fix(go_modules): normalize Azure DevOps module paths to include /_git/#14302
fix(go_modules): normalize Azure DevOps module paths to include /_git/#14302thavaahariharangit merged 15 commits intomainfrom
/_git/#14302Conversation
There was a problem hiding this comment.
Pull request overview
This PR improves Dependabot’s Go Modules ecosystem support for Azure DevOps-hosted modules by normalizing module/repo paths so go list (and the Go import resolver helper) target the correct Azure DevOps repository URL format.
Changes:
- Normalize
dev.azure.com/...module paths to include/_git/before runninggo listin Ruby. - Normalize Azure DevOps remotes in the Go
importresolverhelper to include/_git/. - Add regression tests covering Azure DevOps normalization behavior.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| go_modules/spec/dependabot/go_modules/package/package_details_fetcher_spec.rb | Adds a spec asserting go list is called with an Azure-normalized module path. |
| go_modules/lib/dependabot/go_modules/update_checker/latest_version_finder.rb | Normalizes Azure module paths before go list during cooldown date checks. |
| go_modules/lib/dependabot/go_modules/package/package_details_fetcher.rb | Normalizes Azure module paths before go list -m -versions. |
| go_modules/helpers/importresolver/main.go | Normalizes Azure DevOps remotes to include /_git/ before VCS resolution. |
| go_modules/helpers/importresolver/main_test.go | Adds unit tests for Azure DevOps remote normalization. |
…etcher.rb Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
| }, | ||
| { | ||
| name: "removes .git suffix when _git already exists", | ||
| input: "https://dev.azure.com/VaronisIO/da-cloud/_git/be-protobuf.git", |
There was a problem hiding this comment.
When the path contains /_git/ then it's already assumed to be correct, so it should only be trimmed if and only if /_git/ isn't present. I manually checked this with an internal repo. When the form /org/project/_git/repo.git is used it resolves to a 404.
There was a problem hiding this comment.
Updated as per the comment
|
Correction to previous comment (formatting issue): Addressed the Behavior now:
Also refactored the Ruby normalizer for readability with:
Validation run in container:
|
| }, | ||
| { | ||
| name: "removes .git suffix when _git already exists", | ||
| input: "https://dev.azure.com/VaronisIO/da-cloud/_git/be-protobuf.git", |
There was a problem hiding this comment.
@copilot This test case is incorrect. When the URL contains the sequence /_git/ then it is assumed to be correct and the .git suffix on the repo name is assumed to be correct and should be retained.
What are you trying to accomplish?
Ensure Dependabot can resolve private Go modules hosted on Azure DevOps when the module path omits
/_git/(for exampledev.azure.com/org/project/repo.git), by normalizing those paths before running go list so fetches target the correct repo URL and avoid false 404/auth failures.Anything you want to highlight for special attention from reviewers?
Please note that this change adds Azure DevOps-specific normalization for Go module paths by inserting
/_git/when it is missing. This aligns with documented Azure Repos URL requirements and prevents resolution failures caused by non-canonical paths. The behavior is limited to dev.azure.com dependencies, leaves already-correct Azure paths unchanged, and does not affect non-Azure dependencies.Another supportive evidence: https://www.sheldonhull.com/using-azure-devops-for-private-go-modules/
How will you know you've accomplished your goal?
go list/resolution for Azure DevOps modules without404on the incorrect non-/_git/URL.https://dev.azure.com/<org>/<project>/_git/<repo>when needed.Checklist