search

microsoft / security-devops-azdevops

Microsoft Security DevOps extension for Azure DevOps.
MIT License
60 stars 16 forks source link

Having a 'packageVersion' variable causes the task to fail #49

Closed TechnicallyJoe closed 1 year ago

TechnicallyJoe commented 1 year ago

Hi

After some extensive testing I've found that having a variable called "packageVersion" causes the task to fail. As far as I can tell this is because of nuget and it may be a env variable that it checks for?

FIX

We fixed this by simply setting the env variable on the task and set packageVersion to "".

LOGS

In this case we had variable packageVersion set to '0.0.dev0' as can be seen in the output below. The logs can be found here:

Installing Microsoft Security DevOps Cli...
/usr/bin/dotnet restore /home/vsts/work/_tasks/MicrosoftSecurityDevOps_8d616517-6390-454f-b369-6fd038d8fe96/1.6.0/node_modules/microsoft-security-devops-azdevops-task-lib/msdo-task-lib.proj /p:MsdoPackageVersion=0.* --packages /home/vsts/work/_msdo/versions --source https://api.nuget.org/v3/index.json
  Determining projects to restore...
/usr/share/dotnet/sdk/7.0.203/NuGet.targets(132,5): error : '0.0.dev0' is not a valid version string. (Parameter 'value') [/home/vsts/work/_tasks/MicrosoftSecurityDevOps_8d616517-6390-454f-b369-6fd038d8fe96/1.6.0/node_modules/microsoft-security-devops-azdevops-task-lib/msdo-task-lib.proj]
/usr/bin/dotnet restore /home/vsts/work/_tasks/MicrosoftSecurityDevOps_8d616517-6390-454f-b369-6fd038d8fe96/1.6.0/node_modules/microsoft-security-devops-azdevops-task-lib/msdo-task-lib.proj /p:MsdoPackageVersion=0.* --packages /home/vsts/work/_msdo/versions --source https://api.nuget.org/v3/index.json
  Determining projects to restore...
/usr/share/dotnet/sdk/7.0.203/NuGet.targets(132,5): error : '0.0.dev0' is not a valid version string. (Parameter 'value') [/home/vsts/work/_tasks/MicrosoftSecurityDevOps_8d616517-6390-454f-b369-6fd038d8fe96/1.6.0/node_modules/microsoft-security-devops-azdevops-task-lib/msdo-task-lib.proj]
/usr/bin/dotnet restore /home/vsts/work/_tasks/MicrosoftSecurityDevOps_8d616517-6390-454f-b369-6fd038d8fe96/1.6.0/node_modules/microsoft-security-devops-azdevops-task-lib/msdo-task-lib.proj /p:MsdoPackageVersion=0.* --packages /home/vsts/work/_msdo/versions --source https://api.nuget.org/v3/index.json
  Determining projects to restore...
/usr/share/dotnet/sdk/7.0.203/NuGet.targets(132,5): error : '0.0.dev0' is not a valid version string. (Parameter 'value') [/home/vsts/work/_tasks/MicrosoftSecurityDevOps_8d616517-6390-454f-b369-6fd038d8fe96/1.6.0/node_modules/microsoft-security-devops-azdevops-task-lib/msdo-task-lib.proj]
Exception occurred while initializing MSDO:
##[error]Error: ENOENT: no such file or directory, scandir '/home/vsts/work/_msdo/versions/microsoft.security.devops.cli'
Finishing: Microsoft Security DevOps
boAndron commented 1 year ago

Hello! Thanks for the report. This is technically By Design, as we use Semantic Versioning in MSDO and '0.0.dev0` is not a valid semantic version string. Check out https://semver.org/ for the technical specification. Thanks again!

TechnicallyJoe commented 1 year ago

Hi

We are using packageversion for something Else and it just happend to collide with this task. 0.0.dev0 is a valid pep440 version which is what it's intended for.

If having a packageVersion env variable is intended to have an effect on this task, perhaps it should be noted somewhere :-)