Skip to content

ci: add Directory.Build.props with shared build configuration (INFRA-001) #459

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
laurentiu021 merged 1 commit into from
May 20, 2026
Merged

ci: add Directory.Build.props with shared build configuration (INFRA-001) #459

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions SysManager/Directory.Build.props
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
<Project>

<PropertyGroup>
<Nullable>enable</Nullable>
<ImplicitUsings>enable</ImplicitUsings>
<LangVersion>latest</LangVersion>
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Build reproducibility risk: Replace LangVersion>latest with an explicit version.

Using latest makes the effective C# language version dependent on the installed SDK, causing builds to behave differently across machines and CI environments. A newer SDK can introduce breaking language changes or new diagnostics that fail TreatWarningsAsErrors.

📋 Recommended fix 
-    <LangVersion>latest</LangVersion>
+    <LangVersion>latestMajor</LangVersion>

Alternatively, pin to an explicit version like 12.0 if you want maximum stability.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
<LangVersion>latest</LangVersion>
<LangVersion>latestMajor</LangVersion>
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@SysManager/Directory.Build.props` at line 6, The project uses
<LangVersion>latest</LangVersion>, which makes compiler behavior SDK-dependent;
update the <LangVersion> element to an explicit numeric version (for example
"12.0") to ensure reproducible builds—locate the <LangVersion> tag in the
Directory.Build.props and replace "latest" with the chosen explicit version.

<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
<Authors>laurentiu021</Authors>
<Company>laurentiu021</Company>
<Copyright>Copyright (c) 2026 laurentiu021</Copyright>
<RepositoryUrl>https://github.com/laurentiu021/SystemManager</RepositoryUrl>
<RepositoryType>git</RepositoryType>
</PropertyGroup>

<ItemGroup>
<PackageReference Include="Microsoft.SourceLink.GitHub" Version="8.0.0" PrivateAssets="All" />
</ItemGroup>
Comment on lines +15 to +17
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check NuGet for latest Microsoft.SourceLink.GitHub version
curl -s "https://api.nuget.org/v3-flatcontainer/microsoft.sourcelink.github/index.json" | jq -r '.versions[-1]'

# Check for security advisories
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: NUGET, package: "Microsoft.SourceLink.GitHub") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Repository: laurentiu021/SystemManager

Length of output: 195

🏁 Script executed:

# Get all versions and filter for latest stable (non-preview)
curl -s "https://api.nuget.org/v3-flatcontainer/microsoft.sourcelink.github/index.json" | jq -r '.versions[] | select(contains("preview") | not)' | sort -V | tail -5

Repository: laurentiu021/SystemManager

Length of output: 115

🌐 Web query:

Microsoft.SourceLink.GitHub security vulnerabilities version 8.0.0

💡 Result:

As of May 20, 2026, there are no known security vulnerabilities associated specifically with the Microsoft.SourceLink.GitHub NuGet package, including version 8.0.0 [1]. Microsoft.SourceLink.GitHub is a build-time tool used to map source code files to their locations in source control repositories [2]. It is a client-side library that runs during the build process to generate information used by debuggers (such as Visual Studio) to retrieve source code files [3]. It does not run as a service or application in production environments [1]. Security-related confusion regarding this package often stems from: 1. Vulnerabilities in broader.NET or GitHub-related infrastructure: High-profile security advisories involving.NET or the GitHub platform (such as CVE-2024-30105 [4], CVE-2024-30045 [5], or the more recent GitHub platform vulnerability CVE-2026-3854 [6]) are separate from the SourceLink tooling. 2. Supply chain security scanning: Automated security tools may occasionally flag dependencies or general NuGet packages, but independent security assessments of Microsoft.SourceLink.GitHub have consistently identified no known vulnerabilities or malicious behaviors in the package [1]. Starting with.NET SDK 8, Source Link functionality is included directly in the.NET SDK and enabled by default [2][7]. Consequently, explicit references to the Microsoft.SourceLink.GitHub NuGet package are no longer required for projects migrating to.NET 8 or newer [7]. If you are using an older project structure that relies on version 8.0.0, it remains safe to use [1], though moving to modern.NET SDK versions is the recommended practice [7].

Citations:

🌐 Web query:

Microsoft.SourceLink.GitHub latest stable version releases

💡 Result:

As of May 20, 2026, the latest stable version of Microsoft.SourceLink.GitHub is 10.0.203 [1]. It is available on the NuGet Gallery [1]. While development continues in the official dotnet/sourcelink repository, version 10.0.203 is the current stable release [1]. Users are advised to check the NuGet Gallery directly for any future stable releases or preview versions [1][2].

Citations:

Update Microsoft.SourceLink.GitHub to the latest stable version.

Version 8.0.0 is outdated; the latest stable release is 10.0.300. While no security vulnerabilities are reported for version 8.0.0, updating to the latest stable version captures bug fixes and improvements. Since SourceLink is a build-time tool with no runtime impact, this is a low-effort update.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@SysManager/Directory.Build.props` around lines 15 - 17, Update the
PackageReference for Microsoft.SourceLink.GitHub in the Directory.Build.props by
changing the Version attribute on the <PackageReference
Include="Microsoft.SourceLink.GitHub" Version="8.0.0" PrivateAssets="All" />
entry to the latest stable release (10.0.300); ensure only the Version value is
updated and the PrivateAssets="All" attribute remains unchanged so build-time
behavior is preserved.


</Project>
6 changes: 3 additions & 3 deletions SysManager/SysManager.IntegrationTests/FixedDriveServiceTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,12 +95,12 @@ public async Task EnumerateAsync_UniqueLetters()
}

[Fact]
public void EnumerateSync_ReturnsSameAsAsync()
public async Task EnumerateSync_ReturnsSameAsAsync()
{
var s = new FixedDriveService();
var sync = FixedDriveService.Enumerate();
var async = s.EnumerateAsync().Result;
Assert.Equal(sync.Count, async.Count);
var asyncResult = await s.EnumerateAsync();
Assert.Equal(sync.Count, asyncResult.Count);
}

[Fact]
Expand Down
2 changes: 0 additions & 2 deletions SysManager/SysManager.Tests/SysManager.Tests.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@

<PropertyGroup>
<TargetFramework>net9.0-windows</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<UseWPF>true</UseWPF>

<IsPackable>false</IsPackable>
Expand Down
9 changes: 1 addition & 8 deletions SysManager/SysManager/SysManager.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,26 +3,19 @@
<PropertyGroup>
<OutputType>WinExe</OutputType>
<TargetFramework>net9.0-windows</TargetFramework>
<Nullable>enable</Nullable>
<ImplicitUsings>enable</ImplicitUsings>
<UseWPF>true</UseWPF>
<ApplicationManifest>app.manifest</ApplicationManifest>
<ApplicationIcon>Resources\app.ico</ApplicationIcon>
<AssemblyName>SysManager</AssemblyName>
<RootNamespace>SysManager</RootNamespace>
<LangVersion>latest</LangVersion>
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
<NoWarn>NU1603;NU1701</NoWarn>
<Version>0.48.21</Version>
<FileVersion>0.48.21.0</FileVersion>
<AssemblyVersion>0.48.21.0</AssemblyVersion>
<Authors>laurentiu021</Authors>
<Company>laurentiu021</Company>
<Product>SysManager</Product>
<Copyright>Copyright (c) 2026 laurentiu021</Copyright>
<Description>SysManager — Windows system monitoring toolkit by laurentiu021. Network, updates, health, logs, safe deep cleanup.</Description>
<PackageProjectUrl>https://github.com/laurentiu021/SystemManager</PackageProjectUrl>
<RepositoryUrl>https://github.com/laurentiu021/SystemManager</RepositoryUrl>
<RepositoryType>git</RepositoryType>
</PropertyGroup>

<ItemGroup>
Expand Down
Loading