feat(vendor): support modifying remote files in vendor folder without checksum errors (#23979)

Includes: * https://github.com/denoland/deno_graph/pull/486 * https://github.com/denoland/deno_graph/pull/488 * https://github.com/denoland/deno_lockfile/pull/25 * https://github.com/denoland/deno_lockfile/pull/22 * https://github.com/denoland/deno_graph/pull/483 * https://github.com/denoland/deno_graph/pull/470
author: David Sherret <dsherret@users.noreply.github.com> 2024-05-28 14:58:43 -0400
committer: GitHub <noreply@github.com> 2024-05-28 14:58:43 -0400
commit: 448fe67b7a2142f62332b651f9d215534dceb1f5 (patch)
tree: 3cfc763f39bf275a537e6228767b3e43866f5d0f /tests/integration/jsr_tests.rs
parent: cd8f5f53f7616e4c74de0f1ff5eadd6ef024118a (diff)
1 files changed, 43 insertions, 27 deletions
diff --git a/tests/integration/jsr_tests.rs b/tests/integration/jsr_tests.rs
index 83d696093..7da0cc5b5 100644
--- a/tests/integration/jsr_tests.rs
+++ b/tests/integration/jsr_tests.rs
@@ -141,7 +141,12 @@ console.log(version);"#,
     .assert_matches_text("0.1.1\n");
 
   let lockfile_path = temp_dir.path().join("deno.lock");
-  let mut lockfile = Lockfile::new(lockfile_path.to_path_buf(), false).unwrap();
+  let mut lockfile = Lockfile::with_lockfile_content(
+    lockfile_path.to_path_buf(),
+    &lockfile_path.read_to_string(),
+    false,
+  )
+  .unwrap();
   *lockfile
     .content
     .packages
@@ -214,7 +219,7 @@ fn reload_info_not_found_cache_but_exists_remote() {
     .args("run --cached-only main.ts")
     .run();
   output.assert_exit_code(1);
-  output.assert_matches_text("error: Failed to resolve version constraint. Try running again without --cached-only
+  output.assert_matches_text("error: JSR package manifest for '@denotest/add' failed to load. Could not resolve version constraint using only cached data. Try running again without --cached-only
     at file:///[WILDCARD]main.ts:1:21
 ");
 
@@ -251,7 +256,12 @@ console.log(version);"#,
     .assert_matches_text("0.1.1\n");
 
   let lockfile_path = temp_dir.path().join("deno.lock");
-  let mut lockfile = Lockfile::new(lockfile_path.to_path_buf(), false).unwrap();
+  let mut lockfile = Lockfile::with_lockfile_content(
+    lockfile_path.to_path_buf(),
+    &lockfile_path.read_to_string(),
+    false,
+  )
+  .unwrap();
   let pkg_name = "@denotest/no-module-graph@0.1.1";
   let original_integrity = get_lockfile_pkg_integrity(&lockfile, pkg_name);
   set_lockfile_pkg_integrity(&mut lockfile, pkg_name, "bad_integrity");
@@ -259,18 +269,24 @@ console.log(version);"#,
 
   let actual_integrity =
     test_context.get_jsr_package_integrity("@denotest/no-module-graph/0.1.1");
-  let integrity_check_failed_msg = format!("error: Integrity check failed for http://127.0.0.1:4250/@denotest/no-module-graph/0.1.1_meta.json
+  let integrity_check_failed_msg = format!("[WILDCARD]Integrity check failed for package. The source code is invalid, as it does not match the expected hash in the lock file.
 
-Actual: {}
-Expected: bad_integrity
-    at file:///[WILDCARD]/main.ts:1:21
+  Package: @denotest/no-module-graph@0.1.1
+  Actual: {}
+  Expected: bad_integrity
+
+This could be caused by:
+  * the lock file may be corrupt
+  * the source itself may be corrupt
+
+Use the --lock-write flag to regenerate the lockfile or --reload to reload the source code from the server.
 ", actual_integrity);
   test_context
     .new_command()
     .args("run --quiet main.ts")
     .run()
     .assert_matches_text(&integrity_check_failed_msg)
-    .assert_exit_code(1);
+    .assert_exit_code(10);
 
