Skip to content

Manage dependencies with Central Package Management #2004

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 25 commits into from
Jan 23, 2023
Merged

Manage dependencies with Central Package Management #2004

merged 25 commits into from
Jan 23, 2023

Conversation

@xiang17
Copy link
Contributor

@xiang17 xiang17 commented Jan 19, 2023

Why

Fixes #1974: Centralize dependency package versions.

What

Use Central Package Management
https://devblogs.microsoft.com/nuget/introducing-central-package-management/

Note1: the top comment in the article above says it's already supported by GitHub’s Dependabot, but I haven't been able to verify that or found any article in any other source.

Note2: I left a TODO comment on whether it's better to consolidate all packages in one ItemGroup and sort them alphabetically. I'd appreciate the community's feedback!

Tests

CI

Checklist

- [ ] CHANGELOG.md is updated.
- [ ] Documentation is updated.
- [ ] New features are covered by tests.

pjanotti
pjanotti reviewed Jan 19, 2023
View reviewed changes
Copy link
Contributor

@pjanotti pjanotti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @xiang17 - I had just a few minutes to look at it, I will finish it later today. Meanwhile, a few questions.

@xiang17
Merge branch 'main' into xiang17/CentralPackageManagement
d101c82 
# Conflicts:
#	src/OpenTelemetry.AutoInstrumentation/OpenTelemetry.AutoInstrumentation.csproj
#	test/IntegrationTests/IntegrationTests.csproj
@xiang17
Use GlobalPackageReference and remove Common.Packages.props
fd39a75
@xiang17
Fix error in CI for demo
09642c2
rajkumar-rangaraj
rajkumar-rangaraj reviewed Jan 20, 2023
View reviewed changes
rajkumar-rangaraj
rajkumar-rangaraj reviewed Jan 20, 2023
View reviewed changes
rajkumar-rangaraj
rajkumar-rangaraj reviewed Jan 20, 2023
View reviewed changes
rajkumar-rangaraj
rajkumar-rangaraj reviewed Jan 20, 2023
View reviewed changes
@xiang17 xiang17 marked this pull request as ready for review January 20, 2023 01:44
@xiang17 xiang17 requested a review from a team January 20, 2023 01:44
Kielek
Kielek reviewed Jan 20, 2023
View reviewed changes
test/Directory.Packages.props
@@ -0,0 +1,47 @@
<Project>
<Import Project="..\Directory.Packages.props" />
Copy link
Member

@Kielek Kielek Jan 20, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that it will be good idea to reference here src\Directory.Packages.props
but without the section related to CommonExcludedAssets.props.
(Mainly to have OpenTelemetry* defined only in one place),

Copy link
Contributor Author

@xiang17 xiang17 Jan 20, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought about that as well, but there are only four dependencies that are common:

# cat src/Directory.Packages.props test/Directory.Packages.props | sort | uniq -d | grep Version
    <PackageVersion Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.4.0-rc.2" />
    <PackageVersion Include="OpenTelemetry.Instrumentation.Http" Version="1.0.0-rc9.11" />
    <PackageVersion Include="OpenTelemetry.Instrumentation.Wcf" Version="1.0.0-rc.8" />
    <PackageVersion Include="OpenTelemetry" Version="1.4.0-rc.2" />

I've put them into Directory.Packages.props file in the root folder.

RassK
RassK reviewed Jan 20, 2023
View reviewed changes
RassK
RassK reviewed Jan 20, 2023
View reviewed changes
@xiang17
Use exact version for StyleCop.Analyzers as it'll be handled by dep…
27edac8 
…endabot anyways
@xiang17
Unite all PackageVersions in each file and sort each group
fcf5dcc
@xiang17
Takes out common packages from src and test
1d86919
@xiang17
Merge branch 'main' into xiang17/CentralPackageManagement
aa87263 
# Conflicts:
#	examples/demo/Service/Examples.Service.csproj
#	src/OpenTelemetry.AutoInstrumentation/OpenTelemetry.AutoInstrumentation.csproj
#	test/IntegrationTests/IntegrationTests.csproj
RassK
RassK reviewed Jan 23, 2023
View reviewed changes
src/Directory.Packages.props
<PackageVersion Include="Microsoft.NETFramework.ReferenceAssemblies" Version="1.0.3" />
</ItemGroup>

<!-- Versions from OpenTelemetry.AutoInstrumentation.csproj -->
Copy link
Contributor

@RassK RassK Jan 23, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this comment is wrong after uniting itemgroups.

RassK
RassK approved these changes Jan 23, 2023
View reviewed changes
Copy link
Contributor

@RassK RassK left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall seems great!

@pellared pellared enabled auto-merge (squash) January 23, 2023 11:41
@pellared pellared merged commit a36ba28 into open-telemetry:main Jan 23, 2023
@pellared
Copy link
Member

pellared commented Jan 23, 2023

After seeing PRs like this #2054 I think that too much has been moved to Central Package Management.

I think that the instrumented library version should be declared only in csproj.

@Kielek Kielek mentioned this pull request Jan 23, 2023
Closed
@xiang17
Copy link
Contributor Author

xiang17 commented Jan 24, 2023
edited
Loading

After seeing PRs like this #2054 I think that too much has been moved to Central Package Management.

I think that the instrumented library version should be declared only in csproj.

The purpose of the PR was to make it easier for upgrading versions, especially for shared dependencies used in multiple places. The opentelemetry-dotnet repo centralizes almost all versions because most of them are shared. However, the same might not apply to this repo seeing recent PRs.

I took a look at the recent dependabot PRs. Most of them are either in CommonExcludedAssets.props (9) or in tests/Directory.Packages.props (5).

The packages in tests/Directory.Packages.props file aren't shared much (the csproj files are in test/test-applications/integrations/). I can put them back.

Regarding CommonExcludedAssets.props, these seems like to be excluding packages of old versions not expected to be upgraded as new versions come by. I didn't manage to figure out how they got skipped by dependabot before. Shall I put the versions back to CommonExcludedAssets.props file as well?

@pellared pellared mentioned this pull request Jan 24, 2023
Closed
@pellared
Copy link
Member

pellared commented Jan 24, 2023

@xiang17 I created #2068

@xiang17 xiang17 deleted the xiang17/CentralPackageManagement branch April 13, 2023 21:32
@xiang17 xiang17 mentioned this pull request Apr 13, 2023
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RassK RassK RassK approved these changes

@pellared pellared pellared approved these changes

@Kielek Kielek Kielek approved these changes

@rajkumar-rangaraj rajkumar-rangaraj rajkumar-rangaraj approved these changes

+1 more reviewer

@pjanotti pjanotti pjanotti left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Centralize dependency package versions

6 participants

@xiang17 @pellared @RassK @pjanotti @Kielek @rajkumar-rangaraj