From f97e24ce90b334ca1a73b1f1d0a53dc845c2d5b5 Mon Sep 17 00:00:00 2001 From: Alex S Date: Fri, 19 Sep 2025 20:15:31 -0700 Subject: [PATCH 1/2] Indentation and file name --- README.md | 96 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 49 insertions(+), 47 deletions(-) diff --git a/README.md b/README.md index d210c79..4f6d6b6 100644 --- a/README.md +++ b/README.md @@ -33,38 +33,40 @@ Schema of the rules file is as follows: ```json { "ProjectDependencies": [ - { - "From": "", - "To": "", - "Policy": "", - "LinkType": "", - "Description": "", - "Exceptions": [ - { - "From": "", - "To": "", - "Justification": "" - }, - // ... - ] - }, + { + "From": "", + "To": "", + "Policy": "", + "LinkType": "", + "Description": "", + "Exceptions": [ + { + "From": "", + "To": "", + "Justification": "" + }, + // ... + ] + }, + // ... + ] "PackageDependencies": [ - { - "From": "", - "To": "", - "Policy": "", - // "LinkType": "", Only direct package references are analyzed, so LinkType is not needed in this section - "Description": "", - "Exceptions": [ - { - "From": "", - "To": "", - "Justification": "" - }, - // ... - ] - }, - // ... + { + "From": "", + "To": "", + "Policy": "", + // "LinkType": "", Only direct package references are analyzed, so LinkType is not needed in this section + "Description": "", + "Exceptions": [ + { + "From": "", + "To": "", + "Justification": "" + }, + // ... + ] + }, + // ... ] } ``` @@ -106,21 +108,21 @@ Below are few examples of potential rules "from": "*\\Infrastructure\\*", "to": "*", "exceptions": [ - { - "from": "*\\Infrastructure\\*", - "to": "*\\Infrastructure\\*", - "justification": "Infrastructure projects can reference each other" - }, - { - "from": "*Tests.csproj", - "to": "*", - "justification": "tech debt " - }, - { - "from": "*", - "to": "LegacyDependency.csproj", - "justification": "tech debt " - } + { + "from": "*\\Infrastructure\\*", + "to": "*\\Infrastructure\\*", + "justification": "Infrastructure projects can reference each other" + }, + { + "from": "*Tests.csproj", + "to": "*", + "justification": "tech debt " + }, + { + "from": "*", + "to": "LegacyDependency.csproj", + "justification": "tech debt " + } ] }, ``` @@ -155,7 +157,7 @@ Below are few examples of potential rules ``` ## How it works -First - MSBuild task with gather all direct / indirect project references and dump them into a file (typically in `obj/Debug/` folder), named `references.tsv` (inspired by [ReferenceTrimmer](https://github.com/dfederm/ReferenceTrimmer) implementation). During the second stage - Roslyn analyzer will read this file and match it against the dependency rules, defined in a file from `` property. Corresponding diagnostics will be produced if violations are found. +First - MSBuild task with gather all direct / indirect project references and dump them into a file (typically in `obj/Debug/` folder), named `_ReferenceProtector_DeclaredReferences.tsv` (inspired by [ReferenceTrimmer](https://github.com/dfederm/ReferenceTrimmer) implementation). During the second stage - Roslyn analyzer will read this file and match it against the dependency rules, defined in a file from `` property. Corresponding diagnostics will be produced if violations are found. ## How to disable Easiest way is to set `EnableReferenceProtector` variable to false (either in command line or in a project file, like `false`) \ No newline at end of file From 37d8f8e47512930563319604581870996959fb7b Mon Sep 17 00:00:00 2001 From: Alex S Date: Fri, 19 Sep 2025 20:20:29 -0700 Subject: [PATCH 2/2] update info about package dependencies --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4f6d6b6..ffebd02 100644 --- a/README.md +++ b/README.md @@ -82,12 +82,12 @@ Top `ProjectDependencies` object will contain a list of rules to validate agains Top `PackageDependences` object will have the same format as `ProjectDependencies` with `LinkType` omitted, since only direct package references will be considered. Also, `Description` section will be part of `RP0005` warning (as opposed to `RP0004`) ## Matching logic -Each reference between the projects during the build is evaluated against provided list of policies. First each pair of dependent projects is evaluated against `From` and `To` patterns, based on their full path. If the match is successful - their link type is evaluated: if current pair has a direct dependency on each other and `LinkType` value is `Direct` or `DirectOrTransient` - the match is successful, otherwise (the dependency is transient) - `LinkType` should be `Transient` or `DirectOrTransient` for the match to be successful. Then we exceptions are evaluated using the same pattern matching logic with `From` and `To` fields. +Each reference between the projects / packages during the build is evaluated against provided list of policies. First each pair of dependencies is evaluated against `From` and `To` patterns, based on their full path. For project dependencies - if the match is successful - their link type is evaluated: if current pair has a direct dependency on each other and `LinkType` value is `Direct` or `DirectOrTransient` - the match is successful, otherwise (the dependency is transient) - `LinkType` should be `Transient` or `DirectOrTransient` for the match to be successful. Package dependencies are only viewed as direct references. Then the exceptions are evaluated using the same pattern matching logic with `From` and `To` fields. The decision logic is as follows - If current `Policy` value is `Forbidden` - the rule is considered violated if no exceptions were matched - If current `Policy` value is `Allowed` - the rule is considered violated if there are any matched exceptions -Violations of the rule will produce `RT0004` warning during build. +Violations of the rule will produce `RP0004` (for projects) and `RP0005` (for packages) warning during build. Note: in regex matches - `*` is substituted with `.*` for proper regex, and `$` is added at the end. ```