Fixed CI issue related to needs upgrade checks

Author: jschick04

src/EventLogExpert.EventDbTool/CreateDatabaseCommand.cs

@@ -6,6 +6,7 @@
 using EventLogExpert.Eventing.Providers;
 using Microsoft.Extensions.DependencyInjection;
 using System.CommandLine;
+using System.Text.RegularExpressions;
 
 namespace EventLogExpert.EventDbTool;
 
@@ -83,50 +84,120 @@ private void CreateDatabase(string path, string? source, string? filter, string?
             return;
         }
 
-        if (source is not null && !ProviderSource.TryValidate(source, Logger)) { return; }
+        if (!RegexHelper.TryCreate(filter, Logger, out var regex)) { return; }
 
-        HashSet<string> skipProviderNames = new(StringComparer.OrdinalIgnoreCase);
+        if (source is not null && !ProviderSource.TryValidate(source, Logger)) { return; }
 
-        if (!string.IsNullOrWhiteSpace(skipProvidersInFile))
+        try
         {
-            if (!ProviderSource.TryValidate(skipProvidersInFile, Logger)) { return; }
+            HashSet<string> skipProviderNames = new(StringComparer.OrdinalIgnoreCase);
 
-            foreach (var name in ProviderSource.LoadProviderNames(skipProvidersInFile, Logger))
+            if (!string.IsNullOrWhiteSpace(skipProvidersInFile))
             {
-                skipProviderNames.Add(name);
+                if (!ProviderSource.TryValidate(skipProvidersInFile, Logger)) { return; }
+
+                foreach (var name in ProviderSource.LoadProviderNames(skipProvidersInFile, Logger))
+                {
+                    skipProviderNames.Add(name);
+                }
+
+                Logger.Info($"Found {skipProviderNames.Count} providers in {skipProvidersInFile}. These will not be included in the new database.");
             }
 
-            Logger.Info($"Found {skipProviderNames.Count} providers in {skipProvidersInFile}. These will not be included in the new database.");
-        }
+            // Stream details directly into the DbContext. For .evtx sources, scanning the file
+            // is expensive, so we deliberately do NOT pre-scan provider names just to size the
+            // log header — that would cause a second full pass over the .evtx. Instead we
+            // buffer the first batch of resolved details, derive the header column width from
+            // those names, then log the header + buffered rows and continue streaming.
+            const int batchSize = 100;
+            var count = 0;
+            var headerLogged = false;
+            var pendingForHeader = new List<ProviderDetails>(batchSize);
+
+            // Defer creating the DbContext (and therefore the .db file on disk) until we have
+            // at least one provider to persist. This prevents leaving an empty database behind
+            // when no provider details could be resolved (e.g., .evtx without LocaleMetaData).
+            EventProviderDbContext? dbContext = null;
+
+            try
+            {
+                IEnumerable<ProviderDetails> providersToAdd = source is null
+                    ? LoadLocalProviders(regex, skipProviderNames)
+                    : ProviderSource.LoadProviders(source, Logger, regex, skipProviderNames);
+
+                foreach (var details in providersToAdd)
+                {
+                    if (!headerLogged)
+                    {
+                        pendingForHeader.Add(details);
+
+                        if (pendingForHeader.Count < batchSize) { continue; }
+
+                        FlushHeaderAndBuffer(ref dbContext, path, pendingForHeader, ref count);
+                        headerLogged = true;
+                        continue;
+                    }
+
+                    dbContext ??= new EventProviderDbContext(path, false, Logger);
+                    dbContext.ProviderDetails.Add(details);
+                    LogProviderDetails(details);
+                    count++;
+
+                    if (count % batchSize != 0) { continue; }
+                    dbContext.SaveChanges();
+                    dbContext.ChangeTracker.Clear();
+                }
+
+                // Flush any buffered providers when the stream ended before the buffer filled.
+                if (!headerLogged && pendingForHeader.Count > 0)
+                {
+                    FlushHeaderAndBuffer(ref dbContext, path, pendingForHeader, ref count);
+                }
 
-        IEnumerable<ProviderDetails> providersToAdd = source is null
-            ? LoadLocalProviders(filter, skipProviderNames)
-            : ProviderSource.LoadProviders(source, Logger, filter, skipProviderNames);
+                if (dbContext is null)
+                {
+                    Logger.Warn($"No provider details could be resolved from the source. Database was not created.");
 
-        var providersNotSkipped = providersToAdd.ToList();
+                    return;
+                }
 
-        if (providersNotSkipped.Count == 0)
+                Logger.Info($"");
+                Logger.Info($"Saving database. Please wait...");
+
+                dbContext.SaveChanges();
+
+                Logger.Info($"Done!");
+            }
+            finally
+            {
+                dbContext?.Dispose();
+            }
+        }
+        catch (RegexMatchTimeoutException)
         {
-            Logger.Warn($"No providers to add to the new database.");
-            return;
+            Logger.Error($"The --filter regex timed out. The pattern may cause catastrophic backtracking.");
         }
+    }
 
-        using var dbContext = new EventProviderDbContext(path, false, Logger);
+    private void FlushHeaderAndBuffer(
+        ref EventProviderDbContext? dbContext,
+        string path,
+        List<ProviderDetails> buffer,
+        ref int count)
+    {
+        LogProviderDetailHeader(buffer.Select(p => p.ProviderName));
 
-        LogProviderDetailHeader(providersNotSkipped.Select(p => p.ProviderName));
+        dbContext ??= new EventProviderDbContext(path, false, Logger);
 
-        foreach (var details in providersNotSkipped)
+        foreach (var details in buffer)
         {
             dbContext.ProviderDetails.Add(details);
             LogProviderDetails(details);
+            count++;
         }
 
-        Logger.Info($"");
-        Logger.Info($"Saving database. Please wait...");
-
         dbContext.SaveChanges();
-
-        Logger.Info($"Done!");
+        dbContext.ChangeTracker.Clear();
+        buffer.Clear();
     }
-
 }

src/EventLogExpert.EventDbTool/DbToolCommand.cs

@@ -14,21 +14,29 @@ public class DbToolCommand(ITraceLogger logger)
 
     protected ITraceLogger Logger => logger;
 
-    protected static List<string> GetLocalProviderNames(string? filter)
+    protected static List<string> GetLocalProviderNames(string? filter, ITraceLogger logger) =>
+        !RegexHelper.TryCreate(filter, logger, out var regex) ? [] : GetLocalProviderNames(regex);
+
+    protected static List<string> GetLocalProviderNames(Regex? regex)
     {
         var providers = new List<string>(EventLogSession.GlobalSession.GetProviderNames().Distinct().OrderBy(name => name));
 
-        if (string.IsNullOrEmpty(filter)) { return providers; }
+        return regex is null ? providers : providers.Where(p => regex.IsMatch(p)).ToList();
+    }
 
-        var regex = new Regex(filter, RegexOptions.IgnoreCase);
-        providers = providers.Where(p => regex.IsMatch(p)).ToList();
+    protected IEnumerable<ProviderDetails> LoadLocalProviders(string? filter, IReadOnlySet<string>? skipProviderNames = null)
+    {
+        if (!RegexHelper.TryCreate(filter, Logger, out var regex)) { yield break; }
 
-        return providers;
+        foreach (var details in LoadLocalProviders(regex, skipProviderNames))
+        {
+            yield return details;
+        }
     }
 
-    protected IEnumerable<ProviderDetails> LoadLocalProviders(string? filter, IReadOnlySet<string>? skipProviderNames = null)
+    protected IEnumerable<ProviderDetails> LoadLocalProviders(Regex? regex, IReadOnlySet<string>? skipProviderNames = null)
     {
-        foreach (var providerName in GetLocalProviderNames(filter))
+        foreach (var providerName in GetLocalProviderNames(regex))
         {
             // Skip BEFORE resolving so we don't pay the cost of loading metadata for providers we
             // are about to discard (e.g. when --skip-providers-in-file lists most local providers).

src/EventLogExpert.EventDbTool/DiffDatabaseCommand.cs

@@ -79,43 +79,58 @@ private void DiffDatabase(string firstSource, string secondSource, string newDb)
 
         var providersCopied = new List<ProviderDetails>();
 
-        using var newDbContext = new EventProviderDbContext(newDb, false, Logger);
+        // Pass firstProviderNames as the skip set so providers present in the first source are
+        // never resolved from the second source's metadata path. This is especially important when
+        // the second source is .evtx+MTA, where each provider triggers an expensive load.
+        Logger.Info($"Skipping up to {firstProviderNames.Count} provider name(s) from the second source that also appear in the first source.");
 
-        foreach (var details in ProviderSource.LoadProviders(secondSource, Logger))
+        // Defer creating the DbContext (and therefore the .db file on disk) until at least one
+        // provider is actually about to be persisted. This prevents leaving an empty database
+        // behind when the second source yields no new providers.
+        EventProviderDbContext? newDbContext = null;
+
+        try
         {
-            if (firstProviderNames.Contains(details.ProviderName))
+            foreach (var details in ProviderSource.LoadProviders(secondSource, Logger, filter: null, skipProviderNames: firstProviderNames))
             {
-                Logger.Info($"Skipping {details.ProviderName} because it is present in both sources.");
-                continue;
+                Logger.Info($"Copying {details.ProviderName} because it is present in second source but not first.");
+
+                newDbContext ??= new EventProviderDbContext(newDb, false, Logger);
+
+                newDbContext.ProviderDetails.Add(new ProviderDetails
+                {
+                    ProviderName = details.ProviderName,
+                    Events = details.Events,
+                    Parameters = details.Parameters,
+                    Keywords = details.Keywords,
+                    Messages = details.Messages,
+                    Opcodes = details.Opcodes,
+                    Tasks = details.Tasks
+                });
+
+                providersCopied.Add(details);
             }
 
-            Logger.Info($"Copying {details.ProviderName} because it is present in second source but not first.");
-
-            newDbContext.ProviderDetails.Add(new ProviderDetails
+            if (newDbContext is null)
             {
-                ProviderName = details.ProviderName,
-                Events = details.Events,
-                Parameters = details.Parameters,
-                Keywords = details.Keywords,
-                Messages = details.Messages,
-                Opcodes = details.Opcodes,
-                Tasks = details.Tasks
-            });
-
-            providersCopied.Add(details);
-        }
-
-        newDbContext.SaveChanges();
+                Logger.Warn($"No providers in the second source are missing from the first. Database was not created.");
+                return;
+            }
 
-        if (providersCopied.Count <= 0) { return; }
+            newDbContext.SaveChanges();
 
-        Logger.Info($"Providers copied to new database:");
-        Logger.Info($"");
-        LogProviderDetailHeader(providersCopied.Select(p => p.ProviderName));
+            Logger.Info($"Providers copied to new database:");
+            Logger.Info($"");
+            LogProviderDetailHeader(providersCopied.Select(p => p.ProviderName));
 
-        foreach (var provider in providersCopied)
+            foreach (var provider in providersCopied)
+            {
+                LogProviderDetails(provider);
+            }
+        }
+        finally
         {
-            LogProviderDetails(provider);
+            newDbContext?.Dispose();
         }
     }
 }