Unable to install modules without `NormalizedVersion` property from Artifactory (post-rebase `InstallName()` references?)

[sean-r-williams]

Prerequisites

• [X] Write a descriptive title.
• [X] Make sure you are able to repro it on the latest released version
• [X] Search the existing issues.

Steps to reproduce

1. Create an Artifactory NuGet repo and publish a PowerShell module to it
2. [Optional] Create a remote repository in Artifactory that proxies PSGallery, then create a virtual repository that aggregates the remote+local repos
3. Install said local package with Install-PSResource using either the local or virtual repo
4. [Optional] Install module JiraPS from the virtual repo

Expected behavior

PS> Install-PSResource Deployment-toolkit -Repository Artifactory
PS> # (no error)
PS> Install-PSResource JiraPS -Repository Artifactory
PS> # (no error)

Actual behavior

PS> Install-PSResource Deployment-toolkit -Repository Artifactory
Install-PSResource: 'Response status code does not indicate success: 405.' Request sent: 'https://artifactory.f.q.d.n/artifactory/api/nuget/v2/psgallery-nuget-virtual/package/Deployment-toolkit'
Install-PSResource: Package(s) 'Deployment-toolkit' could not be installed from repository 'Artifactory'.
PS> Install-PSResource JiraPS -Repository Artifactory
PS> # (no error)

Error details

Exception             :
    Type    : Microsoft.PowerShell.PSResourceGet.UtilClasses.ResourceNotFoundException
    Message : Package(s) 'Deployment-toolkit' could not be installed from repository 'Artifactory'.
    HResult : -2146233088
TargetObject          : Microsoft.PowerShell.PSResourceGet.Cmdlets.InstallPSResource
CategoryInfo          : InvalidData: (Microsoft.PowerShel…s.InstallPSResource:InstallPSResource) [Install-PSResource], ResourceNotFoundException
FullyQualifiedErrorId : InstallPackageFailure,Microsoft.PowerShell.PSResourceGet.Cmdlets.InstallPSResource
InvocationInfo        :
    MyCommand        : Install-PSResource
    ScriptLineNumber : 1
    OffsetInLine     : 1
    HistoryId        : 14
    Line             : Install-PSResource Deployment-toolkit -Repository Artifactory -Reinstall
    Statement        : Install-PSResource Deployment-toolkit -Repository Artifactory -Reinstall
    PositionMessage  : At line:1 char:1
                       + Install-PSResource Deployment-toolkit -Repository Artifactory -Re …
                       + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    InvocationName   : Install-PSResource
    CommandOrigin    : Internal
ScriptStackTrace      : at <ScriptBlock>, <No file>: line 1
PipelineIterationInfo :

Environment data

ModuleType Version    PreRelease Name                                ExportedCommands
---------- -------    ---------- ----                                ----------------
Binary     1.0.2.0               Microsoft.PowerShell.PSResourceGet  {Find-PSResource, Get-InstalledPSResource, Get-PSResourceRepository, Get-PSScriptFileInfo…}

Name                           Value
----                           -----
PSVersion                      7.4.1
PSEdition                      Core
GitCommitId                    7.4.1
OS                             Microsoft Windows 10.0.19045
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Visuals

The really confusing part is:

• I can't repro this on any v1.0.2-related commit in master.
• The current tip of master works normally under this scenario.
• Running Install-PSResource with -Debug shows we're passing through InstallName(), which should have been removed in #1506:

It's a little hard to follow the commit graph, but the v1.0.2 tag appears to have been created off-branch through a rebase without this PR's merge commit. It's not clear what other PRs to master were missed as part of this operation.

[sean-r-williams]

For comparison, here are the FindPackagesById() calls for:

• Our private module:

  <?xml version='1.0' encoding='UTF-8'?>
  <feed xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns="http://www.w3.org/2005/Atom" xml:base="https://artifactory.f.q.d.n/artifactory/api/nuget/psgallery-nuget-virtual/">
  <title type="text"></title>
  <id>http://schemas.datacontract.org/2004/07/</id>
  <updated>2024-03-05T22:50:03Z</updated>
  <link rel="self" title="FindPackagesById" href="FindPackagesById"/>
  <m:count>1</m:count>
  <entry>
    <id>https://artifactory.f.q.d.n/artifactory/api/nuget/psgallery-nuget-virtual/Packages(Id='Deployment-toolkit',Version='1.0.2')</id>
    <title type="text">Deployment-toolkit</title>
    <updated>2024-01-24T14:04:05Z</updated>
    <author>
      <name>XXXXX</name>
    </author>
    <link rel="edit" title="V2FeedPackage" href="Packages(Id='Deployment-toolkit',Version='1.0.2')"/>
    <link rel="self" title="V2FeedPackage" href="Packages(Id='Deployment-toolkit',Version='1.0.2')"/>
    <category term="NuGetGallery.OData.V2FeedPackage" scheme="http://schemas.microsoft.com/ado/2007/08/dataservices/scheme"/>
    <content type="application/zip" src="https://artifactory.f.q.d.n/artifactory/api/nuget/psgallery-nuget-virtual/Download/Deployment-toolkit/1.0.2"/>
    <m:properties xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices">
      <d:lastUpdated>2024-01-24T14:04:05</d:lastUpdated>
      <d:Version>1.0.2</d:Version>
      <d:Copyright>(c) 2018 XXXXX. All rights reserved.</d:Copyright>
      <d:Created m:type="Edm.DateTime">2024-01-24T14:02:08</d:Created>
      <d:Dependencies></d:Dependencies>
      <d:Description>Deployment Toolkit</d:Description>
      <d:DownloadCount m:type="Edm.Int32">0</d:DownloadCount>
      <d:IsLatestVersion m:type="Edm.Boolean">true</d:IsLatestVersion>
      <d:IsAbsoluteLatestVersion m:type="Edm.Boolean">true</d:IsAbsoluteLatestVersion>
      <d:IsPrerelease m:type="Edm.Boolean">false</d:IsPrerelease>
      <d:Language m:null="true"/>
      <d:Published m:type="Edm.DateTime">2024-01-24T14:02:08</d:Published>
      <d:LicenseUrl>XXXXX</d:LicenseUrl>
      <d:PackageHash>ulQAazF6ctYdn2ZukonTvjLo3q7KY4g4H+lhTtfzAmkIiSDoJhpGEoJAxVu56Bkd1dFO0Kq170hLa8Dy2vP31Q==</d:PackageHash>
      <d:PackageHashAlgorithm>SHA512</d:PackageHashAlgorithm>
      <d:PackageSize m:type="Edm.Int64">13206</d:PackageSize>
      <d:RequireLicenseAcceptance m:type="Edm.Boolean">false</d:RequireLicenseAcceptance>
      <d:Tags>PSModule XXXXX</d:Tags>
      <d:Title m:null="true"/>
      <d:VersionDownloadCount m:type="Edm.Int32">0</d:VersionDownloadCount>
      <d:Authors>XXXXX</d:Authors>
      <d:MinClientVersion m:null="true"/>
    </m:properties>
  </entry>
  </feed>

• JiraPS:

