Turn PackageValidation on by default #23910
Labels
Milestone
Comments
safern
added
User Story
Closed
2 tasks
3 tasks
18 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In .NET 6 we added a new tool to help library developers author their packages without breaking changes by raising errors after the
Packtarget is executed. Currently that tool is opt-in, which means authors of libraries, need to set<EnablePackageValidation>true</EnablePackageValidation>in their csproj's.In order to turn it on by default we need to investigate/invest in different areas:
Performance
Diagnostic experience
Do we have a good error experience?
We should evaluate if we can improve this experience by making errors more actionable maybe with adding support to suppress them via the IDE. If someone creates the package today from Visual Studio, they would get the errors, however, to suppress them if they are intentional, they need to run
dotnet pack /p:GenerateCompatibilitySuppressionFile=true; which means having to leave the IDE.Is the suppressions file readable?
Compatibility Rules
Currently if we were to turn package validation on by default, all our costumers would get errors if any, and they would start discovering this tool, however, we don't have a complete set of rules to cover all breaking changes, that can compromise our costumers trust, because they could ship a package thinking that they are fully compatible because their pack target was clean. However, with the gaps of rules we would be lying as a breaking change could be introduced and not caught because a rule is missing.
Current list of implemented rules
Missing Rules
Some of the missing rules are dependent on having references loaded as part of the compilation, so maybe completion of this issue is needed as well:
That scenario is already covered for comparing assemblies within the same package, however we didn't enable it for package baseline validation because there was not a good way to get the dependencies for the package baseline since we are using package download and we can't get dependencies for it. This would be something we can collaborate with NuGet to improve the experience of baseline validation.
Support Multiple Assemblies On Packages
Currently, we just focused on the simple scenario that a package contained only a single assembly and the assembly was named the same as the package id. However, this is not true for packages out there, a package can have multiple assemblies that have different names, and we should ensure we run validation for those assemblies.
Support automatically getting latest released package
For package baseline validation we should explore the option of supporting fetching the latest stable released package to run baseline validation again. Also, there is a first party request to support wildcards or some form of range to automatically get the baseline package version respecting that range:
cc: @joperezr @ericstj
The text was updated successfully, but these errors were encountered: