Bump deps (#88)

.envrc

@@ -0,0 +1 @@
+use flake

.github/workflows/assert-contents.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+echo "Unzipping version from NuGet"
+ls from-nuget.nupkg
+mkdir from-nuget && cp from-nuget.nupkg from-nuget/zip.zip && cd from-nuget && unzip zip.zip && rm zip.zip && cd - || exit 1
+
+echo "Unzipping version from local build"
+ls packed/
+mkdir from-local && cp packed/*.nupkg from-local/zip.zip && cd from-local && unzip zip.zip && rm zip.zip && cd - || exit 1
+
+cd from-local && find . -type f -exec sha256sum {} \; | sort > ../from-local.txt && cd .. || exit 1
+cd from-nuget && find . -type f -and -not -name '.signature.p7s' -exec sha256sum {} \; | sort > ../from-nuget.txt && cd .. || exit 1
+
+diff from-local.txt from-nuget.txt

.github/workflows/dotnet.yaml

@@ -240,11 +240,53 @@ jobs:
     steps:
       - run: echo "All required checks complete."
 
-  nuget-publish:
+  attestation-lib:
+    runs-on: ubuntu-latest
+    needs: [all-required-checks-complete]
+    if: ${{ !github.event.repository.fork && github.ref == 'refs/heads/main' }}
+    permissions:
+      id-token: write
+      attestations: write
+      contents: read
+    steps:
+      - name: Download NuGet artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: nuget-package-lib
+          path: packed
+      - name: Attest Build Provenance
+        uses: actions/attest-build-provenance@897ed5eab6ed058a474202017ada7f40bfa52940 # v1.0.0
+        with:
+          subject-path: "packed/*.nupkg"
+
+  attestation-tool:
+    runs-on: ubuntu-latest
+    needs: [all-required-checks-complete]
+    if: ${{ !github.event.repository.fork && github.ref == 'refs/heads/main' }}
+    permissions:
+      id-token: write
+      attestations: write
+      contents: read
+    steps:
+      - name: Download NuGet artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: nuget-package-tool
+          path: packed
+      - name: Attest Build Provenance
+        uses: actions/attest-build-provenance@897ed5eab6ed058a474202017ada7f40bfa52940 # v1.0.0
+        with:
+          subject-path: "packed/*.nupkg"
+
+  nuget-publish-lib:
     runs-on: ubuntu-latest
     if: ${{ !github.event.repository.fork && github.ref == 'refs/heads/main' }}
     needs: [all-required-checks-complete]
     environment: main-deploy
+    permissions:
+      id-token: write
+      attestations: write
+      contents: read
     steps:
       - uses: actions/checkout@v4
       - name: Install Nix
@@ -252,20 +294,73 @@ jobs:
         with:
           extra_nix_config: |
             access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
-      - name: Download NuGet artifact (lib)
+      - name: Download NuGet artifact
         uses: actions/download-artifact@v4
         with:
           name: nuget-package-lib
-          path: packed-lib
-      - name: Publish to NuGet (lib)
-        run: nix develop --command dotnet nuget push "packed-lib/WoofWare.NUnitTestRunner.Lib.*.nupkg" --api-key ${{ secrets.NUGET_API_KEY }} --source https://api.nuget.org/v3/index.json --skip-duplicate
-      - name: Download NuGet artifact (tool)
+          path: packed
+      - name: Publish to NuGet
+        id: publish-success
+        env:
+          NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}
+        run: 'nix develop --command bash ./.github/workflows/nuget-push.sh "packed/WoofWare.NUnitTestRunner.Lib.*.nupkg"'
+      - name: Wait for availability
+        if: steps.publish-success.outputs.result == 'published'
+        env:
+          PACKAGE_VERSION: ${{ steps.publish-success.outputs.version }}
+        run: 'echo "$PACKAGE_VERSION" && while ! curl -L --fail -o from-nuget.nupkg "https://www.nuget.org/api/v2/package/WoofWare.NUnitTestRunner.Lib/$PACKAGE_VERSION" ; do sleep 10; done'
+      # Astonishingly, NuGet.org considers it to be "more secure" to tamper with my package after upload (https://devblogs.microsoft.com/nuget/introducing-repository-signatures/).
+      # So we have to *re-attest* it after it's uploaded. Mind-blowing.
+      - name: Assert package contents
+        if: steps.publish-success.outputs.result == 'published'
+        run: 'bash ./.github/workflows/assert-contents.sh'
+      - name: Attest Build Provenance
+        if: steps.publish-success.outputs.result == 'published'
+        uses: actions/attest-build-provenance@897ed5eab6ed058a474202017ada7f40bfa52940 # v1.0.0
+        with:
+          subject-path: "from-nuget.nupkg"
+
+  nuget-publish-tool:
+    runs-on: ubuntu-latest
+    if: ${{ !github.event.repository.fork && github.ref == 'refs/heads/main' }}
+    needs: [all-required-checks-complete]
+    environment: main-deploy
+    permissions:
+      id-token: write
+      attestations: write
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install Nix
+        uses: cachix/install-nix-action@V27
+        with:
+          extra_nix_config: |
+            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+      - name: Download NuGet artifact
         uses: actions/download-artifact@v4
         with:
           name: nuget-package-tool
-          path: packed-tool
-      - name: Publish to NuGet (tool)
-        run: nix develop --command dotnet nuget push "packed-tool/WoofWare.NUnitTestRunner.*.nupkg" --api-key ${{ secrets.NUGET_API_KEY }} --source https://api.nuget.org/v3/index.json --skip-duplicate
+          path: packed
+      - name: Publish to NuGet
+        id: publish-success
+        env:
+          NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}
+        run: 'nix develop --command bash ./.github/workflows/nuget-push.sh "packed/WoofWare.NUnitTestRunner.*.nupkg"'
+      - name: Wait for availability
+        if: steps.publish-success.outputs.result == 'published'
+        env:
+          PACKAGE_VERSION: ${{ steps.publish-success.outputs.version }}
+        run: 'echo "$PACKAGE_VERSION" && while ! curl -L --fail -o from-nuget.nupkg "https://www.nuget.org/api/v2/package/WoofWare.NUnitTestRunner/$PACKAGE_VERSION" ; do sleep 10; done'
+      # Astonishingly, NuGet.org considers it to be "more secure" to tamper with my package after upload (https://devblogs.microsoft.com/nuget/introducing-repository-signatures/).
+      # So we have to *re-attest* it after it's uploaded. Mind-blowing.
+      - name: Assert package contents
+        if: steps.publish-success.outputs.result == 'published'
+        run: 'bash ./.github/workflows/assert-contents.sh'
+      - name: Attest Build Provenance
+        if: steps.publish-success.outputs.result == 'published'
+        uses: actions/attest-build-provenance@897ed5eab6ed058a474202017ada7f40bfa52940 # v1.0.0
+        with:
+          subject-path: "from-nuget.nupkg"
 
