Validating that references to NuGet packages are proper NuGet references - nuget

I'm moving my large project to properly use NuGet packages. However, I know that although they shouldn't, some developers will simply add references to assemblies in packages, rather than properly add NuGet refs, and I want to prevent that.
Is there a solution that either:
Checks this inside Visual Studio, and suggests the correct ref instead?
Checks this in build time, and produces build errors?

NuGet doesn't have any built-in command to validate this, however it would be relatively simple to write some code to do this.
The basic steps are:
for each project in solution
for each reference in project
if reference in path 'packages'
if package not in 'packages.config'
log 'invalid reference: use NuGet'

Related

Creating and installing a nuget package with referenced project

I want to publish a dotnetcore2.1 nuget package using dotnet pack and dotnet nuget push.
The package is a project in a solution that has a reference to another project in that solution.
I can't install the package because it can't resolve the referenced project.
I tried doing this, and it includes the referenced package .dll to the .nupkg file, but it's still not possible to install it.
I can't really figure out what is the 'expected' way to do this. I definitely don't intend to publish the referenced project to the nuget feed.
Is this a massive oversight by microsoft or am I not getting something?
You have a project A that you want to pack and this project references another project B that is not usable or not intended for use on its own, but from a design perspective it is reasonable to keep it separate for purposes like reuse. In the end the package for project A should also contain project B.
Indeed this is an issue tracked in the NuGet repository, issue 3891. In both this and your link to the corresponding .NET project issue there are some workaround involving MS Build, but there is no official support, yet.
As stated in the above issue, even Microsoft seems to be aware of this issue and simply creates packages for the referenced projects that are marked with
Please do not reference directly
I think that until project references are supported, the safest way is to do same, although it is not convenient. Workarounds may become obsolete or cause strange behavior. However, since your referenced project is only intended to be used in your main library, you could include it like this
<PackageReference Include="LLL.Client" Version="1.0.0" PrivateAssets="all"/>
This way, the package contents from your referenced project will only be included in your project and consumers of your main package will not be able to see them.

Working with Multiple Nuget Projects in one Solution

I have 2 projects: A & B that I want to publish as NuGet Packages but I don't know how to develop efficiently in Visual Studio.
Solution 1
Project A
Project B - references Project A as NuGet reference
When I make a change to Project A that is needed in Project B do I have to publish Project A? Is there a way to get the project reference functionality during development? Maybe Project B shouldn't reference Project A via NuGet?
There must be a good way to handle this situation, no? I've reviewed the NuGet docs but I couldn't find anything. There must be docs/blogs/SO posts to read more about this... I'm struggling to come up w/ the right keywords.
You might want to look at this extension: NuGet Reference Switcher for Visual Studio 2017
This allows you to switch between NuGet packages and project references during development.
Check out this blog post: https://markheath.net/post/multiple-nuget-single-repo
Basically, dotnet pack handles this for you automatically. You use regular project references when developing.
There must be a good way to handle this situation, no?
The best solutions is that the project-to-project reference should be recommend when the referenced project is modified frequently, the nuget reference is more appropriate when share the reference project to others or publish it. Just like NuGet Reference Switcher doing.
For some more detailed info, you can check following thread:
nuget packages in local work
NuGet has many advantages as a package manager for the Microsoft
development platform, this does not mean that it is not flawed. Just
as you encountered, if the referenced project is modified frequently,
we have to rebuild it, build nuget, publish it for each modification.
That will bring a lot of boring work. To resolve this disadvantages,
the Project-to-project references should be a better way.
The
advantage of a project-to-project reference is that it creates a
dependency between the projects in the build system. The dependent
project will be built if it has changed since the last time the
referencing project was built. A file reference does not create a
build dependency, so it is possible to build the referencing project
without building the dependent project.
You could add following Post-build event command to pack your project after building.
"the nuget.exe path\nuget.exe" pack "project path\NuGetPackageLibrary.csproj" -OutputDirectory "Your target path"
When your build successful, the package in target path will be replaced by the latest version.

How do I correctly install nuget packages outside of VS and keep track of them?

