Vs insertion Sbom generation (Roslyn,fSharp) #9629
Conversation
src/Microsoft.DotNet.Arcade.Sdk/tools/VisualStudio.SetupPackage.vsmanproj
Outdated
Show resolved
Hide resolved
src/Microsoft.DotNet.Arcade.Sdk/tools/VisualStudio.SetupPackage.vsmanproj
Outdated
Show resolved
Hide resolved
src/Microsoft.DotNet.Arcade.Sdk/tools/VisualStudio.SetupPackage.vsmanproj
Outdated
Show resolved
Hide resolved
src/Microsoft.DotNet.Arcade.Sdk/tools/VisualStudio.SetupPackage.vsmanproj
Outdated
Show resolved
Hide resolved
|
Vs-code-debugger -> https://devdiv.visualstudio.com/DevDiv/_build/results?buildId=6274569&view=logs&j=3dc8fd7e-4368-5a92-293e-d53cefc8c4b3&t=cad3d46b-5f74-58eb-de70-3c25ea3898bd&l=940 Fsharp fails cos of this issue -> https://github.com/microsoft/dropvalidator/issues/455 Roslyn -> #9684 (Fr issue) |
src/Microsoft.DotNet.Arcade.Sdk/tools/VisualStudio.SetupPackage.vsmanproj
Show resolved
Hide resolved
| We require that all VSIXes included in a single VS insertion component have the same version. | ||
| This version will be set to ManifestBuildVersion. | ||
| --> | ||
| <Error Text="Visual Studio component '$(ComponentName)' contains multiple VSIX files with different versions: @(_VsixVersionNoDuplicates->'%(VsixFileName) (version %(Identity))', ', ')" |
There was a problem hiding this comment.
Maybe the error message should mention that all versions need to match for sbom generation? if I got this error I wouldn't understand what's wrong about having different versions in my components, which doesn't seem that strange (if a new vsix is added it doesn't seem weird to me that it would have a different version than existing ones)
There was a problem hiding this comment.
Actually for sbom generation we are just using the Vsix version. This error msg is specifically for VS manifest generation. So I am going to add something like
"Cannot generate VS manifest because Visual Studio Component '$(ComponentName)' contains multiple VSIX files with different versions: @(_VsixVersionNoDuplicates->'%(VsixFileName) (version %(Identity))', ', ')"
This way we will know that vs manifest is not generated cos of version error.
src/Microsoft.DotNet.Arcade.Sdk/tools/VisualStudio.SetupPackage.vsmanproj
Show resolved
Hide resolved
|
adding an example to make this part clearer.. |
|
Hello @epananth! Because this pull request has the p.s. you can customize the way I help with merging this pull request, such as holding this pull request until a specific person approves. Simply @mention me (
|
There was a problem hiding this comment.
Not a big deal but I'd like my comment to be addressed (even with a "not possible")
https://github.com/dotnet/arcade/pull/9629/files#r898372524
|
@riarenas I was trying to split that once, like you suggested. But I was not successful, so I asked @alexperovich and he mentioned I should probably move that a different task and is probably not worth it. So I don't think I will be able to do that. |
To double check:
Repos like Roslyn, vs-code-coverage and Fsharp have multiple VSIXs per VS component. Previously when we created the feature for sbom generation, we assumed that we have one VSIX per VS component but then we hit some corner case, since there are many vsix per component, the build used to error saying that the sbom has already been generated for the VS component. Here in this fix, I have made sure that no matter how many vsix the vs component has, it will unpack all the vsix and generate sbom for them individually and it will be linked to the vs manifest file.