fix: prevent file locking during parallel transitive builds #28
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This fix addresses the build failure during semantic release where the
GenerateDepsFile task failed with a file locking error.
Root Cause:
- Test projects (MultiTargetProject, SimpleProject) have ProjectReferences
to CycloneDX.MSBuild
- When these test projects are built (especially MultiTargetProject with
multiple target frameworks), MSBuild builds CycloneDX.MSBuild transitively
multiple times in parallel
- Multiple parallel builds tried to write to the same deps.json file,
causing file locking conflicts
- The existing workaround using $(MSBuildNodeId) for output path isolation
was not working correctly in .NET SDK 10.0.100 (variable was resolving
to the target framework name instead of a unique node ID)
Solution:
1. Disable deps.json generation entirely with <GenerateDependencyFile>false
- The deps.json file is not needed for this project since it's a build
tools package with <IncludeBuildOutput>false
2. Disable SBOM generation for this project with <GenerateCycloneDxSbom>false
- Prevents the project from trying to analyze itself during build
3. Remove the broken OutputPath isolation logic
- MSBuild's default parallel build handling is sufficient now that the
problematic file generation is disabled
This allows the project to be built multiple times in parallel without
file conflicts.
Fixes: System.IO.IOException: The process cannot access the file
'CycloneDX.MSBuild.deps.json' because it is being used by another process.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes a file locking issue that occurred during parallel transitive builds when test projects with multiple target frameworks built CycloneDX.MSBuild as a project reference. The solution disables unnecessary file generation (deps.json and SBOM) that was causing the conflicts, and removes the broken OutputPath isolation workaround.
Key Changes:
- Disabled deps.json generation with
<GenerateDependencyFile>false</GenerateDependencyFile> - Disabled SBOM generation with
<GenerateCycloneDxSbom>false</GenerateCycloneDxSbom> - Removed the broken
OutputPathisolation logic that relied on$(MSBuildNodeId)
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
dborgards
deleted the
claude/fix-cyclonedx-build-01Eh3AVVN1anyABSjWouamsG
branch
|
🎉 This PR is included in version 1.3.1 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This fix addresses the build failure during semantic release where the GenerateDepsFile task failed with a file locking error.
Root Cause:
Solution:
This allows the project to be built multiple times in parallel without file conflicts.
Fixes: System.IO.IOException: The process cannot access the file 'CycloneDX.MSBuild.deps.json' because it is being used by another process.