Merge pull request #4989 from arturcic/fix/sonar-fixes

fix: resolve SonarCloud issues in build, new-cli, and CI workflows

Author: arturcic

.codegraph/.gitignore

@@ -0,0 +1,5 @@
+# CodeGraph data files — local to each machine, not for committing.
+# Ignore everything in .codegraph/ except this file itself, so transient
+# files (the database, daemon.pid, sockets, logs) never show up in git.
+*
+!.gitignore

.github/actions/docker-manifests/action.yml

@@ -31,10 +31,13 @@ runs:
 
     - name: '[Docker Publish Manifests] DockerHub'
       shell: pwsh
+      env:
+        DOTNET_VERSION: ${{ inputs.dotnet_version }}
+        DOCKER_DISTRO: ${{ inputs.docker_distro }}
       run: |
         dotnet run/docker.dll `
-              --target=DockerManifest --arch=amd64 --arch=arm64 --dotnet_version=${{ inputs.dotnet_version }} `
-              --docker_distro=${{ inputs.docker_distro }} --docker_registry dockerhub
+              --target=DockerManifest --arch=amd64 --arch=arm64 --dotnet_version=$env:DOTNET_VERSION `
+              --docker_distro=$env:DOCKER_DISTRO --docker_registry dockerhub
 
     - name: Login to GitHub
       uses: docker/login-action@v4
@@ -45,7 +48,10 @@ runs:
 
     - name: '[Docker Publish Manifests] GitHub'
       shell: pwsh
+      env:
+        DOTNET_VERSION: ${{ inputs.dotnet_version }}
+        DOCKER_DISTRO: ${{ inputs.docker_distro }}
       run: |
         dotnet run/docker.dll `
-              --target=DockerManifest --arch=amd64 --arch=arm64 --dotnet_version=${{ inputs.dotnet_version }} `
-              --docker_distro=${{ inputs.docker_distro }} --docker_registry github
+              --target=DockerManifest --arch=amd64 --arch=arm64 --dotnet_version=$env:DOTNET_VERSION `
+              --docker_distro=$env:DOCKER_DISTRO --docker_registry github

.github/actions/docker-publish/action.yml

@@ -34,10 +34,14 @@ runs:
 
     - name: '[Docker Publish] DockerHub'
       shell: pwsh
+      env:
+        ARCH: ${{ inputs.arch }}
+        DOTNET_VERSION: ${{ inputs.dotnet_version }}
+        DOCKER_DISTRO: ${{ inputs.docker_distro }}
       run: |
         dotnet run/docker.dll `
-              --target=DockerPublish --arch=${{ inputs.arch }} --dotnet_version=${{ inputs.dotnet_version }} `
-              --docker_distro=${{ inputs.docker_distro }} --docker_registry dockerhub --verbosity=diagnostic
+              --target=DockerPublish --arch=$env:ARCH --dotnet_version=$env:DOTNET_VERSION `
+              --docker_distro=$env:DOCKER_DISTRO --docker_registry dockerhub --verbosity=diagnostic
 
     - name: Login to GitHub
       uses: docker/login-action@v4
@@ -48,7 +52,11 @@ runs:
 
     - name: '[Docker Publish] GitHub'
       shell: pwsh
+      env:
+        ARCH: ${{ inputs.arch }}
+        DOTNET_VERSION: ${{ inputs.dotnet_version }}
+        DOCKER_DISTRO: ${{ inputs.docker_distro }}
       run: |
         dotnet run/docker.dll `
-              --target=DockerPublish --arch=${{ inputs.arch }} --dotnet_version=${{ inputs.dotnet_version }} `
-              --docker_distro=${{ inputs.docker_distro }} --docker_registry github --verbosity=diagnostic
+              --target=DockerPublish --arch=$env:ARCH --dotnet_version=$env:DOTNET_VERSION `
+              --docker_distro=$env:DOCKER_DISTRO --docker_registry github --verbosity=diagnostic

.github/workflows/ci.yml

@@ -37,10 +37,7 @@ env:
   ENABLED_DIAGNOSTICS: ${{ vars.ENABLED_DIAGNOSTICS }}
 
 permissions:
-  id-token: write
   contents: read
-  packages: write
-  attestations: write
 
 jobs:
   prepare:
@@ -66,6 +63,9 @@ jobs:
   unit_test:
     name: Test
     needs: [ prepare, publish_flags ]
+    permissions:
+      contents: read
+      id-token: write
     uses: ./.github/workflows/_unit_tests.yml
     with:
       dotnet_versions: ${{ needs.prepare.outputs.dotnet_versions }}
@@ -98,6 +98,9 @@ jobs:
   docker_linux_images:
     needs: [ prepare, build, publish_flags ]
     name: Docker Images (${{ matrix.arch }})
+    permissions:
+      contents: read
+      packages: write
     strategy:
       fail-fast: false
       matrix:
@@ -119,6 +122,9 @@ jobs:
   docker_linux_manifests:
     needs: [ prepare, docker_linux_images, publish_flags ]
     name: Docker Manifests
+    permissions:
+      contents: read
+      packages: write
     uses: ./.github/workflows/_docker_manifests.yml
     with:
       docker_distros: ${{ needs.prepare.outputs.docker_distros }}
@@ -129,6 +135,10 @@ jobs:
   publish:
     name: Publish
     needs: [ artifacts_windows_test, artifacts_linux_test, publish_flags ]
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
     uses: ./.github/workflows/_publish.yml
     with:
       publish_packages: ${{ fromJson(needs.publish_flags.outputs.can_publish) }}

.github/workflows/format.yml

@@ -51,4 +51,4 @@ jobs:
         run: dotnet format ./build/ --verify-no-changes
 
       - name: Run Format 'GitVersion' solution
-        run: dotnet format ./src/ --exclude **/AddFormats/ --verify-no-changes
+        run: dotnet format ./src/ --exclude "**/AddFormats/" --verify-no-changes

build.ps1

@@ -6,21 +6,21 @@ The build stage to execute.
 The build script target to run.
 .PARAMETER Verbosity
 Specifies the amount of information to be displayed.
-.PARAMETER WhatIf
+.PARAMETER DryRun
 Performs a dry run of the build script.
 No tasks will be executed.
 .PARAMETER ScriptArgs
 Remaining arguments are added here.
 #>
 
 [CmdletBinding()]
-Param(
+param(
     [ValidateSet("artifacts", "build", "docker", "docs", "publish", "release")]
     [string]$Stage = "build",
     [string]$Target = "Default",
     [string]$Verbosity = "Normal",
-    [Alias("DryRun","Noop")]
-    [switch]$WhatIf,
+    [Alias("WhatIf","Noop")]
+    [switch]$DryRun,
     [switch]$Exclusive,
     [Parameter(Position=0,Mandatory=$false,ValueFromRemainingArguments=$true)]
     [string[]]$ScriptArgs
@@ -39,7 +39,7 @@ $env:DOTNET_NOLOGO=$true
 $Arguments = @{
     target=$Target;
     verbosity=$Verbosity;
-    dryrun=$WhatIf;
+    dryrun=$DryRun;
     exclusive=$Exclusive;
     nuget_useinprocessclient=$true;
 }.GetEnumerator() | ForEach-Object {

build/build/BuildContext.cs

@@ -7,7 +7,7 @@ public class BuildContext(ICakeContext context) : BuildContextBase(context)
 {
     public string MsBuildConfiguration { get; set; } = Constants.DefaultConfiguration;
 
-    public readonly Dictionary<PlatformFamily, string[]> NativeRuntimes = new()
+    public readonly IReadOnlyDictionary<PlatformFamily, string[]> NativeRuntimes = new Dictionary<PlatformFamily, string[]>()
     {
         [PlatformFamily.Windows] = ["win-x64", "win-arm64"],
         [PlatformFamily.Linux] = ["linux-x64", "linux-musl-x64", "linux-arm64", "linux-musl-arm64"],

build/build/Tasks/Test/UnitTest.cs

@@ -24,7 +24,7 @@ public override void Run(BuildContext context)
             }
             if (!frameworks.Contains(dotnetVersion, StringComparer.OrdinalIgnoreCase))
             {
-                throw new Exception($"Dotnet Target {dotnetVersion} is not supported at the moment");
+                throw new NotSupportedException($"Dotnet Target {dotnetVersion} is not supported at the moment");
             }
             frameworks = [dotnetVersion];
         }

build/common/Addins/GitVersion/GitVersionRunner.cs

@@ -62,6 +62,36 @@ private ProcessArgumentBuilder GetArguments(GitVersionSettings settings)
     {
         var builder = new ProcessArgumentBuilder();
 
+        AppendOutputArguments(builder, settings);
+
+        if (!string.IsNullOrWhiteSpace(settings.ShowVariable))
+        {
+            builder.Append("-showvariable");
+            builder.Append(settings.ShowVariable);
+        }
+
+        AppendAuthenticationArguments(builder, settings);
+        AppendAssemblyInfoArguments(builder, settings);
+        AppendRepositoryArguments(builder, settings);
+
+        if (settings.LogFilePath != null)
+        {
+            builder.Append("-l");
+            builder.AppendQuoted(settings.LogFilePath.FullPath);
+        }
+
+        if (settings.NoFetch)
+        {
+            builder.Append("-nofetch");
+        }
+
+        AppendVerbosityArguments(builder, settings);
+
+        return builder;
+    }
+
+    private static void AppendOutputArguments(ProcessArgumentBuilder builder, GitVersionSettings settings)
+    {
         if (settings.OutputTypes.Contains(GitVersionOutput.Json))
         {
             builder.Append("-output");
@@ -73,86 +103,87 @@ private ProcessArgumentBuilder GetArguments(GitVersionSettings settings)
             builder.Append("-output");
             builder.Append("buildserver");
         }
+    }
 
-        if (!string.IsNullOrWhiteSpace(settings.ShowVariable))
+    private static void AppendAuthenticationArguments(ProcessArgumentBuilder builder, GitVersionSettings settings)
+    {
+        if (string.IsNullOrWhiteSpace(settings.UserName))
         {
-            builder.Append("-showvariable");
-            builder.Append(settings.ShowVariable);
+            return;
         }
 
-        if (!string.IsNullOrWhiteSpace(settings.UserName))
-        {
-            builder.Append("-u");
-            builder.AppendQuoted(settings.UserName);
+        builder.Append("-u");
+        builder.AppendQuoted(settings.UserName);
 
-            builder.Append("-p");
-            builder.AppendQuotedSecret(settings.Password);
-        }
+        builder.Append("-p");
+        builder.AppendQuotedSecret(settings.Password);
+    }
 
-        if (settings.UpdateAssemblyInfo)
+    private static void AppendAssemblyInfoArguments(ProcessArgumentBuilder builder, GitVersionSettings settings)
+    {
+        if (!settings.UpdateAssemblyInfo)
         {
-            builder.Append("-updateassemblyinfo");
+            return;
+        }
 
-            if (settings.UpdateAssemblyInfoFilePath != null)
-            {
-                builder.AppendQuoted(settings.UpdateAssemblyInfoFilePath.FullPath);
-            }
+        builder.Append("-updateassemblyinfo");
+
+        if (settings.UpdateAssemblyInfoFilePath != null)
+        {
+            builder.AppendQuoted(settings.UpdateAssemblyInfoFilePath.FullPath);
         }
+    }
 
+    private void AppendRepositoryArguments(ProcessArgumentBuilder builder, GitVersionSettings settings)
+    {
         if (settings.RepositoryPath != null)
         {
             builder.Append("-targetpath");
             builder.AppendQuoted(settings.RepositoryPath.FullPath);
+            return;
         }
-        else if (!string.IsNullOrWhiteSpace(settings.Url))
+
+        if (string.IsNullOrWhiteSpace(settings.Url))
         {
-            builder.Append("-url");
-            builder.AppendQuoted(settings.Url);
+            return;
+        }
 
-            if (!string.IsNullOrWhiteSpace(settings.Branch))
-            {
-                builder.Append("-b");
-                builder.Append(settings.Branch);
-            }
-            else
-            {
-                this._log.Warning(
-                    "If you leave the branch name for GitVersion unset, it will fallback to the default branch for the repository.");
-            }
+        builder.Append("-url");
+        builder.AppendQuoted(settings.Url);
 
-            if (!string.IsNullOrWhiteSpace(settings.Commit))
-            {
-                builder.Append("-c");
-                builder.AppendQuoted(settings.Commit);
-            }
-
-            if (settings.DynamicRepositoryPath != null)
-            {
-                builder.Append("-dynamicRepoLocation");
-                builder.AppendQuoted(settings.DynamicRepositoryPath.FullPath);
-            }
+        if (!string.IsNullOrWhiteSpace(settings.Branch))
+        {
+            builder.Append("-b");
+            builder.Append(settings.Branch);
+        }
+        else
+        {
+            this._log.Warning(
+                "If you leave the branch name for GitVersion unset, it will fallback to the default branch for the repository.");
         }
 
-        if (settings.LogFilePath != null)
+        if (!string.IsNullOrWhiteSpace(settings.Commit))
         {
-            builder.Append("-l");
-            builder.AppendQuoted(settings.LogFilePath.FullPath);
+            builder.Append("-c");
+            builder.AppendQuoted(settings.Commit);
         }
 
-        if (settings.NoFetch)
+        if (settings.DynamicRepositoryPath != null)
         {
-            builder.Append("-nofetch");
+            builder.Append("-dynamicRepoLocation");
+            builder.AppendQuoted(settings.DynamicRepositoryPath.FullPath);
         }
+    }
 
+    private void AppendVerbosityArguments(ProcessArgumentBuilder builder, GitVersionSettings settings)
+    {
         var verbosity = settings.Verbosity ?? this._log.Verbosity;
 
         if (verbosity != Verbosity.Normal)
         {
             builder.Append("-verbosity");
             builder.Append(verbosity.ToString());
         }
-
-        return builder;
     }
 
     /// <summary>

build/common/Lifetime/BuildLifetimeBase.cs

@@ -74,7 +74,7 @@ public override void Teardown(T context, ITeardownContext info)
         }
         context.EndGroup();
     }
-    protected void LogBuildInformation(T context)
+    protected static void LogBuildInformation(T context)
     {
         if (context.HasArgument(Arguments.Target))
         {