Skip to content

Sync pr.yaml with standard CI template#61

Merged
Chris-Wolfgang merged 4 commits into
mainfrom
update/pr-yaml-sync-template
Apr 6, 2026
Merged

Sync pr.yaml with standard CI template#61
Chris-Wolfgang merged 4 commits into
mainfrom
update/pr-yaml-sync-template

Conversation

@Chris-Wolfgang
Copy link
Copy Markdown
Owner

@Chris-Wolfgang Chris-Wolfgang commented Mar 27, 2026

Summary

  • Add security header comment explaining pull_request vs pull_request_target, persist-credentials, and trusted config fetch rationale
  • Switch gitleaks from gitleaks-action@v2 to CLI invocation (v8.24.0) for pull_request compatibility
  • Add trusted configuration file fetch step (.editorconfig, Directory.Build.props, etc. from main branch) after Checkout in all stages and security scan
  • Add 3.1.x to Linux and Windows .NET SDK setup
  • Add netcoreapp3.1 to Linux test TFM extraction and Windows TFM filter regex
  • Fix libssl installation to use APT (focal-security repo) instead of plain wget download
  • Fix DevSkim: remove continue-on-error and -E flag; add exit 1 on critical/high findings
  • Add CODECOV_MINIMUM: 90 env var at workflow level
  • Add coverage collection, report generation, and threshold enforcement to Windows (Stage 2a) and macOS (Stage 2b) stages
  • Update Linux project filter to include netcoreapp|netstandard patterns
  • Replace while-read with mapfile for test project discovery on Linux
  • Fix concurrency block formatting (was on same line as branch list)
  • Use ${CODECOV_MINIMUM:-90} in coverage threshold checks

Test plan

  • Verify secrets-scan job runs gitleaks CLI successfully
  • Verify trusted config fetch works in Linux, Windows, and macOS stages
  • Verify .NET 3.1 SDK installs on Linux and Windows
  • Verify DevSkim scan fails the job on critical/high findings
  • Verify coverage gates work on all three OS stages
  • Verify concurrency cancels in-progress runs correctly

🤖 Generated with Claude Code

Chris-Wolfgang and others added 4 commits March 26, 2026 22:31
@Chris-Wolfgang @claude
Sync pr.yaml with standard template
f2bb30c 
Apply all template sync changes: add security header comment, switch
gitleaks from action@v2 to CLI, add trusted config file fetch step to
all stages and security scan, add 3.1.x to Linux/Windows SDK setup,
add netcoreapp3.1 to test TFM extraction and Windows TFM filter, fix
libssl to use apt instead of wget, fix DevSkim by removing
continue-on-error and -E flag and adding exit 1, add CODECOV_MINIMUM
env var, add coverage to Windows and macOS stages, update project
filter to include netcoreapp|netstandard, replace while-read with
mapfile, fix concurrency block formatting.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@Chris-Wolfgang @claude
Add branch ruleset scripts
024f1f4 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@Chris-Wolfgang @claude
Collapse TargetFrameworks to single line for CI compatibility
836b708 
Multi-line <TargetFrameworks> elements break the grep-based TFM
detection in pr.yaml, causing CI to exclude all projects as
"Framework-only". Single-line format is the project convention.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@Chris-Wolfgang @claude
Remove leading whitespace from TargetFrameworks values
0e76eb4 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@Chris-Wolfgang Chris-Wolfgang merged commit 799f225 into main Apr 6, 2026
5 of 6 checks passed
@Chris-Wolfgang Chris-Wolfgang deleted the update/pr-yaml-sync-template branch April 8, 2026 11:37
@dependabot dependabot Bot mentioned this pull request May 5, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Chris-Wolfgang