From 69ff53d376e387051c8a7ebfd6cd33995f5efb4b Mon Sep 17 00:00:00 2001 From: Sandro Ciervo Date: Fri, 11 Oct 2024 16:44:26 +0200 Subject: [PATCH 01/23] Update to latest SonarAnalyzer.CSharp --- Neolution.CodeAnalysis.TestsRuleset.nuspec | 2 +- Neolution.CodeAnalysis.nuspec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Neolution.CodeAnalysis.TestsRuleset.nuspec b/Neolution.CodeAnalysis.TestsRuleset.nuspec index e8b664e..dfacfce 100644 --- a/Neolution.CodeAnalysis.TestsRuleset.nuspec +++ b/Neolution.CodeAnalysis.TestsRuleset.nuspec @@ -13,7 +13,7 @@ true - + diff --git a/Neolution.CodeAnalysis.nuspec b/Neolution.CodeAnalysis.nuspec index 17f5ff8..b134db8 100644 --- a/Neolution.CodeAnalysis.nuspec +++ b/Neolution.CodeAnalysis.nuspec @@ -13,7 +13,7 @@ true - + From fe6d9413c144f86947337e750f9639815d3eb653 Mon Sep 17 00:00:00 2001 From: Sandro Ciervo Date: Fri, 11 Oct 2024 16:49:08 +0200 Subject: [PATCH 02/23] Adjust Changelog --- CHANGELOG.md | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9dc399d..f1a5f19 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,45 @@ and adheres to a project-specific [Versioning](/README.md). ## [Unreleased] +### Changed + +- Updated SonarAnalyzer.CSharp to version 9.32.0.97167 + +### Added + +- S2139: Exceptions should be either logged or rethrown but not both +- S2629: Logging templates should be constant +- S3431: "[ExpectedException]" should not be used +- S4347: Secure random number generators should not output predictable values +- S5344: Passwords should not be stored in plaintext or with a fast hashing algorithm +- S6377: XML signatures should be validated securely +- S6667: Logging in a catch clause should pass the caught exception as a parameter. +- S6668: Logging arguments should be passed to the correct parameter +- S6670: "Trace.Write" and "Trace.WriteLine" should not be used +- S6672: Generic logger injection should match enclosing type +- S6673: Log message template placeholders should be in the right order +- S6674: Log message template should be syntactically correct +- S6675: "Trace.WriteLineIf" should not be used with "TraceSwitch" levels +- S6677: Message template placeholders should be unique +- S6678: Use PascalCase for named placeholders +- S6781: JWT secret keys should not be disclosed +- S6930: Backslash should be avoided in route templates +- S6931: ASP.NET controller actions should not have a route template starting with "/" +- S6932: Use model binding instead of reading raw request data +- S6934: A Route attribute should be added to the controller when a route template is specified at the action level +- S6960: Controllers should not have mixed responsibilities +- S6961: API Controllers should derive from ControllerBase instead of Controller +- S6962: You should pool HTTP connections with HttpClientFactory +- S6964: Value type property used as input in a controller action should be nullable, required or annotated with the JsonRequiredAttribute to avoid under-posting. +- S6965: REST API actions should be annotated with an HTTP verb attribute +- S6966: Awaitable method should be used +- S6967: ModelState.IsValid should be called in controller actions +- S6968: Actions that return a value should be annotated with ProducesResponseTypeAttribute containing the return type + +### Removed + +- S6803: Parameters with SupplyParameterFromQuery attribute should be used only in routable components + ## [3.2.0] - 2024-10-11 ### Changed From 9864728f12997d30e4203e3477e1e7ef4cbbdc8b Mon Sep 17 00:00:00 2001 From: Sandro Ciervo Date: Tue, 18 Mar 2025 13:55:49 +0100 Subject: [PATCH 03/23] Remvoe - S6931: ASP.NET controller actions should not have a route template starting with "/" --- CHANGELOG.md | 1 - build/Neolution.CodeAnalysis.globalconfig | 4 ++++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5a379e5..1863725 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,7 +30,6 @@ and adheres to a project-specific [Versioning](/README.md). - S6678: Use PascalCase for named placeholders - S6781: JWT secret keys should not be disclosed - S6930: Backslash should be avoided in route templates -- S6931: ASP.NET controller actions should not have a route template starting with "/" - S6932: Use model binding instead of reading raw request data - S6934: A Route attribute should be added to the controller when a route template is specified at the action level - S6960: Controllers should not have mixed responsibilities diff --git a/build/Neolution.CodeAnalysis.globalconfig b/build/Neolution.CodeAnalysis.globalconfig index 4458e0f..15a98b7 100644 --- a/build/Neolution.CodeAnalysis.globalconfig +++ b/build/Neolution.CodeAnalysis.globalconfig @@ -270,6 +270,10 @@ dotnet_diagnostic.S6605.severity = none ; Better readability of `First()` and `Last()` are preferred over performance gains dotnet_diagnostic.S6608.severity = none +# S6931: ASP.NET controller actions should not have a route template starting with "/" +; This rule has no effect for our projects, since we mainly use Endpoints which limits developers to only implement one action per "Controller". +dotnet_diagnostic.S6931.severity = none + # S107: Methods should not have too many parameters dotnet_diagnostic.S107.severity = warning From 7029ef76cf6ac29567d6b670085972e647fd65f7 Mon Sep 17 00:00:00 2001 From: Sandro Ciervo Date: Tue, 18 Mar 2025 15:14:27 +0100 Subject: [PATCH 04/23] Change runner --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7a98d05..8f09ed5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ on: jobs: pack: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # NuGet.exe is a Mono application on Linux and is not installed by default on `ubuntu-latest` runners steps: - name: Checkout uses: actions/checkout@v3 From 7b0ad1e4cf22154fdc9cb68d959b9edf9079bcba Mon Sep 17 00:00:00 2001 From: Sandro Ciervo Date: Tue, 18 Mar 2025 15:16:20 +0100 Subject: [PATCH 05/23] update setup-nuget action --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8f09ed5..aa62b8f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,7 +21,7 @@ jobs: run: 'sed -i -e "s/{{NuGetVersion}}/$NUGET_VERSION/g" *.nuspec' - name: Setup NuGet.exe for use with actions - uses: NuGet/setup-nuget@v1.2.0 + uses: NuGet/setup-nuget@v2 - name: Create main package run: nuget pack Neolution.CodeAnalysis.nuspec From a6263bbd2bd6acaf890ec9dfb299b85146dbdf4e Mon Sep 17 00:00:00 2001 From: Sandro Ciervo Date: Tue, 18 Mar 2025 16:27:42 +0100 Subject: [PATCH 06/23] strictLatest back to true? --- .release-it.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.release-it.json b/.release-it.json index 3f22ba4..cebc73d 100644 --- a/.release-it.json +++ b/.release-it.json @@ -14,7 +14,7 @@ "filename": "CHANGELOG.md", "addVersionUrl": true, "addUnreleased": true, - "strictLatest": false + "strictLatest": true } }, "hooks": { From 0c2e2840267b15c68933685e3c4f2ff686ad55c6 Mon Sep 17 00:00:00 2001 From: Sandro Ciervo Date: Wed, 4 Jun 2025 11:29:05 +0200 Subject: [PATCH 07/23] Remove S6964 --- CHANGELOG.md | 1 - build/Neolution.CodeAnalysis.globalconfig | 6 +++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1863725..0e1564d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -35,7 +35,6 @@ and adheres to a project-specific [Versioning](/README.md). - S6960: Controllers should not have mixed responsibilities - S6961: API Controllers should derive from ControllerBase instead of Controller - S6962: You should pool HTTP connections with HttpClientFactory -- S6964: Value type property used as input in a controller action should be nullable, required or annotated with the JsonRequiredAttribute to avoid under-posting. - S6965: REST API actions should be annotated with an HTTP verb attribute - S6966: Awaitable method should be used - S6967: ModelState.IsValid should be called in controller actions diff --git a/build/Neolution.CodeAnalysis.globalconfig b/build/Neolution.CodeAnalysis.globalconfig index 15a98b7..04417c6 100644 --- a/build/Neolution.CodeAnalysis.globalconfig +++ b/build/Neolution.CodeAnalysis.globalconfig @@ -1,4 +1,4 @@ -# Top level entry required to mark this as a global AnalyzerConfig file +# Top level entry required to mark this as a global AnalyzerConfig file # NOTE: Do not create section headers for configuration entries is_global = true @@ -274,6 +274,10 @@ dotnet_diagnostic.S6608.severity = none ; This rule has no effect for our projects, since we mainly use Endpoints which limits developers to only implement one action per "Controller". dotnet_diagnostic.S6931.severity = none +# S6964: Value type property used as input in a controller action should be nullable, required or annotated with the JsonRequiredAttribute to avoid under-posting +; This is handled by a custom model binder in our project templates that produces a bad request response in case of under-posting +dotnet_diagnostic.S6964.severity = none + # S107: Methods should not have too many parameters dotnet_diagnostic.S107.severity = warning From 48742e3abc9da1f548323f7e8b12db936ff40821 Mon Sep 17 00:00:00 2001 From: Sandro Ciervo Date: Wed, 4 Jun 2025 11:33:53 +0200 Subject: [PATCH 08/23] Revert "strictLatest back to true?" This reverts commit a6263bbd2bd6acaf890ec9dfb299b85146dbdf4e. --- .release-it.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.release-it.json b/.release-it.json index cebc73d..3f22ba4 100644 --- a/.release-it.json +++ b/.release-it.json @@ -14,7 +14,7 @@ "filename": "CHANGELOG.md", "addVersionUrl": true, "addUnreleased": true, - "strictLatest": true + "strictLatest": false } }, "hooks": { From 1d6bdd87ccd475de13eebdc8895d21d068a3b8a2 Mon Sep 17 00:00:00 2001 From: Sandro Ciervo Date: Wed, 4 Jun 2025 15:54:39 +0200 Subject: [PATCH 09/23] Remove S6678 --- CHANGELOG.md | 1 - build/Neolution.CodeAnalysis.globalconfig | 6 +++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0e1564d..7e9a6fc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -27,7 +27,6 @@ and adheres to a project-specific [Versioning](/README.md). - S6674: Log message template should be syntactically correct - S6675: "Trace.WriteLineIf" should not be used with "TraceSwitch" levels - S6677: Message template placeholders should be unique -- S6678: Use PascalCase for named placeholders - S6781: JWT secret keys should not be disclosed - S6930: Backslash should be avoided in route templates - S6932: Use model binding instead of reading raw request data diff --git a/build/Neolution.CodeAnalysis.globalconfig b/build/Neolution.CodeAnalysis.globalconfig index 04417c6..cc21f27 100644 --- a/build/Neolution.CodeAnalysis.globalconfig +++ b/build/Neolution.CodeAnalysis.globalconfig @@ -1,4 +1,4 @@ -# Top level entry required to mark this as a global AnalyzerConfig file +# Top level entry required to mark this as a global AnalyzerConfig file # NOTE: Do not create section headers for configuration entries is_global = true @@ -274,6 +274,10 @@ dotnet_diagnostic.S6608.severity = none ; This rule has no effect for our projects, since we mainly use Endpoints which limits developers to only implement one action per "Controller". dotnet_diagnostic.S6931.severity = none +# S6678: Use PascalCase for named placeholders +; Team decided that enforcing this rule is not worth the effort +dotnet_diagnostic.S6678.severity = none + # S6964: Value type property used as input in a controller action should be nullable, required or annotated with the JsonRequiredAttribute to avoid under-posting ; This is handled by a custom model binder in our project templates that produces a bad request response in case of under-posting dotnet_diagnostic.S6964.severity = none From c0f48ff07b84d03f1076937c71ba30ff8c9079a5 Mon Sep 17 00:00:00 2001 From: Sandro Ciervo Date: Wed, 4 Jun 2025 16:51:41 +0200 Subject: [PATCH 10/23] Try to fix prerelease logic --- .github/workflows/create-release.yml | 49 ++++++++++++++++------------ 1 file changed, 29 insertions(+), 20 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 9c9a7a2..c4c13bd 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -3,29 +3,34 @@ name: Create Release on: workflow_dispatch: inputs: - versioning_phase: + release_type: type: choice - description: Versioning Phase + description: "Type of release to create" default: stable options: + - stable - alpha - beta - rc - - stable - bump_version_number: + version_bump: type: choice - description: Bump Version Number - default: consecutive + description: "Which part of the version to increment" + default: patch options: - - consecutive - patch - minor - major - + + continue_prerelease: + type: boolean + description: "Continue an existing alpha/beta/rc series instead of starting a new one" + default: false + is_dry_run: type: boolean - description: Dry Run + description: "Simulate the release without making any changes" + default: false jobs: release-it: @@ -41,7 +46,6 @@ jobs: uses: actions/checkout@v4 with: token: ${{ steps.generate-token.outputs.token }} - # we need everything so release-it can compare the current version with the latest tag fetch-depth: 0 - name: initialize mandatory git config @@ -56,18 +60,23 @@ jobs: run: | params=() - if [[ ${{ github.event.inputs.bump_version_number }} != "consecutive" ]]; then - params+=(${{ github.event.inputs.bump_version_number }}) - fi - - if [[ ${{ github.event.inputs.versioning_phase }} != "stable" ]]; then - params+=(--preRelease=${{ github.event.inputs.versioning_phase }}) - params+=(--plugins.@release-it/keep-a-changelog.keepUnreleased) - params+=(--no-plugins.@release-it/keep-a-changelog.strictLatest) + # Determine prerelease logic + if [[ "${{ github.event.inputs.release_type }}" == "stable" ]]; then + params+=(--${{ github.event.inputs.version_bump }}) + elif [[ "${{ github.event.inputs.continue_prerelease }}" == "true" ]]; then + params+=(--increment=prerelease) + params+=(--preRelease=${{ github.event.inputs.release_type }}) + params+=(--plugins.@release-it/keep-a-changelog.keepUnreleased) + params+=(--no-plugins.@release-it/keep-a-changelog.strictLatest) + else + params+=(--${{ github.event.inputs.version_bump }}) + params+=(--preRelease=${{ github.event.inputs.release_type }}) + params+=(--plugins.@release-it/keep-a-changelog.keepUnreleased) + params+=(--no-plugins.@release-it/keep-a-changelog.strictLatest) fi - if [[ ${{ github.event.inputs.is_dry_run }} == "true" ]]; then - params+=(--dry-run) + if [[ "${{ github.event.inputs.is_dry_run }}" == "true" ]]; then + params+=(--dry-run) fi params+=(--ci) From 2216d6b612186dc18302da743ef79b8aa2d55b62 Mon Sep 17 00:00:00 2001 From: Sandro Ciervo Date: Wed, 4 Jun 2025 16:58:47 +0200 Subject: [PATCH 11/23] less verbose descriptions --- .github/workflows/create-release.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index c4c13bd..0aca271 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -5,7 +5,7 @@ on: inputs: release_type: type: choice - description: "Type of release to create" + description: Release Type default: stable options: - stable @@ -15,21 +15,21 @@ on: version_bump: type: choice - description: "Which part of the version to increment" + description: Version Bump default: patch options: - patch - minor - major - + continue_prerelease: type: boolean - description: "Continue an existing alpha/beta/rc series instead of starting a new one" + description: Continue existing prerelease (if available) default: false - + is_dry_run: type: boolean - description: "Simulate the release without making any changes" + description: Dry Run default: false jobs: From bea9c79e98c4c288100a9bbbae5eaeaaa5f0915a Mon Sep 17 00:00:00 2001 From: Sandro Ciervo Date: Wed, 4 Jun 2025 17:43:26 +0200 Subject: [PATCH 12/23] add specific version input --- .github/workflows/create-release.yml | 36 +++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 0aca271..3998eac 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -27,10 +27,14 @@ on: description: Continue existing prerelease (if available) default: false + specific_version: + type: string + description: Specify exact version (e.g., 3.3.0-alpha.1) - overrides other version settings + required: false + is_dry_run: type: boolean description: Dry Run - default: false jobs: release-it: @@ -48,6 +52,25 @@ jobs: token: ${{ steps.generate-token.outputs.token }} fetch-depth: 0 + - name: debug git tags + run: | + echo "All tags:" + git tag -l + echo "---" + echo "Tags sorted by version:" + git tag -l --sort=-v:refname + echo "---" + echo "Alpha tags sorted by version:" + git tag -l "*-alpha*" --sort=-v:refname + echo "---" + echo "Tag details:" + git for-each-ref --format="%(refname:short) %(objecttype) %(taggerdate)" refs/tags/ + echo "---" + echo "Latest tag details:" + LATEST_TAG=$(git describe --tags --abbrev=0) + echo "Latest tag: $LATEST_TAG" + git show $LATEST_TAG + - name: initialize mandatory git config run: | git config user.name "GitHub Release Bot" @@ -60,10 +83,17 @@ jobs: run: | params=() + # Check if a specific version was provided + if [[ -n "${{ github.event.inputs.specific_version }}" ]]; then + params+=(--release=${{ github.event.inputs.specific_version }}) # Determine prerelease logic - if [[ "${{ github.event.inputs.release_type }}" == "stable" ]]; then + elif [[ "${{ github.event.inputs.release_type }}" == "stable" ]]; then params+=(--${{ github.event.inputs.version_bump }}) elif [[ "${{ github.event.inputs.continue_prerelease }}" == "true" ]]; then + # Add verbose logging to understand release-it's process + params+=(--verbose) + # Tell release-it to use prerelease tags + params+=(--preReleaseId=${{ github.event.inputs.release_type }}) params+=(--increment=prerelease) params+=(--preRelease=${{ github.event.inputs.release_type }}) params+=(--plugins.@release-it/keep-a-changelog.keepUnreleased) @@ -84,4 +114,4 @@ jobs: echo "command: release-it ${params[@]}" release-it "${params[@]}" env: - GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} \ No newline at end of file + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} From c2bee1cf2358cc8fb4e64ea24cb82d94d472e1ab Mon Sep 17 00:00:00 2001 From: Sandro Ciervo Date: Wed, 4 Jun 2025 17:54:25 +0200 Subject: [PATCH 13/23] release-it git.tagMatch parameter --- .github/workflows/create-release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 3998eac..d1c8d26 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -88,14 +88,14 @@ jobs: params+=(--release=${{ github.event.inputs.specific_version }}) # Determine prerelease logic elif [[ "${{ github.event.inputs.release_type }}" == "stable" ]]; then - params+=(--${{ github.event.inputs.version_bump }}) - elif [[ "${{ github.event.inputs.continue_prerelease }}" == "true" ]]; then + params+=(--${{ github.event.inputs.version_bump }}) elif [[ "${{ github.event.inputs.continue_prerelease }}" == "true" ]]; then # Add verbose logging to understand release-it's process params+=(--verbose) # Tell release-it to use prerelease tags params+=(--preReleaseId=${{ github.event.inputs.release_type }}) params+=(--increment=prerelease) params+=(--preRelease=${{ github.event.inputs.release_type }}) + params+=(--git.tagMatch="v*-${{ github.event.inputs.release_type }}.*") params+=(--plugins.@release-it/keep-a-changelog.keepUnreleased) params+=(--no-plugins.@release-it/keep-a-changelog.strictLatest) else @@ -114,4 +114,4 @@ jobs: echo "command: release-it ${params[@]}" release-it "${params[@]}" env: - GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} \ No newline at end of file From e395103837b5aeff953816e3cdc300a5f85c7216 Mon Sep 17 00:00:00 2001 From: Sandro Ciervo Date: Wed, 4 Jun 2025 18:04:18 +0200 Subject: [PATCH 14/23] fix --- .github/workflows/create-release.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index d1c8d26..7c7ddaf 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -81,14 +81,13 @@ jobs: - name: run release-it run: | - params=() - - # Check if a specific version was provided + params=() # Determine prerelease logic if [[ -n "${{ github.event.inputs.specific_version }}" ]]; then params+=(--release=${{ github.event.inputs.specific_version }}) # Determine prerelease logic elif [[ "${{ github.event.inputs.release_type }}" == "stable" ]]; then - params+=(--${{ github.event.inputs.version_bump }}) elif [[ "${{ github.event.inputs.continue_prerelease }}" == "true" ]]; then + params+=(--${{ github.event.inputs.version_bump }}) + elif [[ "${{ github.event.inputs.continue_prerelease }}" == "true" ]]; then # Add verbose logging to understand release-it's process params+=(--verbose) # Tell release-it to use prerelease tags From 1bf23582442b84c333c00f02f566b1af84e55866 Mon Sep 17 00:00:00 2001 From: Sandro Ciervo Date: Wed, 4 Jun 2025 18:27:24 +0200 Subject: [PATCH 15/23] fix --- .github/workflows/create-release.yml | 32 ++-------------------------- 1 file changed, 2 insertions(+), 30 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 7c7ddaf..c18921c 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -27,11 +27,6 @@ on: description: Continue existing prerelease (if available) default: false - specific_version: - type: string - description: Specify exact version (e.g., 3.3.0-alpha.1) - overrides other version settings - required: false - is_dry_run: type: boolean description: Dry Run @@ -52,25 +47,6 @@ jobs: token: ${{ steps.generate-token.outputs.token }} fetch-depth: 0 - - name: debug git tags - run: | - echo "All tags:" - git tag -l - echo "---" - echo "Tags sorted by version:" - git tag -l --sort=-v:refname - echo "---" - echo "Alpha tags sorted by version:" - git tag -l "*-alpha*" --sort=-v:refname - echo "---" - echo "Tag details:" - git for-each-ref --format="%(refname:short) %(objecttype) %(taggerdate)" refs/tags/ - echo "---" - echo "Latest tag details:" - LATEST_TAG=$(git describe --tags --abbrev=0) - echo "Latest tag: $LATEST_TAG" - git show $LATEST_TAG - - name: initialize mandatory git config run: | git config user.name "GitHub Release Bot" @@ -81,15 +57,11 @@ jobs: - name: run release-it run: | - params=() # Determine prerelease logic - if [[ -n "${{ github.event.inputs.specific_version }}" ]]; then - params+=(--release=${{ github.event.inputs.specific_version }}) + params=() # Determine prerelease logic - elif [[ "${{ github.event.inputs.release_type }}" == "stable" ]]; then + if [[ "${{ github.event.inputs.release_type }}" == "stable" ]]; then params+=(--${{ github.event.inputs.version_bump }}) elif [[ "${{ github.event.inputs.continue_prerelease }}" == "true" ]]; then - # Add verbose logging to understand release-it's process - params+=(--verbose) # Tell release-it to use prerelease tags params+=(--preReleaseId=${{ github.event.inputs.release_type }}) params+=(--increment=prerelease) From 9b481aff98673ca4e5949c99e5f06df07bbe1d42 Mon Sep 17 00:00:00 2001 From: Sandro Ciervo Date: Wed, 4 Jun 2025 18:37:38 +0200 Subject: [PATCH 16/23] fix ubuntu version in CD workflow --- .github/workflows/cd-production.yml | 2 +- .github/workflows/create-release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd-production.yml b/.github/workflows/cd-production.yml index b8f939c..98f8188 100644 --- a/.github/workflows/cd-production.yml +++ b/.github/workflows/cd-production.yml @@ -9,7 +9,7 @@ env: jobs: pack-and-publish: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # NuGet.exe is a Mono application on Linux and is not installed by default on `ubuntu-latest` runners steps: - name: Checkout uses: actions/checkout@v3 diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index c18921c..2375613 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -58,7 +58,7 @@ jobs: - name: run release-it run: | params=() - # Determine prerelease logic + if [[ "${{ github.event.inputs.release_type }}" == "stable" ]]; then params+=(--${{ github.event.inputs.version_bump }}) elif [[ "${{ github.event.inputs.continue_prerelease }}" == "true" ]]; then From 721f95a6b99f362462f10fd513e6c2a1575fac34 Mon Sep 17 00:00:00 2001 From: Sandro Ciervo Date: Wed, 4 Jun 2025 18:50:56 +0200 Subject: [PATCH 17/23] Clarify descriptions --- .github/workflows/create-release.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 2375613..bfd63fd 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -13,20 +13,21 @@ on: - beta - rc + continue_prerelease: + type: boolean + description: | + Increase existing pre-release revision + default: false + version_bump: type: choice - description: Version Bump + description: Bump version number default: patch options: - patch - minor - major - continue_prerelease: - type: boolean - description: Continue existing prerelease (if available) - default: false - is_dry_run: type: boolean description: Dry Run From bd4db906bed7ef1b95006e59fc0472d823b4ba8b Mon Sep 17 00:00:00 2001 From: Sandro Ciervo Date: Wed, 4 Jun 2025 20:03:07 +0200 Subject: [PATCH 18/23] Update Nuspec --- Neolution.CodeAnalysis.nuspec | 3 +++ icon.png | Bin 0 -> 2365 bytes 2 files changed, 3 insertions(+) create mode 100644 icon.png diff --git a/Neolution.CodeAnalysis.nuspec b/Neolution.CodeAnalysis.nuspec index b134db8..83a6259 100644 --- a/Neolution.CodeAnalysis.nuspec +++ b/Neolution.CodeAnalysis.nuspec @@ -7,6 +7,9 @@ Neolution AG Configures Code Analysis for Neolution Projects https://github.com/neolution-ch/Neolution.CodeAnalysis + + icon.png + code analysis;roslyn;stylecop;sonar;ruleset docs\README.md MIT false diff --git a/icon.png b/icon.png new file mode 100644 index 0000000000000000000000000000000000000000..68121cc499157de35fcb6da0f2ae00011926755b GIT binary patch literal 2365 zcmbtW2U8Q;5)M7oNJkI}HF_Zi1(6nkfV9v=iX>D;2<_5EP!uGDcBM%Xkzf=A=_N!# zngpejkWi$H(vhMN5fHfX7rgi8?aY2#zMa{bot<+w$;QfrpGT4h008itnHt$LE%A>6 zIhhC_;Jm;zETOh02td`~sTF3x?rmUc007jc@&5MUV8+}*rcR*%fB^ZAvUCNOdIA7I znwgP--5uBUg0>VFw>EJIE9fS!6OspN}&OoWd@i zQ3I|6_sMAr4?4~6H>(BC_8*?#ol+|V-IL0Q-d>EJiT2*0D8pmqtFXra>IEQwl|Ckj z0}-cuLee>w`k4pI=?GST%Sw1J`rlLO2_Wz2C z$-C&UuUC$Kx0;$gq}IszWXrfnndV6bEF8a+X+;SE`Ex^~h9lY@sHLCxbDa`!yC{jp zO+S;~oqj(;h*8Wm^TpzVFF#{UlQ(f+vMq2w*a#k38=Eo-9ipkD!%3iIAirS|I>6|y z;)^yOZm>EZwe^eOxEK<#5=-6ElDl^1Q^yd@P65bYNMJiHp9wvk$1B8wAVWL>iXo;t z5lu^%$mRL$%!KQ#RHD7I_7h*Br+^^%auH;cY)U5#Fs5=MWw%dAX8s?P zmC;Yl`{9neMd=OUb04vFx@KcjJ)<=lelr%rJoY+3>7L21B_WElHKb#0;!R?A+7m58M+9#mk*62-z)_4tK?Cx!5 z-31@zZQa}+v)^?GVklf8S;|XcaczYMMAzy)KZ}rBb(BV?f@;ptP^r!lNtiKT#OqoX zf*<5NgrtrfrtkYHQglvkL5UV$Pc_Eo+-Sv%@sNh2Li|69>M?ul+em!82ZuICrXLzy zHDOcBIyw1EY=UaD(fXvigkz5;J!8I6GU}ieq7Wp*EDuYcFOsM(fu+CCUAjb}2=UF5 z6<1EX=p2uzBnA?or|oZ>JuNLUoRMA?zsiwYDMQ+x-`|UC?7!XbjQZBmLaiJg%Ey$y zp(bn!9wQ!T_8qBS)7B>NykJhn{Z40)w?! zd>dC$x(`M4?EM01ko) zrVgK~nbs)}gd3+Yh|gpm`_$*;7%aOGuUq%Y;j+i*!0401^nqAvt}L&=6uPO{DH#5U zdY}nM{k}&Yu4u#?FQ2u$EOt)Gud+liN)G9-oUh|o!F2x`rd!5PL!aX{KnO~F)Py=v z+Tbx`XFGpxGKd?|MRkW)UbDQldu9n7rUD(MhtRS@PiV(;uB~`kaVN49gncUUqqaTg zfd%Gq4C2x)bRRDiq!f}#tCu3HX?ZHv_XjD5A#Bg1%1ahb>)bj?u*Tzgb#Ky|fiE7u zk&7^75b?$fS#^lMUXYe^@cgU6B)sQHJI0Z@v*#+p&9w+_(*qBTpEC;0UzZg7sWktc z5^OF=K$7gDeikfvOhqK@wRJ1f+F`DIk?}cVzOixV8bpcrG)Uht>LJswZtNW?rrR%{ zV*D6hc3{H|aZO~bX$Y6h3!{vmcjP;0zJk>BRgd)7*W@PW7+LkmhYiTnRjl1Fp{&uz z;YisODsp(>-HrPlk3K|ALUi$0xn&NSiD~o4=Vd{NP}gmBT~(Tnik3K65F5z znb%I%)gCS$PpQVM2s5?l^6b@>hHpECO2h`O_Da4bb9l?=7IYu0ldLOdkCZmmT;}7W zi0c=0GhY=g$PtAR`$u^Ko!5z@ZK&(M0eNYl4##kQ#F%k!8f*04{uQUZepUq9K+MR~ zw=z5_dwZkN1x!?&DO~33(DH-5d09?@T92XtSW<63*MxUV^@vzfxMTnl)X8D6?2vu{ z-3-)G1^f>`o*;}^Z0V&@+d9rC0&&I2GGA+y6NCSQsSs*6i?_H;qyPvihgf0^xvWTa zp+Z@TmY8vruThoc&{tJ=h5~nG3y*w=JvaPRx(bm<%TUe=HC|g1{Wi&YU?$%5IS+g7 z=KdD=dX^`F@#|}H<&NY}UEE3$FVs$xwk`+t4--hqFj+SDcJ|ZLY*6#hFu~02V1{Uh zGVJ3}AnOlqX!lQhr1U@a9R(LX^djTMj8@?XwZ%qls@0qE)jZGV#Zl?-G~Q?OFBAvN zQypS7dx21Y5^limVVHFl9nN+4EM$i>^16lQk!8diZ@ijCQ8QJlC_FmSJ9A1q#d@E# z@*yTq1rnABJSUt?lJ9E*2$e$A^;!Po{g8aj@|Q^PKg%qiotP&N!0d{ZQ5C}d;lGTq BS(*R< literal 0 HcmV?d00001 From 1a05a6b0733416aa3bc21105db5896b2ee7b8c22 Mon Sep 17 00:00:00 2001 From: Sandro Ciervo Date: Tue, 10 Jun 2025 10:37:47 +0200 Subject: [PATCH 19/23] Update README --- CHANGELOG.md | 5 ++ Neolution.CodeAnalysis.TestsRuleset.nuspec | 3 + README.md | 86 +++++++++++++++++----- build/Neolution.CodeAnalysis.globalconfig | 2 +- 4 files changed, 76 insertions(+), 20 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7e9a6fc..a2d448f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,11 @@ and adheres to a project-specific [Versioning](/README.md). ## [Unreleased] +### Fixed + +- Improved README by describing the purpose, usage, and versioning of the package. +- Adds repository and icon information to the test ruleset NuGet package. + ### Changed - Updated SonarAnalyzer.CSharp to version 9.32.0.97167 diff --git a/Neolution.CodeAnalysis.TestsRuleset.nuspec b/Neolution.CodeAnalysis.TestsRuleset.nuspec index dfacfce..a1ce328 100644 --- a/Neolution.CodeAnalysis.TestsRuleset.nuspec +++ b/Neolution.CodeAnalysis.TestsRuleset.nuspec @@ -7,6 +7,9 @@ Neolution AG Configures Code Analysis for Neolution Test Projects. https://github.com/neolution-ch/Neolution.CodeAnalysis + + icon.png + code analysis;roslyn;stylecop;sonar;ruleset docs\README.md MIT false diff --git a/README.md b/README.md index 99af239..3ddd49b 100644 --- a/README.md +++ b/README.md @@ -1,26 +1,74 @@ -# Neolution Code Analysis rulesets -We maintain two (opinionated) rulesets for all our projects and distribute them, including 3rd-party Roslyn Analyzers (StyleCop and SonarSource) in two respective NuGet packages. +# Neolution Code Analysis Rulesets -- For Libraries, Tools, Web, UI and other projects - - [Neolution.CodeAnalysis](https://www.nuget.org/packages/Neolution.CodeAnalysis/) -- For projects containing automated tests (less strict