Skip to content

vscode-extension-update: skip Marketplace validation-failed versions#522775

Merged
drupol merged 1 commit into
NixOS:masterfrom
cavebatsofware:vscode-extension-update-skip-failed-validation
May 22, 2026
Merged

vscode-extension-update: skip Marketplace validation-failed versions#522775
drupol merged 1 commit into
NixOS:masterfrom
cavebatsofware:vscode-extension-update-skip-failed-validation

Conversation

@cavebatsofware

@cavebatsofware cavebatsofware commented May 21, 2026

Copy link
Copy Markdown
Contributor

Description of changes

vscode_extension_update.py previously selected the newest extension version
satisfying targetPlatform, prerelease, and engine constraints, without
inspecting whether the Marketplace had validated it. Versions that fail
validation (for example virus scan failures) are hidden from the Marketplace
UI and should not be packaged.

This change adds a _version_passed_validation helper and filters such
entries in find_compatible_extension_version. When the Marketplace API
response sets validationResultMessage to a payload whose results contain
status: "failure", that version is skipped and the next compatible version
is considered.

Reproduced and verified against vscode-extensions.anthropic.claude-code,
where the API was returning a virus-scan-failed 2.1.146 entry while the
Marketplace UI still listed 2.1.145 as current. After the fix, the script
correctly falls back to 2.1.145.

Validation was manual: ran the updater against the affected extension and
confirmed it now selects 2.1.145, then ran nixos-rebuild switch against the
branch and built the resulting package successfully. No Nix files were
changed, and the updater has no test suite, so no automated tests apply.

Fixes #522773.
Relates to #482821.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
    • NixOS test(s) (look inside nixos/tests)
    • and/or package tests
    • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
    • made sure NixOS tests are linked to the relevant packages
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.11 Release Notes are up to date with package changes in this PR
  • Fits CONTRIBUTING.md

…ions

Adds a check to filter out extension versions that failed marketplace validation (e.g., virus scan failures). These invalid versions are hidden from the marketplace UI and lack VsixSignature assets, so selecting them could cause issues. The updater now logs debug information when skipping such versions for better traceability.
@drupol drupol added the 1.severity: security Issues which raise a security issue, or PRs that fix one label May 21, 2026
@nixpkgs-ci nixpkgs-ci Bot added 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux. 9.needs: reviewer This PR currently has no reviewers requested and needs attention. labels May 21, 2026

@drupol drupol left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool, thanks for that! I added the security label, hope it's OK.

@drupol

drupol commented May 21, 2026

Copy link
Copy Markdown
Contributor

nixpkgs-review result

Generated using nixpkgs-review-gha

Command: nixpkgs-review pr 522775
Commit: d373280bd0305e6ddb993c34c11e267df89718c2 (subsequent changes)
Merge: 93227a8485b1206d2de3bebb65dea5d0659eacd0

Logs: https://github.com/drupol/nixpkgs-review-gha/actions/runs/26250322151


x86_64-linux

✅ 1 package built:
  • vscode-extension-update

aarch64-linux

✅ 1 package built:
  • vscode-extension-update

x86_64-darwin (sandbox = relaxed)

✅ 1 package built:
  • vscode-extension-update

aarch64-darwin (sandbox = relaxed)

✅ 1 package built:
  • vscode-extension-update

@drupol drupol left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved automatically following the successful run of nixpkgs-review.

@cavebatsofware

cavebatsofware commented May 21, 2026

Copy link
Copy Markdown
Contributor Author

Cool, thanks for that!

@drupol
It should be noted that 2.1.146 (pkgs/application/editors/vscode/extensions/anthropic.claude-code/default.nix) is already merged for the vscode claude code extension. This is not yet a valid extension.

@nixpkgs-ci nixpkgs-ci Bot added 12.approvals: 1 This PR was reviewed and approved by one person. and removed 9.needs: reviewer This PR currently has no reviewers requested and needs attention. labels May 21, 2026
@drupol drupol added this pull request to the merge queue May 22, 2026
@drupol

drupol commented May 22, 2026

Copy link
Copy Markdown
Contributor

Should this be backported ? I haven't check whether this upgrade script is available in the current stable version.

Merged via the queue into NixOS:master with commit 42f2ea7 May 22, 2026
40 checks passed
@nixpkgs-ci

nixpkgs-ci Bot commented May 22, 2026

Copy link
Copy Markdown
Contributor

Successfully created backport PR for release-25.11:

@github-actions github-actions Bot added the 8.has: port to stable This PR already has a backport to the stable release. label May 22, 2026
@cavebatsofware cavebatsofware deleted the vscode-extension-update-skip-failed-validation branch May 22, 2026 21:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 8.has: port to stable This PR already has a backport to the stable release. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux. 12.approvals: 1 This PR was reviewed and approved by one person.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

vscode-extension-update: selects Marketplace versions that failed validation

2 participants