Skip to content

Canonical sync (protected files) ahead of v0.2.1#179

Merged
Chris-Wolfgang merged 1 commit into
mainfrom
protected/canonical-etl-dbclient-v0.2.1
Jun 19, 2026
Merged

Canonical sync (protected files) ahead of v0.2.1#179
Chris-Wolfgang merged 1 commit into
mainfrom
protected/canonical-etl-dbclient-v0.2.1

Conversation

@Chris-Wolfgang

Copy link
Copy Markdown
Owner

Why this PR exists

The Release v0.2.1 PR (#126) has 59 files in its diff, 11 of which are "protected" under pr.yaml's Detect .NET Projects guard. Merging #126 as-is would require admin-bypass on the whole 59-file diff — and the bypass waives every ruleset rule at once, including required_review_thread_resolution on the 48 non-protected files.

This split-out PR carries only the 11 protected files so the bypass surface is small and easy to eyeball. #126 then merges through the standard ruleset with full review-thread enforcement.

What's in here

File Why it's protected
.editorconfig Root .editorconfig is exact-match protected — controls analyzer rules and code style
BannedSymbols.txt Banned API list — protected so a malicious PR can't allow Process.Start("rm") past CI
Directory.Build.props MSBuild defaults — protected so analyzer/SDK pins can't be silently disabled
.github/workflows/benchmarks.yaml Workflow files glob-protected (P2 BenchmarkDotNet → chart)
.github/workflows/build-all-versions.yaml Same
.github/workflows/codeql.yaml Same
.github/workflows/docfx.yaml Same
.github/workflows/integration-status.yaml Same (per-DB integration status badges)
.github/workflows/pr.yaml Same — this is the file that defines the guard
.github/workflows/release.yaml Same
.github/workflows/stryker.yaml Same (new in this release — T3 mutation-testing workflow)

These are verbatim copies of vNext's content. No edits applied during extraction — git diff origin/main shows exactly the deltas already on vNext.

Expected CI behaviour

  • Detect .NET Projects → ❌ FAIL (expected — that's why we're splitting)
  • Stages 1/2/3 → SKIPPED (gated on detect-projects.outputs.has-projects)
  • Secrets Scan (gitleaks), Security Scan (DevSkim), Security Scan (CodeQL) → ✅ should pass

Merge plan

  1. Maintainer admin-bypass-merges this PR (one click, 11-file diff, easy to review).
  2. I merge origin/main back into vNext — the protected-file delta on #126 vanishes.
  3. #126 flips from "needs admin bypass" to MERGEABLE with full ruleset enforcement.
  4. #126 merges via the normal merge button.

Same shape as

This is the standard split done today for Try-Pattern #166 (#202) and System.Mail-Extensions #119 (#162). Same recipe.

Extracts the protected-file deltas from vNext (Release v0.2.1 PR #126)
so that PR can merge through the standard ruleset rather than admin-
bypassing the entire 59-file diff (which would also waive
required_review_thread_resolution on every non-protected file).

Files in this PR (matching the `Detect .NET Projects` guard patterns):
- .editorconfig
- BannedSymbols.txt
- Directory.Build.props
- .github/workflows/benchmarks.yaml
- .github/workflows/build-all-versions.yaml
- .github/workflows/codeql.yaml
- .github/workflows/docfx.yaml
- .github/workflows/integration-status.yaml
- .github/workflows/pr.yaml
- .github/workflows/release.yaml
- .github/workflows/stryker.yaml

These carry the canonical CI/analyzer/banned-API updates folded into
v0.2.1 (C1 fleet template-drift sync, CI2 github-actions Dependabot
ecosystem, A1 PublicApiAnalyzers scaffolding, T3 Stryker workflow,
D6 versions preservation guard, D8 inline root redirect, P2
benchmark-action chart workflow, integration-status badge workflow,
etc.). They are verbatim copies of vNext's content at the time of
extraction; no new edits.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@Chris-Wolfgang Chris-Wolfgang merged commit 230e877 into main Jun 19, 2026
13 of 14 checks passed
@Chris-Wolfgang Chris-Wolfgang deleted the protected/canonical-etl-dbclient-v0.2.1 branch June 19, 2026 23:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant