vscode-dotnet-runtime/dependency-verifier.py

import sys
import subprocess
import os
from pathlib import Path


def main():
    """Check if the dependency updates in package-lock are also updated in yarn.locks"""
    targetBranch = sys.argv[1] # Script is called with PR Target Branch Name, Fulfilled by AzDo
    subprocess.getoutput(f"git fetch --all")
    subprocess.getoutput(f"git pull origin {targetBranch}")
    VerifyDependencies(targetBranch)
    sys.exit(0)

def VerifyDependencies(targetBranch):
    """Enumerate through all changed files to check diffs."""
    # origin/ requires origin/ to be up to date.
    changedFiles = [Path(path) for path in subprocess.getoutput(f"git diff --name-only origin/{targetBranch}..").splitlines()]
    npmLockFile = "package-lock.json"

    for file in changedFiles:
        fileName = os.path.basename(os.path.realpath(file))
        if fileName == npmLockFile:
            NpmChangesMirrorYarnChanges(changedFiles, file, targetBranch)

def GetNpmDependencyUpdates(packageLockDiffLines):
    """Returns a dictionary of [dependency -> [] (can be changed to version in later implementations)] changes found in diff string of package-lock.json"""
    # Assumes dependency line starts with "node_modules/DEPENDENCYNAME". Version may or may not come after
    dependencies = {}
    for line in packageLockDiffLines:
        line = line.strip()
        line = line.lstrip("\t")
        if line.startswith('"node_modules/'):
            dependencies[line.split('"node_modules/', 1)[1].split('"', 1)[0]] = [] # will be "node_modules/dep further" content, need to cull
    return dependencies

def GetYarnDependencyUpdates(yarnLockDiffLines):
    """Returns a dictionary of [dependency -> [] (can be changed to version in later implementations)] changes found in diff string of yarn.lock"""
    # Assumes dependency line starts with DEPEDENCY@Version without whitespace
    dependencies = {}
    for line in yarnLockDiffLines:
        if line == line.lstrip() and "@" in line:
            depsAtVers = line.lstrip('"').split(",") # multiple dependencies are possible with diff versions, sep by ,
            for dependencyAtVers in depsAtVers:
                dep = dependencyAtVers.rsplit("@", 1)[0]
                vers = dependencyAtVers.rsplit("@", 1)[1]
                dependencies[dep] = [] # Could add version here later. That will probably not happen
    return dependencies

def GetUnmatchedDiffs(yarnDiff, npmDiff):
    """Returns [] if dependency updates are reflected in both diffs, else the dependencies out of sync."""
                                        # v Remove + or - from diff and additional git diff context lines
    yarnDeps = GetYarnDependencyUpdates([line[1:] for line in yarnDiff.splitlines() if line.startswith("+") or line.startswith("-")])
    npmDeps = GetNpmDependencyUpdates([line[1:] for line in npmDiff.splitlines() if line.startswith("+") or line.startswith("-")])
    outOfSyncDependencies = []
    for dep in npmDeps:
        if dep in yarnDeps and yarnDeps[dep] == npmDeps[dep]: # version changes match
            continue
        else:
            outOfSyncDependencies.append(dep)
    return outOfSyncDependencies

def NpmChangesMirrorYarnChanges(changedFiles, packageLockPath, targetBranch):
    """Returns successfully if yarn.lock matches package lock changes, if not, throws exit code"""
    yarnLockFile = "yarn.lock"
    yarnLockPath = Path(os.path.join(os.path.dirname(packageLockPath), yarnLockFile))
    outOfDateYarnLocks = []

    if yarnLockPath in changedFiles:
        yarnDiff = subprocess.getoutput(f"git diff origin/{targetBranch}.. -- {str(yarnLockPath)}")
        npmDiff = subprocess.getoutput(f"git diff origin/{targetBranch}..  -- {packageLockPath}")
        diffSetComplement = GetUnmatchedDiffs(yarnDiff, npmDiff)
        if diffSetComplement == []:
           pass
        else:
            outOfDateYarnLocks.append((str(yarnLockPath), diffSetComplement))
    else:
        outOfDateYarnLocks.append(yarnLockPath)
    if(outOfDateYarnLocks != []):
        sys.exit(f"""{outOfDateYarnLocks} may be out of sync with node.

        The yarn.lock and package-lock appear to be out of sync with the changes made after {targetBranch}.
        Update by first using npm to push to the registry, doing npm install package@version. Then, do yarn add package@version for each primary package. During the yarn add process, you may need to npm install specific dependencies that yarn will flag to allow yarn to proceed. You may consider (yarn import). Note this tool will list dependencies of packages, but you should try adding just the main package first.
        If you can confirm the new changes are in sync, then you may ignore this failure.""")
    else:
        return 0 # OK, status here is not used

if __name__ == "__main__":
    main()
add dependency-verifier 2022-10-06 20:23:43 +03:00			`import sys`
Check if git can be called in pipeline 2022-10-06 20:41:31 +03:00			`import subprocess`
Improve code quality 2022-10-06 22:16:15 +03:00			`import os`
Several fixes to depedency verifier 2022-10-07 01:00:26 +03:00			`from pathlib import Path`

add dependency-verifier 2022-10-06 20:23:43 +03:00
PushGitBranchesToCheckRemote 2022-10-06 21:26:57 +03:00			`def main():`
			`"""Check if the dependency updates in package-lock are also updated in yarn.locks"""`
pull nongeneric branch now that testing is done 2022-10-07 01:01:25 +03:00			`targetBranch = sys.argv[1] # Script is called with PR Target Branch Name, Fulfilled by AzDo`
PushGitBranchesToCheckRemote 2022-10-06 21:26:57 +03:00			`subprocess.getoutput(f"git fetch --all")`
Improve code quality 2022-10-06 22:16:15 +03:00			`subprocess.getoutput(f"git pull origin {targetBranch}")`
PushGitBranchesToCheckRemote 2022-10-06 21:26:57 +03:00			`VerifyDependencies(targetBranch)`
			`sys.exit(0)`

			`def VerifyDependencies(targetBranch):`
			`"""Enumerate through all changed files to check diffs."""`
Fix Windows Registry Check and Add Tests For It This also removes some of the remaining todo checks that required verifying that things worked. The windows and mac install tests are failing. Those 2 still need to be fixed. 2023-07-13 21:05:56 +03:00			`# origin/ requires origin/ to be up to date.`
Several fixes to depedency verifier 2022-10-07 01:00:26 +03:00			`changedFiles = [Path(path) for path in subprocess.getoutput(f"git diff --name-only origin/{targetBranch}..").splitlines()]`
PushGitBranchesToCheckRemote 2022-10-06 21:26:57 +03:00			`npmLockFile = "package-lock.json"`
Fix Windows Registry Check and Add Tests For It This also removes some of the remaining todo checks that required verifying that things worked. The windows and mac install tests are failing. Those 2 still need to be fixed. 2023-07-13 21:05:56 +03:00
PushGitBranchesToCheckRemote 2022-10-06 21:26:57 +03:00			`for file in changedFiles:`
			`fileName = os.path.basename(os.path.realpath(file))`
			`if fileName == npmLockFile:`
			`NpmChangesMirrorYarnChanges(changedFiles, file, targetBranch)`

Several fixes to depedency verifier 2022-10-07 01:00:26 +03:00			`def GetNpmDependencyUpdates(packageLockDiffLines):`
Add code to grab dependencies 2022-10-06 22:06:10 +03:00			`"""Returns a dictionary of [dependency -> [] (can be changed to version in later implementations)] changes found in diff string of package-lock.json"""`
			`# Assumes dependency line starts with "node_modules/DEPENDENCYNAME". Version may or may not come after`
			`dependencies = {}`
Several fixes to depedency verifier 2022-10-07 01:00:26 +03:00			`for line in packageLockDiffLines:`
			`line = line.strip()`
			`line = line.lstrip("\t")`
			`if line.startswith('"node_modules/'):`
			`dependencies[line.split('"node_modules/', 1)[1].split('"', 1)[0]] = [] # will be "node_modules/dep further" content, need to cull`
Add code to grab dependencies 2022-10-06 22:06:10 +03:00			`return dependencies`

Several fixes to depedency verifier 2022-10-07 01:00:26 +03:00			`def GetYarnDependencyUpdates(yarnLockDiffLines):`
Add code to grab dependencies 2022-10-06 22:06:10 +03:00			`"""Returns a dictionary of [dependency -> [] (can be changed to version in later implementations)] changes found in diff string of yarn.lock"""`
Several fixes to depedency verifier 2022-10-07 01:00:26 +03:00			`# Assumes dependency line starts with DEPEDENCY@Version without whitespace`
Add code to grab dependencies 2022-10-06 22:06:10 +03:00			`dependencies = {}`
Several fixes to depedency verifier 2022-10-07 01:00:26 +03:00			`for line in yarnLockDiffLines:`
			`if line == line.lstrip() and "@" in line:`
			`depsAtVers = line.lstrip('"').split(",") # multiple dependencies are possible with diff versions, sep by ,`
			`for dependencyAtVers in depsAtVers:`
			`dep = dependencyAtVers.rsplit("@", 1)[0]`
			`vers = dependencyAtVers.rsplit("@", 1)[1]`
Fix Windows Registry Check and Add Tests For It This also removes some of the remaining todo checks that required verifying that things worked. The windows and mac install tests are failing. Those 2 still need to be fixed. 2023-07-13 21:05:56 +03:00			`dependencies[dep] = [] # Could add version here later. That will probably not happen`
Add code to grab dependencies 2022-10-06 22:06:10 +03:00			`return dependencies`

Several fixes to depedency verifier 2022-10-07 01:00:26 +03:00			`def GetUnmatchedDiffs(yarnDiff, npmDiff):`
Make the yarn/npm sync check pass The check is over-zealous because package.json and package-lock has some content yarn does not. we dont want to show a red x for every build, so make it show a yellow warning instead. 2023-09-20 01:00:47 +03:00			`"""Returns [] if dependency updates are reflected in both diffs, else the dependencies out of sync."""`
Several fixes to depedency verifier 2022-10-07 01:00:26 +03:00			`# v Remove + or - from diff and additional git diff context lines`
			`yarnDeps = GetYarnDependencyUpdates([line[1:] for line in yarnDiff.splitlines() if line.startswith("+") or line.startswith("-")])`
			`npmDeps = GetNpmDependencyUpdates([line[1:] for line in npmDiff.splitlines() if line.startswith("+") or line.startswith("-")])`
			`outOfSyncDependencies = []`
Add code to grab dependencies 2022-10-06 22:06:10 +03:00			`for dep in npmDeps:`
			`if dep in yarnDeps and yarnDeps[dep] == npmDeps[dep]: # version changes match`
			`continue`
			`else:`
Several fixes to depedency verifier 2022-10-07 01:00:26 +03:00			`outOfSyncDependencies.append(dep)`
			`return outOfSyncDependencies`
Add code to grab dependencies 2022-10-06 22:06:10 +03:00
PushGitBranchesToCheckRemote 2022-10-06 21:26:57 +03:00			`def NpmChangesMirrorYarnChanges(changedFiles, packageLockPath, targetBranch):`
Make the yarn/npm sync check pass The check is over-zealous because package.json and package-lock has some content yarn does not. we dont want to show a red x for every build, so make it show a yellow warning instead. 2023-09-20 01:00:47 +03:00			`"""Returns successfully if yarn.lock matches package lock changes, if not, throws exit code"""`
PushGitBranchesToCheckRemote 2022-10-06 21:26:57 +03:00			`yarnLockFile = "yarn.lock"`
Several fixes to depedency verifier 2022-10-07 01:00:26 +03:00			`yarnLockPath = Path(os.path.join(os.path.dirname(packageLockPath), yarnLockFile))`
Update checks to branches in azdo 2022-10-06 21:30:36 +03:00			`outOfDateYarnLocks = []`
Fix Windows Registry Check and Add Tests For It This also removes some of the remaining todo checks that required verifying that things worked. The windows and mac install tests are failing. Those 2 still need to be fixed. 2023-07-13 21:05:56 +03:00
Update checks to branches in azdo 2022-10-06 21:30:36 +03:00			`if yarnLockPath in changedFiles:`
Several fixes to depedency verifier 2022-10-07 01:00:26 +03:00			`yarnDiff = subprocess.getoutput(f"git diff origin/{targetBranch}.. -- {str(yarnLockPath)}")`
			`npmDiff = subprocess.getoutput(f"git diff origin/{targetBranch}.. -- {packageLockPath}")`
			`diffSetComplement = GetUnmatchedDiffs(yarnDiff, npmDiff)`
			`if diffSetComplement == []:`
Add code to grab dependencies 2022-10-06 22:06:10 +03:00			`pass`
Yarn lock checker 2022-10-06 21:39:55 +03:00			`else:`
Several fixes to depedency verifier 2022-10-07 01:00:26 +03:00			`outOfDateYarnLocks.append((str(yarnLockPath), diffSetComplement))`
Update checks to branches in azdo 2022-10-06 21:30:36 +03:00			`else:`
Several fixes to depedency verifier 2022-10-07 01:00:26 +03:00			`outOfDateYarnLocks.append(yarnLockPath)`
Yarn lock checker 2022-10-06 21:39:55 +03:00			`if(outOfDateYarnLocks != []):`
Make the yarn/npm sync check pass The check is over-zealous because package.json and package-lock has some content yarn does not. we dont want to show a red x for every build, so make it show a yellow warning instead. 2023-09-20 01:00:47 +03:00			`sys.exit(f"""{outOfDateYarnLocks} may be out of sync with node.`

			`The yarn.lock and package-lock appear to be out of sync with the changes made after {targetBranch}.`
			`Update by first using npm to push to the registry, doing npm install package@version. Then, do yarn add package@version for each primary package. During the yarn add process, you may need to npm install specific dependencies that yarn will flag to allow yarn to proceed. You may consider (yarn import). Note this tool will list dependencies of packages, but you should try adding just the main package first.`
			`If you can confirm the new changes are in sync, then you may ignore this failure.""")`
Yarn lock checker 2022-10-06 21:39:55 +03:00			`else:`
			`return 0 # OK, status here is not used`
Fix Windows Registry Check and Add Tests For It This also removes some of the remaining todo checks that required verifying that things worked. The windows and mac install tests are failing. Those 2 still need to be fixed. 2023-07-13 21:05:56 +03:00
Improve code quality 2022-10-06 22:16:15 +03:00			`if __name__ == "__main__":`
Several fixes to depedency verifier 2022-10-07 01:00:26 +03:00			`main()`