search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.65k stars 1k forks source link

Support for dotnet project requiring workload installation for builds #10117

Open yamachu opened 3 months ago

yamachu commented 3 months ago

Is there an existing issue for this?

Package ecosystem

nuget

Package manager version

6.11.0.71

Language version

No response

Manifest location and content before the Dependabot update

https://github.com/yamachu/VoicevoxCoreSharp/blob/main/examples/MAUI/MAUI.csproj

dependabot.yml content

https://github.com/yamachu/VoicevoxCoreSharp/blob/main/.github/dependabot.yml

Updated dependency

No response

What you expected to see, versus what you actually saw

If workload restore was required, run something like dotnet workload restore to verify dependencies in a build-enabled state. Or, parse csproj without build and verify dependencies.

For example, a similar product that verifies dependencies without build is dotnet-outdated.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

https://gist.github.com/yamachu/d3c978b554e74ac5fdc6a94ac6efab51

Smallest manifest that reproduces the issue

No response

jeromelaban commented 1 week ago

This is an important piece of support for .NET. Interestingly, this change https://github.com/dependabot/dependabot-core/pull/9385 was made to enhance that support.

jeromelaban commented 1 week ago

Looking further into this, I'm getting messages like this one, same as the original poster:

/usr/local/dotnet/current/sdk/8.0.303/Sdks/Microsoft.NET.Sdk/targets/Microsoft.NET.Sdk.ImportWorkloads.targets(38,5): error NETSDK1147: To build this project, the following workloads must be installed: wasi-experimental [/tmp/package-dependency-resolution_QwqwLB/Project.csproj]
/usr/local/dotnet/current/sdk/8.0.303/Sdks/Microsoft.NET.Sdk/targets/Microsoft.NET.Sdk.ImportWorkloads.targets(38,5): error NETSDK1147: To install these workloads, run the following command: dotnet workload restore [/tmp/package-dependency-resolution_QwqwLB/Project.csproj]

And looking at the .NET source, it may be interesting to set the DesignTimeBuild property to avoid this error since the build is only interested in getting the packages dependency graph.

It would probably need to be set in that group:

https://github.com/dependabot/dependabot-core/blob/10e5c7c5c7fe7b822fdd233f2cda672eb50d5b13/nuget/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs#L710-L715

brettfo commented 4 days ago

Good catch and thank you for filing the issue, it's now on our backlog.