From c85c52d4cecc7e63f2cc29190e45f3e1193f6a2d Mon Sep 17 00:00:00 2001
From: konsti <konstin@mailbox.org>
Date: Thu, 11 Apr 2024 10:35:22 +0200
Subject: [PATCH] Unify packse find links urls (#2969)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The sync scenarios script is broken, so i did the updates manually

```
$ ./scripts/sync_scenarios.sh
Setting up a temporary environment...
Using Python 3.12.1 interpreter at: /home/konsti/projects/uv/.venv/bin/python3
Creating virtualenv at: .venv
Activate with: source .venv/bin/activate
  × No solution found when resolving dependencies:
  ╰─▶ Because docutils==0.21.post1 is unusable because the package metadata was inconsistent and you require docutils==0.21.post1, we can conclude that the requirements are unsatisfiable.

      hint: Metadata for docutils==0.21.post1 was inconsistent:
        Package metadata version `0.21` does not match given version `0.21.post1`
```

---------

Co-authored-by: Zanie Blue <contact@zanie.dev>
---
 crates/uv-git/src/source.rs              |  2 +-
 crates/uv/tests/common/mod.rs            |  5 +++++
 crates/uv/tests/pip_compile_scenarios.rs |  6 +++---
 crates/uv/tests/pip_install.rs           | 18 +++++++++---------
 crates/uv/tests/pip_install_scenarios.rs |  6 +++---
 scripts/scenarios/generate.py            |  5 ++---
 scripts/scenarios/requirements.txt       |  2 +-
 7 files changed, 24 insertions(+), 20 deletions(-)

diff --git a/crates/uv-git/src/source.rs b/crates/uv-git/src/source.rs
index f1061331a..64483d038 100644
--- a/crates/uv-git/src/source.rs
+++ b/crates/uv-git/src/source.rs
@@ -49,7 +49,7 @@ impl GitSource {
     }
 
     /// Fetch the underlying Git repository at the given revision.
-    #[instrument(skip(self))]
+    #[instrument(skip(self), fields(repository = %self.git.repository, rev = ?self.git.precise))]
     pub fn fetch(self) -> Result<Fetch> {
         // The path to the repo, within the Git database.
         let ident = digest(&RepositoryUrl::new(&self.git.repository));
diff --git a/crates/uv/tests/common/mod.rs b/crates/uv/tests/common/mod.rs
index 2b77cc9c5..2c85e3e7f 100644
--- a/crates/uv/tests/common/mod.rs
+++ b/crates/uv/tests/common/mod.rs
@@ -22,6 +22,11 @@ use uv_toolchain::{toolchains_for_version, PythonVersion};
 // Exclude any packages uploaded after this date.
 pub static EXCLUDE_NEWER: &str = "2024-03-25T00:00:00Z";
 
+/// Using a find links url allows using `--index-url` instead of `--extra-index-url` in tests
+/// to prevent dependency confusion attacks against our test suite.
+pub const BUILD_VENDOR_LINKS_URL: &str =
+    "https://raw.githubusercontent.com/astral-sh/packse/0.3.14/vendor/links.html";
+
 #[doc(hidden)] // Macro and test context only, don't use directly.
 pub const INSTA_FILTERS: &[(&str, &str)] = &[
     (r"--cache-dir [^\s]+", "--cache-dir [CACHE_DIR]"),
diff --git a/crates/uv/tests/pip_compile_scenarios.rs b/crates/uv/tests/pip_compile_scenarios.rs
index 780c5fd6d..c5a920a12 100644
--- a/crates/uv/tests/pip_compile_scenarios.rs
+++ b/crates/uv/tests/pip_compile_scenarios.rs
@@ -1,7 +1,7 @@
 //! DO NOT EDIT
 //!
 //! Generated with `./scripts/sync_scenarios.sh`
-//! Scenarios from <https://github.com/zanieb/packse/tree/0.3.13/scenarios>
+//! Scenarios from <https://github.com/astral-sh/packse/tree/0.3.14/scenarios>
 //!
 #![cfg(all(feature = "python", feature = "pypi", unix))]
 
@@ -27,9 +27,9 @@ fn command(context: &TestContext, python_versions: &[&str]) -> Command {
         .arg("compile")
         .arg("requirements.in")
         .arg("--index-url")
-        .arg("https://astral-sh.github.io/packse/0.3.13/simple-html/")
+        .arg("https://astral-sh.github.io/packse/0.3.14/simple-html/")
         .arg("--find-links")
-        .arg("https://raw.githubusercontent.com/zanieb/packse/0.3.13/vendor/links.html")
+        .arg("https://raw.githubusercontent.com/astral-sh/packse/0.3.14/vendor/links.html")
         .arg("--cache-dir")
         .arg(context.cache_dir.path())
         .env("VIRTUAL_ENV", context.venv.as_os_str())
diff --git a/crates/uv/tests/pip_install.rs b/crates/uv/tests/pip_install.rs
index 055d84f36..0832912a3 100644
--- a/crates/uv/tests/pip_install.rs
+++ b/crates/uv/tests/pip_install.rs
@@ -1,5 +1,7 @@
 #![cfg(all(feature = "python", feature = "pypi"))]
 
+use std::process::Command;
+
 use anyhow::Result;
 use assert_cmd::prelude::*;
 use assert_fs::prelude::*;
@@ -7,12 +9,10 @@ use base64::{prelude::BASE64_STANDARD as base64, Engine};
 use indoc::indoc;
 use itertools::Itertools;
 
-use std::process::Command;
-
 use common::{uv_snapshot, TestContext};
 use uv_fs::Simplified;
 
-use crate::common::get_bin;
+use crate::common::{get_bin, BUILD_VENDOR_LINKS_URL};
 
 mod common;
 
@@ -3150,7 +3150,7 @@ fn already_installed_dependent_editable() {
         // Disable the index to guard this test against dependency confusion attacks
         .arg("--no-index")
         .arg("--find-links")
-        .arg("https://raw.githubusercontent.com/astral-sh/packse/0.3.12/vendor/links.html"), @r###"
+        .arg(BUILD_VENDOR_LINKS_URL), @r###"
     success: true
     exit_code: 0
     ----- stdout -----
@@ -3185,7 +3185,7 @@ fn already_installed_dependent_editable() {
         // Disable the index to guard this test against dependency confusion attacks
         .arg("--no-index")
         .arg("--find-links")
-        .arg("https://raw.githubusercontent.com/astral-sh/packse/0.3.12/vendor/links.html"), @r###"
+        .arg(BUILD_VENDOR_LINKS_URL), @r###"
     success: false
     exit_code: 1
     ----- stdout -----
@@ -3246,7 +3246,7 @@ fn already_installed_local_path_dependent() {
         // Disable the index to guard this test against dependency confusion attacks
         .arg("--no-index")
         .arg("--find-links")
-        .arg("https://raw.githubusercontent.com/astral-sh/packse/0.3.12/vendor/links.html"), @r###"
+        .arg(BUILD_VENDOR_LINKS_URL), @r###"
     success: true
     exit_code: 0
     ----- stdout -----
@@ -3281,7 +3281,7 @@ fn already_installed_local_path_dependent() {
         // Disable the index to guard this test against dependency confusion attacks
         .arg("--no-index")
         .arg("--find-links")
-        .arg("https://raw.githubusercontent.com/astral-sh/packse/0.3.12/vendor/links.html"), @r###"
+        .arg(BUILD_VENDOR_LINKS_URL), @r###"
     success: false
     exit_code: 1
     ----- stdout -----
@@ -3321,7 +3321,7 @@ fn already_installed_local_path_dependent() {
         // Disable the index to guard this test against dependency confusion attacks
         .arg("--no-index")
         .arg("--find-links")
-        .arg("https://raw.githubusercontent.com/astral-sh/packse/0.3.12/vendor/links.html"), @r###"
+        .arg(BUILD_VENDOR_LINKS_URL), @r###"
     success: false
     exit_code: 1
     ----- stdout -----
@@ -3343,7 +3343,7 @@ fn already_installed_local_path_dependent() {
         // Disable the index to guard this test against dependency confusion attacks
         .arg("--no-index")
         .arg("--find-links")
-        .arg("https://raw.githubusercontent.com/astral-sh/packse/0.3.12/vendor/links.html"), @r###"
+        .arg(BUILD_VENDOR_LINKS_URL), @r###"
     success: true
     exit_code: 0
     ----- stdout -----
diff --git a/crates/uv/tests/pip_install_scenarios.rs b/crates/uv/tests/pip_install_scenarios.rs
index 001cba3c1..43c399e1b 100644
--- a/crates/uv/tests/pip_install_scenarios.rs
+++ b/crates/uv/tests/pip_install_scenarios.rs
@@ -1,7 +1,7 @@
 //! DO NOT EDIT
 //!
 //! Generated with `./scripts/sync_scenarios.sh`
-//! Scenarios from <https://github.com/zanieb/packse/tree/0.3.13/scenarios>
+//! Scenarios from <https://github.com/astral-sh/packse/tree/0.3.14/scenarios>
 //!
 #![cfg(all(feature = "python", feature = "pypi", unix))]
 
@@ -46,9 +46,9 @@ fn command(context: &TestContext) -> Command {
         .arg("pip")
         .arg("install")
         .arg("--index-url")
-        .arg("https://astral-sh.github.io/packse/0.3.13/simple-html/")
+        .arg("https://astral-sh.github.io/packse/0.3.14/simple-html/")
         .arg("--find-links")
-        .arg("https://raw.githubusercontent.com/zanieb/packse/0.3.13/vendor/links.html")
+        .arg("https://raw.githubusercontent.com/astral-sh/packse/0.3.14/vendor/links.html")
         .arg("--cache-dir")
         .arg(context.cache_dir.path())
         .env("VIRTUAL_ENV", context.venv.as_os_str())
diff --git a/scripts/scenarios/generate.py b/scripts/scenarios/generate.py
index 207ba3379..f5a60998e 100755
--- a/scripts/scenarios/generate.py
+++ b/scripts/scenarios/generate.py
@@ -65,7 +65,6 @@ except ImportError:
     )
     exit(1)
 
-
 try:
     import chevron_blue
 except ImportError:
@@ -175,11 +174,11 @@ def main(scenarios: list[Path], snapshot_update: bool = True):
 
         # Add generated metadata
         data["generated_from"] = (
-            f"https://github.com/zanieb/packse/tree/{ref}/scenarios"
+            f"https://github.com/astral-sh/packse/tree/{ref}/scenarios"
         )
         data["generated_with"] = "./scripts/sync_scenarios.sh"
         data["vendor_links"] = (
-            f"https://raw.githubusercontent.com/zanieb/packse/{ref}/vendor/links.html"
+            f"https://raw.githubusercontent.com/astral-sh/packse/{ref}/vendor/links.html"
         )
 
         data["index_url"] = f"https://astral-sh.github.io/packse/{ref}/simple-html/"
diff --git a/scripts/scenarios/requirements.txt b/scripts/scenarios/requirements.txt
index 7a4cc2244..1d7df3023 100644
--- a/scripts/scenarios/requirements.txt
+++ b/scripts/scenarios/requirements.txt
@@ -36,7 +36,7 @@ nh3==0.2.17
     # via readme-renderer
 packaging==24.0
     # via hatchling
-packse==0.3.13
+packse==0.3.14
 pathspec==0.12.1
     # via hatchling
 pkginfo==1.10.0