From ce9f376eb96fae0b68c3f33e7802773beca6a7d8 Mon Sep 17 00:00:00 2001
From: Ryan Ashcraft <ryan.ashcraft@codifyiq.com>
Date: Tue, 22 Aug 2023 09:35:25 -0400
Subject: [PATCH] #33 :alien: shim managed versioning support for older Poetry
 versions

---
 README.md                                     | 16 +++++++--
 .../habushu/InstallDependenciesMojo.java      | 33 ++++++++++++++++++-
 .../habushu/DependencyManagementSteps.java    |  6 ++++
 .../habushu/DependencyManagementTestMojo.java | 12 +++++++
 .../dependency-management.feature             | 22 ++++++++++---
 habushu-mixology/pyproject.toml               |  4 +--
 6 files changed, 83 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 8f83efa..c9a0460 100644
--- a/README.md
+++ b/README.md
@@ -446,6 +446,9 @@ Specifies whether the version of the encapsulated Poetry package should be autom
 
 If this property is set to `false`, none of the above automated version management operations will be performed.
 
+*CAVEAT:* If there is a ^ and/or Poetry version < 1.5.0, the substitution will be `-SNAPSHOT` to `.dev` only for backwards
+compatibility
+
 Default: `true`
 
 #### sourceDirectory ####
@@ -462,7 +465,12 @@ Default: `${project.basedir}/tests`
 
 #### managedDependencies ####
 
-Optional set of dependencies to manage across modules extending a parent pom. This allows packages to be managed to a specific version, which is often useful to ensure that information assurance patches, common versions, etc. are enforced across a series of modules. Can be used with the next several variables to control automatic update, logging, or failing the build when mismatches are found between the managed dependency operator/version and what is currently specified. Looks at dependencies in `[tool.poetry.dependencies]`, `[tool.poetry.dev-dependencies]`, and any `[tool.poetry.group.<subgroup>]` of your `pyproject.toml`.
+Optional set of dependencies to manage across modules extending a parent pom. This allows packages to be managed to a 
+specific version, which is often useful to ensure that information assurance patches, common versions, etc. are enforced
+across a series of modules. Can be used with the next several variables to control automatic update, logging, or failing
+the build when mismatches are found between the managed dependency operator/version and what is currently specified. 
+Looks at dependencies in `[tool.poetry.dependencies]`, `[tool.poetry.dev-dependencies]`, and any 
+`[tool.poetry.group.<subgroup>]` of your `pyproject.toml`.
 ```xml
 <plugin>
 	<groupId>org.technologybrewery.habushu</groupId>
@@ -473,7 +481,10 @@ Optional set of dependencies to manage across modules extending a parent pom. Th
 			<packageDefinition>
 				<packageName>black</packageName>
 				<operatorAndVersion>^23.3.0</operatorAndVersion>
-				<!-- active defaults to true, but can be used to overriden in child pom.xml files to remove or add managed dependencies at each level: -->
+				<!-- 
+				  Active defaults to true, but can be used to overriden in child pom.xml files to remove or add 
+				  managed dependencies at each level: 
+				  -->
 				<active>true</active>
 			</packageDefinition>
             <packageDefinition>
@@ -481,6 +492,7 @@ Optional set of dependencies to manage across modules extending a parent pom. Th
 				<!-- 
 				  Will follow rules in overridePackageVersion:compile to 
 				  update to a final version of 1.2.3.* to resolve 1.2.3.dev versions 
+				  UNLESS there is a ^ or Poetry version < 1.5.0
 				  -->
 				<operatorAndVersion>1.2.3-SNAPSHOT</operatorAndVersion>	              
 			</packageDefinition>
diff --git a/habushu-maven-plugin/src/main/java/org/technologybrewery/habushu/InstallDependenciesMojo.java b/habushu-maven-plugin/src/main/java/org/technologybrewery/habushu/InstallDependenciesMojo.java
index c015f39..aa3c75a 100644
--- a/habushu-maven-plugin/src/main/java/org/technologybrewery/habushu/InstallDependenciesMojo.java
+++ b/habushu-maven-plugin/src/main/java/org/technologybrewery/habushu/InstallDependenciesMojo.java
@@ -3,9 +3,11 @@
 import com.electronwill.nightconfig.core.CommentedConfig;
 import com.electronwill.nightconfig.core.Config;
 import com.electronwill.nightconfig.core.file.FileConfig;
+import com.vdurmont.semver4j.Semver;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.collections4.MapUtils;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.tuple.Pair;
