Add path to global.json SDK version lock #8254
Comments
|
@nguerrera I think this might be a cleaner way to address @jaredpar's scenario from dotnet/msbuild#2095. |
|
I'm not sure this would work for Roslyn: we don't use the CLI to build. The CLI won't be able to build Roslyn anytime in the foreseeable future due to the number of desktop specific MSBuild extensions our build contains: WPF, VS SDK, SWIX, etc ... |
|
@rainersigwald This is exactly what I had in mind when I wrote:
There wasn't an issue for this yet (thanks for starting one), just mail threads so far, with a meeting scheduled soon to hash out the details. There's an existing mechanism called "multilevel lookup" in hostfxr that adds a well-known user profile location to the sdk search. This would be an evolution of that. I did not expect dotnet/msbuild#2095 to be controversial, but I understand your concerns now. I wasn't intending for this and that to be mutually exclusive. I was imagining that being able to pass arbitrary data down to arbitrary resolvers would be generally useful.
The resolver called by desktop msbuild will respect global.json too. That's part of it's main purpose: to pick the same msbuild targets for VS that would be used by the CLI msbuild invoked on the same project. Do you build with CLI on Mac/Linux? If your process installs .NET Core SDK (official name of entire CLI not just dotnet/sdk) to a local location and sets this feature up via global.json, then you can have one mechanism for pinning down the precise set of things that come from the .NET Core SDK across platforms, and not require it to be globally installed anywhere. On Windows, you'd only use the tasks and targets, but if somebody wanted to use |
global.json selects the full .NET Core SDK (CLI) used, not just the msbuild SDKs. We don't even have a resolver when we're invoked via So global.json should instead specify equivalent of DOTNET_MSBUILD_SDK_RESOLVER_CLI_DIR (matching layout of C:\Program Files\dotnet). More granular control over the resolver than that has to go somewhere other than global.json. |
|
Can I get more information on global.json: in particular where it lives, how it's found, etc ...?
Yes and depending on the answer above it seems like a problem. The path to the downloaded SDK is going to be very different between the two systems. {
"sdk": {
"version": "1.0.0",
"path": "tools/downloadedsdk"
}
}In order for this to solve the problem the SDK essentially has to be within the cone of the global.json. Guessing that mean that it has to be within the cone of the repo. No other tool has that requirement for our build and it's going to take some doing to make that work. Still overall feels clunky. MSBuild properties can today define everything about my build. Makes it dynamic, very easy to manage. Now we have JSON (again) and I have to write generators to translate between my MSBuild files and this new JSON file. |
I think this will be easy to make work in our repos. The only thing that needs to be restored to a directory specified in Our current {
"sdk": {
"version": "2.1.100-preview-007366"
},
"msbuild-sdks": {
"RoslynTools.RepoToolset": "1.0.0-beta2-62705-02"
}
}Let's say we could add the path like so: {
"sdk": {
"version": "2.1.100-preview-007366"
},
"msbuild-sdks": {
"RoslynTools.RepoToolset": { "version": "1.0.0-beta2-62705-02", "path": ".sdk" }
}
}and this would restore the RepoToolset to The RepoToolset restores .NET SDK by importing it in its <Import Project="Sdk.props" Sdk="Microsoft.NET.Sdk" />at which point we can use arbitrary msbuild properties to specify the path to restore to. |
|
@tmat that makes sense. I think that's workable. |
|
This would be a very welcome addition to the rather inflexible Since it is trivial to create an msbuild script that downloads a specific SDK version and installs it locally, it would be very, very nice if such behavior could be baked into
All in all, that would create a much better experience then the now rather hard-to-understand "cannot load project or solution" message, which baffles newcomers and experienced users alike... |
|
This will have a significant positive impact on the developer experience for .NET repositories, such as https://github.com/dotnet/runtime/, https://github.com/dotnet/winforms, etc. Currently it is impossible to double click on a solution file to open the solutions in VS, because we build against nightly SDKs, which are located in custom locations and are forever changing. |
|
As a workaround, I keep around a .bat file with this example content: If you go to the repo directory (C:\msbuild in my case) and run this .bat file, then run devenv.exe mysolution.sln, it will open with these environment variables set and the SDK resolution by MSBuild will use the .dotnet that's private to the repo. |
|
That's what other dotnet repos are doing AFAIK in some shape or form. And this is not the best developer experience. It also makes it hard to run ad-hoc tests... |
|
Oh, you don't have to convince me ;) I know it's terrible and I've spilled blood, sweat and tears to even arrive at this workaround by debugging deep into the SDK resolution process. Lots of pain and friction caused by this over the years. |
|
To include other points form offline chats and summarise: There a number of use cases that really benefit from this (or comparable) functionality:
If it is difficult to provide the download functionality, we could probably do this in staggered approach, i.e. provide the ability to resolve an SDK from a custom location.
Maybe add another property to specify an error message that can describe how to bootstrap or where to download from. E.g.: |
|
@vitek-karas We explored an option offline of just supporting this within the sdk resolver to find the SDK (essentially just DOTNET_MSBUILD_SDK_RESOLVER_CLI_DIR). Doing only that would unblock build but it would leave run (and potentially testing) still blocked as teams like WindowsDesktop have a test app that they would want to build and launch from VS against a version of the runtime listed in the global.json file. Thoughts on finding the runtime from a path in global.json as well? I think the scenario for dotnet repos would have the runtime and SDK all in the same directory so potentially we only need one path still for both. |
|
To add to @marcpopMSFT's post. Starting VS without settings any paths or anything: Starting VS with PS C:\Development\winforms> $env:DOTNET_MSBUILD_SDK_RESOLVER_CLI_DIR='C:\Development\winforms\.dotnet'
PS C:\Development\winforms> start .\Winforms.sln
But I was unable to launch a project from the VS: |
|
From runtime's perspective there's a risk of performance regressions. This would require the host to go looking for Doing this for SDK only is in theory possible, but could open issues with compatibility between SDK and the necessary runtime/frameworks for it (since we could not rely on the I absolutely understand the scenario and why it's important, but so far I was not able to figure out a solution which would not have a negative effect when the feature is not is use. (pay-for-play) /cc @agocke |
|
@RussKie Thoughts on only supporting this for the SDK as originally suggested given Vitek's feedback above? It wouldn't allow for launching test apps from the IDE but would allow for building. It's unclear if tests would work for not. |
|
@agocke thoughts? Seems there's agreement that it would be high value to solve this as it will make us and the community more productive in our repos. |
|
I (think) I like this. 😄 However, pinning the SDK in global.json is already a significant problem within Visual Studio, due to mismatches between the MSBuild engine in Visual Studio and the targets/tasks loaded from the .NET SDK. I have some worry that this might exasperate that problem more. @KathleenDollard, do you have any thoughts? |
|
Is it possible to start with an ENV solution only? That would mitigate Vitek's concerns. I'd like to reduce the number of places we have to search on disk not invent more. |
|
Having repo-local SDKs make sense and I think is tractable. The team talked about repo-local runtimes and that one seems much more difficult. Not only would it probably be a big perf problem, as more intermediate tools use .NET Core (I hope), it's less and less likely that you want everything to run on local runtime. For instance, would you want new VS components that run on .NET Core to suddenly pick your repo local runtime? I think SDK is a good place to start, if we can make that work. |
|
If we had a repo root story, then putting a global.json at repo root would be workable and I suspect mitigate Vitek's concerns (depending on how repo-root worked; if it was an ENV, it would work awesome). |
This wouldn't work for us. I can build from command line and don't need VS for that. |
|
If I have an SDK in hand why do I need to go through the trouble of setting an environment variable to use it? That means that it's a command line tool I can't reliably run unless I muck with some environment variables. I still strongly think that I should be able to use Every other language framework in existing except .NET provides this solution. |
|
I'm currently OOF and writing from a phone. My main motivation for this change is outlined in #8254 (comment). |
|
Just adding my vote to this, particularly #8254 (comment). If I'm understanding correctly, this would really help in the https://github.com/dotnet/razor-tooling/ repo, which currently requires setting a bunch of envars set. Having to ensure these are set before running VS is a pain, particularly if you're trying to use multiple versions of VS to verify things (switching between developer command prompts etc.), or if you're having to use multiple repos with similar set ups (as @RussKie mentioned too). |
|
@vitek-karas and I are working on a spec that possibly includes what you want. Will share (very) soon. In any case, it will be a good starting point. |
@richlander IMO it should be in global.json. Irregardless, please make sure to loop in the Visual Studio for Mac team for any scenario. |
|
We backed a way a little from this. We decided NOT to put any new location content into |
|
@richlander can you provide some more detail on the malicious scenario here? I don't understand how this is riskier than restoring nuget packages. Adding this info to |
|
Today, you can clone a repo, build it, and assume that your globally installed SDK was used, provided by a vendor you trust. With this model, the I'm not suggesting that cloning and building an arbitrary repo is a safe thing to do today. |
|
Not sure I follow your argument, how is that different from having a .csproj like this: <Project Sdk="Microsoft.NET.Sdk">
<Target Name="Build">
<Exec Command="rm -rf /home/richlander" />
</Target>
</Project>The assumption today is that if you run |
|
If I remember correctly the difference was that with the global.json path, it would be enough to run |
|
