microsoft / MSBuildLocator

Add guardrails that can notify a customer that some of the deployed assemblies in a project can break MSBuild stuff.

This would be beyond the "check for explicit MSBuild package references" we have:

MSBuildLocator/src/MSBuildLocator/build/Microsoft.Build.Locator.targets

Lines 4 to 21 in 1c7a109

    
                 <MSBuildPackagesWithoutPrivateAssets 
        
                   Include="@(PackageReference)" 
        
                   Condition="!$([MSBuild]::ValueOrDefault('%(PackageReference.ExcludeAssets)', '').ToLower().Contains('runtime')) and 
        
                     ( 
        
                       '%(PackageReference.Identity)' == 'Microsoft.Build' or 
        
                       '%(PackageReference.Identity)' == 'Microsoft.Build.Framework' or 
        
                       '%(PackageReference.Identity)' == 'Microsoft.Build.Utilities.Core' or 
        
                       '%(PackageReference.Identity)' == 'Microsoft.Build.Tasks.Core' or 
        
                       '%(PackageReference.Identity)' == 'Microsoft.Build.Engine' or 
        
                       '%(PackageReference.Identity)' == 'Microsoft.Build.Conversion.Core' or 
        
                       '%(PackageReference.Identity)' == 'Microsoft.Build.Runtime' or 
        
                       '%(PackageReference.Identity)' == 'Microsoft.Build.Localization' or 
        
                       '%(PackageReference.Identity)' == 'Microsoft.Build.Engine' 
        
                     )"/> 
        
               </ItemGroup> 
        
               <Error 
        
                 Condition="'@(MSBuildPackagesWithoutPrivateAssets)' != ''" 
        
                 Text="A PackageReference to Microsoft.Build.* without ExcludeAssets=&quot;runtime&quot; exists in your project. This will cause MSBuild assemblies to be copied to your output directory, causing your application to load them at runtime. To use the copy of MSBuild registered by MSBuildLocator, set ExcludeAssets=&quot;runtime&quot; on the MSBuild PackageReferences. To disable this check, set the property DisableMSBuildAssemblyCopyCheck=true in your project file (not recommended as you must distributed all of MSBuild + associated toolset). Package(s) referenced: @(MSBuildPackagesWithoutPrivateAssets)" />

We'd want something like a list of assemblies that shouldn't be deployed next to the final application, because they're expected to be found from the MSBuild installation.

+1 to searching actual assemblies being deployed rather than looking at PackageReference items. Problematic assemblies like these (or System.CodeDom.dll) can be deployed without any PackageReference, including by transitive dependency.

	<MSBuildPackagesWithoutPrivateAssets
	Include="@(PackageReference)"
	Condition="!$([MSBuild]::ValueOrDefault('%(PackageReference.ExcludeAssets)', '').ToLower().Contains('runtime')) and
	(
	'%(PackageReference.Identity)' == 'Microsoft.Build' or
	'%(PackageReference.Identity)' == 'Microsoft.Build.Framework' or
	'%(PackageReference.Identity)' == 'Microsoft.Build.Utilities.Core' or
	'%(PackageReference.Identity)' == 'Microsoft.Build.Tasks.Core' or
	'%(PackageReference.Identity)' == 'Microsoft.Build.Engine' or
	'%(PackageReference.Identity)' == 'Microsoft.Build.Conversion.Core' or
	'%(PackageReference.Identity)' == 'Microsoft.Build.Runtime' or
	'%(PackageReference.Identity)' == 'Microsoft.Build.Localization' or
	'%(PackageReference.Identity)' == 'Microsoft.Build.Engine'
	)"/>
	</ItemGroup>
	<Error
	Condition="'@(MSBuildPackagesWithoutPrivateAssets)' != ''"
	Text="A PackageReference to Microsoft.Build.* without ExcludeAssets="runtime" exists in your project. This will cause MSBuild assemblies to be copied to your output directory, causing your application to load them at runtime. To use the copy of MSBuild registered by MSBuildLocator, set ExcludeAssets="runtime" on the MSBuild PackageReferences. To disable this check, set the property DisableMSBuildAssemblyCopyCheck=true in your project file (not recommended as you must distributed all of MSBuild + associated toolset). Package(s) referenced: @(MSBuildPackagesWithoutPrivateAssets)" />

Add some guardrails to MSBuild Locator