Skip to content

Comments

Update NuGet.config in HttpStress#55519

Merged
hoyosjs merged 2 commits intomainfrom
juhoyosa/fix-nuget
Jul 12, 2021
Merged

Update NuGet.config in HttpStress#55519
hoyosjs merged 2 commits intomainfrom
juhoyosa/fix-nuget

Conversation

@hoyosjs
Copy link
Member

@hoyosjs hoyosjs commented Jul 12, 2021

We can't use nuget.org in this manner to comply with security guidance.

@hoyosjs
Update NuGet.config
ac19bb2 
We can't use nuget.org in this manner to comply with security guidance
@hoyosjs hoyosjs requested review from a team and ManickaP July 12, 2021 17:23
@ghost ghost added the area-System.Net.Http label Jul 12, 2021
@ghost
Copy link

ghost commented Jul 12, 2021

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

Issue Details

We can't use nuget.org in this manner to comply with security guidance.

Author: hoyosjs
Assignees: -
Labels:

area-System.Net.Http
Milestone: -

kunalspathak
kunalspathak approved these changes Jul 12, 2021
View reviewed changes
Copy link
Contributor

@kunalspathak kunalspathak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks!

BruceForstall
BruceForstall approved these changes Jul 12, 2021
View reviewed changes
Copy link
Contributor

@BruceForstall BruceForstall left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@hoyosjs
Copy link
Member Author

hoyosjs commented Jul 12, 2021

Once the HttpStress tests build I'll merge this to unblock the JIT rolling builds.

ManickaP
ManickaP requested changes Jul 12, 2021
View reviewed changes
Copy link
Member

@ManickaP ManickaP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this will break our stress pipeline. Could we run it before we merge?

src/libraries/System.Net.Http/tests/StressTests/HttpStress/NuGet.config Outdated
<packageSources>
<!-- Add public nuget feed. -->
<add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
<clear />
Copy link
Member

@ManickaP ManickaP Jul 12, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do you clear this? We need what's in repository wide nuget.config

Copy link
Member Author

@hoyosjs hoyosjs Jul 12, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this is true, then you should not have this file at all. We don't allow nuget.org. Let me delete this and we'll see the fallout. FYI, this already broke other partners within the runtime repo.

Copy link
Member

@ManickaP ManickaP Jul 12, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's try. BTW, /azp run runtime-libraries stress-http is the magic to run the pipeline.

Copy link
Member

@ManickaP ManickaP Jul 12, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One more thing, can we import packages from nuget.org to dotnet-public if they are missing? What's the process for that?

src/libraries/System.Net.Http/tests/StressTests/HttpStress/NuGet.config Outdated
<!-- Add public nuget feed. -->
<add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
<clear />
<add key="dotnet-public" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public/nuget/v3/index.json" />
Copy link
Member

@ManickaP ManickaP Jul 12, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will all the packages we use be there? Could you run the stress pipeline on this PR? It's not part of inner loop.

@ManickaP
Copy link
Member

ManickaP commented Jul 12, 2021

/azp run runtime-libraries stress-http

@azure-pipelines
Copy link

azure-pipelines bot commented Jul 12, 2021

Azure Pipelines successfully started running 1 pipeline(s).

@ManickaP
Copy link
Member

ManickaP commented Jul 12, 2021

/azp run runtime-libraries stress-http

@azure-pipelines
Copy link

azure-pipelines bot commented Jul 12, 2021

Azure Pipelines successfully started running 1 pipeline(s).

ManickaP
ManickaP approved these changes Jul 12, 2021
View reviewed changes
Copy link
Member

@ManickaP ManickaP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The http stress pipeline run for the last change.
I don't want to wait for it, so approving, thanks.

@ManickaP
Copy link
Member

ManickaP commented Jul 12, 2021

The pipeline looks good :shipit:

@hoyosjs hoyosjs merged commit efd0bb5 into main Jul 12, 2021
@hoyosjs hoyosjs deleted the juhoyosa/fix-nuget branch July 12, 2021 19:24
@karelz karelz added this to the 6.0.0 milestone Jul 15, 2021
@ManickaP ManickaP mentioned this pull request Jul 20, 2021
Merged
@ghost ghost locked as resolved and limited conversation to collaborators Aug 14, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@ManickaP ManickaP ManickaP approved these changes

@safern safern safern approved these changes

+2 more reviewers

@BruceForstall BruceForstall BruceForstall approved these changes

@kunalspathak kunalspathak kunalspathak approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

area-System.Net.Http

Projects

None yet

Milestone

6.0.0

Development

Successfully merging this pull request may close these issues.

6 participants

@hoyosjs @ManickaP @BruceForstall @kunalspathak @safern @karelz