-
Notifications
You must be signed in to change notification settings - Fork 689
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Flow PrivateAssets to transitively pinned centrally managed dependencies #4669
Flow PrivateAssets to transitively pinned centrally managed dependencies #4669
Conversation
FYI @AArnott |
src/NuGet.Core/NuGet.Commands/RestoreCommand/LockFileBuilder.cs
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A comment on FlattenParentNodes().
src/NuGet.Core/NuGet.Commands/RestoreCommand/LockFileBuilder.cs
Outdated
Show resolved
Hide resolved
src/NuGet.Core/NuGet.Commands/RestoreCommand/LockFileBuilder.cs
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a tough issue to figure out for sure!
test/NuGet.Core.Tests/NuGet.Commands.Test/RestoreCommandTests.cs
Outdated
Show resolved
Hide resolved
src/NuGet.Core/NuGet.Commands/RestoreCommand/LockFileBuilder.cs
Outdated
Show resolved
Hide resolved
test/NuGet.Core.Tests/NuGet.Commands.Test/RestoreCommandTests.cs
Outdated
Show resolved
Hide resolved
I've updated the logic to walk to the parent that brought in a dependency and use its PrivateAssets. But if you add one of the transitive dependencies as a top-level dependency, the walk stop at the last parent in the graph. This is intentional because if you add a top-level dependency, its probably because you want to alter in the include/exclude and/or private assets. |
8c25fa3
to
6ceaad5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we do a test for the following:
Project -> A -> C
Project -> B -> C
?
I think it should be a merge between A & B's assets.
I thought we wanted to do the combine on the pack side as well?
In particular see:
NuGet.Client/test/NuGet.Core.FuncTests/Dotnet.Integration.Test/PackCommandTests.cs
Line 830 in c48ecf8
public void PackCommand_SupportsIncludeExcludePrivateAssets_OnPackages( |
Note how the include and private assets combination:
includeassets | excludeassets | privateassets | expectedinclude | expectedexclude |
---|---|---|---|---|
null (default) | null (default) | null (default) | Analyzers,Build | |
Compile | null(default) | null(default) | Analyzers,Build,BuildTransitive,Native,Runtime |
Another consideration:
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net6.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="NuGet.Common" IncludeAssets="compile" PrivateAssets="compile" />
</ItemGroup>
</Project>
Generates:
<?xml version="1.0" encoding="utf-8"?>
<package xmlns="http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd">
<metadata>
<id>PackIncludesTest</id>
<version>1.0.0</version>
<authors>PackIncludesTest</authors>
<description>Package Description</description>
<dependencies>
<group targetFramework="net6.0">
<dependency id="NuGet.Common" version="1.0.0" exclude="Runtime,Compile,Build,Native,Analyzers,BuildTransitive" />
</group>
</dependencies>
</metadata>
</package>
This PR has been automatically marked as stale because it has no activity for 7 days. It will be closed if no further activity occurs within another 7 days of this comment. If it is closed, you may reopen it anytime when you're ready again, as long as you don't delete the branch. |
6ceaad5
to
30e87d8
Compare
Added |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need a pack test? For whatever reason, I did not realize we didn't have one for a very long time :D
It can go in a different PR.
This PR has been automatically marked as stale because it has no activity for 7 days. It will be closed if no further activity occurs within another 7 days of this comment. If it is closed, you may reopen it anytime when you're ready again, as long as you don't delete the branch. |
1 similar comment
This PR has been automatically marked as stale because it has no activity for 7 days. It will be closed if no further activity occurs within another 7 days of this comment. If it is closed, you may reopen it anytime when you're ready again, as long as you don't delete the branch. |
Technically this doesn't change the pack logic, it simply updates how the lock file is written. That said, I think you're right that there isn't any logic to test the pack side of how its read:
I'm going to merge for now and look into it later. |
I'd love to try this out. Is there an SDK preview (even a CI build) that includes this change? |
Bug
Fixes: NuGet/Home#10311
Regression? No Last working version:
Description
When a centrally managed dependency version is pinned, the top-level package that pulled it in should have its
PrivateAssets
flow down. This change looks for the top-level dependency that brought in a pinned dependency and then applies itsPrivateAssets
.PR Checklist
PR has a meaningful title
PR has a linked issue.
Described changes
Tests
Documentation