Build fails with CS9057 error due to analyzer version compiler conflict
martincostello opened this issue ยท 12 comments
Describe the bug
We have an internal scaffolder template we use to create new .NET applications. This template regularly updates the versions of its dependencies it uses and when a new application is scaffolded it dynamically takes the latest AWS SDK patch versions from NuGet.
This morning as part of a dependabot update and subsequent test of the generator for .NET 6, the build now fails with the following error:
CSC : error CS9057: The analyzer assembly '/home/runner/.nuget/packages/awssdk.securitytoken/3.7.103.17/analyzers/dotnet/cs/AWSSDK.SecurityToken.CodeAnalysis.dll' references version '4.6.0.0' of the compiler, which is newer than the currently running version '4.3.0.0'. [/tmp/984e20373103b72103fd4a0204e8acfd3d668ba2/src/MyApp/MyApp.csproj]
CSC : error CS9057: The analyzer assembly '/home/runner/.nuget/packages/awssdk.simplesystemsmanagement/3.7.104.52/analyzers/dotnet/cs/AWSSDK.SimpleSystemsManagement.CodeAnalysis.dll' references version '4.6.0.0' of the compiler, which is newer than the currently running version '4.3.0.0'. [/tmp/984e20373103b72103fd4a0204e8acfd3d668ba2/src/MyApp/MyApp.csproj]
I've not seen this in applications targeting .NET 7 (or at least, not yet).
The last successful CI was 20 hours ago, suggesting the versions published overnight have introduced this issue.
Expected Behavior
The application compiles.
Current Behavior
The application does not compile.
Reproduction Steps
Compile an application targeting .NET 6 with the 6.0.411 SDK which references the AWSSDK.SecurityToken and AWSSDK.SimpleSystemsManagement NuGet packages.
Possible Solution
Downgrade the dependency used to build the .CodeAnalysis packages to be compatible with the C# compiler that ships with the .NET 6 SDK.
Additional Information/Context
No response
AWS .NET SDK and/or Package version used
- AWSSDK.SecurityToken 3.7.103.17
- AWSSDK.SimpleSystemsManagement 3.7.104.52
Targeted .NET Platform
.NET SDK 6.0.411 and net6.0
Operating System and version
Linux
Confirmed not an issue with the following package versions:
- AWSSDK.SecurityToken 3.7.103.16
- AWSSDK.SimpleSystemsManagement 3.7.104.51
Same issue here, our automatic minor/patch version updates for NuGet packages triggered the following error in our builds:
CSC : error CS9057: The analyzer assembly '/root/.nuget/packages/awssdk.sqs/3.7.103.6/analyzers/dotnet/cs/AWSSDK.SQS.CodeAnalysis.dll' references version '4.6.0.0' of the compiler, which is newer than the currently running version '4.4.0.0'
Same error here in
AWSSDK.ApiGatewayManagementApi.CodeAnalysis.dll
AWSSDK.DynamoDBv2.CodeAnalysis.dll
AWSSDK.S3.CodeAnalysis.dll
AWSSDK.SecretsManager.CodeAnalysis.dll
AWSSDK.SimpleSystemsManagement.CodeAnalysis.dll
AWSSDK.SQS.CodeAnalysis.dll
AWSSDK.StepFunctions.CodeAnalysis.dll
I think the recent upgrade of Microsoft.CodeAnalysis is a bit too restrictive in terms of the versions of the compiler tooling that it supports. I think the maintainers will want to target a version as low as feasibly possible.
Here's a mapping of the versions to VS versions to give an idea of where best to target:
https://learn.microsoft.com/en-us/visualstudio/extensibility/roslyn-version-support?view=vs-2022
Last week I changed the code analysis projects to target netstandard2.0 (from net45 - the commit @slang25 referenced), but on my tests I only used a net7.0 application (in VS2022).
While we work on a fix (selecting the minimal version of Microsoft.CodeAnalysis that works with netstandard), the workaround is using SDK packages released before Jun 30.