After wasting another couple of hours on this today, I am more convinced than ever that we should allow specifying a path to the SDK in the global.json (as opposed to the environment variables, which are terrible UX for discoverability and automation). When you open the .sln in Visual Studio, for example, it doesn't have the environment variables, and so the design-time build fails completely (you get errors like "System.Object not found"). The tooling could even automate downloading the SDK into that folder instead of having arcane Arcade tools do it. I have been shouting from the rooftops for years that for every repo in the .NET world anyone should be able to Not to mention that the current status quo is you run build.cmd. And of course, it still builds with that custom SDK, which still entails the same alleged security risks. By ignoring this problem we exclude a whole class of tools and automation from working out of the box. If any repo is buildable out of the box, you could run security analysis, semantic indexing for SourceBrowser or other code search tools, etc. etc. These tools can't read your build.cmd as it's totally opaque imperative code. Had we had declarative configuration in global.json (download and use this exact SDK), it would open doors to automating analysis etc. Opening the .sln in VS would always "just work", whereas now it doesn't and causes errors in the design-time build that only a few of us know how to deal with. I think the current situation is a major source of friction in the .NET ecosystem. |
|
Hey, just found this thread. We are actually looking for a solution at Unity to have the SDK configurable by the global.json. Our scenario is that we will ship/lock-in a specific version of the .NET SDK/Runtime as part of the Unity Editor, and we need a way to resolve our shipped .NET SDK for the sln/csproj files that we will compile with MSBuild or that we will open from Visual Studio. Having a way to override the SDK root path in global.json seems to be a good fit for our use case. |
|
Re Arcade -- the purpose of Arcade is to unify build across dotnet repos by implementing as few additions on top of the shipping .NET SDK as possible. This goal has been achieved. The Arcade SDK has been pretty stable for a while now. The next step should be to review the additions/workarounds that were introduced by Arcade SDK. Those that are generally useful, i.e. not specific to Microsoft build process should be productized in the shipping .NET SDK/msbuild/VS and removed from Arcade SDK. SDK downloading should be one of those features. That said, you'd still need to have a build script in the repo that downloads the SDK for non-VS scenarios. |
Do you mean that VS msbuild or |
|
@tmat - yes. Or as an easier alternative to emit an error message directing developers how to get the required SDK. |
|
To add to @xoofx's comment, for the work we are doing with MsBuild in Unity this is one of our big workflow issues. I would really like Sdk Resolving to be much more flexible. Creating a SdkResolver instead of a path in global.json would maybe be better, but theres no way to have it automatically picked up across vs/dotnet/msbuild in a nice way. Or at least I havent found a way! I would be super happy to handle the Sdk resolving myself, path or SdkResolver |
If possible, I would actually prefer to split the requirement/concern of the automatic downloading of a SDK version in a separate issue and keep this issue for allowing to specify a specific location for a SDK. It seems that allowing to override the path would require a small change to the existing MSBuild Sdk Resolver (I don't know if it would require lots of change to VS), while downloading a version that is not installed and put it on the drive look more cumbersome to align (and where, and how to cleanup the cache and...etc.). |
|
As VS already support downloading custom SDKs (and using them) and use the global.json file to know which version to download, I feel the change is not more complex than it is for dotnet build (which seem quite trivial from an external point of view, but I could be wrong). Maybe it uses the same code as dotnet CLI for implementing that ? If the issue is accepted, I think someone in Unity Scripting team can implement it for dotnet CLI, and see if there is any additional work to do for VS. |
|
@rainersigwald I can do the work, as we need to have a solution for moving to MSBuild. Two possible solutions;
Im ok with both, but I could see more flexibility with option 1. |
|
@hknielsen there's no consensus on what should be done/would be approved here so I don't think there's work to be done yet. |
@richlander This is not even remotely correct. The default use of NuGet allows for arbitrary code to be executed by dotnet restore, including the ability to bypass anything we might put on nuget.org for detection mechanisms by redirecting to a privately hosted feed. Please reconsider the basis for the argument, as teams are being unnecessarily penalized by this decision. |
|
I wish we had this support. Environment variables are causing us so much pain during local dev with a pre-release SDK. The need to set several environment variables and ensure your IDE also inherits them is a constant source of friction. |
|
I've written up a design proposal that seeks to address the problems shared on this thread as well as others I've seen. Appreciate any feedback you all have on this. |
|
long sad story |
and others
Builders of large systems often want to be able to explicitly specify an SDK version and avoid installing the CLI to a machine-global location.
Currently,
global.jsonallows the version lock, but the specified version must be installed in either a machine-global location or a nonstandard location must be specified by the environment variableDOTNET_MSBUILD_SDK_RESOLVER_SDKS_DIR.That environment means that you must launch Visual Studio from a specific environment to get the downloaded/private SDKs.
There could be an extension to the SDK resolver to respect a path specified in the
global.json. Something like{ "sdk": { "version": "1.0.0", "path": "tools/downloadedsdk" } }could be equivalent to setting
DOTNET_MSBUILD_SDK_RESOLVER_SDKS_DIR=%GlobalJsonPath%\tools\downloadedsdkbefore invoking the resolver.This would be visible by any invocation (
dotnet,msbuild, VS, or MSBuild API) since it's file-based.The text was updated successfully, but these errors were encountered: