Source resilience

[JohnMcPMS]

Fixes #1349, #1437 (although #1437 seems to have been re-opened more as a "the store is down" than "the client doesn't handle that well").

Change

Improves handling of errors from one source when multiple are configured by capturing the errors and including them as part of the source open and search results. Some commands will continue to fail if one of the sources has an error to prevent said error from affecting a change to the system. The commands that still fail are install, import, and upgrade --all|<specific> and they now indicate which source failed.

Examples of new behavior:

> wingetdev search terminal
Failed when searching source; results will not be included: msstore
Name                          Id                               Version     Match             Source
---------------------------------------------------------------------------------------------------
Windows Terminal              Microsoft.WindowsTerminal        1.10.2383.0 Moniker: terminal winget
...

> wingetdev install terminal
Failed when searching source: msstore
An unexpected error occurred while executing the command:
WinHttpSendRequest: 12007: The server name or address could not be resolved

The following packages were found among the working sources.
Please specify one of them using the `--source` option to proceed.
Name             Id                        Source
-------------------------------------------------
Windows Terminal Microsoft.WindowsTerminal winget

This change also replaces the experimental msstore source with the more official but still green msstore source (previously called storepreview). This source is now capable of providing basic search functionality against the entire Store catalog. It does not provide any correlation for installed packages however. In addition, the store source is being moved out of experimental.

Validation

Added test source type that can be configured to fail in specific ways to enable easier validation of changes.
Unit tests added to ensure proper error handling.
E2E test added using test source type.

Microsoft Reviewers: Open in CodeFlow

[jedieaston]

It seems to me, as a user, winget install should still work without adding a source argument even if one of the sources is down. If I understand the PR description correctly, if I do winget install terminal, and the Microsoft Store is down (as an example), it doesn't matter if there's a great version of Windows Terminal available from the default repo, I just get an error message saying that the msstore is down, which I then use as a hint to start doing winget search so I can find a repo that is up and has it.

I would think the expected behavior (coming from other package managers), would be that winget still installs whatever the closest thing it can find from available sources, since I presumably trust all of the sources I've added equally (or else I wouldn't have them).

If that's too unsafe, then maybe a hint under the error would be nice, like:

> wingetdev install terminal
Failed to open a source; try the 'source reset' command if the problem persists: msstore
An unexpected error occurred while executing the command:
WinHttpSendRequest: 12007: The server name or address could not be resolved

Note: A match was found in the "winget" source. To install it, run winget install terminal --source winget.
(or, if multiple sources have a match, it shows the table)

which would save the trouble of me having to search for someone with the package myself, since presumably winget install already knows everyone who should have it.

[denelon]

@JohnMcPMS what do you think about the suggestion from @jedieaston?

[JohnMcPMS]

If that's too unsafe

I don't think of it as a security issue, but rather a conservative take that we can't know what the user intent was. So if there is a terminal in multiple sources, but one of those is down, how are we to know that the user didn't actually want the unavailable one? Rather than performing a change to the system, I would rather fail "closed" for now. We can consider changes to that based on broad feedback when it is in everyone's hands.

maybe a hint under the error would be nice

This is a good idea and I will add it.

[JohnMcPMS]

This is a good idea and I will add it.

Ok, it is going to require a bit more work than I expected, but I think it will end up being a better experience overall anyway.

[JohnMcPMS]

@jedieaston , I updated the PR description with the behavior of showing the search results from the not failing sources.

[jedieaston]

That looks awesome! Thanks!

[yao-msft]

    }

nit, unrelated: Dependencies is missing

---

Refers to: schemas/JSON/settings/settings.schema.0.2.json:121 in c360e5d. [](commit_id = c360e5d, deletion_comment = False)

[yao-msft]

            Workflow::SearchSourceUsingManifest <<

I think this also performs a search against the sources, this is also used in upgrade command

but maybe it's ok we do not perform sophisticated handling for -m cases

---

Refers to: src/AppInstallerCLICore/Commands/UninstallCommand.cpp:119 in c360e5d. [](commit_id = c360e5d, deletion_comment = False)

[yao-msft]

DoNotCorrelateAgainst

SupportsCorrelation?

[yao-msft]

HandleSearchResultFailures

This is called after every SearchSourceForMany or SearchSourceForSingle, shall we consolidate them inside?

[JohnMcPMS]

I had considered that, but I'm not sure. I think that there is probably a case to be made to have an uber search task (or two) that takes a few well defined behavior flags and roll search + handle failure + ensure* since they are very much linked.

But given our timeframe I'm going to put that on the debt rather than change it here.

[yao-msft]

Just take first failure for now

Should we have a new hr for this instead of taking the first one?

[JohnMcPMS]

I don't want to create a new failure bucket that is "multiple failures" yet.

[yao-msft]

"/execustom"

not needed, we expect the installed file does not exist

[yao-msft]

WingetDisableTestHooks

Is this turned on in our official AppInstaller release build?

[JohnMcPMS]

It will be after this is pulled in.

[yao-msft]

availableResult.Failures

I think this is from a single source(not composite), curious in what scenario will this have Failures entries?

[yao-msft]

Ah, I saw this carries the OpenSource failure. Any reason not adding these failures to OpenSourceResult and handle there?

[JohnMcPMS]

I had originally done that, but this pattern made it cleaner to show the suggestions on a failed install command.

[yao-msft]

std::move

Should this use AddFailureIfSourceNotPresent to check duplicates?

[JohnMcPMS]

Probably, although I put that in mostly as a guard against unbounded correlation failures.

[yao-msft]

openExceptionProxies.emplace_back(std::make_shared(source, std::current_exception()));

nit: I think we can just directly add the proxy to the aggregatedSource directly here instead of saving to a list and add all later? #ByDesign

[yao-msft]

never mind, there's a none available check below

[yao-msft]

""

I may be missing something but why double quotes for json key and value here, I thought it's regular json

[JohnMcPMS]

The double double-quotes are to convince cmd to actually pass in a single double-quote to the process.

[yao-msft]

HasAvailableSource

nit: there is GetAvailableSources().empty()

[JohnMcPMS]

It returns a copy of the vector and I didn't need that.

[yao-msft]

[yao-msft]

true

should be false here

revoking review