Revamp NuGet package validation

[Copilot]

The validate-packages CI job silently swallowed all validation failures (warning-only, "gradual improvement mode"), applied a single shared exclusion list to every package, and had no mechanism to detect when a new package was introduced without being registered.

Changes

ci.yml — Validate NuGet packages step

• Get-NupkgId helper: reads the .nuspec from inside the .nupkg ZIP in-memory to get the canonical package ID (filename parsing is unreliable with pre-release version strings)
• Per-package $packageRuleOverrides hashtable: replaces the flat $excludedRules array; each key is the NuGet package ID, value is the rules to suppress for that package only
• Global AssembliesMustBeOptimized exclusion retained for non-main branches (debug builds in PRs)
• Failures now fail the build: ::warning:: → ::error:: + $errorCount++; any validation issue not explicitly excluded causes exit 1
• Unknown-package guard: if a produced .nupkg is not in the hashtable, emits an error with exact syntax to register it and fails the build

$packageRuleOverrides = [ordered]@{
  'Reqnroll'                = @('AuthorMustBeSet', 'XmlDocumentationMustBePresent')
  'Reqnroll.Assist.Dynamic' = @('AssembliesMustBeOptimized', 'ReadmeMustBeSet', 'XmlDocumentationMustBePresent')
  'Reqnroll.TUnit'          = @()   # passes all checks — no exclusions
  # ...one entry per known package
}

Initial exclusions are derived from actual errors observed in the latest CI run.

PACKAGE_VALIDATION.md

• Updated to reflect strict failure mode and per-package overrides
• Documents how to register a new package when the unknown-package error fires
• Error code table now includes correct rule names (ReadmeMustBeSet, XmlDocumentationMustBePresent, Symbols, etc.)

Original prompt

Context

The current validate-packages job in .github/workflows/ci.yml (lines 241–304) validates all NuGet packages but has several shortcomings:

1. All packages share the same single excluded-rules list — no per-package control.
2. Validation failures are logged as warnings only and never fail the build ("gradual improvement mode").
3. If a new/unknown package is built, it is silently validated without any indication it needs to be explicitly registered.
4. The PACKAGE_VALIDATION.md lists known error codes (12, 33, 52, 61, 81, 101, 112, 119) that are currently ignored across the board.

What needs to change

1. Per-package rule overrides hashtable

Replace the single shared $excludedRules array with an ordered hashtable where the key is the NuGet package ID (not the filename) and the value is an array of rule names to exclude for that specific package.

Use the Get-NupkgId helper (reading the .nuspec inside the .nupkg ZIP) to map each file to its package ID before looking up overrides.

The hashtable should be defined at the top of the script, with one entry per known Reqnroll package. Base the initial set of exclusions on the known current issues from PACKAGE_VALIDATION.md:

• Error 12 = AuthorNotSet
• Error 33 = IconNotFound / IconMustBeSet
• Error 52 = ProjectUrlNotAccessible
• Error 61 = ReadmeNotSet
• Error 81 = AssembliesMustBeOptimized
• Error 101 = XmlDocumentationNotFound
• Error 112 = DeterministicBuild
• Error 119 = SourceFileNotAccessible

The known Reqnroll packages to register (from the repo's build output pattern) are:

• Reqnroll
• Reqnroll.Generator
• Reqnroll.MsTest
• Reqnroll.NUnit
• Reqnroll.xUnit
• Reqnroll.MSBuild.Generation
• Reqnroll.Tools.MsBuild.Generation
• Reqnroll.VisualStudio.SpecFlowCompatibility.NuGetPackage

Look at the repo's .csproj / Directory.Build.props files to confirm the full list of packages if needed.

The AssembliesMustBeOptimized exclusion should still be added globally (not per-package) for non-main branches.

2. Validation failures → error, not warning

Change the else branch (when $exitCode -ne 0) from emitting a ::warning:: to emitting a ::error:: and incrementing $errorCount. This means the build will fail if any package has validation issues that are not explicitly excluded in the hashtable.

Remove the comment about "gradual improvement mode".

3. Unknown packages → clear instruction, then fail

Before running validation for a package, check if its ID exists in $packageRuleOverrides. If it does not:

• Emit a ::error:: annotation explaining that the package is unknown.
• Print clear instructions showing the exact syntax to add it to the hashtable (with both an empty-exclusions example and an exclusions example).
• Increment $errorCount and continue to the next package.

4. Update PACKAGE_VALIDATION.md

Update PACKAGE_VALIDATION.md to reflect the new behaviour:

• Describe the per-package hashtable and how to add a new package.
• State that validation failures now fail the build.
• Document the unknown-package error and what to do.
• Keep the existing error code reference table.

Implementation notes

• Use Add-Type -AssemblyName System.IO.Compression.FileSystem and read the .nuspec in-memory (no temp dir) to extract the package ID — exactly as shown in our earlier conversation.
• The $packageRuleOverrides hashtable should use [ordered]@{} for readability.
• Per-package excluded rules should be merged with global excluded rules (using + | Select-Object -Unique).
• The script structure should remain inside the existing run: | block in ci.yml — do not split into a separate .ps1 file.
• Make sure the Get-NupkgId function is defined before the loop.

Files to change

• .github/workflows/ci.yml — replace the Validate NuGet packages step script (lines ~254–304)
• PACKAGE_VALIDATION.md — update documentation to reflect new behaviour

The following is the prior conversation context from the user's chat exploration (may be truncated):

User: Kan in powershell een leesbare dictionary maken zoals in json of yaml?

Assistant: Ja, in PowerShell gebruik je een hashtable als equivalent van een dictionary (zoals JSON of YAML). De syntax is goed leesbaar:

---

Hashtable (standaard, ongeordend)

$person = @{
    FirstName = 'Alice'
    LastName  = 'Smith'
    Age       = 30
}

Ordered dictionary (behoudt volgorde van keys)

$orderedPerson = [ordered]@{
    FirstName = 'Alice'
    LastName  = 'Smith'
    Age       = 30
}

Geneste hashtables (dictionary in dictionary)

$company = @{
    Name    = 'Contoso'
    Address = @{
        Street = '123 Main St'
        City   = 'Metropolis'
    }
}

$company.Address.City  # Output: Metropolis

---

Waarden opvragen

$person['FirstName']  # Output: Alice
$person.Age           # Output: 30

...

This pull request was created from Copilot chat.

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.