   github-release-tool:
     runs-on: ubuntu-latest

.github/workflows/nuget-push.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+SOURCE_NUPKG=$(find . -type f -name '*.nupkg')
+
+PACKAGE_VERSION=$(basename "$SOURCE_NUPKG" | rev | cut -d '.' -f 2-4 | rev)
+
+echo "version=$PACKAGE_VERSION" >> "$GITHUB_OUTPUT"
+
+tmp=$(mktemp)
+
+if ! dotnet nuget push "$SOURCE_NUPKG" --api-key "$NUGET_API_KEY" --source https://api.nuget.org/v3/index.json > "$tmp" ; then
+    cat "$tmp"
+    if grep 'already exists and cannot be modified' "$tmp" ; then
+        echo "result=skipped" >> "$GITHUB_OUTPUT"
+        exit 0
+    else
+        echo "Unexpected failure to upload"
+        exit 1
+    fi
+fi
+
+cat "$tmp"
+
+echo "result=published" >> "$GITHUB_OUTPUT"

WoofWare.NUnitTestRunner.Lib/DotnetRuntime.fs

@@ -7,11 +7,7 @@ open WoofWare.DotnetRuntimeLocator
 /// Functions for locating .NET runtimes.
 [<RequireQualifiedAccess>]
 module DotnetRuntime =
-    let private selectRuntime
-        (config : RuntimeOptions)
-        (f : DotnetEnvironmentInfo)
-        : Choice<DotnetEnvironmentFrameworkInfo, DotnetEnvironmentSdkInfo> option
-        =
+    let private selectRuntime (config : RuntimeOptions) (f : DotnetEnvironmentInfo) : DirectoryInfo list =
         let rollForward =
             match Environment.GetEnvironmentVariable "DOTNET_ROLL_FORWARD" with
             | null ->
@@ -20,6 +16,14 @@ module DotnetRuntime =
                 |> Option.defaultValue RollForward.Minor
             | s -> RollForward.Parse s
 
