Cake: Show warning when referenced package is missing version number

Created on 28 Aug 2018 · 9Comments · Source: cake-build/cake

If a version number is missing for a package reference in a preprocessor directive, a warning should be displayed in the console output.

Examples of package references that should emit warnings:

#addin nuget:?package=Foo
#tool nuget:?package=Bar
#module nuget:?package=Qux

Improvement

Source

patriksvensson

Most helpful comment

I would go with something like:

"The '{0}' directive is attempting to install the '{1}' package \r\n" +
"without specifying a package version number.  \r\n" +
"More information on this can be found at \r\n" +
"https://cakebuild.net/docs/tutorials/pinning-cake-version" +
"It's not recommended, but you can explicitly override this warning \r\n" + 
"by configuring the Skip Package Version Check setting to true\r\n" + 
"(i.e. command line parameter \"--settings_skippackageversioncheck=true\", \r\n" + 
"environment variable \"CAKE_SETTINGS_SKIPPACKAGEVERSIONCHECH=true\", \r\n" + 
"read more about configuration at https://cakebuild.net/docs/fundamentals/configuration)";

gep13 on 30 Aug 2018

👍3

All 9 comments

I will prepare a PR. Could you please suggest what error message should be displayed?

"Missing version number for referenced package 'Foo'" ?

Marusyk on 30 Aug 2018

Not a native English speaker myself but we should probably provide a link to https://cakebuild.net/docs/tutorials/pinning-cake-version in the warning message. providing not just warning but a suggested solution similar to assembly verifier
https://github.com/cake-build/cake/blob/a0f142af2dfbf18eecc240789529da428cb0d82a/src/Cake.Core/Reflection/AssemblyVerifier.cs#L39-L47

devlead on 30 Aug 2018

👍1

I would go with something like:

"The '{0}' directive is attempting to install the '{1}' package \r\n" +
"without specifying a package version number.  \r\n" +
"More information on this can be found at \r\n" +
"https://cakebuild.net/docs/tutorials/pinning-cake-version" +
"It's not recommended, but you can explicitly override this warning \r\n" + 
"by configuring the Skip Package Version Check setting to true\r\n" + 
"(i.e. command line parameter \"--settings_skippackageversioncheck=true\", \r\n" + 
"environment variable \"CAKE_SETTINGS_SKIPPACKAGEVERSIONCHECH=true\", \r\n" + 
"read more about configuration at https://cakebuild.net/docs/fundamentals/configuration)";

gep13 on 30 Aug 2018

👍3

This would obviously require the addition of another Configuration Value into Cake to allow people to override this warning, as I know that there are some who "need" to always use the latest version, and will not want to see this warning.

gep13 on 30 Aug 2018

👍2

Yeah, I'm not sure here because not pinning has worked well so far. In rare instances we can start pinning, usually as a temporary workaround to a bug, but with pinning there's no warning to remind us when we're out of date. (_Hint_... 😇)

Also, what about specifying #tool nuget:https://myget.org/f/nunit/?package=NUnit.ConsoleRunner&prerelease? Should the &prerelease suppress the warning, since we're explicitly not pinning a version but rather asking for the latest prerelease? If &prerelease does not suppress the warning, why would you ever use &prerelease rather than just pinning the prerelease version?

jnm2 on 30 Aug 2018

@jnm2, so basically a command for Cake that works like dotnet-outdated, could solve your problems?

bjorkstromm on 30 Aug 2018

👍1

@jnm2 said...
but with pinning there's no warning to remind us when we're out of date.

I would consider that a separate, valid issue. Regardless of whether you are "ok" with not pinning a tool/addin/module, the recommendation from the Cake Team has always been, and will always be, to pin your versions. That way, you get the most reliable, and repeatable build. This new warning is an additional mechanism to make people aware of this recommendation.

gep13 on 30 Aug 2018