Skip to content

pr.yaml: write protected config files as UTF-8 without BOM#90

Merged
Chris-Wolfgang merged 3 commits into
mainfrom
fix/pr-yaml-bom-encoding-on-protected-config-fetch
May 14, 2026
Merged

pr.yaml: write protected config files as UTF-8 without BOM#90
Chris-Wolfgang merged 3 commits into
mainfrom
fix/pr-yaml-bom-encoding-on-protected-config-fetch

Conversation

@Chris-Wolfgang

@Chris-Wolfgang Chris-Wolfgang commented May 9, 2026

Copy link
Copy Markdown
Owner

Summary

Originally a narrow backport of repo-template#339 (UTF-8 BOM fix for protected-config writes). After review feedback on this PR, the branch was re-synced from canonical `repo-template` so it now carries every `pr.yaml` improvement landed upstream since the initial backport:

  • `UTF8` → `UTF8NoBOM` at the four `Out-File` call sites that write protected configs (the original #339 intent).
  • 4 duplicate `Fetch trusted configuration files from main branch` steps removed (one per job) — landed via repo-template#346.
  • `if: github.event.pull_request.user.login != 'dependabot[bot]'` added to the test-windows fetch step for parity with the other jobs (repo-template#346).
  • `dotnet workload restore` step added to the test jobs. This is a deliberate canonical design — see the comment on the step: workload-bearing repos (MAUI / Android / iOS / WPF) need it; pure libraries hit it as a fast no-op. Uniform workflow files across all 18 Wolfgang.* repos is the goal.

Why

  • The BOM issue was breaking `TreatWarningsAsErrors` on CI for protected `.editorconfig` files (analyzers ignore BOM-prefixed configs, so per-project severity overrides didn't apply).
  • The additional changes are pulled in for free by re-syncing the canonical workflow file, keeping this repo aligned with repo-template main rather than carrying drift.

Test plan

  • CI green (Stage 1 + Stage 2 + Stage 3 + Secrets/DevSkim/CodeQL).
  • Maintainer override for the `Detect .NET Projects` guard (expected — touches `.github/workflows/pr.yaml`).

Backport of repo-template PR #339. The 'Fetch trusted configuration files
from main branch' step writes .editorconfig / Directory.Build.props /
BannedSymbols.txt back via 'Out-File -Encoding UTF8' which writes UTF-8
*with* BOM. The .NET analyzer engine appears to ignore .editorconfig
files prefixed by a BOM, so project-level severity overrides don't apply
on CI even though they apply locally — analyzers fire at default severity
and TreatWarningsAsErrors then escalates them to errors.

Switch to 'Out-File -Encoding UTF8NoBOM' (PS 6+; the runner uses pwsh).

Diagnosed against Chris-Wolfgang/In-memory-Logger PR #32 / run
24996715587. See Chris-Wolfgang/repo-template#339 for the full write-up.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings May 9, 2026 18:15

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the PR CI workflow’s “Fetch trusted configuration files from main branch” PowerShell step to write protected config files as UTF-8 without a BOM, preventing CI analyzer severity regressions caused by BOM-prefixed .editorconfig.

Changes:

  • Switch Out-File encoding from UTF8 to UTF8NoBOM at the four protected-config write sites in the workflow.
  • Ensures copied .editorconfig/build config files are interpreted correctly by .NET analyzers during CI runs.

Comment thread .github/workflows/pr.yaml
Chris-Wolfgang added a commit to Chris-Wolfgang/repo-template that referenced this pull request May 9, 2026
Each of test-linux-core, test-windows, test-macos-core, and security-scan
ran the "Fetch trusted configuration files from main branch" step twice
back-to-back with identical content (modulo trailing whitespace). Drop
the second occurrence in all four jobs so the protected configs are
restored once per job, not twice.

Net effect: 192 lines deleted, no behavior change — second copy was a
no-op since main's configs are already on disk after the first run.
The single remaining occurrence per job retains the same UTF8NoBOM
encoding behavior introduced in #339.

Flagged by Copilot review on the downstream backport
Chris-Wolfgang/ETL-FixedWidth#90 (which this fixes at the canonical
source so every Wolfgang.* repo picks it up on the next sync).
Chris-Wolfgang added a commit to Chris-Wolfgang/repo-template that referenced this pull request May 10, 2026
Each of test-linux-core, test-windows, test-macos-core, and security-scan
ran the "Fetch trusted configuration files from main branch" step twice
back-to-back with identical content (modulo trailing whitespace). Drop
the second occurrence in all four jobs so the protected configs are
restored once per job, not twice.

Net effect: 192 lines deleted, no behavior change — second copy was a
no-op since main's configs are already on disk after the first run.
The single remaining occurrence per job retains the same UTF8NoBOM
encoding behavior introduced in #339.

Flagged by Copilot review on the downstream backport
Chris-Wolfgang/ETL-FixedWidth#90 (which this fixes at the canonical
source so every Wolfgang.* repo picks it up on the next sync).
repo-template#346 merged the dedupe of the doubled "Fetch trusted
configuration files from main branch" step that this PR's Copilot
review flagged, plus added the missing Dependabot guard to the
test-windows variant.

Replace pr.yaml with the canonical version so this repo picks up:
- 4 duplicate fetch steps removed (one per affected job).
- test-windows fetch step now has `if: github.event.pull_request.user.login
  != 'dependabot[bot]'` for parity with the other jobs.

Net effect: 192 lines deleted, no behavior change to the protection
logic itself (the first run was already complete after one fetch).
Copilot AI review requested due to automatic review settings May 10, 2026 21:57

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 4 comments.

Comment thread .github/workflows/pr.yaml
Comment thread .github/workflows/pr.yaml
Comment thread .github/workflows/pr.yaml
Comment thread .github/workflows/pr.yaml
@Chris-Wolfgang Chris-Wolfgang merged commit 6d09f7c into main May 14, 2026
11 of 12 checks passed
@Chris-Wolfgang Chris-Wolfgang deleted the fix/pr-yaml-bom-encoding-on-protected-config-fetch branch May 14, 2026 16:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants