Add NuGet source #261
Add NuGet source #261
Conversation
|
A large number of Microsoft packages that any ASP.NET Core project will likely use have a specific, not SPDX recognized license. Is there any way to have this license show up as something different than other so that they don’t have to manually be reviewed? It looks like anything not in choosealicense is consider an invalid license. |
This implementation works for all .NET Core projects, and newer .NET Framework projects that use PackageReference, where nuget resolves the package graph during restore and produces files indicating where the packages were downloaded to. It will not work for older .NET Framework projects that use the |
|
Ignore the failing cabal tests, it's a common occurrence that something in a new cabal release breaks the setup script 😢 . I'll get around to fixing it when I have some free time. |
|
I've updated the test GH Action workflow to fix the failing cabal builds, they should be back to ✅ after updating from master. |
Co-authored-by: Jon Ruskin <jonabc@github.com>
… gather_packages.
| def enumerate_dependencies | ||
| json = JSON.parse(project_assets_file) | ||
| nuget_packages_dir = json["project"]["restore"]["packagesPath"] | ||
| json["targets"].each_with_object({}) do |(_, target), dependencies| | ||
| target.each do |reference_key, reference| | ||
| # Ignore project references | ||
| next unless reference["type"] == "package" | ||
| package_id_parts = reference_key.partition("/") | ||
| name = package_id_parts[0] | ||
| version = package_id_parts[-1] | ||
| id = "#{name}-#{version}" | ||
|
|
||
| # Already know this package from another target | ||
| next if dependencies.key?(id) | ||
|
|
||
| path = File.join(nuget_packages_dir, json["libraries"][reference_key]["path"]) | ||
| dependencies[id] = NuGetDependency.new( | ||
| name: id, | ||
| version: version, | ||
| path: path, | ||
| metadata: { | ||
| "type" => NuGet.type, | ||
| "name" => name | ||
| } | ||
| ) | ||
| end | ||
| end.values | ||
| end |
There was a problem hiding this comment.
nit: this would be easier to read and could avoid the dangling .values if this was broken up into separate methods that (1) gathered metadata and (2) mapped metadata to NugetDependency.
not blocking, 👍 to clean this up later so this source can be released.
Add NuGet / dotnet as a supported package source type.
There are a number of open questions remaining since NuGet is somewhat unique in terms of the number of different license mechanisms it has, the most common being fetching licenses from a URL.
FYI this is the first Ruby I've ever written, so I apologize in advance for any atrocities 😃