   // now try with a vendor folder
   temp_dir
@@ -284,7 +300,7 @@ Expected: bad_integrity
     .args("run --quiet main.ts")
     .run()
     .assert_matches_text(&integrity_check_failed_msg)
-    .assert_exit_code(1);
+    .assert_exit_code(10);
 
   // now update to the correct integrity
   set_lockfile_pkg_integrity(&mut lockfile, pkg_name, &original_integrity);
@@ -318,7 +334,7 @@ Expected: bad_integrity
     .args("run --quiet main.ts")
     .run()
     .assert_matches_text(&integrity_check_failed_msg)
-    .assert_exit_code(1);
+    .assert_exit_code(10);
 }
 
 #[test]
@@ -335,39 +351,39 @@ console.log(add);"#,
   // test it properly checks the checksum on download
   test_context
     .new_command()
-    .args("run  main.ts")
+    .args("run main.ts")
     .run()
     .assert_matches_text(
       "Download http://127.0.0.1:4250/@denotest/bad-manifest-checksum/meta.json
 Download http://127.0.0.1:4250/@denotest/bad-manifest-checksum/1.0.0_meta.json
 Download http://127.0.0.1:4250/@denotest/bad-manifest-checksum/1.0.0/mod.ts
-error: Integrity check failed.
+error: Integrity check failed in package. The package may have been tampered with.
 
-Actual: 9a30ac96b5d5c1b67eca69e1e2cf0798817d9578c8d7d904a81a67b983b35cba
-Expected: bad-checksum
-    at file:///[WILDCARD]main.ts:1:21
+  Specifier: http://127.0.0.1:4250/@denotest/bad-manifest-checksum/1.0.0/mod.ts
+  Actual: 9a30ac96b5d5c1b67eca69e1e2cf0798817d9578c8d7d904a81a67b983b35cba
+  Expected: bad-checksum
+
+If you modified your global cache, run again with the --reload flag to restore its state. If you want to modify dependencies locally run again with the --vendor flag or specify `\"vendor\": true` in a deno.json then modify the contents of the vendor/ folder.
 ",
     )
-    .assert_exit_code(1);
+    .assert_exit_code(10);
 
   // test it properly checks the checksum when loading from the cache
   test_context
     .new_command()
-    .args("run  main.ts")
+    .args("run main.ts")
     .run()
     .assert_matches_text(
-      // ideally the two error messages would be the same... this one comes from
-      // deno_cache and the one above comes from deno_graph. The thing is, in deno_cache
-      // (source of this error) it makes sense to include the url in the error message
-      // because it's not always used in the context of deno_graph
-      "error: Integrity check failed for http://127.0.0.1:4250/@denotest/bad-manifest-checksum/1.0.0/mod.ts
-
-Actual: 9a30ac96b5d5c1b67eca69e1e2cf0798817d9578c8d7d904a81a67b983b35cba
-Expected: bad-checksum
-    at file:///[WILDCARD]main.ts:1:21
+      "error: Integrity check failed in package. The package may have been tampered with.
+
+  Specifier: http://127.0.0.1:4250/@denotest/bad-manifest-checksum/1.0.0/mod.ts
+  Actual: 9a30ac96b5d5c1b67eca69e1e2cf0798817d9578c8d7d904a81a67b983b35cba
+  Expected: bad-checksum
+
+If you modified your global cache, run again with the --reload flag to restore its state. If you want to modify dependencies locally run again with the --vendor flag or specify `\"vendor\": true` in a deno.json then modify the contents of the vendor/ folder.
 ",
     )
-    .assert_exit_code(1);
+    .assert_exit_code(10);
 }
 
 fn get_lockfile_pkg_integrity(lockfile: &Lockfile, pkg_name: &str) -> String {
author	David Sherret <dsherret@users.noreply.github.com>	2024-05-28 14:58:43 -0400
committer	GitHub <noreply@github.com>	2024-05-28 14:58:43 -0400
commit	448fe67b7a2142f62332b651f9d215534dceb1f5 (patch)
tree	3cfc763f39bf275a537e6228767b3e43866f5d0f /tests/integration/jsr_tests.rs
parent	cd8f5f53f7616e4c74de0f1ff5eadd6ef024118a (diff)