 import org.apache.http.client.utils.URIBuilder;
 import org.apache.maven.plugin.MojoExecutionException;
 import org.apache.maven.plugin.MojoFailureException;
@@ -303,7 +305,16 @@ private void performComparisonAndStageNeededChanges(Map<String, TomlReplacementT
         String packageName = def.getPackageName();
 
         if (overridePackageVersion && updatedOperatorAndVersion.contains(SNAPSHOT)) {
-            updatedOperatorAndVersion = replaceSnapshotWithWildcard(updatedOperatorAndVersion);
+            //NB: remove this once #27 is committed; in the meantime, this allows older versions to still work as they
+            //    did in Habushu 2.5.0 and earlier:
+            Semver version = getPoetryVersion();
+
+            if (version.isGreaterThanOrEqualTo("1.5.0") && !updatedOperatorAndVersion.contains("^")) {
+                updatedOperatorAndVersion = replaceSnapshotWithWildcard(updatedOperatorAndVersion);
+            } else {
+                updatedOperatorAndVersion = replaceSnapshotWithDev(updatedOperatorAndVersion);
+            }
+
         }
 
         boolean mismatch = !originalOperatorAndVersion.equals(updatedOperatorAndVersion);
@@ -319,6 +330,13 @@ private void performComparisonAndStageNeededChanges(Map<String, TomlReplacementT
         }
     }
 
+    protected Semver getPoetryVersion() {
+        PoetryCommandHelper poetryHelper = createPoetryCommandHelper();
+        Pair<Boolean, String> poetryStatus = poetryHelper.getIsPoetryInstalledAndVersion();
+        String versionAsString = poetryStatus.getRight();
+        return new Semver(versionAsString);
+    }
+
     private void logPackageMismatch(String packageName, String originalOperatorAndVersion, String updatedOperatorAndVersion) {
         getLog().warn(String.format("Package %s is not up to date with common project package definition guidance! "
                 + "Currently %s, but should be %s!", packageName, originalOperatorAndVersion, updatedOperatorAndVersion));
@@ -485,6 +503,19 @@ protected static String replaceSnapshotWithWildcard(String pomVersion) {
         return pomVersion.substring(0, pomVersion.indexOf(SNAPSHOT)) + ".*";
     }
 
+    /**
+     * This method should only be used to help shim Poetry < 1.5.0 versioning practices until Habushu updates to force
+     * a minimum version of 1.5.0.
+     *
+     * @param pomVersion version to update
+     * @return updated version
+     * @deprecated shim use only, then use replaceSnapshotWithWildcard(String pomVersion) instead!
+     */
+    @Deprecated
+    protected static String replaceSnapshotWithDev(String pomVersion) {
+        return pomVersion.substring(0, pomVersion.indexOf(SNAPSHOT)) + ".dev";
+    }
+
     private class TomlReplacementTuple {
         private String packageName;
 
diff --git a/habushu-maven-plugin/src/test/java/org/technologybrewery/habushu/DependencyManagementSteps.java b/habushu-maven-plugin/src/test/java/org/technologybrewery/habushu/DependencyManagementSteps.java
index e128649..2d2d78e 100644
--- a/habushu-maven-plugin/src/test/java/org/technologybrewery/habushu/DependencyManagementSteps.java
+++ b/habushu-maven-plugin/src/test/java/org/technologybrewery/habushu/DependencyManagementSteps.java
@@ -55,6 +55,12 @@ public void a_habushu_configuration_with_a_managed_dependency_of_and(String pack
         createMojoWithManagedDependency(packageName, operatorAndVersion, true);
     }
 
+    @Given("a Habushu configuration with a managed dependency of {string} and {string} and {string}")
+    public void a_habushu_configuration_with_a_managed_dependency_of_and_and(String packageName, String operatorAndVersion, String poetryVersion) {
+        createMojoWithManagedDependency(packageName, operatorAndVersion, true);
+        mojo.setPoetryVersion(poetryVersion);
+    }
+
     @Given("a Habushu configuration with an inactive managed dependency of {string} and {string}")
     public void a_habushu_configuration_with_an_inactive_managed_dependency_of_and(String packageName, String operatorAndVersion) {
         createMojoWithManagedDependency(packageName, operatorAndVersion, false);
diff --git a/habushu-maven-plugin/src/test/java/org/technologybrewery/habushu/DependencyManagementTestMojo.java b/habushu-maven-plugin/src/test/java/org/technologybrewery/habushu/DependencyManagementTestMojo.java
