ci: add Directory.Build.props with shared build configuration (INFRA-001)

[laurentiu021]

Summary

• Created SysManager/Directory.Build.props with shared properties: Nullable, ImplicitUsings, LangVersion, TreatWarningsAsErrors, metadata, SourceLink
• Removed duplicated properties from individual .csproj files
• Added <NoWarn>NU1603;NU1701</NoWarn> to main project (known NuGet compatibility warnings from transitive deps)
• Fixed xUnit1031 warning in FixedDriveServiceTests (blocking .Result → await)

Test plan

• CI build passes (all 4 projects compile with TreatWarningsAsErrors)
• Unit tests pass
• No new warnings introduced

Summary by CodeRabbit

• Tests

  • Updated async test to properly use await patterns instead of blocking operations.

• Chores

  • Centralized build configuration settings across the solution to reduce duplication and improve consistency.
  • Added NuGet package warning suppressions for dependency compatibility.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR centralizes MSBuild defaults into a solution-wide Directory.Build.props file, removes duplicated compiler and metadata settings from individual project files, adds NuGet warning suppression, and updates an integration test to use async/await correctly instead of blocking on Task.Result.

Changes

Build Configuration and Test Updates

Layer / File(s)	Summary
Centralize and consolidate MSBuild configuration SysManager/Directory.Build.props, SysManager/SysManager/SysManager.csproj, SysManager/SysManager.Tests/SysManager.Tests.csproj	New Directory.Build.props establishes solution-wide defaults (nullable references, implicit usings, latest C# version, warnings as errors, and metadata). Duplicate settings are removed from SysManager.csproj and SysManager.Tests.csproj, which now inherit these values. SysManager.csproj adds NoWarn suppression for NuGet warnings NU1603 and NU1701.
Fix asynchronous test implementation SysManager/SysManager.IntegrationTests/FixedDriveServiceTests.cs	The EnumerateSync_ReturnsSameAsAsync test method is updated from a synchronous void method using Task.Result to an async Task method that properly awaits EnumerateAsync(), improving async/await patterns.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 Build settings aligned, no duplication spread,
Central props now lead, each project fed,
Async tests await, no longer they block,
Configuration flows smooth as a rabbit's spring hop! 🌿

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'ci: add Directory.Build.props with shared build configuration (INFRA-001)' clearly and specifically summarizes the main change: adding a centralized build configuration file.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci/directory-build-props

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@SysManager/Directory.Build.props`:
- Line 6: The project uses <LangVersion>latest</LangVersion>, which makes
compiler behavior SDK-dependent; update the <LangVersion> element to an explicit
numeric version (for example "12.0") to ensure reproducible builds—locate the
<LangVersion> tag in the Directory.Build.props and replace "latest" with the
chosen explicit version.
- Around line 15-17: Update the PackageReference for Microsoft.SourceLink.GitHub
in the Directory.Build.props by changing the Version attribute on the
<PackageReference Include="Microsoft.SourceLink.GitHub" Version="8.0.0"
PrivateAssets="All" /> entry to the latest stable release (10.0.300); ensure
only the Version value is updated and the PrivateAssets="All" attribute remains
unchanged so build-time behavior is preserved.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: ceade1fa-6422-4fff-bbbc-57799e238183

📥 Commits

Reviewing files that changed from the base of the PR and between 7455fce and 21e06b7.

📒 Files selected for processing (4)

• SysManager/Directory.Build.props
• SysManager/SysManager.IntegrationTests/FixedDriveServiceTests.cs
• SysManager/SysManager.Tests/SysManager.Tests.csproj
• SysManager/SysManager/SysManager.csproj

💤 Files with no reviewable changes (1)

• SysManager/SysManager.Tests/SysManager.Tests.csproj

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Build & unit tests
• GitHub Check: Analyze (csharp)

🔇 Additional comments (3)

SysManager/SysManager.IntegrationTests/FixedDriveServiceTests.cs (1)

98-103: LGTM!

SysManager/Directory.Build.props (1)

3-5: LGTM!

Also applies to: 7-13

SysManager/SysManager/SysManager.csproj (1)

12-12: LGTM!

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Build reproducibility risk: Replace LangVersion>latest with an explicit version.

Using latest makes the effective C# language version dependent on the installed SDK, causing builds to behave differently across machines and CI environments. A newer SDK can introduce breaking language changes or new diagnostics that fail TreatWarningsAsErrors.

📋 Recommended fix

-    <LangVersion>latest</LangVersion>
+    <LangVersion>latestMajor</LangVersion>

Alternatively, pin to an explicit version like 12.0 if you want maximum stability.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<LangVersion>latest</LangVersion>
	<LangVersion>latestMajor</LangVersion>

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@SysManager/Directory.Build.props` at line 6, The project uses
<LangVersion>latest</LangVersion>, which makes compiler behavior SDK-dependent;
update the <LangVersion> element to an explicit numeric version (for example
"12.0") to ensure reproducible builds—locate the <LangVersion> tag in the
Directory.Build.props and replace "latest" with the chosen explicit version.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check NuGet for latest Microsoft.SourceLink.GitHub version
curl -s "https://api.nuget.org/v3-flatcontainer/microsoft.sourcelink.github/index.json" | jq -r '.versions[-1]'

# Check for security advisories
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: NUGET, package: "Microsoft.SourceLink.GitHub") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Repository: laurentiu021/SystemManager

Length of output: 195

---

🏁 Script executed:

# Get all versions and filter for latest stable (non-preview)
curl -s "https://api.nuget.org/v3-flatcontainer/microsoft.sourcelink.github/index.json" | jq -r '.versions[] | select(contains("preview") | not)' | sort -V | tail -5

Repository: laurentiu021/SystemManager

Length of output: 115

---

🌐 Web query:

Microsoft.SourceLink.GitHub security vulnerabilities version 8.0.0

💡 Result:

As of May 20, 2026, there are no known security vulnerabilities associated specifically with the Microsoft.SourceLink.GitHub NuGet package, including version 8.0.0 [1]. Microsoft.SourceLink.GitHub is a build-time tool used to map source code files to their locations in source control repositories [2]. It is a client-side library that runs during the build process to generate information used by debuggers (such as Visual Studio) to retrieve source code files [3]. It does not run as a service or application in production environments [1]. Security-related confusion regarding this package often stems from: 1. Vulnerabilities in broader.NET or GitHub-related infrastructure: High-profile security advisories involving.NET or the GitHub platform (such as CVE-2024-30105 [4], CVE-2024-30045 [5], or the more recent GitHub platform vulnerability CVE-2026-3854 [6]) are separate from the SourceLink tooling. 2. Supply chain security scanning: Automated security tools may occasionally flag dependencies or general NuGet packages, but independent security assessments of Microsoft.SourceLink.GitHub have consistently identified no known vulnerabilities or malicious behaviors in the package [1]. Starting with.NET SDK 8, Source Link functionality is included directly in the.NET SDK and enabled by default [2][7]. Consequently, explicit references to the Microsoft.SourceLink.GitHub NuGet package are no longer required for projects migrating to.NET 8 or newer [7]. If you are using an older project structure that relies on version 8.0.0, it remains safe to use [1], though moving to modern.NET SDK versions is the recommended practice [7].

Citations:

• 1: https://secure.software/nuget/packages/microsoft.sourcelink.github
• 2: https://github.com/dotnet/sourcelink
• 3: SourceLink is a joke dotnet/sourcelink#1403
• 4: GHSA-hh2w-p6rv-4g7w
• 5: Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability dotnet/runtime#102206
• 6: https://www.technobezz.com/news/github-vulnerability-cve-2026-3854-exposed-millions-of-repositories-to-hijack-risk
• 7: Bump Microsoft.SourceLink.GitHub from 1.1.1 to 8.0.0 dotnet/reactive#2255

---

🌐 Web query:

Microsoft.SourceLink.GitHub latest stable version releases

💡 Result:

As of May 20, 2026, the latest stable version of Microsoft.SourceLink.GitHub is 10.0.203 [1]. It is available on the NuGet Gallery [1]. While development continues in the official dotnet/sourcelink repository, version 10.0.203 is the current stable release [1]. Users are advised to check the NuGet Gallery directly for any future stable releases or preview versions [1][2].

Citations:

• 1: https://www.nuget.org/packages/Microsoft.SourceLink.GitHub
• 2: https://www.nuget.org/packages?q=Microsoft.SourceLink

---

Update Microsoft.SourceLink.GitHub to the latest stable version.

Version 8.0.0 is outdated; the latest stable release is 10.0.300. While no security vulnerabilities are reported for version 8.0.0, updating to the latest stable version captures bug fixes and improvements. Since SourceLink is a build-time tool with no runtime impact, this is a low-effort update.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@SysManager/Directory.Build.props` around lines 15 - 17, Update the
PackageReference for Microsoft.SourceLink.GitHub in the Directory.Build.props by
changing the Version attribute on the <PackageReference
Include="Microsoft.SourceLink.GitHub" Version="8.0.0" PrivateAssets="All" />
entry to the latest stable release (10.0.300); ensure only the Version value is
updated and the PrivateAssets="All" attribute remains unchanged so build-time
behavior is preserved.