use MSBuild binlog to report dependencies #10597
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
brettfo
force-pushed
the
dev/brettfo/nuget-report-dependencies
branch
2 times, most recently
from
1edef09
to
eaa3f30
Compare
brettfo
commented
Sep 16, 2024
| @@ -20,6 +20,7 @@ tab_width = 4 | |||
|
|
|||
| # New line preferences | |||
| insert_final_newline = true | |||
| #end_of_line = lf | |||
There was a problem hiding this comment.
I have my local environment set to always check out with LF so adding this makes it easy for me to dotnet format.
brettfo
force-pushed
the
dev/brettfo/nuget-report-dependencies
branch
3 times, most recently
from
5b8d751
to
cccbcf2
Compare
brettfo
force-pushed
the
dev/brettfo/nuget-report-dependencies
branch
from
cccbcf2
to
60c6971
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains a temporary commit to redirect the smoke tests. That commit will have to be removed prior to merging.
This PR has a corresponding smoke test PR that will hav to be merged at the same time: dependabot/smoke-tests#227
Previously, a temporary project was created to try and determine a project's full set of dependencies. This wasn't always 100% accurate and could be slow due to all of the file copying.
This PR instead invokes MSBuild directly against the relevant project and produces a binary log (
.binlog) that is then analyzed to get the full set of dependencies.One of the benefits to this approach is that any give package can be directly associated with its parent project and MSBuild handles all of the complex property evaluation that might occur.
There are two main differences in behavior:
$(SomePackageVersion); we know exactly what was resolved.Directory.Packages.propsas the source of a dependency. While the dependency version might be found there, the dependency really lies with the project file. This has no effect on actually performing the update; that occurs just like before.Another relatively minor side effect is that we no longer report
NETStandard.Libraryas a dependency; it's explicitly excluded. While it is a NuGet package that gets resolved, it's not one that can be directly updated so it is simply no longer reported.The vast majority of the changes in this PR are to tests.
The primary file to review is
SdkProjectDiscovery.cs; that's where the dependency analysis was completely migrated to the binary log.