I'm trying to use nuget.exe outside of Visual Studio as part of our build infrastructure. The idea is that the various build tools are fetched by a bootstrapper script that initializes a working copy. The bootstrapper does this by using a file that specifies the required tools and their version.
Broken approach 1 - use manually edited packages.config
At first, it seemed like a good idea to keep a manually edited packages.config file and use nuget restore to install them during bootstrapping. However, this does not work for tools that have dependencies, unless I list every single dependency in the packages.config as well, a much to arduous approach to be feasible, because I found no easy way to recursively find all dependencies of a package.
See also using nuget.exe commandline to install dependency .
Broken approach 2 - use nuget install to update packages.config
The second idea was then to use nuget install to install the packages, and let that command update the packages.config, very similar to the Install-Package cmdlet in the package manager console. But, surprisingly, nuget install does not support this! It either takes a packages.config or a package ID as parameter, but I found no way to update the packages.config with the new package and its dependencies.
This problem can also be found in another (two year old) SO question, see nuget.exe install not updating packages.config (or .csproj)?.
Is there a working (and non-hacky) approach at all?
This must be a problem that many people face when using nuget outside of VS, so what is the best approach in that case?
Of course, I could just parse the packages.config and emit a nuget install for each package, but I really don't want to re-invent the dependency management part of nuget, this is what I'm using nuget for in the first place. So I'm left with the feeling that either an -WithDependencies switch on nuget restore or an -UpdatePackagesConfig switch on nuget install is missing...
Note that there are other SO questions regarding the broken approaches described above. What I'd like to know it what the best approach is to solve the root problem, i.e. manage packages with dependencies outside of VS.
nuget install does not currently make changes to the project file.
nuget install can be used to either restore the NuGet packages listed in a packages.config file or download and extract them.
If you do not need the project being modified then your solution of reading the packages in the packages.config file and calling nuget install seems like a reasonable approach.
If you need the project to be modified then you could look at one of the following:
Ripple - a command line tool that adds extra features to NuGet. It has a ripple install command line which is similar to nuget install but it also updates the project file. It has a lot of other features for supporting build servers so this might be a good fit.
NuGet packages outside of Visual Studio with SharpDevelop - this was an experiment I put together to see whether full NuGet support could be achieved, including PowerShell scripts, from the command line without using Visual Studio. It uses PowerShell and quite a bit of SharpDevelop.
Customise NuGet.exe to do what you need. nuget update, for example, does modify the project file, at least for file references, but will not run PowerShell scripts. So you could take the NuGet.exe source code and extend it.
Of the above only 3) would give you exactly what you need. The other two would require a bit of work to read the packages from the packages.config file or some other list and then install them.
See my answer to Why does the nuget command line tool not follow dependencies?
nuget install My.Package.Id will follow dependencies. However, if you want to install multiple packages, you will need to create a batch file with a separate nuget install command for each package. These are top-level packages. You don't need to "install" the dependencies, as they will get downloaded automatically.
If you ultimately want a packages.config file, I imagine you can generate one by enumerating all the packages that were downloaded. However, you would have to take care not to include multiple versions of the same package.
I believe that how nuget 3 works with project.json files may do what you are looking for. Essentially my understanding is that the unit of dependency becomes the package and not necessarily individual assemblies. From what I recall, the idea is the have only one place to manage these types of package references which the project (IDE/Editor), package manager, and other command line tools can use.
What I don't understand and feel somewhat frustrated about is that it appears that the project.json concept is being canceled. I don't know if plans are to reintroduce it at anytime in the future. In the mean time I keep on hearing updated info on tooling that takes advantage of project.json such as nuget so where you can actually rely on this is something that is unclear to me at this point.

Get current version of package outside of Visual Studio

We are migrating over to using packages and NuGet for managing our dependencies on 3rd party components. This works well when referencing packages from within Visual Studio or building on the build server via msbuild.
However there are a number of files that we would like to access in our build scripts and installers. Previously these would be in source control with a well known path, now as the version of the package that we are consuming changes so the path to the package and hence the files is changing.
Is there a simple way I can get the path to a given package? The best solution I currently have is to search for all packages.config files and extract the package version from them.
Examples of the files that we need to access are
The NUnit console executable from the NUnit.Runners package for running unit tests.
License files from various packages that we redistribute with our installer.
Using the packages.config file is a pretty good solution. NuGet itself uses two approaches:
Reading the package information from the packages.config and using that to resolve to the packages path.
Enumerating all the directories in the packages directory.
You could use NuGet.Core to do either of the above if you do not want to write the code yourself. The classes that can be used are the DefaultPackagePathResolver, the PackageReferenceFile and LocalPackageRepository or SharedPackageRepository.
One problem with the second approach is that sometimes NuGet may occasionally leave behind NuGet packages that are not necessarily referenced by a project. In that case looking at the package directories may give you the incorrect information.
The only other approach I can think of might be to read the project files looking for the assembly references. Although that would not work for a solution level package such as NUnit.Runners.

Cannot use home-made NuGet package

I'm investigating using NuGet internally to share an assembly used across multiple solutions. Despite the documentation making it look simple, I'm just getting a faceful of problems. I have two questions at this stage:
1) When I create the package, NuGet reports it as having 'no dependencies'. In fact, the assembly's project has quite a few dependencies on other (official) NuGet packages. I assumed that NuGet would spot this. Is there something I need to do so that NuGet knows my assembly itself has NuGet dependencies?
2) When I attempt to add the package to a project in another solution, it doesn't actually add the dll to the project (i.e. in the project's References). The package manager GUI lists the package in the installed list, but doesn't show a 'Manage' button, as it does for other packages. Instead, it just shows a 'Uninstall' button. So it's as if the overall solution is now aware of my package, but I can't add it as a reference to any projects, which is obviously of no use. This happens regardless of whether I install using the GUI or the command line. Does anyone know why this might be happening?
Thanks in advance.
For issue 1, if you are using nuget.exe pack and your project installed certain packages, these packages will be added as dependencies. If the packages are installed to another project that the main project is referencing, do nuget.exe pack -includereferencedprojects. For more information, please refer to http://docs.nuget.org/docs/reference/command-line-reference#Pack_Command_Examples.
For issue 2, you have probably installed a solution-level package, which does not have Content or Lib folder inside. If you install a project-level package, you should be able to see the manage button.
Hope this helps.