You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A recent issue was investigated that was caused by the output package versions being the same between the VMR's output and the previously source built artifacts. Because the package versions were the same, NuGet has nondeterminism as to which package will be used. Due to differences in the PVP input between the two sets of packages, the packages ended up having dependencies on different versions. This eventually led to a package downgrade error in a consuming repo. It took a long time to investigate and diagnose this issue.
In order to avoid these kinds of investigations, it would be better to have validation that would clear point to this issue. If the output package version of a repo's build in the VMR matches the version that exists in previously source built artifacts, then that's a potential problem.
Even for the same commit, there is no guarantee that the packages produced by a repo would produce the same content compared to what is contained in the previously source built packages. This is specifically the case when it comes to cross-repo package dependencies.
It's possible that the build would just work despite a version conflict. But it's also possible it wouldn't. But in either case, the behavior is nondeterministic so shouldn't be considered valid.
The text was updated successfully, but these errors were encountered:
A recent issue was investigated that was caused by the output package versions being the same between the VMR's output and the previously source built artifacts. Because the package versions were the same, NuGet has nondeterminism as to which package will be used. Due to differences in the PVP input between the two sets of packages, the packages ended up having dependencies on different versions. This eventually led to a package downgrade error in a consuming repo. It took a long time to investigate and diagnose this issue.
In order to avoid these kinds of investigations, it would be better to have validation that would clear point to this issue. If the output package version of a repo's build in the VMR matches the version that exists in previously source built artifacts, then that's a potential problem.
Even for the same commit, there is no guarantee that the packages produced by a repo would produce the same content compared to what is contained in the previously source built packages. This is specifically the case when it comes to cross-repo package dependencies.
It's possible that the build would just work despite a version conflict. But it's also possible it wouldn't. But in either case, the behavior is nondeterministic so shouldn't be considered valid.
The text was updated successfully, but these errors were encountered: