Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Flow PrivateAssets to transitively pinned centrally managed dependencies #4669

Merged
merged 6 commits into from
Jul 29, 2022
Merged

Flow PrivateAssets to transitively pinned centrally managed dependencies #4669

merged 6 commits into from
Jul 29, 2022

Conversation

jeffkl
Copy link
Contributor

@jeffkl jeffkl commented Jun 13, 2022

Bug

Fixes: NuGet/Home#10311

Regression? No Last working version:

Description

When a centrally managed dependency version is pinned, the top-level package that pulled it in should have its PrivateAssets flow down. This change looks for the top-level dependency that brought in a pinned dependency and then applies its PrivateAssets.

PR Checklist

  • PR has a meaningful title

  • PR has a linked issue.

  • Described changes

  • Tests

    • Automated tests added
    • OR
    • Test exception
    • OR
    • N/A

  • Documentation

    • Documentation PR or issue filled
    • OR
    • N/A

@jeffkl jeffkl marked this pull request as ready for review June 13, 2022 19:47
@jeffkl jeffkl requested a review from a team as a code owner June 13, 2022 19:47
@jeffkl
Copy link
Contributor Author

jeffkl commented Jun 13, 2022

FYI @AArnott

@jeffkl jeffkl self-assigned this Jun 14, 2022
dominoFire
dominoFire reviewed Jun 14, 2022
View reviewed changes
Copy link
Contributor

@dominoFire dominoFire left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A comment on FlattenParentNodes().

src/NuGet.Core/NuGet.Commands/RestoreCommand/LockFileBuilder.cs Outdated Show resolved Hide resolved
src/NuGet.Core/NuGet.Commands/RestoreCommand/LockFileBuilder.cs Outdated Show resolved Hide resolved
nkolev92
nkolev92 reviewed Jun 17, 2022
View reviewed changes
Copy link
Member

@nkolev92 nkolev92 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a tough issue to figure out for sure!

test/NuGet.Core.Tests/NuGet.Commands.Test/RestoreCommandTests.cs Outdated Show resolved Hide resolved
src/NuGet.Core/NuGet.Commands/RestoreCommand/LockFileBuilder.cs Show resolved Hide resolved
src/NuGet.Core/NuGet.Commands/RestoreCommand/LockFileBuilder.cs Show resolved Hide resolved
src/NuGet.Core/NuGet.Commands/RestoreCommand/LockFileBuilder.cs Outdated Show resolved Hide resolved
test/NuGet.Core.Tests/NuGet.Commands.Test/RestoreCommandTests.cs Outdated Show resolved Hide resolved
src/NuGet.Core/NuGet.Commands/RestoreCommand/LockFileBuilder.cs Show resolved Hide resolved
@jeffkl jeffkl mentioned this pull request Jun 21, 2022
Closed
7 tasks
@jeffkl
Copy link
Contributor Author

jeffkl commented Jun 24, 2022

I've updated the logic to walk to the parent that brought in a dependency and use its PrivateAssets. But if you add one of the transitive dependencies as a top-level dependency, the walk stop at the last parent in the graph. This is intentional because if you add a top-level dependency, its probably because you want to alter in the include/exclude and/or private assets.

@jeffkl jeffkl force-pushed the dev-jeffkl-flow-privateassets-to-pinned-dependencies branch from 8c25fa3 to 6ceaad5 Compare June 27, 2022 17:25
nkolev92
nkolev92 reviewed Jun 28, 2022
View reviewed changes
Copy link
Member

@nkolev92 nkolev92 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we do a test for the following:

Project -> A -> C
Project -> B -> C
?
I think it should be a merge between A & B's assets.

I thought we wanted to do the combine on the pack side as well?

In particular see:

NuGet.Client/test/NuGet.Core.FuncTests/Dotnet.Integration.Test/PackCommandTests.cs

Line 830 in c48ecf8

public void PackCommand_SupportsIncludeExcludePrivateAssets_OnPackages(
.

Note how the include and private assets combination:

includeassets excludeassets privateassets expectedinclude expectedexclude
null (default) null (default) null (default) Analyzers,Build
Compile null(default) null(default) Analyzers,Build,BuildTransitive,Native,Runtime

Another consideration:

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <TargetFramework>net6.0</TargetFramework>
    <ImplicitUsings>enable</ImplicitUsings>
    <Nullable>enable</Nullable>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="NuGet.Common" IncludeAssets="compile" PrivateAssets="compile" />
  </ItemGroup>

</Project>

Generates:

<?xml version="1.0" encoding="utf-8"?>
<package xmlns="http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd">
  <metadata>
    <id>PackIncludesTest</id>
    <version>1.0.0</version>
    <authors>PackIncludesTest</authors>
    <description>Package Description</description>
    <dependencies>
      <group targetFramework="net6.0">
        <dependency id="NuGet.Common" version="1.0.0" exclude="Runtime,Compile,Build,Native,Analyzers,BuildTransitive" />
      </group>
    </dependencies>
  </metadata>
</package>

src/NuGet.Core/NuGet.Commands/RestoreCommand/LockFileBuilder.cs Show resolved Hide resolved
src/NuGet.Core/NuGet.Commands/RestoreCommand/LockFileBuilder.cs Show resolved Hide resolved
@ghost ghost added the Status:No recent activity PRs that have not had any recent activity and will be closed if the label is not removed label Jul 5, 2022
@ghost
Copy link

ghost commented Jul 5, 2022

This PR has been automatically marked as stale because it has no activity for 7 days. It will be closed if no further activity occurs within another 7 days of this comment. If it is closed, you may reopen it anytime when you're ready again, as long as you don't delete the branch.

@jeffkl jeffkl removed the Status:No recent activity PRs that have not had any recent activity and will be closed if the label is not removed label Jul 6, 2022
@jeffkl jeffkl force-pushed the dev-jeffkl-flow-privateassets-to-pinned-dependencies branch from 6ceaad5 to 30e87d8 Compare July 7, 2022 16:25
@jeffkl
Copy link
Contributor Author

jeffkl commented Jul 7, 2022

Can we do a test for the following:

Project -> A -> C
Project -> B -> C

Added RestoreCommand_CentralVersion_AssetsFile_PrivateAssetsFlowsToPinnedDependenciesWithMultipleParents which shows that all parents' PrivateAssets are aggregated.

@jeffkl jeffkl mentioned this pull request Jul 7, 2022
Closed
21 tasks
nkolev92
nkolev92 approved these changes Jul 13, 2022
View reviewed changes
Copy link
Member

@nkolev92 nkolev92 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need a pack test? For whatever reason, I did not realize we didn't have one for a very long time :D
It can go in a different PR.

@ghost ghost added the Status:No recent activity PRs that have not had any recent activity and will be closed if the label is not removed label Jul 20, 2022
@ghost
Copy link

ghost commented Jul 20, 2022

This PR has been automatically marked as stale because it has no activity for 7 days. It will be closed if no further activity occurs within another 7 days of this comment. If it is closed, you may reopen it anytime when you're ready again, as long as you don't delete the branch.

1 similar comment
@ghost
Copy link

ghost commented Jul 27, 2022

This PR has been automatically marked as stale because it has no activity for 7 days. It will be closed if no further activity occurs within another 7 days of this comment. If it is closed, you may reopen it anytime when you're ready again, as long as you don't delete the branch.

@jeffkl jeffkl removed the Status:No recent activity PRs that have not had any recent activity and will be closed if the label is not removed label Jul 29, 2022
@jeffkl
Copy link
Contributor Author

jeffkl commented Jul 29, 2022

Do we need a pack test?

Technically this doesn't change the pack logic, it simply updates how the lock file is written. That said, I think you're right that there isn't any logic to test the pack side of how its read:

NuGet.Client/src/NuGet.Core/NuGet.Build.Tasks.Pack/PackTaskLogic.cs

Line 922 in a3d3b5c

IEnumerable<LibraryDependency> centralTransitiveDependencies = assetsFile

I'm going to merge for now and look into it later.

@jeffkl jeffkl merged commit 5957409 into dev Jul 29, 2022
@jeffkl jeffkl deleted the dev-jeffkl-flow-privateassets-to-pinned-dependencies branch July 29, 2022 16:10
@AArnott
Copy link
Contributor

AArnott commented Jul 30, 2022

I'd love to try this out. Is there an SDK preview (even a CI build) that includes this change?

@marcin-krystianc marcin-krystianc mentioned this pull request Nov 23, 2022
Closed
8 tasks
@marcin-krystianc marcin-krystianc mentioned this pull request Feb 28, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dominoFire dominoFire dominoFire left review comments

@nkolev92 nkolev92 nkolev92 approved these changes

Assignees

@jeffkl jeffkl

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug]: Metadata like PrivateAssets does not flow from parent to transitively pinned dependency in CPM
4 participants
@jeffkl @AArnott @dominoFire @nkolev92