Publish stable versions of the Microsoft.VisualStudio.ProjectSystem.Managed and Microsoft.VisualStudio.ProjectSystem.Managed.VS projects
#7010
Comments
|
@nkolev92 Can you provide us with some specific examples of packages that are having the problem? |
|
The packages Those packages depend on prerelease versions of analyzers. "Microsoft.CodeAnalysis" which itself depends on preview versions of System.* packages. Basically the packages in here: https://github.com/dotnet/project-system/blob/main/build/import/Packages.targets#L101-L111 |
|
@nkolev92 We think that reaching stable packages will be difficult because we rely on several pre-release packages than in turn depend on other pre-release packages. Reaching coherence with involved a change to the whole system. Having said that we will look at the specific packages that you pointed out. Those might ones that we could move to the latest stable version. |
|
I would also like to express my interest in a public stable version of |
|
will those packages be ever published to nuget? |
|
@nkolev92 do you know if this is still an issue? I believe we made our analysers private so they shouldn't be contributing to a consumer's dependency graph. |
|
I haven't attempted upgrading in the last month or 2 (16.10 -> 17.0 has given us a longer period), so I haven't been able to validate that just yet. I can give a shot again, but it'll likely be early August when I can try it again. |
|
any update on this? Can we get a stable 16.x and 17.x version for VS2019/2022? |
|
Like @MagicAndre1981, I think the developer community needs some guidance/recommendations on the best way to consume the The guidance/recommendations should also include the relationship to the VS SDK packages. |
|
@nkolev92 Checking in again to see if this is still an issue. Since our component is constantly evolving with Visual Studio, we're regularly updating the packages we rely on. Often, the packages we use will be preview packages. Therefore, we're unlikely to ever have a version of our package that is 'stable' (non-preview). We currently don't have a workflow were we swap our packages to non-preview versions before a VS release. The package versions can currently be found here, but we might switch to Directory.Packages.props eventually. |
for us normal users this is an issue. We need at least 1 stable version submitted to nuget with |
|
@MagicAndre1981 We don't plan on publishing any new packages to NuGet.org, quite the opposite. We plan on delisting the current packages (since they are very much out-of-date). You can see the discussion in this issue. Our latest package can always be obtained via our public Azure DevOps feed (which is mentioned at the top of this issue). I can't really comment on further on making stable packages because, as mentioned, our dependencies are generally non-stable. |
I know this and for me it worked. I made a PR to a project which gets reverted later as getting the nugets from the feed doesn't work for others while it worked for me. |
Did you configure the package source on your machine, or in the code itself? It needs to be in the source code (project files) so that other machines find the package too. This article might help: https://www.meziantou.net/defining-nuget-sources-in-the-csproj.htm |
|
I've updated the nuget.config in the project with vssdk, vs-impl and xliff-tasks feeds tested it on clean system and always got the prerelease versions. Earlier I linked the project where the changes got reverted. For the maintainer it was impossible to get the packages and I have no idea why. We need at least 1 version on nuget that includes |
|
We're not planning on updating packages on nuget.org. NuGet supports custom package feeds, so understanding why that wasn't working in the specific case you mention and fixing it there is the way to go. |
|
For the NuGet.Client team, it's really about the size of the dependency graph. I haven't tested it with recent versions just yet, but I'm guessing that'll be something we'll need to do soon, so I can report on that when we try to bump those versions. |
|
I am not sure I fully follow the arguments going on here against publishing versions to the nuget.org feed. I think the argument against the project-system team has made is:
Of course the problems with the current no-op process that occurs is
So developers are left with using a 3 year old version lacking some very nice features or trying to navigate the above. It isn't like extension developers are likely beginner programmers but is this potentially an unnecessarily complex step? VS is an enterprise class product and extensions have first class 'support'. Is a potential solution to this to pick an old branch, say version 17.0.X or maybe even 17.2.X (given the fact most of the dependencies there are in Nuget.org already as pre-release). Test it mildly, is it not horridly unstable? Great. Update the deps to whatever mild other old package versions that seem pre-stable (or are released). push it to Nuget.org. Doing this would take users from a 2020 version of the package to Oct of 2021 or May of 2022 respectively. You would still flag it as pre-release when published to nuget so it would be clear its not a 'stable' version but greatly ease the ability for developers to consume it. For those looking to consume a somewhat updated version of
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<activePackageSource>
<add key="All" value="(Aggregate source)" />
</activePackageSource>
<packageSources>
<add key="vs-impl" value="https://pkgs.dev.azure.com/azure-public/vside/_packaging/vs-impl/nuget/v3/index.json" />
</packageSources>
</configuration>If you already have a nuget.config file just add the package source for vs-impl to it.
