feat(sdk): adopt ANcpLua.NET.Sdk 3.4.27 across .NET projects#10
Merged
Conversation
Wire each .NET project to the appropriate ANcpLua.NET.Sdk flavor (3.4.27) through global.json's msbuild-sdks block, mirroring qyl's setup: - Paperless.Contracts → ANcpLua.NET.Sdk (library) - PaperlessREST, PaperlessUI.Blazor → ANcpLua.NET.Sdk.Web - PaperlessServices → ANcpLua.NET.Sdk (worker; UseMicrosoftTestingPlatform=false, explicit OutputType=Exe + M.E.X usings replace Microsoft.NET.Sdk.Worker's implicit defaults) - PaperlessREST.Tests → ANcpLua.NET.Sdk.Web + IsTestProject=true (WebApplicationFactory needs Web SDK; IsTestProject opts in Tests.targets) - PaperlessServices.Tests → ANcpLua.NET.Sdk.Test - Pipeline/Build.csproj stays on Microsoft.NET.Sdk by design (NUKE bootstrap self-contained, opts out of root CPVM) What the SDK brings (Common.props): AnalysisLevel=latest-all, EnforceCodeStyleInBuild, Features=strict, Deterministic, embedded source link, CentralPackageTransitivePinningEnabled, NuGetAudit=all+low, TreatWarningsAsErrors in CI/Release, and 9 auto-injected editorconfigs (Global, CodingStyle, Compiler, GeneratedFiles, NamingConvention, per-analyzer for NetAnalyzers/BannedApiAnalyzers/xunit/AwesomeAssertions/ANcpLua). Test projects also auto-receive AwesomeAssertions + xunit.v3.mtp-v2. JS frontends opt into the Debug solution config via <Build Solution="Debug|*"/> in Paperless.slnx and bump Microsoft.VisualStudio.JavaScript.Sdk to 1.0.5483906 (latest on nuget.org); <ShouldRunNpmInstall>false</ShouldRunNpmInstall> keeps dotnet build inert for them so pnpm-lock.yaml is preserved (CI builds them via their own pnpm jobs per CLAUDE.md). Security: pin NuGet.Packaging 7.3.1 and System.Security.Cryptography.Xml 10.0.7 directly on Pipeline/Build.csproj (closes GHSA-g4vj-cjjj-v7hg, GHSA-37gx-xxp4-5rgx, GHSA-w3x6-4m5h-cxqf transitive through Nuke.Common); the same pins live in Directory.Packages.props so Paperless projects under CPVM get them via transitive pinning. Genuine bugs surfaced by latest-all are fixed in-tree: - xUnit1051: cancellation tokens threaded through Task.Delay calls in DocumentRepositoryIntegrationTests + ErrorOr<>.UploadDocumentAsync calls in DocumentServiceErrorMappingTests - CS1573: Document.CreateFromUpload XML doc gains <param name="timeProvider"> - IDE0052 + IDE1006: unused TypedResults.NotFound()/NoContent() statics in TypedErrorOrAsyncExtensions inlined at use sites - IDE1006: ReportProcessor.Serializer renamed to s_serializer; SInitLock / SInitializedIndices renamed to s_initLock / s_initializedIndices in SearchIndexService - IDE0370: unneeded null-forgiving operators dropped on DocumentService TryMapStorageException return and ServiceCollectionExtensions.AddPostgres connection string Style/migration warnings (AL0025/AL0026/AL0039/RS0030 BannedSymbols, CA2000, CA1034, etc. — 371 sites mostly in test code) are surfaced as warnings but carved out of TreatWarningsAsErrors at Directory.Build.props via WarningsNotAsErrors, scheduled for follow-up cleanup PRs per qyl's pattern. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: ⛔ Files ignored due to path filters (20)
📒 Files selected for processing (2)
📜 Recent review details🧰 Additional context used📓 Path-based instructions (1)**/*.props⚙️ CodeRabbit configuration file
Files:
🔇 Additional comments (3)
Summary by CodeRabbitVerbesserungen
WalkthroughDie Pull-Request aktualisiert zwei zentrale Konfigurationsdateien: ChangesBuild- und Warnkonfiguration
Zentrale Paketverwaltung und Abhängigkeitsversionen
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Suggested labels
🚥 Pre-merge checks | ✅ 6 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (6 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Comment |
There was a problem hiding this comment.
Pull request overview
This PR migrates the repository’s .NET projects to the ANcpLua.NET.Sdk (v3.4.27) via global.json SDK mapping, aligns solution/build behavior for JS .esproj projects, and applies security-related dependency pins plus analyzer/warning policy adjustments to keep CI builds unblocked.
Changes:
- Adopt
ANcpLua.NET.Sdk/.Web/.Testacross projects viaglobal.jsonmsbuild-sdks, with corresponding csproj updates. - Update JS SDK version for
.esprojprojects and preventdotnet buildfrom running npm install; restrict solution builds for JS projects to Debug. - Add transitive security pins and carve out selected analyzer IDs from warnings-as-errors via
Directory.Build.props.
Reviewed changes
Copilot reviewed 22 out of 22 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| Pipeline/Build.csproj | Adds explicit security override package references for the NUKE toolchain. |
| PaperlessUI.React/PaperlessUI.React.esproj | Bumps JavaScript SDK version; disables npm install during build. |
| PaperlessUI.Blazor/PaperlessUI.Blazor.csproj | Switches to ANcpLua.NET.Sdk.Web; adjusts packability settings. |
| PaperlessUI.Angular/PaperlessUI.Angular.esproj | Bumps JavaScript SDK version; disables npm install during build. |
| PaperlessServices/PaperlessServices.csproj | Switches SDK; sets OutputType and restores worker implicit usings explicitly. |
| PaperlessServices/Features/OcrProcessing/Infrastructure/Search/SearchIndexService.cs | Renames static fields to comply with analyzers/naming rules. |
| PaperlessServices.Tests/PaperlessServices.Tests.csproj | Switches to test SDK and relies on SDK-injected test dependencies; enables MTP usage. |
| PaperlessREST/PaperlessREST.csproj | Switches to ANcpLua.NET.Sdk.Web; removes now-SDK-provided properties; sets packability. |
| PaperlessREST/Host/Extensions/TypedErrorOrAsyncExtensions.cs | Removes cached typed-result instances and constructs typed results inline. |
| PaperlessREST/Host/Extensions/ServiceCollectionExtensions.cs | Adjusts Postgres data source construction (now without null-forgiving operator). |
| PaperlessREST/Features/DocumentManagement/Application/DocumentService.cs | Removes null-forgiving default branch in storage exception mapping. |
| PaperlessREST/Features/DocumentManagement/Application/Document.cs | Updates XML docs to include timeProvider parameter. |
| PaperlessREST/Features/BatchProcessing/Application/ReportProcessor.cs | Renames static serializer field to match naming rules. |
| PaperlessREST.Tests/Unit/DocumentServiceErrorMappingTests.cs | Passes test cancellation tokens to UploadDocumentAsync. |
| PaperlessREST.Tests/PaperlessREST.Tests.csproj | Switches to ANcpLua.NET.Sdk.Web and opts into test targets via IsTestProject. |
| PaperlessREST.Tests/Integration/DocumentRepositoryIntegrationTests.cs | Adds cancellation tokens to Task.Delay calls. |
| Paperless.slnx | Restricts JS .esproj projects to build only under Debug configurations. |
| Paperless.Contracts/Paperless.Contracts.csproj | Switches to ANcpLua.NET.Sdk. |
| global.json | Adds msbuild-sdks mapping for ANcpLua.NET.Sdk* v3.4.27. |
| Directory.Packages.props | Enables transitive central pinning and adds security pin versions; removes central AA versions. |
| Directory.Build.props | Adds WarningsNotAsErrors carve-outs for deferred analyzer cleanup. |
| .nuke/build.schema.json | Adds Verify target to NUKE schema enum list. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| private IServiceCollection AddPostgres(IConfiguration config) | ||
| { | ||
| NpgsqlDataSource dataSource = new NpgsqlDataSourceBuilder(config.GetConnectionString("PaperlessDb")!) | ||
| NpgsqlDataSource dataSource = new NpgsqlDataSourceBuilder(config.GetConnectionString("PaperlessDb")) |
Comment on lines
+7
to
+8
| <!-- Apply central versions to transitive deps too, so the GHSA pins below propagate | ||
| into Pipeline (which still runs on Microsoft.NET.Sdk for NUKE compatibility). --> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
ANcpLua.NET.Sdkflavor (3.4.27) viaglobal.json'smsbuild-sdksblock; mirrors qyl's setup. Strict SDK defaults (AnalysisLevel=latest-all,Features=strict, NuGet audit, CPVM with transitive pinning, 9 auto-injected.editorconfiganalyzer configs, banned-symbols, deterministic + embedded source link, CI/ReleaseTreatWarningsAsErrors).<Build Solution="Debug|*"/>and bumpMicrosoft.VisualStudio.JavaScript.Sdkto1.0.5483906;ShouldRunNpmInstall=falsekeepsdotnet buildinert for them sopnpm-lock.yamlis preserved (frontends still build via their ownpnpmCI jobs perCLAUDE.md).NuGet.Packaging 7.3.1+System.Security.Cryptography.Xml 10.0.7close GHSA-g4vj-cjjj-v7hg, GHSA-37gx-xxp4-5rgx, GHSA-w3x6-4m5h-cxqf transitive throughNuke.Common.latest-allthat can't be safely deferred (xUnit1051 cancellation tokens, CS1573 XML doc, IDE1006/IDE0370/IDE0052 in production). Migration-style warnings (AL0025/AL0026/AL0039/RS0030/CA2000/CA1034 etc., 371 mostly-test sites) are carved out ofTreatWarningsAsErrorsviaWarningsNotAsErrorsatDirectory.Build.props, scheduled for follow-up cleanup PRs.Project SDK mapping
Paperless.ContractsMicrosoft.NET.SdkANcpLua.NET.SdkPaperlessRESTMicrosoft.NET.Sdk.WebANcpLua.NET.Sdk.WebPaperlessServicesMicrosoft.NET.Sdk.WorkerANcpLua.NET.Sdk(+ explicitOutputType=Exe+Microsoft.Extensions.*usings)PaperlessREST.TestsMicrosoft.NET.Sdk.WebANcpLua.NET.Sdk.Web+IsTestProject=true(WAF needs Web SDK)PaperlessServices.TestsMicrosoft.NET.SdkANcpLua.NET.Sdk.TestPaperlessUI.BlazorMicrosoft.NET.Sdk.WebANcpLua.NET.Sdk.WebPipeline/Build.csprojMicrosoft.NET.SdkTest plan
dotnet build Paperless.slnx -c Debug— 0 errorsdotnet build Paperless.slnx -c Release -p:ContinuousIntegrationBuild=true— 0 errors, 371 deferred-style warnings./build.sh Compile— Restore + Compile succeed./build.sh UnitTests— both test DLLs pass (0 failed, 0 skipped)./build.sh IntegrationTests— needs container stack; run in CIFollow-up PRs
Follow-up cleanup PRs (one analyzer family per PR) will lift the carve-outs in
Directory.Build.props:WarningsNotAsErrorsonce each rule reaches zero sites:🤖 Generated with Claude Code