Enable NuGet package validation#429
Conversation
Add EnablePackageValidation to the main property group so that `dotnet pack` fails fast on binary- and source-breaking changes to the public API surface, matching MaxMind.GeoIP2 and MaxMind.Db.
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Plus Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThis change adds a single property, ChangesPackage Validation Config
Estimated code review effort: 1 (Trivial) | ~2 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Code Review
This pull request enables package validation in the project file. The reviewer pointed out that to validate against the latest published release, a baseline version must be specified using the PackageValidationBaselineVersion property, and a compatibility suppression file should be generated to handle intentional breaking changes in version 6.0.0.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| <PackageReadmeFile>README.md</PackageReadmeFile> | ||
| <PackageProjectUrl>https://github.com/maxmind/minfraud-api-dotnet</PackageProjectUrl> | ||
| <PackageLicenseExpression>Apache-2.0</PackageLicenseExpression> | ||
| <EnablePackageValidation>true</EnablePackageValidation> |
There was a problem hiding this comment.
While setting <EnablePackageValidation>true</EnablePackageValidation> enables the compatible framework and compatible runtime validators, it does not validate the package against a previously published release unless a baseline version is specified.\n\nTo achieve the goal mentioned in the PR description ("fails the build if the package's public API is binary- or source-incompatible with the latest published release"), you need to specify the <PackageValidationBaselineVersion> property.\n\nNote that since 6.0.0 introduces several intentional breaking changes (as documented in releasenotes.md), enabling baseline validation will cause the build to fail unless you also generate a compatibility suppression file. You can generate this file by running:\n\nbash\ndotnet pack /p:GenerateCompatibilitySuppressionFile=true\n\n\nThis will create a CompatibilitySuppressions.xml file in your project directory, which should be committed to source control to document and allow these intentional breaking changes.
<EnablePackageValidation>true</EnablePackageValidation>\n <PackageValidationBaselineVersion>5.3.1</PackageValidationBaselineVersion>
There was a problem hiding this comment.
Good catch on the distinction between the compatible-framework/runtime validators and a baseline comparison against a previously published version. That's correct: this change intentionally enables only the former, matching how MaxMind.GeoIP2 is configured (it also sets EnablePackageValidation without a PackageValidationBaselineVersion).
I'm keeping this PR minimal and not adding baseline validation here, mainly because 6.0.0 (with its intentional breaking changes) hasn't been published yet, so there's no meaningful prior baseline to validate against until after that release ships. Adding PackageValidationBaselineVersion (pointed at 6.0.0 once released) plus a CompatibilitySuppressions.xml for any further intentional breaks would be a reasonable follow-up once we're validating against a real baseline.
For this PR specifically, the CI dotnet pack job (including the Windows job, where these validators run) passed, so the framework/runtime compatibility checks enabled here are already exercised and green.
What
Enable NuGet package validation for
MaxMind.MinFraudby adding<EnablePackageValidation>true</EnablePackageValidation>to the project, matching whatMaxMind.GeoIP2andMaxMind.Dbalready do.Why
With this enabled,
dotnet packrunsMicrosoft.DotNet.PackageValidation, which fails the build if the package's public API is binary- or source-incompatible with the latest published release. This catches accidental breaking API changes at pack time (the release workflow already runsdotnet packon every pull request), keeping the library consistent with the validation the other MaxMind .NET packages already have.Summary by CodeRabbit