Proj0044: Enable <RestoreLockedMode> when <ContinuousIntegrationBuild> is enabled

In order to ensure dotnet restore is not allowed to implicitly upgrade package versions that are specified in the lock file, it is necessary to enable “locked mode”. The recommended way of enabling locked mode is to conditionally set the RestoreLockedMode property to true, if the ContinuousIntegrationBuild property is set to true. This is under the assumption that there is a dynamic way in place that ensures ContinuousIntegrationBuild is set to true in CI pipelines.

See also:

When to disable this rule

This rule can be safely disabled if there is any configuration in place to ensure locked mode when restoring dependencies (such as through using --locked-mode or /p:RestoreLockedMode=true) in build pipeline scripts.

Non-compliant

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <TargetFramework>net8.0</TargetFramework>
    <RestorePackagesWithLockFile>true</RestorePackagesWithLockFile>
  </PropertyGroup>

</Project>

Compliant

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <TargetFramework>net8.0</TargetFramework>
    <RestorePackagesWithLockFile>true</RestorePackagesWithLockFile>
    <RestoreLockedMode Condition="'$(ContinuousIntegrationBuild)' == 'true'">true</RestoreLockedMode>
  </PropertyGroup>

</Project>

Or:

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <TargetFramework>net8.0</TargetFramework>
    <RestorePackagesWithLockFile>true</RestorePackagesWithLockFile>
  </PropertyGroup>

  <PropertyGroup Condition="'$(ContinuousIntegrationBuild)' == 'true'">
    <RestoreLockedMode>true</RestoreLockedMode>
  </PropertyGroup>

</Project>

Or:

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <TargetFramework>net8.0</TargetFramework>
    <RestorePackagesWithLockFile>false</RestorePackagesWithLockFile>
  </PropertyGroup>

</Project>