Add MSBuild quality review agentic workflow#19958
Merged
Merged
Conversation
Port and adapt microsoft/testfx PR dotnet#8365 ("MSBuild quality review") to a gh-aw workflow for dotnet/fsharp. Runs weekly, audits the repo's .props / .targets / .Targets files for MSBuild authoring issues, files an issue with findings, and can open a draft PR for safe, low-risk fixes. F#-specific adaptations: - Phase 1 discovery rewritten for the fsharp layout: case-insensitive search (-iname) catches the capital-.Targets crown jewels (Microsoft.FSharp.Targets, Microsoft.Portable.FSharp.Targets); prioritizes the shipped F# SDK build logic in src/FSharp.Build, src/fsc, src/fsi and the vsintegration/shims; excludes .dotnet/ (the downloaded SDK), obj/bin/artifacts/packages. - Removed the nonexistent shared/reporting.md import; report template is inline. - Down-weighted the NuGet build/ rules (D-2 and all of E) that don't apply here (fsharp ships via the .NET SDK / FSharp.Build, not NuGet build/ folders) and emphasized Categories A, B, C, D-1/3/4/5. - House-style frontmatter: default copilot engine, network [defaults, dotnet], read-only permissions with safe-outputs for writes. Labels automation + Area-ProjectsAndBuild (both already exist in dotnet/fsharp). - Phase 6 build validation scoped (no full ./build.sh) to fit the 30-min timeout. Lock file compiled with gh aw v0.76.1, matching the repo's existing workflows.
Contributor
✅ No release notes required |
github-actions
Bot
added
⚠️ Affects-Agent-Config
Contributor
|
🔍 Tooling Safety Check — Affects-Agent-Config, Affects-Build-Infra
|
T-Gro
approved these changes
Jun 17, 2026
github-project-automation
Bot
moved this from New
to In Progress
in F# Compiler and Tooling
This was referenced Jun 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The F# SDK build logic shipped in the .NET SDK and the
FSharp.Buildassembly —Microsoft.FSharp.NetSdk.targets,Microsoft.FSharp.Targets, thevsintegration/shims/*, etc. — is imported by every F# project, yet nothing systematically audits these.props/.targetsfiles for MSBuild authoring anti-patterns:*DependsOnchain overwrites, unquoted conditions, missingExists()import guards, semicolon-list clobbering, non-portable paths. A regression in one of these files silently affects all F# builds.Changes
Adds a new GitHub Agentic Workflow (
gh aw) that runs weekly (and on demand), audits the repo's MSBuild files, and files an issue with categorized findings; it can also open a draft PR for safe, low-risk fixes..github/workflows/msbuild-quality-review.md— workflow source (frontmatter + reviewer prompt)..github/workflows/msbuild-quality-review.lock.yml— generated bygh aw compile(not hand-edited).Adapted from microsoft/testfx's MSBuild-quality-review workflow, retuned for this repo:
find(-iname) so the capital-.Targetscrown jewels (Microsoft.FSharp.Targets,Microsoft.Portable.FSharp.Targets) aren't missed; prioritizes shipped SDK build logic insrc/FSharp.Build/,src/fsc/,src/fsi/,vsintegration/shims/; excludes the downloaded.dotnet/SDK plusobj/bin/artifacts/packages.build/rules that don't apply here — F# ships build logic via the .NET SDK /FSharp.Build, not NuGetbuild//buildTransitive/folders — and emphasized the target-authoring, property, item, and import rules that are relevant.network: [defaults, dotnet], read-onlypermissionswith writes only viasafe-outputs. Labelsautomation+Area-ProjectsAndBuild(both already exist).shared/reporting.mdimport (absent here) and scoped Phase 6 build validation so it can't exceed the 30-minute timeout.Tests
gh aw compile(v0.76.1, matching the repo's other lock files) — clean, 0 errors.gh aw trialon real GitHub Actions): activation → agent → detection → safe_outputs → conclusion all green; produced the expected[msbuild-quality] …issue with correct labels. Spot-checked findings were accurate against source, e.g.:Microsoft.FSharp.Targets:224—CoreCompileDependsOnset without$(CoreCompileDependsOn);(drops prior targets).Microsoft.FSharp.NetSdk.targets:174— unquoted condition operands.Notes for reviewers
.lock.ymlis machine-generated; review the.mdand recompile rather than editing the lock.