dotnet new gitignore should synch up with public template
See original GitHub issueSummary of issue
The dotnet new gitignore
command saves a workflow step when scaffolding projects and really happy to see dotnet new --install Microsoft.DotNet.Common.ItemTemplates::6.0.100
and those workflow improvements.
Drift between gitignore templates or subtractions in the templates might introduce some security issues if secrets are checked in incorrectly for a new project or while doing a project refresh.
As an example, patches from issues updated in a Feb, 2021 template here are not in a June, 2021 template on GitHub.
Repro
This is the first template which comes up in search results for Visual Studio gitignore when scaffolding a new project.
https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
It is different than the template generated using dotnet new gitignore
from the 6.0.100
cli.
https://github.com/dotnet/templating/blob/main/template_feed/Microsoft.DotNet.Common.ItemTemplates/content/Gitignore/.gitignore
- The template here is missing nuget.config comment placeholder. There’s specific scenarios where nuget.config should or shouldn’t be committed in 2021 and a comment indicating so rather than just removing nuget.config could be shown. See https://github.com/NuGet/Home/issues/10566 and https://github.com/github/gitignore/pull/3706 - I don’t know if this situation is resolved but it’s impacting in terms of public/private feed credentials. Also don’t know if it’s responsibility of this repo’s maintainers to maintain the other repo’s gitignore.
- The templating currently excludes .tye files here but not in Github. Would be nice to have a unique identifier (not a url) and some more description about what .tye files are in the .gitignore to look up more info on what tye is and why someone would be ignoring the files from a binary, transitory or security perspective. In any case these should be in synch.
Suggestions
-
Suggest some background task to synch this repo from GitHub gitignore, as two repos code / PRs diverge and improvements happen.
-
Source the template from github directly, with some option to download / refresh it for offline consumers.
-
The template currently provided with dotnet new includes some additional exclusions for mac settings and things that are not really mac settings. Add these to the Github template if required, though are they really needed or is the workflow of a unique developer that could be added to personal/global gitignore? When I see common .gitignore entries for mac, the gitignore list is a lot smaller and usually just include .DS_Store and thumbnails. and config.make, tarballs, etc.
-
The mac ignores look a little broad (eg. *.tar.gz is not mac-specific, it’s a binary archive format) and what is “Mac bundle stuff”. The comments could be more specific and professional if introduced via this repo’s contributions. These will be in every dotnet project.
As a templating library, could enforce further rules and guidance for .gitignore comments, security and ensure standardization in the gitignore for dotnet.
Files to sync:
File | Source | Target |
---|---|---|
.gitignore |
github/gitignore | dotnet/sdk |
template.json |
dotnet/templating | SchemaStore/schemastore - bi-directional |
docs |
dotnet/templating | dotnet/templating/wiki |
Issue Analytics
- State:
- Created 2 years ago
- Comments:18 (12 by maintainers)
Top GitHub Comments
@vlada-shubina See https://github.com/dotnet/templating/issues/4393#issuecomment-1321941999
We don’t have plans to do the sync mechanism for the .NET 7 timeframe currently, but we are open to periodic syncs. There’s one happening over at https://github.com/dotnet/templating/pull/4598 right now, if you’d like to review and ensure it does what you’d expect it to!