+        if
+            Option.isSome config.IncludedFramework
+            || Option.isSome config.IncludedFrameworks
+        then
+            // No need for a framework that's anywhere other than the given DLL.
+            []
+        else
+
         let desiredVersions =
             match config.Framework with
             | Some f -> [ Version f.Version, f.Name ]
@@ -66,15 +70,13 @@ module DotnetRuntime =
 
                     name, data.Installed
                 )
-                // TODO: how do we select between many available frameworks?
-                |> Seq.tryHead
+                |> Seq.toList
 
-            match available with
-            | Some (_, f) -> Some (Choice1Of2 f)
-            | None ->
-                // TODO: maybe we can ask the SDK. But we keep on trucking: maybe we're self-contained,
-                // and we'll actually find all the runtime next to the DLL.
-                None
+            // TODO: maybe we can ask the SDK if we don't have any runtimes.
+            // But we keep on trucking: maybe we're self-contained, and we'll actually find all the runtime next to the
+            // DLL.
+            available
+            |> List.map (fun (_name, runtime) -> DirectoryInfo $"%s{runtime.Path}/%s{runtime.Version}")
         | _ -> failwith "non-minor RollForward not supported yet; please shout if you want it"
 
     /// Given an executable DLL, locate the .NET runtime that can best run it.
@@ -96,9 +98,4 @@ module DotnetRuntime =
 
         let runtime = selectRuntime runtimeConfig availableRuntimes
 
-        match runtime with
-        | None ->
-            // Keep on trucking: let's be optimistic and hope that we're self-contained.
-            [ dll.Directory ]
-        | Some (Choice1Of2 runtime) -> [ dll.Directory ; DirectoryInfo $"%s{runtime.Path}/%s{runtime.Version}" ]
-        | Some (Choice2Of2 sdk) -> [ dll.Directory ; DirectoryInfo sdk.Path ]
+        dll.Directory :: runtime

WoofWare.NUnitTestRunner.Lib/Filter.fs

@@ -2,7 +2,7 @@ namespace WoofWare.NUnitTestRunner
 
 open System
 open System.IO
-open PrattParser
+open WoofWare.PrattParser
 
 // Documentation:
 // https://learn.microsoft.com/en-us/dotnet/core/testing/selective-unit-tests?pivots=mstest

WoofWare.NUnitTestRunner.Lib/RuntimeConfig.fs

@@ -16,6 +16,8 @@ type internal RuntimeOptions =
         Tfm : string
         Framework : FrameworkDescription option
         Frameworks : FrameworkDescription list option
+        IncludedFramework : FrameworkDescription option
+        IncludedFrameworks : FrameworkDescription list option
         RollForward : string option
     }
 

WoofWare.NUnitTestRunner.Lib/WoofWare.NUnitTestRunner.Lib.fsproj

@@ -14,7 +14,7 @@
       <PackageId>WoofWare.NUnitTestRunner.Lib</PackageId>
       <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
       <WarnOn>FS3559</WarnOn>
-      <WoofWareMyriadPluginVersion>2.1.44</WoofWareMyriadPluginVersion>
+      <WoofWareMyriadPluginVersion>2.1.45</WoofWareMyriadPluginVersion>
     </PropertyGroup>
 
     <ItemGroup>
@@ -44,10 +44,10 @@
       <EmbeddedResource Include="version.json" />
     </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="WoofWare.PrattParser" Version="0.1.2" />
+    <PackageReference Include="WoofWare.PrattParser" Version="0.2.1" />
     <PackageReference Update="FSharp.Core" Version="6.0.0" />
-    <PackageReference Include="WoofWare.DotnetRuntimeLocator" Version="0.1.4" />
-    <PackageReference Include="WoofWare.Myriad.Plugins.Attributes" Version="3.1.6" />
+    <PackageReference Include="WoofWare.DotnetRuntimeLocator" Version="0.1.9" />
+    <PackageReference Include="WoofWare.Myriad.Plugins.Attributes" Version="3.1.7" />
     <PackageReference Include="Myriad.SDK" Version="0.8.3" />
     <PackageReference Include="WoofWare.Myriad.Plugins" Version="$(WoofWareMyriadPluginVersion)" PrivateAssets="all" />
   </ItemGroup>

WoofWare.NUnitTestRunner/Program.fs

@@ -16,26 +16,97 @@ type SetBaseDir (testDll : FileInfo) =
         member _.Dispose () =
             AppContext.SetData ("APP_CONTEXT_BASE_DIRECTORY", oldBaseDir)
 
+[<RequireQualifiedAccess>]
+type LogLevel =
+    | Nothing
+    | Verbose
+
+[<AutoOpen>]
+module Patterns =
+    let (|Key|_|) (start : string) (s : string) : string option =
+        if s.StartsWith (start + "=", StringComparison.Ordinal) then
+            s.Substring (start.Length + 1) |> Some
+        else
+            None
+
+type Args =
+    {
+        Dll : FileInfo
+        Trx : FileInfo option
+        Filter : Filter option
+        Logging : LogLevel
+        LevelOfParallelism : int option
+        Timeout : TimeSpan option
+    }
+
+    static member Parse (args : string list) : Args =
+        match args with
+        | [] -> failwith "The first arg must be a positional arg, the DLL to test."
+        | dll :: args ->
+
+        let rec go
+            (trx : FileInfo option)
+            (filter : Filter option)
+            (logging : LogLevel option)
+            (par : int option)
+            (timeout : TimeSpan option)
+            (args : string list)
+            =
+            match args with
+            | [] ->
+                {
+                    Dll = FileInfo dll
+                    Trx = trx
+                    Filter = filter
+                    Logging = logging |> Option.defaultValue LogLevel.Nothing
+                    LevelOfParallelism = par
+                    Timeout = timeout
+                }
+            | Key "--filter" filterStr :: rest
+            | "--filter" :: filterStr :: rest ->
+                match filter with
+                | Some _ -> failwith "Two conflicting filters; you can only specify --filter once"
+                | None -> go trx (Some (Filter.parse filterStr)) logging par timeout rest
+            | Key "--trx" trxStr :: rest
+            | "--trx" :: trxStr :: rest ->
+                match trx with
+                | Some _ -> failwith "Two conflicting TRX outputs; you can only specify --trx once"
+                | None -> go (Some (FileInfo trxStr)) filter logging par timeout rest
+            | Key "--verbose" verboseStr :: rest
+            | "--verbose" :: verboseStr :: rest ->
+                match logging with
+                | Some _ -> failwith "Two conflicting --verbose outputs; you can only specify --verbose once"
+                | None ->
+                    let verbose =
+                        if Boolean.Parse verboseStr then
+                            LogLevel.Verbose
+                        else
+                            LogLevel.Nothing
+
+                    go trx filter (Some verbose) par timeout rest
+            | Key "--parallelism" parStr :: rest
+            | "--parallelism" :: parStr :: rest ->
+                match par with
+                | Some _ -> failwith "Two conflicting --parallelism outputs; you can only specify --parallelism once"
+                | None -> go trx filter logging (Some (Int32.Parse parStr)) timeout rest
+            | Key "--timeout-seconds" timeoutStr :: rest
+            | "--timeout-seconds" :: timeoutStr :: rest ->
+                match timeout with
+                | Some _ ->
+                    failwith "Two conflicting --timeout-seconds outputs; you can only specify --timeout-seconds once"
+                | None -> go trx filter logging par (Some (TimeSpan.FromSeconds (Int32.Parse timeoutStr |> float))) rest
+            | k :: _rest -> failwith $"Unrecognised arg %s{k}"
+
+        go None None None None None args
 
 module Program =
     let main argv =
         let startTime = DateTimeOffset.Now
 
-        let testDll, filter, trxPath =
-            match argv |> List.ofSeq with
-            | [ dll ] -> FileInfo dll, None, None
-            | [ dll ; "--trx" ; trxPath ] -> FileInfo dll, None, Some (FileInfo trxPath)
-            | [ dll ; "--filter" ; filter ] -> FileInfo dll, Some (Filter.parse filter), None
-            | [ dll ; "--trx" ; trxPath ; "--filter" ; filter ] ->
-                FileInfo dll, Some (Filter.parse filter), Some (FileInfo trxPath)
-            | [ dll ; "--filter" ; filter ; "--trx" ; trxPath ] ->
-                FileInfo dll, Some (Filter.parse filter), Some (FileInfo trxPath)
-            | _ ->
-                failwith
-                    "provide exactly one arg, a test DLL; then optionally `--filter <filter>` and/or `--trx <output-filename>`."
+        let args = argv |> List.ofArray |> Args.Parse
 
         let filter =
-            match filter with
+            match args.Filter with
             | Some filter -> Filter.shouldRun filter
             | None -> fun _ _ -> true
 
