always directly download nupkg and cache the tfms (#9230)

Co-authored-by: AbdulFattaah Popoola <abdulapopoola@github.com>
dependabot · Mar 7, 2024 · 1d431ba · 1d431ba
1 parent 0f9f95b
commit 1d431ba
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 16 deletions.
diff --git a/nuget/lib/dependabot/nuget/update_checker/compatibility_checker.rb b/nuget/lib/dependabot/nuget/update_checker/compatibility_checker.rb
@@ -66,23 +66,31 @@ def project_tfms
       end
 
       def fetch_package_tfms(dependency_version)
-        nupkg_buffer = NupkgFetcher.fetch_nupkg_buffer(dependency_urls, dependency.name, dependency_version)
-        return [] unless nupkg_buffer
-
-        # Parse tfms from the folders beneath the lib folder
-        folder_name = "lib/"
-        tfms = Set.new
-        Zip::File.open_buffer(nupkg_buffer) do |zip|
-          lib_file_entries = zip.select { |entry| entry.name.start_with?(folder_name) }
-          # If there is no lib folder in this package, assume it is a development dependency
-          return nil if lib_file_entries.empty?
-
-          lib_file_entries.each do |entry|
-            _, tfm = entry.name.split("/").first(2)
-            tfms << tfm
+        cache = CacheManager.cache("compatibility_checker_tfms_cache")
+        key = "#{dependency.name}::#{dependency_version}"
+
+        cache[key] ||= begin
+          nupkg_buffer = NupkgFetcher.fetch_nupkg_buffer(dependency_urls, dependency.name, dependency_version)
+          return [] unless nupkg_buffer
+
+          # Parse tfms from the folders beneath the lib folder
+          folder_name = "lib/"
+          tfms = Set.new
+          Zip::File.open_buffer(nupkg_buffer) do |zip|
+            lib_file_entries = zip.select { |entry| entry.name.start_with?(folder_name) }
+            # If there is no lib folder in this package, assume it is a development dependency
+            return nil if lib_file_entries.empty?
+
+            lib_file_entries.each do |entry|
+              _, tfm = entry.name.split("/").first(2)
+              tfms << tfm
+            end
           end
+
+          tfms.to_a
         end
-        tfms.to_a
+
+        cache[key]
       end
     end
   end

diff --git a/nuget/lib/dependabot/nuget/update_checker/nupkg_fetcher.rb b/nuget/lib/dependabot/nuget/update_checker/nupkg_fetcher.rb
@@ -111,7 +111,13 @@ def self.fetch_stream(stream_url, auth_header, max_redirects = 5)
         current_redirects = 0
 
         loop do
-          response = fetch_url_with_auth(current_url, auth_header)
+          # Directly download the stream without any additional settings _except_ for `omit_default_port: true` which
+          # is necessary to not break the URL signing that some NuGet feeds use.
+          response = Excon.get(
+            current_url,
+            headers: auth_header,
+            omit_default_port: true
+          )
 
           # redirect the HTTP response as appropriate based on documentation here:
           # https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections