Add Dependabot configuration and seal target classes (#180)

* Add Dependabot configuration and enhance project metadata for better dependency management

* Mark EventGridTarget and EventHubTarget classes as sealed to prevent inheritance

* Add net10.0 target framework to project files for Azure extensions

* Add .NET installation script to AppVeyor configuration

* Add CI workflow configuration for build, pack, and test jobs

* Replace msbuild commands with dotnet CLI for restore and pack steps in CI workflow

* Remove .NET 10.0 and 8.0 setup steps from CI workflow

* Add obj directory to build artifact paths and update .NET setup for pack and test jobs

* Add caching for NuGet packages in CI workflow to improve build performance

Author: JDetmar

.github/dependabot.yml

@@ -0,0 +1,28 @@
+version: 2
+updates:
+  # Security updates only for NuGet packages
+  - package-ecosystem: "nuget"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    # Only create PRs for security updates
+    open-pull-requests-limit: 10
+    # Group all security updates into a single PR when possible
+    groups:
+      security-updates:
+        patterns:
+          - "*"
+        update-types:
+          - "patch"
+          - "minor"
+    labels:
+      - "dependencies"
+      - "security"
+    commit-message:
+      prefix: "deps"
+      prefix-development: "deps-dev"
+      include: "scope"
+    # Ignore major version updates to avoid breaking changes
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]

.github/workflows/ci.yml

@@ -0,0 +1,146 @@
+name: CI
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+# Cancel in-progress runs for the same branch/PR
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+# Minimal permissions - security best practice
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: windows-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Setup .NET 10.0
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: '10.0.x'
+
+    - name: Setup .NET 8.0
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: '8.0.x'
+
+    # Cache NuGet packages to speed up builds
+    - name: Cache NuGet packages
+      uses: actions/cache@v4
+      with:
+        path: ~/.nuget/packages
+        key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}
+        restore-keys: |
+          ${{ runner.os }}-nuget-
+
+    - name: Display .NET version
+      run: dotnet --version
+
+    - name: Restore and Build
+      run: dotnet build src\NLog.Extensions.AzureStorage.sln -c Release --verbosity minimal
+
+    - name: Upload build artifacts for matrix jobs
+      uses: actions/upload-artifact@v4
+      with:
+        name: build-output
+        path: |
+          src\**\bin\Release\**
+          src\**\obj\**
+          test\**\bin\Release\**
+          test\**\obj\**
+        retention-days: 1
+
+  pack:
+    needs: build
+    runs-on: windows-latest
+    strategy:
+      matrix:
+        project:
+          - NLog.Extensions.AzureBlobStorage
+          - NLog.Extensions.AzureDataTables
+          - NLog.Extensions.AzureQueueStorage
+          - NLog.Extensions.AzureEventGrid
+          - NLog.Extensions.AzureEventHub
+          - NLog.Extensions.AzureServiceBus
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Setup .NET
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: |
+          8.0.x
+          10.0.x
+
+    - name: Cache NuGet packages
+      uses: actions/cache@v4
+      with:
+        path: ~/.nuget/packages
+        key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}
+        restore-keys: |
+          ${{ runner.os }}-nuget-
+
+    - name: Download build artifacts
+      uses: actions/download-artifact@v4
+      with:
+        name: build-output
+
+    - name: Pack ${{ matrix.project }}
+      run: dotnet pack src\${{ matrix.project }} -c Release --no-build -p:IncludeSymbols=true -p:SymbolPackageFormat=snupkg -p:ContinuousIntegrationBuild=true -p:EmbedUntrackedSources=true -p:PublishRepositoryUrl=true --verbosity minimal
+
+    - name: Upload package
+      uses: actions/upload-artifact@v4
+      with:
+        name: package-${{ matrix.project }}
+        path: |
+          src\${{ matrix.project }}\bin\Release\*.nupkg
+          src\${{ matrix.project }}\bin\Release\*.snupkg
+        retention-days: 90
+
+  test:
+    needs: build
+    runs-on: windows-latest
+    strategy:
+      matrix:
+        project:
+          - NLog.Extensions.AzureBlobStorage.Tests
+          - NLog.Extensions.AzureDataTables.Tests
+          - NLog.Extensions.AzureQueueStorage.Tests
+          - NLog.Extensions.AzureEventGrid.Tests
+          - NLog.Extensions.AzureEventHub.Tests
+          - NLog.Extensions.AzureServiceBus.Tests
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Setup .NET
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: |
+          8.0.x
+          10.0.x
+
+    - name: Cache NuGet packages
+      uses: actions/cache@v4
+      with:
+        path: ~/.nuget/packages
+        key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}
+        restore-keys: |
+          ${{ runner.os }}-nuget-
+
+    - name: Download build artifacts
+      uses: actions/download-artifact@v4
+      with:
+        name: build-output
+
+    - name: Test ${{ matrix.project }}
+      run: dotnet test test\${{ matrix.project }} /p:Configuration=Release --verbosity minimal --no-build

DEPENDENCY_MANAGEMENT.md

@@ -0,0 +1,61 @@
+# Dependency Management
+
+## TL;DR
+
+**Dependabot handles security updates automatically.** Just review PRs labeled `security` and merge if tests pass.
+
+## How It Works
+
+1. Dependabot scans weekly for security vulnerabilities
+2. Creates PRs automatically for security patches (ignores major version bumps)
+3. You review the PR (~5 min)
+4. Tests run in CI
+5. Merge if green
+6. Update version number in `.csproj` and add release note
+
+## When to Update
+
+✅ **Security fixes** - Always
+⚠️ **New features** - Only if needed
+❌ **Major versions** - Avoid unless necessary
+
+## Quick Reference
+
+### Approve a Dependabot PR
+
+```bash
+# Tests run automatically in CI, but you can run locally:
+dotnet test test\NLog.Extensions.AzureBlobStorage.Tests /p:Configuration=Release
+dotnet test test\NLog.Extensions.AzureDataTables.Tests /p:Configuration=Release
+dotnet test test\NLog.Extensions.AzureQueueStorage.Tests /p:Configuration=Release
+dotnet test test\NLog.Extensions.AzureEventGrid.Tests /p:Configuration=Release
+dotnet test test\NLog.Extensions.AzureEventHub.Tests /p:Configuration=Release
+dotnet test test\NLog.Extensions.AzureServiceBus.Tests /p:Configuration=Release
+```
+
+After merge: Bump version in affected `.csproj` files and update `<PackageReleaseNotes>`.
+
+### Check for Vulnerabilities Manually
+
+```bash
+dotnet list package --vulnerable
+```
+
+### GitHub Settings
+
+Enable these notifications:
+
+- Dependabot alerts (Settings → Security)
+- PRs labeled `security`
+
+## Versioning
+
+- **Patch** (x.y.Z): Security fixes, dependency updates
+- **Minor** (x.Y.0): New features
+- **Major** (X.0.0): Breaking changes (rare)
+
+## Time Commitment
+
+- **Most months**: 0 minutes (no security issues)
+- **Security update**: 10-15 minutes (review + merge PR)
+- **Quarterly check**: Optional

appveyor.yml

@@ -2,6 +2,14 @@ version: 1.0.{build}
 image: Visual Studio 2022
 configuration: Release
 
+install:
+  - ps: |
+      Invoke-WebRequest -Uri 'https://dot.net/v1/dotnet-install.ps1' -UseBasicParsing -OutFile "$env:temp\dotnet-install.ps1"
+      & $env:temp\dotnet-install.ps1 -Architecture x64 -Version '10.0.100' -InstallDir "$env:ProgramFiles\dotnet"
+
+before_build:
+  - cmd: dotnet --version
+
 build_script:
 - cmd: msbuild /t:Restore src\NLog.Extensions.AzureStorage.sln /p:Configuration=Release /p:IncludeSymbols=true /p:SymbolPackageFormat=snupkg /p:ContinuousIntegrationBuild=true /p:EmbedUntrackedSources=true /p:PublishRepositoryUrl=true /verbosity:minimal
 - cmd: msbuild /t:Pack src\NLog.Extensions.AzureBlobStorage /p:Configuration=Release /p:IncludeSymbols=true /p:SymbolPackageFormat=snupkg /p:ContinuousIntegrationBuild=true /p:EmbedUntrackedSources=true /p:PublishRepositoryUrl=true /verbosity:minimal

src/NLog.Extensions.AzureBlobStorage/NLog.Extensions.AzureBlobStorage.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>netstandard2.0;net8.0</TargetFrameworks>
+    <TargetFrameworks>netstandard2.0;net8.0;net10.0</TargetFrameworks>
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
     <IsTrimmable Condition="$([MSBuild]::IsTargetFrameworkCompatible('$(TargetFramework)', 'net6.0'))">true</IsTrimmable>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>

src/NLog.Extensions.AzureCosmosTable/NLog.Extensions.AzureCosmosTable.csproj

@@ -4,6 +4,10 @@
     <TargetFrameworks>net45;net461;netstandard1.3;netstandard2.0</TargetFrameworks>
     <DisableImplicitFrameworkReferences Condition=" '$(TargetFramework)' == 'net45' Or '$(TargetFramework)' == 'net461' ">true</DisableImplicitFrameworkReferences>
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <RepositoryBranch>master</RepositoryBranch>
+    <IncludeSymbols>true</IncludeSymbols>
+    <SymbolPackageFormat>snupkg</SymbolPackageFormat>
 
     <Version>2.8.0</Version>
 
@@ -14,6 +18,7 @@
 
     <PackageTags>NLog;azure;CloudTable;cosmos;cosmosdb;documentdb;table;storage;log;logging</PackageTags>
     <PackageIcon>logo64.png</PackageIcon>
+    <PackageReadmeFile>README.md</PackageReadmeFile>
     <PackageProjectUrl>https://github.com/JDetmar/NLog.Extensions.AzureStorage</PackageProjectUrl>
     <RepositoryType>git</RepositoryType>
     <RepositoryUrl>https://github.com/JDetmar/NLog.Extensions.AzureStorage.git</RepositoryUrl>
@@ -25,6 +30,7 @@ Docs: https://github.com/JDetmar/NLog.Extensions.AzureStorage/blob/master/src/NL
 
   <ItemGroup>
     <None Include="../../logo64.png" Link="logo64.png" Pack="true" PackagePath="" Visible="false" />
+    <None Include="README.md" Pack="true" PackagePath="\" />
   </ItemGroup>
 
   <ItemGroup>

src/NLog.Extensions.AzureDataTables/NLog.Extensions.AzureDataTables.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>netstandard2.0;net8.0</TargetFrameworks>
+    <TargetFrameworks>netstandard2.0;net8.0;net10.0</TargetFrameworks>
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
     <IsTrimmable Condition="$([MSBuild]::IsTargetFrameworkCompatible('$(TargetFramework)', 'net6.0'))">true</IsTrimmable>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>

src/NLog.Extensions.AzureEventGrid/EventGridTarget.cs

@@ -18,7 +18,7 @@ namespace NLog.Targets
     /// Azure Event Grid NLog Target
     /// </summary>
     [Target("AzureEventGrid")]
-    public class EventGridTarget : AsyncTaskTarget
+    public sealed class EventGridTarget : AsyncTaskTarget
     {
         private readonly IEventGridService _eventGridService;
         private readonly char[] _reusableEncodingBuffer = new char[32 * 1024];  // Avoid large-object-heap

src/NLog.Extensions.AzureEventGrid/NLog.Extensions.AzureEventGrid.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>netstandard2.0;net8.0</TargetFrameworks>
+    <TargetFrameworks>netstandard2.0;net8.0;net10.0</TargetFrameworks>
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
     <IsTrimmable Condition="$([MSBuild]::IsTargetFrameworkCompatible('$(TargetFramework)', 'net6.0'))">true</IsTrimmable>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>

src/NLog.Extensions.AzureEventHub/EventHubTarget.cs

@@ -17,7 +17,7 @@ namespace NLog.Targets
     /// Azure Event Hubs NLog Target
     /// </summary>
     [Target("AzureEventHub")]
-    public class EventHubTarget : AsyncTaskTarget
+    public sealed class EventHubTarget : AsyncTaskTarget
     {
         private readonly IEventHubService _eventHubService;
         private SortHelpers.KeySelector<LogEventInfo, string> _getEventHubPartitionKeyDelegate;