Skip to content

fix: alter build to pull the next dev version - BED-7858 #208

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mykeelium merged 1 commit into from
Apr 3, 2026
+10 −3
Merged

fix: alter build to pull the next dev version - BED-7858 #208

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 10 additions & 3 deletions Sharphound.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,16 +18,23 @@
<CommonLibsStableVersion>4.6.0</CommonLibsStableVersion>
<CommonLibPath>..\SharpHoundCommon\src\CommonLib\bin\$(Configuration)\net472\SharpHoundCommonLib.dll</CommonLibPath>
<RPCPath>..\SharpHoundCommon\src\SharpHoundRPC\bin\$(Configuration)\net472\SharpHoundRPC.dll</RPCPath>


<!-- Derive the dev version by incrementing the patch of the stable version, mirroring
the auto-increment logic in SharpHoundCommon's publish-dev-package pipeline.
e.g. stable=4.6.0 → dev wildcard=4.6.1-dev* -->
<_StablePatch>$([System.Text.RegularExpressions.Regex]::Match($(CommonLibsStableVersion), '[0-9]+$').Value)</_StablePatch>
<_MajorMinor>$([System.Text.RegularExpressions.Regex]::Match($(CommonLibsStableVersion), '^[0-9]+\.[0-9]+').Value)</_MajorMinor>
<CommonLibsDevVersion>$(_MajorMinor).$([MSBuild]::Add($(_StablePatch), 1))-dev*</CommonLibsDevVersion>
Comment on lines +22 to +27
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Search for SharpHoundCommon dev package versions to confirm naming pattern

# Check if nuget.org has packages matching the expected pattern
# Note: This requires the NuGet API to be accessible
curl -s "https://api.nuget.org/v3-flatcontainer/sharphoundcommon/index.json" 2>/dev/null | jq -r '.versions[]' | grep -E '^4\.6\.[0-9]+-dev' | head -10 || echo "Could not fetch package versions - please verify manually on nuget.org or your internal feed"

Repository: SpecterOps/SharpHound

Length of output: 47

Verify that SharpHoundCommon dev packages follow the incremented patch naming pattern.

The regex extraction and MSBuild arithmetic are mathematically sound—they correctly transform 4.6.04.6.1-dev*. However, the verification could not find public SharpHoundCommon dev packages matching the expected 4.6.x-dev* pattern on NuGet.org.

This code assumes SharpHoundCommon publishes dev packages with an incremented patch number (e.g., 4.6.1-dev* after stable 4.6.0). If the actual versioning scheme differs—such as publishing as 4.6.0-dev.xxx or using a private feed with a different pattern—the build will fail when attempting to restore a non-existent package version.

Confirm with the SharpHoundCommon maintainers that dev packages are published using the incremented patch pattern, or adjust the logic to match the actual versioning convention.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@Sharphound.csproj` around lines 22 - 27, The MSBuild logic computes
CommonLibsDevVersion from CommonLibsStableVersion using _StablePatch and
_MajorMinor to form an incremented patch string (CommonLibsDevVersion =
$(_MajorMinor).$([MSBuild]::Add($(_StablePatch), 1))-dev*); verify with the
SharpHoundCommon maintainers that dev packages are actually published on the
feed as an incremented-patch pattern (e.g., 4.6.1-dev*) and not as a same-patch
dev tag (e.g., 4.6.0-dev.xxx) or only on a private feed; if the scheme differs,
update the generation logic (CommonLibsDevVersion) to match the real naming
convention or point the restore to the correct feed so restores succeed.


<CommonSource>Dev</CommonSource>

<!-- Determine if we should use local DLLs -->
<_UseLocalLibs Condition="'$(CommonSource.ToLower())' == 'local'">true</_UseLocalLibs>
<_UseLocalLibs Condition="'$(_UseLocalLibs)' == ''">false</_UseLocalLibs>

<!-- Determine the package version -->
<_CommonLibsVersion Condition="'$(CommonSource.ToLower())' == 'stable'">$(CommonLibsStableVersion)</_CommonLibsVersion>
<_CommonLibsVersion Condition="'$(_CommonLibsVersion)' == ''">$(CommonLibsStableVersion)-dev*</_CommonLibsVersion>
<_CommonLibsVersion Condition="'$(_CommonLibsVersion)' == ''">$(CommonLibsDevVersion)</_CommonLibsVersion>
</PropertyGroup>

<ItemGroup>
Expand Down
Loading