Update: I have an internal PR downgrading the Microsoft.CodeAnalysis dependency to version 2.10.0. Here's my test on CodeBuild (using Ubuntu and .NET 6):
Before:
$ dotnet new console
$ dotnet add package AWSSDK.SageMaker --version 3.7.142
$ dotnet build
CSC : warning CS9057: The analyzer assembly '/root/.nuget/packages/awssdk.sagemaker/3.7.142/analyzers/dotnet/cs/AWSSDK.SageMaker.CodeAnalysis.dll' references version '4.6.0.0' of the compiler, which is newer than the currently running version '4.3.0.0'. [/codebuild/output/src4008071538/src/testbefore/testbefore.csproj]
1 Warning(s)
0 Error(s)
Time Elapsed 00:00:07.23
After (temppkg is a local source with the modified package - as it's not available on NuGet yet):
$ cd testafter
$ cat testafter.csproj
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net6.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<RestoreSources>$(RestoreSources);../temppkg;https://api.nuget.org/v3/index.json</RestoreSources>
</PropertyGroup>
</Project>
$ dotnet add package AWSSDK.SageMaker --version 3.7.143
$ dotnet build
Determining projects to restore...
All projects are up-to-date for restore.
testafter -> /codebuild/output/src4008071538/src/testafter/bin/Debug/net6.0/testafter.dll
Build succeeded.
0 Warning(s)
0 Error(s)
Time Elapsed 00:00:01.30
Most of our team was off today due to the 4th of July, I'll follow up in the morning so that we can get this released as soon as possible.
Last week I changed the code analysis projects to target
netstandard2.0(fromnet45- the commit @slang25 referenced), but on my tests I only used anet7.0application (in VS2022).While we work on a fix (selecting the minimal version of
Microsoft.CodeAnalysisthat works withnetstandard), the workaround is using SDK packages released before Jun 30.
And these would be patch versions. These kinds of changes would indicate a new minor version. We've been impacted twice in the last week by AWSSDK changes released as prerelease/patch changes that should arguably have been minor versions. Worth keeping an eye on
@oshea00 That's a good call out, this change should've been at least mentioned in the changelog (which we are doing for the fix).
What were the other changes that impacted you?
After talking to the team this morning, we decided to revert that previous commit (20ca969) to prevent further impact (and to make sure there are no framework / analyzer combinations we missed). We'll revisit this change soon (we're going trough updating the build internals used by the SDK), but will coordinate better by making it visible in the changelog and updating the package versions appropriately.
I ran the same test I mentioned in my comment yesterday with the new version, CS9057 does not appear anymore (and all service packages have been updated and pushed to NuGet):
$ dotnet new console
$ dotnet add package AWSSDK.SecurityToken --version 3.7.103.18
$ dotnet build /warnaserror
MSBuild version 17.3.2+561848881 for .NET
Determining projects to restore...
All projects are up-to-date for restore.
testapp -> /codebuild/output/src3140019177/src/testapp/bin/Debug/net6.0/testapp.dll
Build succeeded.
0 Warning(s)
0 Error(s)
Time Elapsed 00:00:08.95
Apologies again for the inconvenience.
โ ๏ธ COMMENT VISIBILITY WARNINGโ ๏ธ
Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.
@oshea00 That's a good call out, this change should've been at least mentioned in the changelog (which we are doing for the fix).
What were the other changes that impacted you?
@dscpinheiro Thank you. Actually that other issue was related to a patch change in the java SDK for DynamoDb that was posted 1.12.498. In this case the change resulted in an error added to check AWS credential format where none had previously existed. This broke code using that dependency - as dummy credential slugs with underscores "CHANGE_TO_MY_AWSCREDS" were suddenly non-conforming. Adding a new error to working code s/b a minor release change. :)
@oshea00 I asked the Java team and they recommended opening a new issue in their repo: https://github.com/aws/aws-sdk-java/issues/new/choose
Could you do that? They'll take a look.