Nuget 的最佳实践: 调试还是发布？

小开

The example in the Creating and Publishing A Symbol Package references files in the Debug directories as sources for the dll and pdb files.

Specifying Symbol Package Contents

A symbol package can be built by conventions, from a folder structured in the way described in the previous section, or its contents can be specified using the files section. If you wanted to build the example package described previously, you could put this into your nuspec file:

<files>
<file src="Full\bin\Debug\*.dll" target="lib\net40" />
<file src="Full\bin\Debug\*.pdb" target="lib\net40" />
<file src="Silverlight\bin\Debug\*.dll" target="lib\sl40" />
<file src="Silverlight\bin\Debug\*.pdb" target="lib\sl40" />
<file src="**\*.cs" target="src" />
</files>

Since the purpose of publishing the symbols is to allow others to step through your code when debugging, it seems most prudent to publish a version of the code intended for debugging without optimizations that might affect the code step through.

小开

Speaking for SymbolSource, I believe that the best practice is to:

Push release binary+content packages to nuget.org only (or any other production feed)
Push debug binary+content packages to a development feed:
- on-premise
- on myget.org
- on nuget.org as pre-release packages.
Push both release and debug binary+symbols packages to symbolsource.org or any other symbol store.

While we're at it, it is a common misconception that release and debug builds in .NET really differ much, but I am assuming that the differentiation is here because of various code that might or might not be included in either build, like Debug.Asserts.

That said, it is really worth pushing both configurations to SymbolSource, because you just never know when you're going to need to debug production code. Remotely in production to make it harder. You're going to need the help you can get from your tooling when that happens. Which I obviously do not wish upon anyone.

There is still a matter to consider regarding versioning: is it correct to have 2 different packages (build in debug and in release) sharing 1 version number? SymbolSource would accept that, because it extracts packages and stores binaries in separate build mode branches, IF ONLY NuGet allowed to tag packages accordingly. There is no way at present to determine if a package is debug or release-mode.

小开

I completely agree with your conclusion. NuGet packages with RELEASE and SymbolSource with debug. It seems pretty rare to step directly into packages and the occasional debug misstep with optimizations enabled might be acceptable.

If there were really a problem, I think the ideal solution would be to have NuGet support it. For example, imagine if when debugging, it could replace the release DLL with the one included in the SymbolSource package.

Ideally, what would happen then is that nuget pack SomePackage -Symbols against a release version would create a release nuget package, but a debug symbols package. And the VS plugin would be updated to be smart enough to see the association and pull in the Debug assemblies when running in a debugger and load those instead. Kind of crazy, but would be interesting.

However, I just don't see enough people complaining about this that it'd be worth it at the moment.

NuGet team accepts pull requests. :)

小开

最佳答案

It's been 8 years since OP's post (with previous answer still top-voted below), so I'll give it a crack with what's used nowadays.

There are 2 ways of "stepping into" a NuGet package:

1. Distribution of PDBs

.symbols.nupkg symbol packages are considered as legacy and have been replaced with .snupkg packages that get published to Symbol Server. It’s supported by most vendors with Azure DevOps being the biggest outsider where the feature request is still "under review" (thank you @alv for the link).

Here are the official instructions. Simply add these two lines to the csproj file:

<PropertyGroup>
<IncludeSymbols>true</IncludeSymbols>
<SymbolPackageFormat>snupkg</SymbolPackageFormat>
</PropertyGroup>

On the consumer side, make sure that your IDE is configured for the NuGet.org (or Azure, etc.) Symbol Server to allow stepping into package code when debugging.

2. Source Link.Linking the actual code

In some cases, the PDBs may hide some specifics of the source code due to MSIL/JIT optimisation. So there is a way of ”Stepping Into” the actual source of your NuGet while debugging. It’s called Source Link from the .NET Foundation – ”a language- and source-control agnostic system for providing source debugging experiences for binaries“.

It’s supported by Visual Studio 15.3+ and all the major vendors (also supports private repos).

It’s trivial to setup (official docs) – just add a development dependency to the project file (depends on the type of your repo) along with some flags:

<PropertyGroup>
<PublishRepositoryUrl>true</PublishRepositoryUrl>
<EmbedUntrackedSources>true</EmbedUntrackedSources>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.0.0" PrivateAssets="All" />
</ItemGroup>

Check out more on this subject in "5 steps to better NuGet package".