rules) - - [Neolution.CodeAnalysis.TestsRuleset](https://www.nuget.org/packages/Neolution.CodeAnalysis.TestsRuleset/) +[![NuGet](https://img.shields.io/nuget/v/Neolution.CodeAnalysis.svg)](https://www.nuget.org/packages/Neolution.CodeAnalysis/) +[![NuGet](https://img.shields.io/nuget/v/Neolution.CodeAnalysis.TestsRuleset.svg)](https://www.nuget.org/packages/Neolution.CodeAnalysis.TestsRuleset/) -## Decisions and opinions -The base ruleset consists of the default ruleset of the Roslyn Analyzers we include in the NuGet package and those used in our build tools. +**Neolution.CodeAnalysis** provides a plug-and-play code analysis standard for .NET projects. By adding this package, you instantly enforce consistent, high-quality code with minimal setup—no need to maintain your own ruleset or configuration. The package includes: -- We include our own opinionated ruleset with adjusted Analyzer severities as a [Global AnalyzerConfig](https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/configuration-files#global-analyzerconfig) -- In all build configurations other that `Debug`, warnings will be converted to errors. -- We include our own [stylecop.json](https://github.com/DotNetAnalyzers/StyleCopAnalyzers/blob/master/documentation/Configuration.md) configuration file. +- Pre-configured Roslyn analyzers (StyleCop, SonarSource) +- Strict and up-to-date rules for code quality and security +- Automatic conversion of warnings to errors (except in Debug) +- A single source of truth for code style and best practices +- Easy updates: just bump the package version to get the latest rules + +**Why use this package?** + +- Save time on code reviews by catching issues early +- Ensure all projects follow the same standards +- Reduce technical debt and improve maintainability +- Onboard new developers faster with clear, enforced guidelines +- **Flexible:** You can override any rules or severities in your own `.editorconfig` files at the project or solution level to fit your team's needs. + +## Packages + +- **[Neolution.CodeAnalysis](https://www.nuget.org/packages/Neolution.CodeAnalysis/):** For libraries, tools, web, UI, and other projects. +- **[Neolution.CodeAnalysis.TestsRuleset](https://www.nuget.org/packages/Neolution.CodeAnalysis.TestsRuleset/):** For test projects (less strict rules). + +## Installation + +Install via NuGet Package Manager: + +```shell +Install-Package Neolution.CodeAnalysis +``` + +or for test projects: + +```shell +Install-Package Neolution.CodeAnalysis.TestsRuleset +``` + +Or add the following to your `.csproj`: + +```xml + + + all + runtime; build; native; contentfiles; analyzers; buildtransitive + + +``` ## Versioning -Given a version number `MAJOR.MINOR.PATCH`, an incremented number for: -- `MAJOR` version means there are incompatible changes with the previous version, -- `MINOR` version means functionality and rules were added, and -- `PATCH` version means that the changes are all completely backwards compatible. Usually when rules were lowered in severity or disabled/removed. +- **MAJOR**: Incompatible changes, may require significant refactoring +- **MINOR**: New rules or rule changes, may break the build +- **PATCH**: Safe to update, only disables or lowers severity of rules + +See [CHANGELOG.md](./CHANGELOG.md) for details. + +## License + +This project is licensed under the [MIT License](./LICENSE). + +## Contributing + +Contributions, issues, and feature requests are welcome! Please open an issue or pull request on [GitHub](https://github.com/neolution-ch/Neolution.CodeAnalysis). + +> **Note:** The ruleset is intentionally opinionated and curated by Neolution to reflect our collective experience and values. While we welcome feedback and suggestions, changes to the rules themselves are carefully considered to maintain consistency across projects. If your requirements differ significantly, you are welcome to fork the package and adapt it to your needs. + +## Links -### What it means in practice: -- You can (and should) always update the package to the latest `PATCH` version whenever you have the chance to do it, it should never break the build. -- Updating to the latest `MINOR` version can break the build and may require minor refactorings. But you can expect to have Roslyn code fixes and/or documentation available for the changes that are needed to fix the build. -- `MAJOR` updates will break your build and may require major refactorings. \ No newline at end of file +- [Source on GitHub](https://github.com/neolution-ch/Neolution.CodeAnalysis) +- [NuGet: Neolution.CodeAnalysis](https://www.nuget.org/packages/Neolution.CodeAnalysis/) +- [NuGet: Neolution.CodeAnalysis.TestsRuleset](https://www.nuget.org/packages/Neolution.CodeAnalysis.TestsRuleset/) \ No newline at end of file diff --git a/build/Neolution.CodeAnalysis.globalconfig b/build/Neolution.CodeAnalysis.globalconfig index cc21f27..5ee15a5 100644 --- a/build/Neolution.CodeAnalysis.globalconfig +++ b/build/Neolution.CodeAnalysis.globalconfig @@ -276,7 +276,7 @@ dotnet_diagnostic.S6931.severity = none # S6678: Use PascalCase for named placeholders ; Team decided that enforcing this rule is not worth the effort -dotnet_diagnostic.S6678.severity = none +dotnet_diagnostic.S6678.severity = suggestion # S6964: Value type property used as input in a controller action should be nullable, required or annotated with the JsonRequiredAttribute to avoid under-posting ; This is handled by a custom model binder in our project templates that produces a bad request response in case of under-posting From 04757a6e59f00fc3459acbec05554424b65a0c3f Mon Sep 17 00:00:00 2001 From: Sandro Ciervo Date: Tue, 10 Jun 2025 10:42:43 +0200 Subject: [PATCH 20/23] Add icon.png to nuspec --- Neolution.CodeAnalysis.TestsRuleset.nuspec | 1 + Neolution.CodeAnalysis.nuspec | 1 + stylecop.json | 16 ---------------- 3 files changed, 2 insertions(+), 16 deletions(-) delete mode 100644 stylecop.json diff --git a/Neolution.CodeAnalysis.TestsRuleset.nuspec b/Neolution.CodeAnalysis.TestsRuleset.nuspec index a1ce328..3f3ae88 100644 --- a/Neolution.CodeAnalysis.TestsRuleset.nuspec +++ b/Neolution.CodeAnalysis.TestsRuleset.nuspec @@ -25,5 +25,6 @@ + diff --git a/Neolution.CodeAnalysis.nuspec b/Neolution.CodeAnalysis.nuspec index 83a6259..5c2371e 100644 --- a/Neolution.CodeAnalysis.nuspec +++ b/Neolution.CodeAnalysis.nuspec @@ -24,5 +24,6 @@ + diff --git a/stylecop.json b/stylecop.json deleted file mode 100644 index 7989950..0000000 --- a/stylecop.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/DotNetAnalyzers/StyleCopAnalyzers/master/StyleCop.Analyzers/StyleCop.Analyzers/Settings/stylecop.schema.json", - "settings": { - "documentationRules": { - "documentPrivateElements": true, - "documentPrivateFields": true, - "documentationCulture": "en-US" - }, - "namingRules": { - "allowCommonHungarianPrefixes": true, - "allowedHungarianPrefixes": [ - "db", "ip" - ] - } - } -} \ No newline at end of file From 6437c4c1b38ad520ca71ff823a180ae755bcdbb9 Mon Sep 17 00:00:00 2001 From: Sandro Ciervo Date: Tue, 10 Jun 2025 10:46:12 +0200 Subject: [PATCH 21/23] better description --- .github/workflows/create-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index bfd63fd..8a209b4 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -16,7 +16,7 @@ on: continue_prerelease: type: boolean description: | - Increase existing pre-release revision + No version number bump, increase pre-release revision instead. default: false version_bump: From 534338a3be0cddf2272b4f4d16998d6af8e444c7 Mon Sep 17 00:00:00 2001 From: Sandro Ciervo Date: Tue, 10 Jun 2025 10:50:27 +0200 Subject: [PATCH 22/23] minor details --- .github/workflows/create-release.yml | 2 +- CHANGELOG.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 8a209b4..e522871 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -16,7 +16,7 @@ on: continue_prerelease: type: boolean description: | - No version number bump, increase pre-release revision instead. + Do not bump version number, increase pre-release revision number instead. default: false version_bump: diff --git a/CHANGELOG.md b/CHANGELOG.md index a2d448f..0b59ffb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,7 @@ and adheres to a project-specific [Versioning](/README.md). ### Fixed - Improved README by describing the purpose, usage, and versioning of the package. -- Adds repository and icon information to the test ruleset NuGet package. +- Added repository and icon information to the test ruleset NuGet package. ### Changed From 315fefef7474bacdbf3e2ab20d85a79ca813708e Mon Sep 17 00:00:00 2001 From: Sandro Ciervo Date: Fri, 13 Jun 2025 17:04:55 +0200 Subject: [PATCH 23/23] Downgrade S2139 to suggestion --- CHANGELOG.md | 1 - build/Neolution.CodeAnalysis.globalconfig | 4 ++++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0b59ffb..7b92301 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,7 +18,6 @@ and adheres to a project-specific [Versioning](/README.md). ### Added -- S2139: Exceptions should be either logged or rethrown but not both - S2629: Logging templates should be constant - S3431: "[ExpectedException]" should not be used - S4347: Secure random number generators should not output predictable values diff --git a/build/Neolution.CodeAnalysis.globalconfig b/build/Neolution.CodeAnalysis.globalconfig index 5ee15a5..6b120bc 100644 --- a/build/Neolution.CodeAnalysis.globalconfig +++ b/build/Neolution.CodeAnalysis.globalconfig @@ -282,6 +282,10 @@ dotnet_diagnostic.S6678.severity = suggestion ; This is handled by a custom model binder in our project templates that produces a bad request response in case of under-posting dotnet_diagnostic.S6964.severity = none +# S2139: Exceptions should be either logged or rethrown but not both +; Although this rule makes sense, we do not want to enforce it +dotnet_diagnostic.S2139.severity = suggestion + # S107: Methods should not have too many parameters dotnet_diagnostic.S107.severity = warning