component-detection icon indicating copy to clipboard operation
component-detection copied to clipboard
verified publisher icon microsoft

Nuget Detection: Nuspec Version as Variable $version$ (Dynamic Versioning)

Open RushabhBhansali opened this issue 1 year ago • 1 comments

Summary:

Component Detection does not detect nuspec version if it's a variable $version$

Details:

How does the variable version work in Nuget ?

a .nuspec file in NuGet can have the version specified as a variable. This is typically done using a token that gets replaced with the actual version number at the time of packaging. The token for the version is $version$. This allows for dynamic versioning based on the build or release process, rather than hardcoding the version number in the .nuspec file.

Here's a simplified example of how you might specify the version in a .nuspec file using a variable:

<?xml version="1.0"?>
<package >
  <metadata>
    <id>ExamplePackage</id>
    <version>$version$</version>
    <authors>ExampleAuthor</authors>
    <owners>ExampleOwner</owners>
    <requireLicenseAcceptance>false</requireLicenseAcceptance>
    <description>Example description</description>
    <releaseNotes>This release includes...</releaseNotes>
  </metadata>
</package>

When you pack this NuGet package, you would replace $version$ with the actual version number. This can be done automatically by tools like MSBuild or dotnet CLI by passing the version number as a parameter or by using a .csproj file that contains the version information.

The component Detection generates following error log for this:

Version '$version$' from D:\a\_work\1\s\src\Setup.PowerShell\DDSetup.nuspec could not be parsed as a NuGet version 
Version '$version$' from D:\a\_work\1\s\src\Setup.Tools\Microsoft.VisualStudio.Setup.Tools.nuspec could not be parsed as a NuGet version 
Version '$version$' from D:\a\_work\1\s\src\UpdateDriver\UpdateDriver.nuspec could not be parsed as a NuGet version 
Version '$version$' from D:\a\_work\1\s\src\VSInstaller.Managed\VSInstaller.nuspec could not be parsed as a NuGet version

RushabhBhansali avatar Jul 05 '24 16:07 RushabhBhansali

Have the same issue!! Because this check registered a 'PackageParseFailure', I have at least 4 warnings in each Component Governance tasks.

Version '$version$' from D:\a_work\1\s\tools\nuget\protobuf\Microsoft.WindowsAppSDK.Protobuf.nuspec could not be parsed as a NuGet version
... ...
##[warning]Some components or files were not detected due to parsing failures or connectivity issues.
##[warning]Please review the logs above for more detailed information.
##[warning]Components skipped for NuGet detector:
##[warning]- D:\a_work\1\s\tools\nuget\protobuf\Microsoft.WindowsAppSDK.Protobuf.nuspec

qiutongMS avatar Jun 17 '25 06:06 qiutongMS