Reapply "Update packageurl-dotnet to 2.0.0-rc.2 (#1730)" (#1751)#1753
Reapply "Update packageurl-dotnet to 2.0.0-rc.2 (#1730)" (#1751)#1753JamieMagee wants to merge 1 commit intomainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Reapplies the package-url library upgrade across the Component Detection contracts by moving to packageurl-dotnet v2 and updating TypedComponent PURL generation and related tests/docs to match the new API (PackageUrl vs PackageURL) and formatting behavior.
Changes:
- Bump
packageurl-dotnetto a v2 prerelease and migrate usages fromPackageURLtoPackageUrl. - Adjust PURL generation in
GoComponentto split module path into namespace/name per the golang PURL type definition. - Update affected unit tests and documentation snippets to match the new package-url behavior and API.
Reviewed changes
Copilot reviewed 20 out of 21 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| Directory.Packages.props | Updates central package pin for packageurl-dotnet (v2 prerelease). |
| src/Microsoft.ComponentDetection.Contracts/TypedComponent/TypedComponent.cs | Switches base PackageUrl property type to v2 PackageUrl. |
| src/Microsoft.ComponentDetection.Contracts/TypedComponent/GoComponent.cs | Updates golang PURL generation to include namespace/name splitting and prefer hash for version. |
| src/Microsoft.ComponentDetection.Contracts/TypedComponent/SwiftComponent.cs | Migrates Swift PURL generation to PackageUrl type; comment updated. |
| src/Microsoft.ComponentDetection.Contracts/TypedComponent/PodComponent.cs | Migrates CocoaPods PURL generation to PackageUrl type. |
| src/Microsoft.ComponentDetection.Contracts/TypedComponent/CppSdkComponent.cs | Migrates CppSdk PURL generation to PackageUrl type. |
| src/Microsoft.ComponentDetection.Contracts/TypedComponent/VcpkgComponent.cs | Migrates vcpkg PURL creation to PackageUrl type. |
| src/Microsoft.ComponentDetection.Contracts/TypedComponent/RubyGemsComponent.cs | Migrates gem PURL generation to PackageUrl type. |
| src/Microsoft.ComponentDetection.Contracts/TypedComponent/PipComponent.cs | Migrates PyPI PURL generation to PackageUrl type. |
| src/Microsoft.ComponentDetection.Contracts/TypedComponent/NugetComponent.cs | Migrates NuGet PURL generation to PackageUrl type. |
| src/Microsoft.ComponentDetection.Contracts/TypedComponent/NpmComponent.cs | Migrates npm PURL generation to PackageUrl type. |
| src/Microsoft.ComponentDetection.Contracts/TypedComponent/MavenComponent.cs | Migrates Maven PURL generation to PackageUrl type. |
| src/Microsoft.ComponentDetection.Contracts/TypedComponent/LinuxComponent.cs | Migrates Linux distro PURL generation to PackageUrl type. |
| src/Microsoft.ComponentDetection.Contracts/TypedComponent/ConanComponent.cs | Migrates Conan PURL generation to PackageUrl type. |
| src/Microsoft.ComponentDetection.Contracts/TypedComponent/CargoComponent.cs | Migrates Cargo PURL generation to PackageUrl type. |
| test/Microsoft.ComponentDetection.Contracts.Tests/PurlGenerationTests.cs | Updates expected PURL strings (case/encoding behavior changes in v2). |
| test/Microsoft.ComponentDetection.Contracts.Tests/TypedComponentSerializationTests.cs | Updates Go component test data to include a namespace in the module path. |
| test/Microsoft.ComponentDetection.Contracts.Tests/CppSdkComponentTests.cs | Updates expectations for generic PURL name casing behavior. |
| test/Microsoft.ComponentDetection.Detectors.Tests/SwiftComponentTests.cs | Migrates Swift PackageUrl expectations to the v2 PackageUrl type. |
| docs/creating-a-new-detector.md | Updates example code to use PackageUrl v2 type. |
| docs/schema/manifest.schema.json | Formatting-only change. |
| <PackageVersion Include="NuGet.ProjectModel" Version="7.3.0" /> | ||
| <PackageVersion Include="NuGet.Versioning" Version="7.3.0" /> | ||
| <PackageVersion Include="packageurl-dotnet" Version="1.0.0" /> | ||
| <PackageVersion Include="packageurl-dotnet" Version="2.0.0-rc.3" /> | ||
| <PackageVersion Include="Polly" Version="8.6.6" /> |
There was a problem hiding this comment.
The PR metadata/title indicates reapplying an update to packageurl-dotnet 2.0.0-rc.2, but this change pins the dependency to 2.0.0-rc.3. Please confirm the intended target version and align the package pin and/or PR title/description accordingly to avoid confusion and accidental version drift.
| private (string Namespace, string Name) GetNamespaceAndName() | ||
| { | ||
| var lastSlash = this.Name.LastIndexOf('/'); | ||
| if (lastSlash > 0) | ||
| { | ||
| return (this.Name.Substring(0, lastSlash), this.Name.Substring(lastSlash + 1)); | ||
| } | ||
|
|
||
| return (null, this.Name); | ||
| } |
There was a problem hiding this comment.
GetNamespaceAndName() returns (null, this.Name) when the module name does not contain a '/', but the comment above states the golang purl spec requires a namespace. This can lead to generating a non-spec-compliant PURL (or a runtime exception if PackageUrl enforces a non-null namespace for the golang type). Consider enforcing a valid module path format (e.g., require at least one '/') and throwing a clear exception, or otherwise ensuring a non-null namespace consistent with the spec.
| public override ComponentType Type => ComponentType.YourType; | ||
| public override PackageURL PackageUrl => new PackageURL("your-type", null, this.Name, this.Version, null, null); | ||
| public override PackageUrl PackageUrl => new PackageUrl("your-type", null, this.Name, this.Version, null, null); | ||
| protected override string ComputeId() => $"{this.Name} {this.Version} - {this.Type}"; |
There was a problem hiding this comment.
The detector creation example overrides ComputeId(), but TypedComponent does not expose an overridable ComputeId method (it has ComputeBaseId() as the abstract method). As written, the sample code would not compile and may mislead contributors; update the example to override the correct method name/signature used by TypedComponent.
| protected override string ComputeId() => $"{this.Name} {this.Version} - {this.Type}"; | |
| protected override string ComputeBaseId() => $"{this.Name} {this.Version} - {this.Type}"; |
This reverts commit a01a1ce.