Skip to content

Commit cfb8cd9

Browse files
janechuCopilot
andcommitted
chore: align NuGet compliance metadata
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1 parent bcb15bc commit cfb8cd9

8 files changed

Lines changed: 19 additions & 13 deletions

File tree

.github/workflows/publish.yml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -236,8 +236,9 @@ jobs:
236236
237237
# Create GitHub Release with all artifacts. NuGet artifacts are staged
238238
# here for manual nuget.org publishing until ESRP supports automated
239-
# NuGet publishing for this project. Manual publish still requires the
240-
# approved NuGet owner account and signing/certificate process.
239+
# NuGet publishing for this project. Manual publish still requires
240+
# approved Microsoft package ownership, Microsoft-certificate signing for
241+
# each .nupkg, and signed Authenticode-capable package contents.
241242
- name: Create GitHub Release
242243
uses: softprops/action-gh-release@v2
243244
with:

DESIGN.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1533,9 +1533,9 @@ The `Microsoft.WebUI` package is the managed .NET binding for `webui-ffi`. It ta
15331533

15341534
Native assets are split into `Microsoft.WebUI.Runtime.<rid>` packages for each supported RID. The runtime packages share `dotnet/runtime/README.md`, include NuGet release notes pointing to the GitHub release notes, and carry the matching `runtimes/<rid>/native` asset. The managed package references every runtime package so NuGet restores them transitively; .NET then resolves `webui_ffi` from the matching native asset. `WEBUI_LIB_PATH` remains the override for custom local native builds.
15351535

1536-
`dotnet/Directory.Build.props` applies repository metadata, Source Link, and `.snupkg` symbol package generation to packable .NET projects. `cargo xtask publish` runs `dotnet pack` on `dotnet/Microsoft.WebUI.sln` and stages both `.nupkg` and `.snupkg` files under `publish/nuget`.
1536+
`dotnet/Directory.Build.props` applies NuGet metadata to packable .NET projects: `Authors=Microsoft`, `PackageOwners=Microsoft`, a package license URL with `PackageRequireLicenseAcceptance=true`, project and repository URLs, Source Link, release notes links, discoverability tags, the required `© Microsoft Corporation. All rights reserved.` copyright notice, and `.snupkg` symbol package generation. `cargo xtask publish` runs `dotnet pack` on `dotnet/Microsoft.WebUI.sln` and stages both `.nupkg` and `.snupkg` files under `publish/nuget`.
15371537

1538-
NuGet publishing is not automated by ESRP today. Release workflows attach staged NuGet artifacts to GitHub Releases for manual/externally tracked nuget.org publishing with the approved owner and signing process.
1538+
NuGet publishing is not automated by ESRP today. Release workflows attach staged NuGet artifacts to GitHub Releases for manual/externally tracked nuget.org publishing. Before nuget.org publishing, ownership must be limited to the approved Microsoft package owner/co-owner accounts, every Authenticode-signable file in the package must be signed, and each `.nupkg` must be signed with the Microsoft certificate through the approved signing process.
15391539

15401540
### Documentation Guidelines
15411541
- Using `vitepress` in `docs/`

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ dotnet add package Microsoft.WebUI
3131
```
3232

3333
The NuGet package restores platform-specific `Microsoft.WebUI.Runtime.*` native assets transitively. Release builds stage `.nupkg` and `.snupkg` artifacts with repository metadata and Source Link; nuget.org publishing is manual until ESRP automation supports this project.
34+
NuGet metadata uses `Authors=Microsoft`, the `Microsoft` package owner, a stable project URL, a package license URL with license acceptance required, release notes links, discoverability tags, and the required `© Microsoft Corporation. All rights reserved.` copyright notice. Before nuget.org publishing, staged packages and Authenticode-signable contents must be signed with a Microsoft certificate through the approved signing process.
3435

3536
## Learn
3637

dotnet/Directory.Build.props

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,9 @@
33
<Version>0.0.17</Version>
44
<Authors>Microsoft</Authors>
55
<Company>Microsoft</Company>
6-
<PackageLicenseExpression>MIT</PackageLicenseExpression>
6+
<PackageOwners>Microsoft</PackageOwners>
7+
<PackageLicenseUrl>https://github.com/microsoft/webui/blob/main/LICENSE</PackageLicenseUrl>
8+
<PackageRequireLicenseAcceptance>true</PackageRequireLicenseAcceptance>
79
<PackageProjectUrl>https://github.com/microsoft/webui</PackageProjectUrl>
810
<RepositoryUrl>https://github.com/microsoft/webui</RepositoryUrl>
911
<RepositoryType>git</RepositoryType>
@@ -12,9 +14,10 @@
1214
<IncludeSymbols>true</IncludeSymbols>
1315
<SymbolPackageFormat>snupkg</SymbolPackageFormat>
1416
<ContinuousIntegrationBuild Condition="'$(GITHUB_ACTIONS)' == 'true' or '$(TF_BUILD)' == 'true'">true</ContinuousIntegrationBuild>
15-
<Copyright>Copyright (c) Microsoft Corporation</Copyright>
16-
<Description>WebUI — high-performance server-side rendering without JavaScript runtimes.</Description>
17-
<PackageTags>webui</PackageTags>
17+
<Copyright>© Microsoft Corporation. All rights reserved.</Copyright>
18+
<Description>WebUI is a high-performance server-side rendering framework without JavaScript runtimes.</Description>
19+
<PackageReleaseNotes>See https://github.com/microsoft/webui/releases for release notes.</PackageReleaseNotes>
20+
<PackageTags>webui dotnet server-side-rendering ssr templates web-components ffi</PackageTags>
1821
<!-- PackageIcon will be set once an approved 128x128 transparent PNG is available. -->
1922
</PropertyGroup>
2023
<PropertyGroup Condition="$([System.String]::Copy('$(MSBuildProjectName)').StartsWith('Microsoft.WebUI.Runtime.'))">

dotnet/runtime/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,4 +29,4 @@ See the [WebUI repository](https://github.com/microsoft/webui) for full usage gu
2929

3030
## License
3131

32-
MIT - Copyright (c) Microsoft Corporation.
32+
MIT. NuGet package metadata uses © Microsoft Corporation. All rights reserved.

dotnet/src/Microsoft.WebUI/README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -82,7 +82,7 @@ The managed package depends on all supported `Microsoft.WebUI.Runtime.<rid>` pac
8282

8383
### Package Metadata
8484

85-
Packed NuGet artifacts include this README, repository metadata, Source Link, and `.snupkg` symbol packages. Release workflows stage `.nupkg` and `.snupkg` files; nuget.org publishing remains manual/externally tracked until ESRP supports automated NuGet publishing for this project.
85+
Packed NuGet artifacts include this README, repository metadata, Source Link, a package license URL with license acceptance required, release notes links, discoverability tags, the `© Microsoft Corporation. All rights reserved.` notice, and `.snupkg` symbol packages. Release workflows stage `.nupkg` and `.snupkg` files; nuget.org publishing remains manual/externally tracked until ESRP supports automated NuGet publishing for this project. Before publishing, staged packages and Authenticode-signable contents must be signed with a Microsoft certificate through the approved signing process.
8686

8787
### Manual Native Library Path
8888

@@ -106,4 +106,4 @@ cargo xtask dotnet
106106

107107
## License
108108

109-
MIT
109+
MIT. NuGet package metadata uses © Microsoft Corporation. All rights reserved.

dotnet/tool/Microsoft.WebUI.Tool/Microsoft.WebUI.Tool.csproj

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,5 +11,6 @@
1111
<ToolCommandName>webui</ToolCommandName>
1212
<PackageReadmeFile>README.md</PackageReadmeFile>
1313
<Description>WebUI CLI tool for building and inspecting WebUI templates.</Description>
14+
<PackageTags>webui dotnet tool cli templates server-side-rendering</PackageTags>
1415
</PropertyGroup>
1516
</Project>

dotnet/tool/Microsoft.WebUI.Tool/README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ CLI tool for building and inspecting WebUI templates.
88
dotnet tool install -g Microsoft.WebUI.Tool
99
```
1010

11-
NuGet artifacts for this tool include repository metadata, Source Link, and `.snupkg` symbols. Release workflows stage the artifacts for manual nuget.org publishing until ESRP supports automated NuGet publishing for this project.
11+
NuGet artifacts for this tool include this README, repository metadata, Source Link, a package license URL with license acceptance required, release notes links, discoverability tags, the `© Microsoft Corporation. All rights reserved.` notice, and `.snupkg` symbols. Release workflows stage the artifacts for manual nuget.org publishing until ESRP supports automated NuGet publishing for this project. Before publishing, staged packages and Authenticode-signable contents must be signed with a Microsoft certificate through the approved signing process.
1212

1313
## Usage
1414

@@ -32,4 +32,4 @@ The tool locates the native `webui` binary using:
3232

3333
## License
3434

35-
MIT
35+
MIT. NuGet package metadata uses © Microsoft Corporation. All rights reserved.

0 commit comments

Comments
 (0)