Recommended changes resulting from automated audit

[Jericho]

We performed an automated audit of your Cake addin and found that it does not follow all the best practices.

We encourage you to make the following modifications:

• [x] We were unable to determine what version of Cake.Core your addin is referencing. Please make sure you are referencing 0.28.0
• [x] The Cake.Core reference should be private. Specifically, your addin's .csproj should have a line similar to this: <PackageReference Include="Cake.Core" Version="0.28.0" PrivateAssets="All" />
• [x] Your addin should target netstandard2.0. Please note that there is no need to multi-target, netstandard2.0 is sufficient.
• [ ] The nuget package for your addin should use the cake-contrib icon. Specifically, your addin's .csproj should have a line like this: <PackageIconUrl>https://cdn.rawgit.com/cake-contrib/graphics/a5cf0f881c390650144b2243ae551d5b9f836196/png/cake-contrib-medium.png</PackageIconUrl>.

Apologies if this is already being worked on, or if there are existing open issues, this issue was created based on what is currently published for this package on NuGet.org and in the project on github.

[luisgoncalves]

Hello @jzeferino,

Since 0.25.0 cake uses a in-process nuget client, which allows loading package dependencies (https://cakebuild.net/docs/fundamentals/default-configuration-values#in-process-nuget-installation). For the changes on this addin we have two options:

1) Keep bundling the ResxConverter.Core and ResxConverter.Mobile assemblies with the addin.

• Requires that we keep using a nuspec file. 2) Rely on package dependencies
• Requires Cake >= 0.25.0 on consumers (no problem since we'll target 0.28.0 anyway)
• Requires that the addin is included using loaddependencies=true. See example on Cake.Email: https://github.com/cake-contrib/Cake.Email.

What do you think?

[jzeferino]

Thanks for the info. I would prefer the option 2. This is related with what you've said in #4? correct?

[luisgoncalves]

Ok, lets go with option 2. Not sure what you meant by "what you've said in #4"...

[jzeferino]

My mistake sorry. I mean https://github.com/jzeferino/ResxConverter/pull/28.

[luisgoncalves]

Then yes, but for the CLI I think that possible use cases don't include resolution of nuget package deps, so bundling all the assemblies sounds better.

[Jericho]

We performed a follow up automated audit of your Cake addin and found that some (or all) issues previously identified have not been resolved.

We strongly encourage you to make the modifications previously highlighted.

Apologies if this is already being worked on, or if there are existing open issues, this issue was created based on what is currently published for this package on NuGet.

This comment was created by a tool: Cake.AddinDiscoverer version 3.12.1