This simplifies the way that we publish files to our network drop share.
Changes:
* Instead of explicitly listing every file that needs to publish, use directories to classify packages and artifacts into different categories.
* Add documentation for the expected layout of artifacts/
* Remove the need for static analysis to determine which packages go to which project
* Add the MSBuild property "IsProductPackage" to .csproj files which ship as a package to NuGet.org.
- Stop producing the 'Universe' lineup package
- Removes all PackageLineup code
- Use full msbuild on Windows
- Fix invalid reference to internal.aspnetcore.sdk in 2.1.x
- Fix shared folder references for PackageArchive task.
This should unblock the consumption of the latest .NET Core SDK, which includes breaking changes in MSBuild. We don't _really_ need the MSBuild APIs which were broken because ProdCon v1 is dead. This removes the unused ProdCon v1 tasks and targets.
Changes:
* Sign shared fx zips
* Sign metapackages
* Disable signing on inner repo builds and instead sign all packages at the end
* Add a list of files from other Microsoft teams which can be excluded from signing
* Add a list of 3rd party assemblies which are bundled in the shared frameworks.
This shares the DOTNET_HOME variable on CI builds between Universe and each sub-repo build. This prevents each repository build installing duplicate copies of .NET Core SDK and runtimes.
Our policy since 1.0.0 has been to always cascade version updates in the packages we own. e.g. if Logging has a product change in 2.1.x, then Kestrel, EF Core, Mvc, etc also re-ship with the updated Logging dependency. This has been done for a variety of reasons:
* NuGet does not show updates for transitive dependencies, only direct ones
* NuGet does resolves the lowest compatible transitive dependencies
* ASP.NET Core ships to both .NET Framework (where transitive dependency version matters) and .NET Core (where it matters less if you use the shared framework)
While transitive dependencies is still an important scenario, this practice of always patching has led to bigger issues.
* High probability users will unintentionally upgrade out of the shared framework: #3307
* Conflicts with metapackages that attempt to use exact version constraints: aspnet/Universe#1180
* A quality perception issue: the high volume of new versions in servicing updates with only metadata changes has created the impression that new versions of packages may not be very important. It's also made it appear like there are more issues product than there really are.
* High volume of packages changing with only metadata changes. Of the last 301 packages published in a servicing update, only 11 contained actual changes to the implementation assemblies. (3.5%)
This change implements a system to verify a new, non-cascading versioning policy for servicing updates. This required changes to repos to pin version variables to that matter per-repo,
and to remove some of the restrictions and checks.
Incidentally, this should make defining new patches easier because it automatically determines which packages are or are not patching in the release.
* Split compilation and tests into separate phases
* Ensure template tests are skipped, and reduce duplication between test/build repo targets
* Show summary at the end of which repos failed
Nate McMaster
Nate McMaster
Justin Kotalik
Ryan Brandenburg