Commands crash when using "branch" attributes in package dependencies

[packocz]

Describe the bug
I have 2 packages - base and feature. Feature has defined dependency on Base. If I specify a "branch" attribute in Feature's dependency to Base scripts crash with this error:

Specified branch: feature-validation for dependency: VersionsBase
Error: Unable to execute command .. TypeError: Cannot read properties of null (reading 'MajorVersion')

experienced with Validate and Prepare CI pool.

The error happens when the dependency (on another package in the sfdx-project.json) has the branch attribute. The presence of branch attribute on either of the package definitions does not matter.

To Reproduce
Steps to reproduce the behavior:

• create project with 2 packages

{
	"packageDirectories": [
		{
			"path": "src-tmp",
			"default": true
		},
		{
			"path": "src/base",
			"default": false,
			"package": "VersionsBase",
			"versionName": "ver 0.3",
			"versionNumber": "0.3.0.NEXT",
			"branch": "feature-validation",
			"versionDescription": "Package Versioning demo, base package. Top level dependency",
			"definitionFile": "config/project-scratch-def.json"
		},
		{
			"path": "src/feature-1",
			"default": false,
			"package": "VersionsFeature1",
			"versionName": "ver 0.3",
			"versionNumber": "0.3.0.NEXT",
			"branch": "feature-validation",
			"versionDescription": "Package Versioning demo, feature package. Depends on Base",
			"definitionFile": "config/project-scratch-def.json",
			"dependencies": [
				{
					"package": "VersionsBase",
					"versionNumber": "0.3.0.LATEST",
					"branch": "feature-validation"
				}
			]
		}
	],
	"name": "PackageVersions",
	"namespace": "",
	"sfdcLoginUrl": "https://login.salesforce.com",
	"sourceApiVersion": "59.0",
	"packageAliases": {
		"VersionsBase": "0Ho08000000PAvWCAW",
		"VersionsFeature1": "0Ho08000000PAvbCAG"
	}
}

• run sfp orchestrator:prepare -f config/pool-def.json -v devhub or sfp orchestrator:validate --pools ci --targetdevhubusername devhub --disableartifactupdate --disablesourcepkgoverride

Expected behavior
Pool gets created or packages validated

Screenshots

Platform Details (please complete the following information):

• OS: Mac OS and GitHub Action on 'ubuntu-latest'
• Version: @dxatscale/sfpowerscripts/25.5.3 darwin-x64 node-v18.17.1
• Salesforce CLI(sfdx cli) Version: @salesforce/cli/2.3.8 darwin-x64 node-v18.15.0
• CI Platform: GitHub, local MacOs

Additional context
Originally run into this with the validation of packages. On a feature branch I add the branch attribute to all packages so that any versions created are not increasing the build numbers on main. I do use a namespace, but this does not seem to be affecting the situation at all.
Repo where I test:
Simplified PR with minimal steps to reproduce - https://github.com/packocz/PackageVersions/pull/2/checks

[packocz]

I tried my best to debug this issue. I found the problem to be inside PackageDependencyResolver since this PR. Though to be honest I don't think before that PR my specific scenario would have been supported anyway.

At line 65 function is called to get a current version based on a branch, however, since PackageDependencyResolver is called from ExternalPackage2DependencyResolver which always sets the flag resolveExternalDepenciesOnly to true the result is always null. Which causes the crash on line 66 - not null-safe logging statement.

I am not sure if skipping the rest of the if would be appropriate relying the ending of the block for each package inside resolvePackageDependencyVersions. I'm not sure what it's doing.

if (package2VersionForDependency == null) {
  packageDirectory.dependencies.splice(i, 1);
  i--;
} else
  dependency.versionNumber = `${package2VersionForDependency.MajorVersion}.${package2VersionForDependency.MinorVersion}.${package2VersionForDependency.PatchVersion}.${package2VersionForDependency.BuildNumber}`;
}

When I tried to manually hard-code the resolveExternalDepenciesOnly flag inside PackageDependencyResolver to true, whole validation process ran ok. The only strange thing is that the installed dependency was printed out as an external dependency, even though the package is inside the same project.

Resolved external package dependencies:

Order Package Version Subscriber Version Id
0 [email protected] N/A 04t08000000UJfoAAG