Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add some guardrails to MSBuild Locator #254

Open
YuliiaKovalova opened this issue Oct 26, 2023 · 2 comments
Open

Add some guardrails to MSBuild Locator #254

YuliiaKovalova opened this issue Oct 26, 2023 · 2 comments

Comments

@YuliiaKovalova
Copy link
Contributor

Add guardrails that can notify a customer that some of the deployed assemblies in a project can break MSBuild stuff.
@rainersigwald
Copy link
Member

This would be beyond the "check for explicit MSBuild package references" we have:

MSBuildLocator/src/MSBuildLocator/build/Microsoft.Build.Locator.targets

Lines 4 to 21 in 1c7a109

<MSBuildPackagesWithoutPrivateAssets
Include="@(PackageReference)"
Condition="!$([MSBuild]::ValueOrDefault('%(PackageReference.ExcludeAssets)', '').ToLower().Contains('runtime')) and
(
'%(PackageReference.Identity)' == 'Microsoft.Build' or
'%(PackageReference.Identity)' == 'Microsoft.Build.Framework' or
'%(PackageReference.Identity)' == 'Microsoft.Build.Utilities.Core' or
'%(PackageReference.Identity)' == 'Microsoft.Build.Tasks.Core' or
'%(PackageReference.Identity)' == 'Microsoft.Build.Engine' or
'%(PackageReference.Identity)' == 'Microsoft.Build.Conversion.Core' or
'%(PackageReference.Identity)' == 'Microsoft.Build.Runtime' or
'%(PackageReference.Identity)' == 'Microsoft.Build.Localization' or
'%(PackageReference.Identity)' == 'Microsoft.Build.Engine'
)"/>
</ItemGroup>
<Error
Condition="'@(MSBuildPackagesWithoutPrivateAssets)' != ''"
Text="A PackageReference to Microsoft.Build.* without ExcludeAssets=&quot;runtime&quot; exists in your project. This will cause MSBuild assemblies to be copied to your output directory, causing your application to load them at runtime. To use the copy of MSBuild registered by MSBuildLocator, set ExcludeAssets=&quot;runtime&quot; on the MSBuild PackageReferences. To disable this check, set the property DisableMSBuildAssemblyCopyCheck=true in your project file (not recommended as you must distributed all of MSBuild + associated toolset). Package(s) referenced: @(MSBuildPackagesWithoutPrivateAssets)" />

We'd want something like a list of assemblies that shouldn't be deployed next to the final application, because they're expected to be found from the MSBuild installation.

@AArnott
Copy link
Member

AArnott commented Oct 26, 2023

+1 to searching actual assemblies being deployed rather than looking at PackageReference items. Problematic assemblies like these (or System.CodeDom.dll) can be deployed without any PackageReference, including by transitive dependency.

@YuliiaKovalova YuliiaKovalova mentioned this issue Mar 15, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@AArnott @rainersigwald @YuliiaKovalova