contributor

@hvitved hvitved left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. One suggestion; feel free to ignore.

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyContainer.cs Outdated
/// Flatten a list of containers into a single container.
/// </summary>
public static DependencyContainer Flatten(this IEnumerable<DependencyContainer> container) =>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You could change this to

 public static DependencyContainer Flatten(this IEnumerable<DependencyContainer> container, DependencyContainer init) =>

and then replace the new DependencyContainer() in Aggregate below with init.

@michaelnebel
Copy link
Contributor Author

DCA looks good.

@michaelnebel michaelnebel merged commit a304e2d into github:main Apr 29, 2024
16 checks passed
@michaelnebel michaelnebel deleted the csharp/groupsprojectbeforerestore branch April 29, 2024 12:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tamasvajk tamasvajk tamasvajk left review comments

@hvitved hvitved hvitved approved these changes

Assignees
No one assigned
Labels
C# no-change-note-required This PR does not need a change note
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@michaelnebel @hvitved @tamasvajk