Proj0044: Enable <RestoreLockedMode> when <ContinuousIntegrationBuild> is enabled

In order to ensure dotnet restore is not allowed to implicitly upgrade package versions that are specified in the lock file, it is necessary to enable “locked mode”. The recommended way of enabling locked mode is to conditionally set the RestoreLockedMode property to true, if the ContinuousIntegrationBuild property is set to true. This is under the assumption that there is a dynamic way in place that ensures ContinuousIntegrationBuild is set to true in CI pipelines.

See also:

• https://devblogs.microsoft.com/dotnet/enable-repeatable-package-restores-using-a-lock-file/
• https://www.meziantou.net/faster-and-safer-nuget-restore-using-source-mapping-and-lock-files.htm

Non-compliant

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <TargetFramework>net10.0</TargetFramework>
    <RestorePackagesWithLockFile>true</RestorePackagesWithLockFile>
  </PropertyGroup>

</Project>

Compliant

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <TargetFramework>net10.0</TargetFramework>
    <RestorePackagesWithLockFile>true</RestorePackagesWithLockFile>
    <RestoreLockedMode Condition="'$(ContinuousIntegrationBuild)' == 'true'">true</RestoreLockedMode>
  </PropertyGroup>

</Project>

Or:

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <TargetFramework>net10.0</TargetFramework>
    <RestorePackagesWithLockFile>true</RestorePackagesWithLockFile>
  </PropertyGroup>

  <PropertyGroup Condition="'$(ContinuousIntegrationBuild)' == 'true'">
    <RestoreLockedMode>true</RestoreLockedMode>
  </PropertyGroup>

</Project>

Or:

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <TargetFramework>net10.0</TargetFramework>
    <RestorePackagesWithLockFile>false</RestorePackagesWithLockFile>
  </PropertyGroup>

</Project>

Or:

Restore dependencies with --locked-mode or /p:RestoreLockedMode=true in build pipeline scripts.