Profittt;) If the project team doesn't go this route of course some 3rd party can probably do the above actions publish with a similar name. Extension developers who want to avoid the hassle probably just use the one updated package they find when they search. Of course if you wanted to perform an upstream attack being that 3rd party, waiting awhile, and then injecting malicious code into a package that gets consumed by extensions developers use and can then infect any project those developers work on certainly wouldn't be a great way to compromised a large number of builds. |
|
@mitchcapper One thing that I'm going to be doing is adding to the repo is commit tags per VS release as mentioned here. This means that you'll be able to check a tag that says that particular commit was released in that particular version of Visual Studio. I don't currently have plans to relate those actual package versions... it might be something I can add later. To your points, the packages we put on the feed are nightlies. I completely understand that there isn't a clear "I should use this version" path with this package model. Thinking about it, we (my team) internally knows when things are stabilizing for a release, but we don't have any external way to indicate that. As mentioned, we rely on many different packages from multiple teams to build our package. So, actually releasing a SemVer 'stable' package is still not on the table. However, based on what I first mentioned (proper commit tagging), there might be a way for me to name the packages differently so it is obvious which package to use, since those packages are what we created prior to a new VS release. This is an idea I'm just spit-balling from the top of my head, but would that at least give a bit more confidence on which package version to rely on for extension development? I'd need to discuss the idea with team before working on it. |
I think anything is an improvement over current, especially as you folks do already have an idea of what is stable. Hopefully if it is tagged for the current VS version then the deps as well are available.
I understand the argument against being able to release a Nuget.org package during nightlys and the added hassle that would bring. I was suggesting to infrequently release a much older package as by that time the deps would also hopefully have stabilized and have atleast pre-release releases (as you are not using the latest deps what the major/minor version from the time of that older package). IE you build the daily for commit for 17.5.1234-PSManaged_20230407 with a dep on the daily from Microsoft.VisualStudio.projectSystem.SDK which is 17.6.4432-SDK-20230406. Who knows availability or stability of that. In a year time though you could potentially go back to 17.5.1234-PSManaged_20230407 and change it from a dep on 117.6.4432-SDK-20230406 to a dep on pre-17.6-SDK. It takes a bit of extra time but it happens quite infrequently and would make it easier for extension development. |
|
@mitchcapper I forgot to link this public document as it might help for understanding: https://learn.microsoft.com/en-us/visualstudio/install/visual-studio-build-numbers-and-release-dates?view=vs-2022 Basically, that would be the list of VS versions that would have tags in our repo. Thinking about this some more, the idea I could bring to my team is that:
I think that's the best I can do currently. Again, I'd need to discuss with my team. How does that sound? Edit: (note for myself) Investigate AzDO feed views. |
I think most people here would find that quite amazing (and useful). I would assume only targeting minor versions would be great. If it is any easier from a dependency view, the nuget release could lag behind the actual nightly minor version (so say the 17.5 published version was actually from the 17.3 nightly). The difference between being 6-12 months behind the main branch and being 3 years is huge. |
This would be great |
MiYanni
removed
the
Triage-Investigate
drewnoakes
added
Triage-Investigate
|
@MiYanni any chance of pushing for the 'stableish only' builds of this package? Nuget is still at the 2017 release. At least it is easier than last time/s. As I understand one of the concepts was to try and use the tagged builds to know what version to use. Steps I took:
HRM???????????????? is this still true? Wait fantastic a link is provided
Perfect! oh wait nope crap FTE auth. Something a bit ironic about the public feed documentation being private;) ALR well thanks for joining my real time ted talk. Before I could recommend one install version X of this package from the beta feed and it would work. We could have our project using a feature written in the last 7 years as long as we also added a nuget with the beta feed. Of course anyone who did this would have their projects break. It really is a CI feed not meant for use, but the only source for the updated VS library. Problem is the old version we had that worked, is no longer in the feed. So now the project just can't restore. I guess I can take from an old build folder I have the 38+ Microsoft.* dlls and move them into the repo into a bins folder and manually reference like that. Maybe there is a magic version that doesn't have such a requirement. There are some other great bugs found along the way that could likely be resolved by MS releasing a updated package every half decade:
Or requiring reflection to access modern features like:
half contemplating spending a weekend to get this to build, publish it to the official nuget feed under a slightly different name, while making a slight modification. Maybe just insert some MSIL shell code to open this ticket in the browser on March 9th every year for anyone consuming the dll ;) You folks do good work stop hiding it from anyone but FTEs. |
This package can be found in this feed: |
Thanks! I don't think I ended up needing that feed for my latest run but good to know if I hit that specific block again. In slightly other news, https://www.nuget.org/packages/CI.Microsoft.VisualStudio.ProjectSystem.Managed/ Look a nuget.org package with no special feed requirements, will not go stale and invalid (as nuget.org packages cannot be removed / have deps removed), and has the features from the last 7 years the old one is missing. I hope 17.11.1 was stable, as I marked it as such. On the plus side only took me a few hours not a weekend. We will be ingesting this for our deps, maybe you folks will figure out a real solution before too many others do the same. This release should be pretty clean though no binary changes to the dlls only minor nupkg config updates. also did 17.7.37 for older VS compat options. |
|
I haven't been on this team since 2023. After I left, @smitpatel had gotten the tagging mechanism working. You can look in this repo at the tags as those are stable commits to this repo. Meaning, those commits are the ones that go into Visual Studio. The Project System team would simply need to publish a build from this commit to NuGet.org if they wanted to do so. But it is up to them to decide that. |
|
Perfect I will attempt to start using the GH tags until they do. |
NuGet needs to consume the above 2 packages to populate the solution explorer, but only prerelease versions of those packages are available at https://dev.azure.com/azure-public/vside/_packaging?_a=feed&feed=vs-impl.
Normally this would be a big deal, but these packages reference analyzers and other preview packages which introduces a lot of conflicts in our graph and effectively makes us elevate many packages to top level.
cc @dmonroym
The text was updated successfully, but these errors were encountered: