arcade icon indicating copy to clipboard operation
arcade copied to clipboard
verified publisher icon dotnet

Warn if a build is using a package with a bug

Open JohnTortugo opened this issue 6 years ago • 4 comments

I have seen more than once a repo/branch using an old version of Arcade SDK, SignTool, other packages that have bugs that we have already fixed. This have happened for a few reasons: people hardcode versions in Versions.props, we had some values hardcoded in DefaultVersion.props, etc.

I think it would be great if our build system had a way to warn (fail) a build that is trying to use a package that has a known bug.

@chcosta @mmitche @tmat @markwilkie

JohnTortugo avatar Mar 28 '19 18:03 JohnTortugo

Maybe put this behind a config of some sort so repo owners can choose to fail or not....

markwilkie avatar Apr 05 '19 16:04 markwilkie

What I think is: using a buggy package might lead to the build failing (best case) or the build succeed but nobody notice that behind the scenes something wrong happened.

JohnTortugo avatar Apr 05 '19 17:04 JohnTortugo

Do we have a way today to identify a package that would be considered buggy and should not be used?

Chrisboh avatar Jul 18 '19 23:07 Chrisboh

I don't think so. At first I think we could modify BAR to store this information and Maestro API to be able to query it. We could store for instance, PackageName and range of known buggy version. Clients would then use the API check if the package getting restored is within any of the recorded ranges.

JohnTortugo avatar Jul 18 '19 23:07 JohnTortugo