use MSBuild binlog to report dependencies #10597
Draft
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains a temporary commit to redirect the smoke tests. That commit will have to be removed prior to merging.
This PR has a corresponding smoke test PR that will hav to be merged at the same time: dependabot/smoke-tests#227
Previously, a temporary project was created to try and determine a project's full set of dependencies. This wasn't always 100% accurate and could be slow due to all of the file copying.
This PR instead invokes MSBuild directly against the relevant project and produces a binary log (
.binlog
) that is then analyzed to get the full set of dependencies.One of the benefits to this approach is that any give package can be directly associated with its parent project and MSBuild handles all of the complex property evaluation that might occur.
There are two main differences in behavior:
$(SomePackageVersion)
; we know exactly what was resolved.Directory.Packages.props
as the source of a dependency. While the dependency version might be found there, the dependency really lies with the project file. This has no effect on actually performing the update; that occurs just like before.Another relatively minor side effect is that we no longer report
NETStandard.Library
as a dependency; it's explicitly excluded. While it is a NuGet package that gets resolved, it's not one that can be directly updated so it is simply no longer reported.The vast majority of the changes in this PR are to tests.
The primary file to review is
SdkProjectDiscovery.cs
; that's where the dependency analysis was completely migrated to the binary log.