Feature Request: support for projects with CPM enabled when Add Dependency is used in editor #3016
Description
Is your feature request related to a problem? Please describe.
I recently attempted to migrate a stride project to use central package management (CPM) in order to pin a transitive dependency to resolve a vulnerability. This works in the code-only mode of building a stride game, and the editor can load the project, build it, and run it just fine. But when the Add Dependency dialog is used to add a Stride dependency, it doesn't detect that CPM is enabled. So, it adds the PackageReference with the Version attribute in the .csproj. This results in a build error. For example, if you add Stride.Voxels, then attempt to build, you get this error:
[C:\Users\username\source\repos\sandbox\BepuSample\BepuSample.Game\BepuSample.Game.csproj(0,0)]: Error: The following PackageReference items cannot define a value for Version: Stride.Voxels. Projects using Central Package Management must define a Version value on a PackageVersion item. For more information, visit https://aka.ms/nuget/cpm/gettingstarted
Describe the solution you'd like
Similar to how Visual Studio works, the Stride editor should detect when central package management is enabled. When enabled, the Add Dependency dialog and functionality should update the nearest Directory.packages.props in addition to the Game .csproj file. Instead of just adding a PackageReference with a Version attribute in the project file, it should add the PackageReference WITHOUT the Version in the project file, and then also add a PackageVersion element to the Directory.packages.props file that is nearest to the .csproj file. The logic for locating the correct .props file to update should match the Visual Studio behavior in the NuGet manager window there.
Describe alternatives you've considered
The workaround for this issue is obviously just to avoid using the Add Dependency functionality/dialog in the editor and to add the packages manually in Visual Studio.
Additional context
For this reproduction, I used the "Sample: Bepu Physics" project template. After adding Directory.packages.props, I just removed all the Version='foo' attributes from the PackageReference elements in the Game project file. Here is a sample Directory.packages.props file I used at the top level of the repo, just before attempting to add Stride.Voxels from the Stride editor:
<?xml version="1.0" encoding="utf-8"?>
<Project>
<PropertyGroup>
<!-- Enable NuGet Central Package Management -->
<ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
<CentralPackageTransitivePinningEnabled>true</CentralPackageTransitivePinningEnabled>
</PropertyGroup>
<ItemGroup>
<PackageVersion Include="Stride" Version="4.3.0.2507" />
<PackageVersion Include="Stride.Assets" Version="4.3.0.2507" />
<PackageVersion Include="Stride.BepuPhysics" Version="4.3.0.2507" />
<PackageVersion Include="Stride.Core.Assets" Version="4.3.0.2507" />
<PackageVersion Include="Stride.Engine" Version="4.3.0.2507" />
<PackageVersion Include="Stride.Video" Version="4.3.0.2507" />
<PackageVersion Include="Stride.Particles" Version="4.3.0.2507" />
<PackageVersion Include="Stride.UI" Version="4.3.0.2507" />
<PackageVersion Include="Stride.Core.Assets.CompilerApp" Version="4.3.0.2507" />
<PackageVersion Include="Microsoft.Build.Tasks.Core" Version="17.8.43" />
</ItemGroup>
</Project>