@@ -46,12 +117,20 @@ module Program =
 
         let progress = Progress.spectre stderr
 
-        use _ = new SetBaseDir (testDll)
+        let runtime = DotnetRuntime.locate args.Dll
+
+        match args.Logging with
+        | LogLevel.Nothing -> ()
+        | LogLevel.Verbose ->
+            for d in runtime do
+                stderr.WriteLine $".NET runtime directory: %s{d.FullName}"
+
+        use _ = new SetBaseDir (args.Dll)
 
         use contexts = TestContexts.Empty ()
 
-        let ctx = LoadContext (testDll, DotnetRuntime.locate testDll, contexts)
-        let assy = ctx.LoadFromAssemblyPath testDll.FullName
+        let ctx = LoadContext (args.Dll, runtime, contexts)
+        let assy = ctx.LoadFromAssemblyPath args.Dll.FullName
 
         let levelOfParallelism, par =
             ((None, None), assy.CustomAttributes)
@@ -92,6 +171,20 @@ module Program =
                 | _ -> levelPar, par
             )
 
+        let levelOfParallelism =
+            match args.LevelOfParallelism, levelOfParallelism with
+            | None, None -> None
+            | Some taken, Some ignored ->
+                match args.Logging with
+                | LogLevel.Nothing -> ()
+                | LogLevel.Verbose ->
+                    stderr.WriteLine
+                        $"Taking parallelism %i{taken} from command line, ignoring value %i{ignored} from assembly"
+
+                Some taken
+            | Some x, None
+            | None, Some x -> Some x
+
         let testFixtures = assy.ExportedTypes |> Seq.map TestFixture.parse |> Seq.toList
 
         use par = new ParallelQueue (levelOfParallelism, par)
@@ -103,7 +196,12 @@ module Program =
             |> List.map (TestFixture.run contexts par progress filter)
             |> Task.WhenAll
 
-        if not (results.Wait (TimeSpan.FromHours 2.0)) then
+        let timeout =
+            match args.Timeout with
+            | None -> TimeSpan.FromHours 2.0
+            | Some t -> t
+
+        if not (results.Wait timeout) then
             failwith "Tests failed to terminate within two hours"
 
         let results = results.Result |> Seq.concat |> List.ofSeq
@@ -336,7 +434,7 @@ module Program =
                 ResultsSummary = resultSummary
             }
 
-        match trxPath with
+        match args.Trx with
         | Some trxPath ->
             let contents = TrxReport.toXml report |> fun d -> d.OuterXml
             trxPath.Directory.Create ()

nix/deps.nix

@@ -248,22 +248,22 @@
   })
   (fetchNuGet {
     pname = "WoofWare.DotnetRuntimeLocator";
-    version = "0.1.4";
-    sha256 = "19pp4qlyf18g704ppbcsm1rhjqjpi84py18yljj9nx70331m8bpg";
+    version = "0.1.9";
+    sha256 = "14yc3ixcn58wy0v3pbj0hjfj4iv5k1ckig0dg1n7njx30510kzyj";
   })
   (fetchNuGet {
     pname = "WoofWare.Myriad.Plugins";
-    version = "2.1.44";
-    sha256 = "0rp9hpkah60gd9x0ba2izr9ff1g7yhzv5a4pkhi5fbrwf5rpqpwx";
+    version = "2.1.45";
+    sha256 = "1i9s9aq8dqnxyn01sa10dd24y9i7cgv2d0rshmrkvbvbjkcnz9vs";
   })
   (fetchNuGet {
     pname = "WoofWare.Myriad.Plugins.Attributes";
-    version = "3.1.6";
-    sha256 = "0786pr1p0nq0854mqi2cddmh185j3jihwn6azz9wiy6nxawjbrd2";
+    version = "3.1.7";
+    sha256 = "1v1wsrjh7qz2khrlbcysj50yydqc9njj09vs1jglwscjhml1wl1v";
   })
   (fetchNuGet {
     pname = "WoofWare.PrattParser";
-    version = "0.1.2";
-    sha256 = "0spypcwsbn805yrs6grjj68ccva902lhkq93mxy32rdply1xs34q";
+    version = "0.2.1";
+    sha256 = "1cb9496fbbrdc40dirjmc7ax02ghr27ahqq5hpk96rdzyaang9hg";
   })
 ]