Create deterministic build process with GitHub Actions and fix Central Package Management #327
Conversation
Co-authored-by: christiannagel <[email protected]>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Co-authored-by: christiannagel <[email protected]>
|
@copilot Some project files have not been correctly updated for central package management (CPM) to not include the versions of the dependencies. Remove the versions and make sure the packages are listed with Directory.Packages.props in the src folder. Also make sure to include the permissions with the github actions. |
Co-authored-by: christiannagel <[email protected]>
Fixed both issues in commit b05acef: Central Package Management:
GitHub Actions Permissions:
Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
Updated `Microsoft.EntityFrameworkCore` and `Npgsql` package versions to conditionally target `net8.0` and `net9.0`. Added `Microsoft.EntityFrameworkCore.Tools` with framework-specific conditions. Removed `Npgsql.EntityFrameworkCore.PostgreSQL` reference from `Codebreaker.Data.Postgres.csproj`. Removed `<Project>` element and disabled central package management in `Directory.Packages.props`.
Added a comprehensive guide on managing preview and stable NuGet packages in the Codebreaker Backend solution. The document includes an overview of the dual-pipeline approach, package versioning strategy, GitHub Actions workflows, deployment targets, and best practices. Detailed instructions for workflow execution, troubleshooting, and integration with development workflows are provided. Future enhancements such as automated release notes and vulnerability scanning are outlined. Examples, YAML configurations, and XML snippets are included for clarity.
Centralized versioning for `Microsoft.Extensions.Logging.Abstractions` in `Directory.Packages.props`: - Added conditional versions: `8.0.3` for `net8.0` and `9.0.9` for `net9.0`. - Removed unconditional version `9.0.9`. Removed explicit `<PackageReference>` for `Microsoft.Extensions.Logging.Abstractions` in `Codebreaker.GameAPIs.Client.csproj` to rely on centralized versioning.
Added a new guide on Central Package Management for multi-targeting, addressing NU1506 warnings caused by duplicate `PackageVersion` entries. Updated `Directory.Packages.props` to remove unconditional entries, add conditional versions for `net8.0` and `net9.0`, and suppress NU1506 and NU1507 warnings. Organized `Directory.Packages.props` into logical sections with comments for better maintainability. Reintroduced xUnit packages under a dedicated section. Enhanced security recommendations by suggesting package source mapping for production environments. Provided best practices, alternative solutions, and verification steps to ensure clean builds and consistent behavior across multi-targeting frameworks.
Removed the `<ManagePackageVersionsCentrally>` property from the `Codebreaker.GameAPIs.Client.csproj` file. This property was previously set to `false` and its removal allows the project to rely on default behavior or other mechanisms for managing package versions.
|
@copilot the github action for building the analyzer package failed, all the other packages succeed: |
Co-authored-by: christiannagel <[email protected]>
Fixed the Analyzers package NU5017 error in commit cb2b80c. Issue: The Analyzers project had no package dependencies, triggering NuGet's validation that prevents "empty" packages. Solution: Added minimal Result:
|
Removed the `--no-build` flag from `dotnet pack` commands in `deterministic-build.yml` to ensure the project is built during packaging. This affects both the initial package creation and verification steps. In `Codebreaker.Analyzers.csproj`, removed the `<WarningsAsErrors />` element, allowing warnings to no longer be treated as errors. Also removed the `<PackageReference>` to `System.Text.Json`, as this was a workaround for the project or NuGet packaging.
|
@copilot update docs/central-package-management-multitargeting.md: CNinnovation.Codebreaker.* packages should be retrieved from nuget.org, just CNinnovation.Codebreaker.* preview packages should be from Azure DevOps |
Co-authored-by: christiannagel <[email protected]>
Updated documentation in commit (pending). Changes made to
|
|
@copilot resolve the branch conflicts |
Branch conflicts resolved in commit 846a748. Successfully rebased on main, resolving all conflicts:
The branch now includes all main branch updates while preserving deterministic build improvements. |
Branch Successfully Rebased on Main:
The pull request has been rebased onto the latest main branch, resolving all conflicts and incorporating recent updates.
Conflicts Resolved:
Updates from Main:
Preserved PR Features:
The branch now cleanly builds on top of the latest main branch with all conflicts resolved.
Fixes #30.
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.