Skip to content

Update dependency pinning#118

Open
mm-psy wants to merge 9 commits into
developfrom
feature/759-update-dependency-pinning
Open

Update dependency pinning#118
mm-psy wants to merge 9 commits into
developfrom
feature/759-update-dependency-pinning

Conversation

@mm-psy
Copy link
Copy Markdown
Contributor

@mm-psy mm-psy commented May 21, 2026

No description provided.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 21, 2026
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 2 package(s) with unknown licenses.
See the Details below.

License Issues

source/AAS.TwinEngine.DataEngine/AAS.TwinEngine.DataEngine.csproj

PackageVersionLicenseIssue Type
Microsoft.Extensions.Http10.0.8NullUnknown License
Microsoft.Extensions.Http10.0.8NullUnknown License
Allowed Licenses: Apache-1.0, Apache-1.1, Apache-2.0, BSL-1.0, BSD-1-Clause, BSD-2-Clause, BSD-2-Clause-FreeBSD, BSD-2-Clause-NetBSD, BSD-3-Clause, BSD-3-Clause-Clear, BSD-3-Clause-No-Nuclear-License, BSD-3-Clause-No-Nuclear-License-2014, BSD-3-Clause-No-Nuclear-Warranty, BSD-3-Clause-Open-MPI, BSD-4-Clause, BSD-Protection, BSD-Source-Code, BSD-3-Clause-Attribution, 0BSD, BSD-2-Clause-Patent, BSD-4-Clause-UC, MIT-CMU, CC-BY-3.0, CC-BY-SA-1.0, CC-BY-SA-2.0, CC-BY-SA-2.5, CC-BY-SA-3.0, CC-BY-SA-4.0, CC0-1.0, WTFPL, MIT-enna, MIT-feh, ISC, JSON, BSD-3-Clause-LBNL, MITNFA, MIT, MIT-0, UPL-1.0, NCSA, X11, Xerox, BlueOak-1.0.0, CC-BY-4.0, MS-PL, PostgreSQL, Python-2.0, SSPL-1.0, OFL-1.1, Unlicense, Unicode-DFS-2016, Unicode-3.0
Excluded from license check: pkg:nuget/AasCore.Aas3_0, pkg:nuget/AasCore.Aas3.Package

OpenSSF Scorecard

PackageVersionScoreDetails
nuget/Microsoft.Extensions.Http 10.0.8 UnknownUnknown
nuget/Microsoft.Extensions.Http 10.0.8 UnknownUnknown

Scanned Files

  • source/AAS.TwinEngine.DataEngine/AAS.TwinEngine.DataEngine.csproj

mm-psy added 5 commits May 21, 2026 11:01
@mm-psy
Update project configuration and add package lock file
6ca72ce 
- Modified AAS.TwinEngine.Plugin.TestPlugin.csproj to include RestorePackagesWithLockFile property.
- Changed package references to use version ranges for better dependency management.
- Added packages.lock.json to lock dependencies and ensure consistent builds.
@mm-psy
Test removed locked mode
0556ec8
@mm-psy
Revert "Test removed locked mode"
e531388 
This reverts commit 0556ec8.
@mm-psy
Update Dockerfiles to use --no-restore flag during publish
be7a9dc
@mm-psy
Refactor Dockerfile publish commands for improved readability
84fad5e
@mm-psy mm-psy marked this pull request as ready for review May 22, 2026 07:58
Copilot AI review requested due to automatic review settings May 22, 2026 07:58
@mm-psy mm-psy requested a review from mm-hsh May 22, 2026 07:59
Copilot AI reviewed May 22, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces deterministic NuGet dependency pinning across the solution by enabling/committing packages.lock.json files and updating build steps/configuration to respect locked restores.

Changes:

  • Enabled NuGet lock files (RestorePackagesWithLockFile) and committed packages.lock.json for application and test projects.
  • Updated Docker build stages to dotnet publish --no-restore after an explicit dotnet restore --locked-mode.
  • Removed renovate.json and adjusted Dependabot configuration (added cooldown for the docker ecosystem).

Reviewed changes

Copilot reviewed 16 out of 16 changed files in this pull request and generated no comments.

Show a summary per file
File Description
source/AAS.TwinEngine.Plugin.TestPlugin/packages.lock.json Adds NuGet lock file for deterministic dependency restore.
source/AAS.TwinEngine.Plugin.TestPlugin/Dockerfile Publishes with --no-restore after locked restore.
source/AAS.TwinEngine.Plugin.TestPlugin/AAS.TwinEngine.Plugin.TestPlugin.csproj Enables lock file restores and pins dependency versions.
source/AAS.TwinEngine.Plugin.TestPlugin.UnitTests/packages.lock.json Adds NuGet lock file for test project restore determinism.
source/AAS.TwinEngine.Plugin.TestPlugin.UnitTests/AAS.TwinEngine.Plugin.TestPlugin.UnitTests.csproj Enables lock file restores and pins dependency versions.
source/AAS.TwinEngine.Plugin.TestPlugin.PlaywrightTests/packages.lock.json Adds NuGet lock file for Playwright test project restore determinism.
source/AAS.TwinEngine.Plugin.TestPlugin.PlaywrightTests/AAS.TwinEngine.Plugin.TestPlugin.PlaywrightTests.csproj Enables lock file restores and pins dependency versions.
source/AAS.TwinEngine.DataEngine/packages.lock.json Adds NuGet lock file for deterministic dependency restore.
source/AAS.TwinEngine.DataEngine/Dockerfile Publishes with --no-restore after locked restore.
source/AAS.TwinEngine.DataEngine/AAS.TwinEngine.DataEngine.csproj Enables lock file restores and pins dependency versions.
source/AAS.TwinEngine.DataEngine.UnitTests/packages.lock.json Adds NuGet lock file for test project restore determinism.
source/AAS.TwinEngine.DataEngine.UnitTests/AAS.TwinEngine.DataEngine.UnitTests.csproj Enables lock file restores and pins dependency versions.
source/AAS.TwinEngine.DataEngine.ModuleTests/packages.lock.json Adds NuGet lock file for module test project restore determinism.
source/AAS.TwinEngine.DataEngine.ModuleTests/AAS.TwinEngine.DataEngine.ModuleTests.csproj Enables lock file restores and pins dependency versions.
renovate.json Removes Renovate configuration.
.github/dependabot.yml Adds cooldown configuration for docker updates.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@mm-hsh mm-hsh requested a review from mm-asha May 22, 2026 11:40
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 22, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 22, 2026

Test & Coverage Report

Test Results Summary

Metric Count
✅ Passed 1253
❌ Failed 0
⏭️ Skipped 0

View Detailed Test Results

Code Coverage

Unit Tests Coverage

Package Line Rate Branch Rate Complexity Health
AAS.TwinEngine.DataEngine 91% 79% 1769
Summary 91% (2780 / 3062) 79% (1183 / 1500) 1769

Minimum allowed line rate is 80%

Module Tests Coverage

Package Line Rate Branch Rate Complexity Health
AAS.TwinEngine.DataEngine 61% 43% 1769
Summary 61% (1858 / 3062) 43% (642 / 1500) 1769

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mm-asha mm-asha mm-asha approved these changes

@mm-hsh mm-hsh mm-hsh approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mm-psy @mm-asha @mm-hsh