index 604b4a3..fc3a905 100644
--- a/habushu-maven-plugin/src/test/java/org/technologybrewery/habushu/DependencyManagementTestMojo.java
+++ b/habushu-maven-plugin/src/test/java/org/technologybrewery/habushu/DependencyManagementTestMojo.java
@@ -1,5 +1,7 @@
 package org.technologybrewery.habushu;
 
+import com.vdurmont.semver4j.Semver;
+
 import java.io.File;
 import java.util.List;
 
@@ -10,6 +12,8 @@ public class DependencyManagementTestMojo extends InstallDependenciesMojo {
 
     private File pyProjectTomlFile;
 
+    private Semver poetryVersion;
+
     public DependencyManagementTestMojo(File pyProjectTomlFile) {
         this.pyProjectTomlFile = pyProjectTomlFile;
 
@@ -33,4 +37,12 @@ void setFailOnManagedDependenciesMismatches(boolean shouldFail) {
     protected File getPoetryPyProjectTomlFile() {
         return pyProjectTomlFile;
     }
+
+    protected void setPoetryVersion(String version) {
+        this.poetryVersion = new Semver(version);
+    }
+
+    protected Semver getPoetryVersion() {
+        return poetryVersion != null ? poetryVersion : new Semver("1.5.0");
+    }
 }
diff --git a/habushu-maven-plugin/src/test/resources/specifications/dependency-management.feature b/habushu-maven-plugin/src/test/resources/specifications/dependency-management.feature
index 037c706..4f6ed51 100644
--- a/habushu-maven-plugin/src/test/resources/specifications/dependency-management.feature
+++ b/habushu-maven-plugin/src/test/resources/specifications/dependency-management.feature
@@ -64,15 +64,27 @@ Feature: Test dependency management capabilities to help align package versions
       | black      | ^23.3.0            |
       | packageFoo | ^1.1.0             |
 
-  Scenario: SNAPSHOT managed dependencies get corrected to dev dependencies by default (overridePackageVersion is true)
-    Given a Habushu configuration with a managed dependency of "<package>" and "<operatorAndVersion>"
+  Scenario: SNAPSHOT managed dependencies get corrected to dev dependencies by default with Poetry version 1.5.0 + (overridePackageVersion is true)
+    Given a Habushu configuration with a managed dependency of "<package>" and "<operatorAndVersion>" and "<poetryVersion>"
+    When Habushu executes
+    Then the pyproject.toml file is updated to contain "<package>" and "<updatedOperatorAndVersion>"
+
+    Examples:
+      | package   | operatorAndVersion | updatedOperatorAndVersion | poetryVersion |
+      | package-a | 1.1.0-SNAPSHOT     | 1.1.0.*                   | 1.5.0         |
+      | package-b | 2-SNAPSHOT         | 2.*                       | 1.6.0         |
+
+  Scenario: SHIM - SNAPSHOT managed dependencies get corrected to ^ dev dependencies with any Poetry version and a ^ in the version (overridePackageVersion is true)
+    Given a Habushu configuration with a managed dependency of "<package>" and "<operatorAndVersion>" and "<poetryVersion>"
     When Habushu executes
     Then the pyproject.toml file is updated to contain "<package>" and "<updatedOperatorAndVersion>"
 
     Examples:
-      | package   | operatorAndVersion | updatedOperatorAndVersion |
-      | package-a | 1.1.0-SNAPSHOT     | 1.1.0.*                   |
-      | package-b | 2-SNAPSHOT         | 2.*                       |
+      | package   | operatorAndVersion | updatedOperatorAndVersion | poetryVersion |
+      | package-a | ^1.1.0-SNAPSHOT    | ^1.1.0.dev                | 1.5.0         |
+      | package-b | ^2-SNAPSHOT        | ^2.dev                    | 1.6.0         |
+      | package-a | ^3.3.0-SNAPSHOT    | ^3.3.0.dev                | 1.2.2         |
+      | package-b | ^4-SNAPSHOT        | ^4.dev                    | 1.3.0         |
 
   Scenario: SNAPSHOT managed dependencies do NOT get corrected to dev dependencies when overridePackageVersion is false
     Given a Habushu configuration with a managed dependency of "<package>" and "<operatorAndVersion>"
diff --git a/habushu-mixology/pyproject.toml b/habushu-mixology/pyproject.toml
index 6e7580e..486615a 100644
--- a/habushu-mixology/pyproject.toml
+++ b/habushu-mixology/pyproject.toml
@@ -7,8 +7,8 @@ license = "MIT License"
 
 [tool.poetry.dependencies]
 python = "^3.9"
-krausening = "16"
-cryptography = "^39.0.1"
+krausening = "17"
+cryptography = "^41.0.3"
 uvicorn = {version = "^0.18.0", extras = ["standard"]}
 
 [tool.poetry.dev-dependencies]