Update Microsoft.CodeAnalysis.Analyzers to a release version#82719
Update Microsoft.CodeAnalysis.Analyzers to a release version#82719JoeRobich wants to merge 6 commits intorelease/dev18.3from
Conversation
| <SystemCommandLineVersion>$(SystemCommandLinePackageVersion)</SystemCommandLineVersion> | ||
| <!-- dotnet-roslyn dependencies --> | ||
| <MicrosoftCodeAnalysisVersion>$(MicrosoftCodeAnalysisPackageVersion)</MicrosoftCodeAnalysisVersion> | ||
| <MicrosoftCodeAnalysisAnalyzersVersion>$(MicrosoftCodeAnalysisAnalyzersPackageVersion)</MicrosoftCodeAnalysisAnalyzersVersion> |
There was a problem hiding this comment.
Why not change the value of MicrosoftCodeAnalysisAnalyzersPackageVersion instead? (and perhaps also the corresponding values in version.details.xml)
There was a problem hiding this comment.
I didn't want to change the SourceBuild information. Maybe conditionally setting the version will be more clean.
There was a problem hiding this comment.
But manual changes in this file will be overridden on next bot update. I guess it's fine since we just want to have a build to publish and then we don't care...
There was a problem hiding this comment.
(Otherwise if you want I guess it would be better to just move this <MicrosoftCodeAnalysisAnalyzersVersion Condition="Condition="'$(DotNetBuildSourceOnly)' != 'true'">5.3.0</MicrosoftCodeAnalysisAnalyzersVersion> line to some other file that is not bot-managed.)
There was a problem hiding this comment.
Sure. To Packages.props it goes!
There was a problem hiding this comment.
@JoeRobich @jjonescz source build will override the version so you can just update the Version.Details.xml/.props
There was a problem hiding this comment.
But then maestro could overwrite that file, no?
There was a problem hiding this comment.
That depends on the subscription, but it looks like we have a cycle here if Microsoft.CodeAnalysis.Analyzers is a dependency of Microsoft.CodeAnalysis but is built in the sdk repo after roslyn.
/cc @dotnet/source-build
There was a problem hiding this comment.
For this servicing branch I would like to leave it as is. I think our goal for main should be to move it to project references during the build with the appropriate package dependency when packed.
There was a problem hiding this comment.
I am taking advice on that last part.
333fred
left a comment
333fred
left a comment
There was a problem hiding this comment.
Someone from @dotnet/product-construction should probably take a look at this as well.
| we use for other analyzers to ensure it stays on a release version. | ||
| --> | ||
| <PackageVersion Include="Microsoft.CodeAnalysis.Analyzers" Version="$(MicrosoftCodeAnalysisAnalyzersVersion)" /> | ||
| <PackageVersion Condition="'$(DotNetBuildSourceOnly)' != 'true'" Include="Microsoft.CodeAnalysis.Analyzers" Version="5.3.0" /> |
There was a problem hiding this comment.
I see this is targeting dev18.3 as a branch -- do we need to do something similar for other branches, or was something better done in later branches and this is a unique problem for this branch?
There was a problem hiding this comment.
I think ideally we wouldn't be behind. We would use project references for our build, but I need to talk to someone more knowledgeable here since Microsoft.CodeAnalysis.Analyzer.Package is a project that packages other analyzer projects.
Could see making the same change in main so if we aren't able to work out the details we don't regress.
5 participants
The Microsoft.CodeAnalysis.Analyzers package is a dependency of the Microsoft.CodeAnalysis packages. For the 5.3.0 release the analyzer dependency was set to a prerelease version. This is causing issues with users SBOM scanning as they cannot use prerelease packages in their deployed products. (See comment)
Microsoft Reviewers: Open in CodeFlow