Unable to Run DevSkim VS Code Plugin with .NET 6 in ARM64 Dev Containers

microsoft / DevSkim

DevSkim is a set of IDE plugins, language analyzers, and rules that provide security "linting" capabilities.

MIT License

910 stars 116 forks source link

Unable to Run DevSkim VS Code Plugin with .NET 6 in ARM64 Dev Containers #554

Closed timloh-enjinstarter closed 1 year ago

timloh-enjinstarter commented 1 year ago

Describe the bug Unable to run DevSkim VS Code plugin when only have .NET SDK 6 installed

To Reproduce Steps to reproduce the behavior:

Run mcr.microsoft.com/devcontainers/dotnet:6.0 using Dev Containers with ms-cst-e.vscode-devskim extension specified in devcontainer.json:
```
"extensions": [
    "ms-cst-e.vscode-devskim"
]
```
See error

Expected behavior Should be able to run with only .NET 6 installed without the need to install .NET 7

Screenshots

Versions(please complete the following information):

Host OS: macOS 12.6.6
Host Architecture: M1
Devskim Version 1.0.8
Dev Containers 0.295.0
Container OS: Debian bullseye
Container Architecture: arm64

gfs commented 1 year ago

~Hello, is this running in codespaces?~

I can't reproduce this by installing the latest version of the extension from the store on a local device. Tested on an ARM64 Mac.

The language server for the VS Code plug-in requires .NET 7.0 - however the extension itself manages the runtime it needs automatically with the .NET Install Tool for extensions. It is not intended to rely on the sdk that happens to be installed in the broader OS.

https://learn.microsoft.com/en-us/dotnet/core/additional-tools/vscode-dotnet-runtime

gfs commented 1 year ago

Ah I see now you mentioned "dev containers". I haven't used that before, but it looks to me like the .NET Acquire extension I mentioned above isn't being brought in.

As a first step, you could try to explicitly specify it in your manifest.

Failing that, you could use the .net 7.0 base.

In order to make the extension function with .net 6.0 we would have to package both a .net 6 and a .net 7 build in the VSIX for the extension - but this would never be touched by the mainline scenario of using the package in a local vs code instance, and would require extra reworking to run the appropriate version based on what version of .net we detect as present.

We are not currently planning to add a .NET 6.0 build in the package, as it would cause approximately a doubling of the package size.

timloh-enjinstarter commented 1 year ago

Thank you for your response, I see that .NET Install Tool for Extension Authors extension is already installed inside Dev Container together with DevSkim extension as shown in following screenshot.

Do you mean manually edit manifest of DevSkim extension to explicitly specify .NET Install Tool for Extension Authors extension as dependency?

gfs commented 1 year ago

Thanks for the extra info. I believe since you do see install tool I wouldn't expect explicitly specifying it to change the behavior.

I suspect using a .net 7.0 image would work as a workaround here if one is available - and should still allow you to build .NET 6.0 projects. However, it looks like I'll have to test myself with dev container, as I wouldn't expect the mere presence of a .net 6.0 sdk to cause the extension to not work - the install tool extension is supposed to ensure that the user doesn't have to have the sdk installed in order to use the devskim extension.

gfs commented 1 year ago

I believe I've have a fix for this with #559.

timloh-enjinstarter commented 1 year ago

Thanks @gfs for the fix, version 1.0.11 has been tested working with only .NET 6 installed in dev container.