Pin .NET SDK (global.json) + central package management + align EF Core majors#1196
Pin .NET SDK (global.json) + central package management + align EF Core majors#1196Chris0Jeky wants to merge 5 commits into
Conversation
Add global.json with rollForward: latestPatch to ensure all contributors and CI use a consistent .NET 8.0.x SDK version.
- Add Directory.Packages.props with ManagePackageVersionsCentrally - Move all NuGet version declarations from 11 .csproj files to central file - Downgrade Microsoft.EntityFrameworkCore.Tools 10.0.8 -> 8.0.27 to match EF Core 8.x family and net8.0 TFM - Downgrade Npgsql.EntityFrameworkCore.PostgreSQL 9.0.4 -> 8.0.11 to match EF Core 8.x family Verified: dotnet restore + build -c Release + FirstRunBootstrapper tests pass.
There was a problem hiding this comment.
Code Review
This pull request introduces Central Package Management (CPM) for the backend solution by adding a central Directory.Packages.props file and a global.json SDK configuration, while removing explicit version attributes from package references across all project files. The review feedback recommends aligning the versions of Microsoft.AspNetCore.SignalR.Client and several Microsoft.Extensions.* packages to the 8.0.x family to match the net8.0 target framework and prevent potential major version mismatches.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| <PackageVersion Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.27" /> | ||
| <PackageVersion Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="8.0.27" /> | ||
| <PackageVersion Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.27" /> | ||
| <PackageVersion Include="Microsoft.AspNetCore.SignalR.Client" Version="10.0.8" /> |
There was a problem hiding this comment.
The PR description mentions aligning mixed NuGet majors to match the EF Core 8.x family and the net8.0 TFM (e.g., changing Microsoft.EntityFrameworkCore.Tools from 10.0.8 to 8.0.27). However, Microsoft.AspNetCore.SignalR.Client is still set to 10.0.8.\n\nThis should be aligned to the 8.0.x family (specifically 8.0.27 to match the other ASP.NET Core packages in this file) to prevent major version mismatches and ensure compatibility with the net8.0 target framework.
<PackageVersion Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.27" />
| <PackageVersion Include="Microsoft.Extensions.Hosting" Version="10.0.8" /> | ||
| <PackageVersion Include="Microsoft.Extensions.Http.Polly" Version="10.0.8" /> | ||
| <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.8" /> |
There was a problem hiding this comment.
Similar to the EF Core alignment, these Microsoft.Extensions.* packages are currently pinned to major version 10.0.8.\n\nSince the project targets net8.0, these should be aligned to the 8.0.x family (e.g., 8.0.8) to avoid major version mismatches and potential runtime compatibility issues.
<PackageVersion Include="Microsoft.Extensions.Hosting" Version="8.0.8" />\n <PackageVersion Include="Microsoft.Extensions.Http.Polly" Version="8.0.8" />\n <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.8" />
Adversarial Self-Review FindingsCRITICALF1: Dockerfile.production Docker build will fail —
MEDIUMF2: NuGet cache key in release-desktop.yml won't invalidate on version changes — The
LOWF3: Historical migration snapshots retain ProductVersion 9.0.14 — Three older migration designer files ( Analysis: No issues found
|
- Dockerfile.production: copy global.json and Directory.Packages.props into the restore layer so dotnet restore succeeds with CPM - release-desktop.yml: add Directory.Packages.props to NuGet cache dependency path so version changes bust the cache Fixes F1 (CRITICAL) and F2 (MEDIUM) from adversarial self-review.
Address Gemini Code Assist review findings: - Microsoft.AspNetCore.SignalR.Client 10.0.8 -> 8.0.27 - Microsoft.Extensions.Hosting 10.0.8 -> 8.0.1 - Microsoft.Extensions.Http.Polly 10.0.8 -> 8.0.27 - Microsoft.Extensions.Logging.Abstractions 10.0.8 -> 8.0.3 All Microsoft.* packages now consistently use 8.0.x versions matching the net8.0 target framework.
Fix Evidence (post-review)All findings from adversarial self-review and Gemini Code Assist review have been addressed:
Post-fix verification:
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7aa17a9a1d
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| @@ -0,0 +1,7 @@ | |||
| { | |||
There was a problem hiding this comment.
When CI or the documented local commands run from the repository root, this backend/global.json is not seen by the .NET CLI muxer; Microsoft documents that dotnet starts global.json lookup at the current working directory and walks upward, not down into the solution directory (https://learn.microsoft.com/en-us/dotnet/core/tools/global-json). I checked .github/workflows/reusable-backend-solution.yml and .github/workflows/ci-release.yml, which run dotnet restore/build/test backend/Taskdeck.sln from the checkout root, so the main restore/build/test path still uses whichever SDK setup-dotnet installed as 8.0.x instead of this pin. Put the file at the repo root or change those commands to run with working-directory: backend so the SDK pin actually protects CI and contributors.
Useful? React with 👍 / 👎.
- CRITICAL (PR1196-1): Add Directory.Packages.props to cache-dependency-path in all 20 CI workflows that hash .csproj files for NuGet cache keys - IMPORTANT (PR1196-2): Move global.json from backend/ to repo root so it is visible to dotnet commands run from the checkout root (CI + local) - Update Dockerfile.production to COPY global.json from new location
2nd-Pass Review Fix EvidencePR1196-1 (CRITICAL — 20 CI workflows missing cache key): Fixed in
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 99a2983aec
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| # for restore layer caching. Directory.Packages.props and global.json must be | ||
| # present before dotnet restore because .csproj files no longer carry versions. | ||
| COPY backend/Taskdeck.sln backend/ | ||
| COPY global.json ./ |
There was a problem hiding this comment.
This only updates deploy/Dockerfile.production to copy global.json, but the baseline container path still builds deploy/docker/backend.Dockerfile (checked deploy/docker-compose.yml:25-27, .github/workflows/reusable-container-images.yml:20-21, and docs/TESTING_GUIDE.md:1268-1270). That Dockerfile copies only backend/ before dotnet restore, so the new root global.json is absent from /src and compose/local/container CI builds continue using whatever SDK is in mcr.microsoft.com/dotnet/sdk:8.0 instead of the pinned SDK. Please copy global.json in the compose backend Dockerfile as well, or place the pin where that build already copies it.
Useful? React with 👍 / 👎.
Summary
Closes #1127
backend/global.jsonpinning SDK to 8.0.415 withrollForward: latestPatchso all contributors and CI use a consistent .NET 8.0.x SDKbackend/Directory.Packages.propswithManagePackageVersionsCentrally, moving all 38 NuGet version declarations out of 11 individual .csproj files into one central locationMicrosoft.EntityFrameworkCore.Tools10.0.8 → 8.0.27 (match EF Core 8.x family + net8.0 TFM)Npgsql.EntityFrameworkCore.PostgreSQL9.0.4 → 8.0.11 (match EF Core 8.x family)Files changed
backend/global.jsonbackend/Directory.Packages.propsVersion=from PackageReferenceVersion=from PackageReferenceTest plan
dotnet restore backend/Taskdeck.sln— all 11 projects restore cleanlydotnet build backend/Taskdeck.sln -c Release— 0 errors (11 pre-existing warnings unchanged)dotnet test --filter "FullyQualifiedName~FirstRunBootstrapper"— 11 tests passci-required.ymlVersion=attribute on anyPackageReference