  <?xml version='1.0' encoding='UTF-8'?>
  <feed xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns="http://www.w3.org/2005/Atom" xml:base="https://artifactory.f.q.d.n/artifactory/api/nuget/psgallery-nuget-virtual/">
  <title type="text"></title>
  <id>http://schemas.datacontract.org/2004/07/</id>
  <updated>2024-03-05T23:44:40Z</updated>
  <link rel="self" title="FindPackagesById" href="FindPackagesById"/>
  <m:count>1</m:count>
  <entry>
    <id>https://artifactory.f.q.d.n/artifactory/api/nuget/psgallery-nuget-virtual/Packages(Id='JiraPS',Version='2.14.7')</id>
    <title type="text">JiraPS</title>
    <summary type="text"></summary>
    <updated>2024-03-05T15:44:40Z</updated>
    <author>
      <name>AtlassianPS</name>
    </author>
    <link rel="edit" title="V2FeedPackage" href="Packages(Id='JiraPS',Version='2.14.7')"/>
    <link rel="self" title="V2FeedPackage" href="Packages(Id='JiraPS',Version='2.14.7')"/>
    <category term="NuGetGallery.OData.V2FeedPackage" scheme="http://schemas.microsoft.com/ado/2007/08/dataservices/scheme"/>
    <content type="application/zip" src="https://artifactory.f.q.d.n/artifactory/api/nuget/psgallery-nuget-virtual/Download/JiraPS/2.14.7"/>
    <m:properties xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices">
      <d:Version>2.14.7</d:Version>
      <d:NormalizedVersion>2.14.7</d:NormalizedVersion>
      <d:LastEdited>
        <iMillis>0</iMillis>
      </d:LastEdited>
      <d:LicenseReportUrl></d:LicenseReportUrl>
      <d:LicenseNames></d:LicenseNames>
      <d:Copyright>(c) 2017 AtlassianPS. All rights reserved.</d:Copyright>
      <d:Created m:type="Edm.DateTime">2023-08-25T07:32:57</d:Created>
      <d:Dependencies></d:Dependencies>
      <d:Description>Windows PowerShell module to interact with Atlassian JIRA</d:Description>
      <d:DownloadCount m:type="Edm.Int32">1595266</d:DownloadCount>
      <d:GalleryDetailsUrl>https://www.powershellgallery.com/packages/JiraPS/2.14.7</d:GalleryDetailsUrl>
      <d:IconUrl>https://AtlassianPS.org/assets/img/JiraPS.png</d:IconUrl>
      <d:IsLatestVersion m:type="Edm.Boolean">true</d:IsLatestVersion>
      <d:IsAbsoluteLatestVersion m:type="Edm.Boolean">true</d:IsAbsoluteLatestVersion>
      <d:IsPrerelease m:type="Edm.Boolean">false</d:IsPrerelease>
      <d:Language></d:Language>
      <d:Published m:type="Edm.DateTime">2023-08-25T07:32:57</d:Published>
      <d:LicenseUrl>https://github.com/AtlassianPS/JiraPS/blob/master/LICENSE</d:LicenseUrl>
      <d:PackageHash>59IjJWwnOG1tpBsyVHY9vKULULBHCydgNIbJTy2DO3MPjllzAYOI83CMddYzXPNBJ/kx3deZPEAnPXTeYdw+mw==</d:PackageHash>
      <d:PackageHashAlgorithm>SHA512</d:PackageHashAlgorithm>
      <d:PackageSize m:type="Edm.Int64">97537</d:PackageSize>
      <d:ProjectUrl>https://AtlassianPS.org/module/JiraPS</d:ProjectUrl>
      <d:ReportAbuseUrl>https://www.powershellgallery.com/packages/JiraPS/2.14.7/ReportAbuse</d:ReportAbuseUrl>
      <d:ReleaseNotes></d:ReleaseNotes>
      <d:RequireLicenseAcceptance m:type="Edm.Boolean">false</d:RequireLicenseAcceptance>
      <d:Tags>powershell powershell-gallery readthedocs rest api atlassianps jira atlassian PSModule PSFunction_Add-JiraFilterPermission PSCommand_Add-JiraFilterPermission PSFunction_Add-JiraGroupMember PSCommand_Add-JiraGroupMember PSFunction_Add-JiraIssueAttachment PSCommand_Add-JiraIssueAttachment PSFunction_Add-JiraIssueComment PSCommand_Add-JiraIssueComment PSFunction_Add-JiraIssueLink PSCommand_Add-JiraIssueLink PSFunction_Add-JiraIssueWatcher PSCommand_Add-JiraIssueWatcher PSFunction_Add-JiraIssueWorklog PSCommand_Add-JiraIssueWorklog PSFunction_Find-JiraFilter PSCommand_Find-JiraFilter PSFunction_Format-Jira PSCommand_Format-Jira PSFunction_Get-JiraComponent PSCommand_Get-JiraComponent PSFunction_Get-JiraConfigServer PSCommand_Get-JiraConfigServer PSFunction_Get-JiraField PSCommand_Get-JiraField PSFunction_Get-JiraFilter PSCommand_Get-JiraFilter PSFunction_Get-JiraFilterPermission PSCommand_Get-JiraFilterPermission PSFunction_Get-JiraGroup PSCommand_Get-JiraGroup PSFunction_Get-JiraGroupMember PSCommand_Get-JiraGroupMember PSFunction_Get-JiraIssue PSCommand_Get-JiraIssue PSFunction_Get-JiraIssueAttachment PSCommand_Get-JiraIssueAttachment PSFunction_Get-JiraIssueAttachmentFile PSCommand_Get-JiraIssueAttachmentFile PSFunction_Get-JiraIssueComment PSCommand_Get-JiraIssueComment PSFunction_Get-JiraIssueCreateMetadata PSCommand_Get-JiraIssueCreateMetadata PSFunction_Get-JiraIssueEditMetadata PSCommand_Get-JiraIssueEditMetadata PSFunction_Get-JiraIssueLink PSCommand_Get-JiraIssueLink PSFunction_Get-JiraIssueLinkType PSCommand_Get-JiraIssueLinkType PSFunction_Get-JiraIssueType PSCommand_Get-JiraIssueType PSFunction_Get-JiraIssueWatcher PSCommand_Get-JiraIssueWatcher PSFunction_Get-JiraIssueWorklog PSCommand_Get-JiraIssueWorklog PSFunction_Get-JiraPriority PSCommand_Get-JiraPriority PSFunction_Get-JiraProject PSCommand_Get-JiraProject PSFunction_Get-JiraRemoteLink PSCommand_Get-JiraRemoteLink PSFunction_Get-JiraServerInformation PSCommand_Get-JiraServerInformation PSFunction_Get-JiraSession PSCommand_Get-JiraSession PSFunction_Get-JiraUser PSCommand_Get-JiraUser PSFunction_Get-JiraVersion PSCommand_Get-JiraVersion PSFunction_Invoke-JiraIssueTransition PSCommand_Invoke-JiraIssueTransition PSFunction_Invoke-JiraMethod PSCommand_Invoke-JiraMethod PSFunction_Move-JiraVersion PSCommand_Move-JiraVersion PSFunction_New-JiraFilter PSCommand_New-JiraFilter PSFunction_New-JiraGroup PSCommand_New-JiraGroup PSFunction_New-JiraIssue PSCommand_New-JiraIssue PSFunction_New-JiraSession PSCommand_New-JiraSession PSFunction_New-JiraUser PSCommand_New-JiraUser PSFunction_New-JiraVersion PSCommand_New-JiraVersion PSFunction_Remove-JiraFilter PSCommand_Remove-JiraFilter PSFunction_Remove-JiraFilterPermission PSCommand_Remove-JiraFilterPermission PSFunction_Remove-JiraGroup PSCommand_Remove-JiraGroup PSFunction_Remove-JiraGroupMember PSCommand_Remove-JiraGroupMember PSFunction_Remove-JiraIssue PSCommand_Remove-JiraIssue PSFunction_Remove-JiraIssueAttachment PSCommand_Remove-JiraIssueAttachment PSFunction_Remove-JiraIssueLink PSCommand_Remove-JiraIssueLink PSFunction_Remove-JiraIssueWatcher PSCommand_Remove-JiraIssueWatcher PSFunction_Remove-JiraRemoteLink PSCommand_Remove-JiraRemoteLink PSFunction_Remove-JiraSession PSCommand_Remove-JiraSession PSFunction_Remove-JiraUser PSCommand_Remove-JiraUser PSFunction_Remove-JiraVersion PSCommand_Remove-JiraVersion PSFunction_Set-JiraConfigServer PSCommand_Set-JiraConfigServer PSFunction_Set-JiraFilter PSCommand_Set-JiraFilter PSFunction_Set-JiraIssue PSCommand_Set-JiraIssue PSFunction_Set-JiraIssueLabel PSCommand_Set-JiraIssueLabel PSFunction_Set-JiraUser PSCommand_Set-JiraUser PSFunction_Set-JiraVersion PSCommand_Set-JiraVersion PSIncludes_Function</d:Tags>
      <d:Title>JiraPS</d:Title>
      <d:VersionDownloadCount m:type="Edm.Int32">165200</d:VersionDownloadCount>
      <d:Authors>AtlassianPS</d:Authors>
      <d:MinClientVersion></d:MinClientVersion>
      <d:Summary></d:Summary>
    </m:properties>
  </entry>
  </feed>

The NormalizedVersion field is not set by Artifactory, so it makes sense why it's missing in the former case.

The codebase under the v1.0.2 tag is pretty hard to follow given the rebase, but it seems like we're hitting the following logic-path:

• InstallHelper.BeginPackageInstall() sets pkgVersion to the NormalizedVersion field from NuGet (which we know won't work).

  • 1499 added some additional coalescing to handle this, but that PR is also missing from the v1.0.2 tag.

• V2ServerAPICalls.InstallPackage() is called without a version.
• InstallPackage() calls InstallName().

At a minimum, it seems like #1499, #1506, and possibly other PRs were rebased out of v1.0.2. @alerickson, can you provide more context on the rationale for rebasing these changes out of the release?

[sean-r-williams]

@alerickson @SydneyhSmith How can we ensure v1.0.3 includes these missing PRs/commits?

The release process seems to have changed significantly between v1.0.1 and v1.0.2 - I don't see any rebasing occurring beforehand. My team is once-again blocked because we can't download the packages we've published to Artifactory.

I had previously contributed with the expectation that the head of master would become v1.0.2 - rebasing out the aforementioned PRs changed the behavior of PSResourceGet in this area, and we're left without a functional package-management workflow as a result. I'm trying to keep my team engaged/on the golden-path here, but this pretty significantly eroded their interest (and trust).

[alerickson]

@sean-r-williams, we don't rebase for our releases, v1.0.2 is a servicing release, so we cherry-picked the PRs to be included in the release. For that release in particular we cherry-picked PRs that were not related to ACR work, which is why you don't see the PR you referenced. Since PSResourceGet ships in PowerShell now, we follow the PowerShell model of only cherry-picking bug or security fixes for servicing releases. If you want to see the commits that were included in the release you can view it here: https://github.com/PowerShell/PSResourceGet/compare/v1.0.1...v1.0.2. I think we either didn't cherry-pick far enough back or PR #1506 accidentally got skipped, in any case the PR was definitely missed.

We're not on a specific release cadence so it's easy to do another patch release to include something that's missing. That said we'll be having a minor release in the next week or two that will include everything that's in master.

[sean-r-williams]

@alerickson apologies for the confusion - I wasn't being clear in git terminology.

With PSResourceGet v1.0.1, there was a release branch created in GitHub so it was at least somewhat clear (from the commit history) what commits were "in" that release. There was cherry-picking in that release (again, apologies for the mix-up on my part), but all of the commits to master around that time period were included in the cherry-pick operation so there weren't any surprises.

For 1.0.2, no branch was published - a release wasn't posted to GitHub until well after it hit the Gallery (#1553). The cherry-pick distance was also much larger, and PRs like the ones mentioned earlier got missed.

There's nothing wrong with a cherry-pick release model, but having fixes fall through the cracks like this is really painful - especially when there's only been two patch releases since v1.0.0 shipped last year.

it's easy to do another patch release to include something that's missing.

Artifactory with NuGet v2 feeds is still wholly unusable, which blocks us from being able to use PSResourceGet. (Artifactory does not translate between NuGet v2 and v3 and we're aggregating PSGallery alongside our packages, so we can't move to NuGet v3 internally until Gallery supports v3.) What would it take to ship a v1.0.3 patch in the meantime that includes the removal of InstallName() from #1506 and specifically version null-coalescing from #1499?

The work is already "done" in this case and, based on what you've described, should have shipped in v1.0.2. Those two PRs are, AFAICT, the minimum needed to unblock us while your team continues work on ACR for v1.1.

That said we'll be having a minor release in the next week or two that will include everything that's in master.

Can your team commit to a v1.0.3 patch release within that timeframe in the event v1.1 is delayed? My concern in waiting for v1.1 is that there's larger intersectional feature work in that release and time-frames are naturally more likely to shift depending on that work.

[alerickson]

Working on the release of 1.0.3 now. Just FYI both of the PRs you referred to touch ACR code which is why they weren't included in the cherry-picks and shipped in 1.0.2.

[alerickson]

@sean-r-williams have the release out now: https://www.powershellgallery.com/packages/Microsoft.PowerShell.PSResourceGet/1.0.3 thanks for bringing this to our attention. Again, next release will include everything in master, but if there's further issues with this release (potentially other PRs that should have been included, reach out to us). Thanks for your patience with this-- it's a new system we have in place. And appreciate the thorough information to help with debugging.

[sean-r-williams]

@alerickson Thanks a bunch for getting this out the door. I've just confirmed that this issue is indeed resolved with v1.0.3.

I appreciate you and your team's willingness to make this right. I'll be sure to let you know if I spot any other problems with 1.0.3.

Cheers!