Add build and publish workflows for ControlR.Libraries.DataRedaction NuGet package

Author: bitbound

.github/actions/build-upload-nuget/action.yml

@@ -0,0 +1,56 @@
+name: Build and Upload NuGet Package
+description: Builds a NuGet package and uploads it as an artifact
+
+inputs:
+  project-path:
+    description: 'Path to the project file'
+    required: true
+  version:
+    description: 'Version number for the package'
+    required: true
+  artifact-name:
+    description: 'Name for the uploaded artifact'
+    required: true
+  retention-days:
+    description: 'Number of days to retain the artifact'
+    required: false
+    default: '1'
+
+runs:
+  using: composite
+  steps:
+    - name: Build NuGet Package
+      shell: pwsh
+      run: |
+        Write-Host "Building ${{ inputs.project-path }} with version ${{ inputs.version }}"
+        dotnet build ${{ inputs.project-path }} -c Release -p:Version=${{ inputs.version }}
+
+    - name: Find NuGet Package
+      id: find-nupkg
+      shell: pwsh
+      run: |
+        $projectDir = Split-Path -Parent "${{ inputs.project-path }}"
+        $searchDir = Join-Path $projectDir "bin\Release"
+        Write-Host "Searching for nupkg in $searchDir"
+        
+        if (!(Test-Path $searchDir)) {
+          Write-Error "Directory $searchDir not found"
+          exit 1
+        }
+        
+        $pkg = Get-ChildItem -Path $searchDir -Filter '*.nupkg' -File | Sort-Object LastWriteTime -Descending | Select-Object -First 1
+        
+        if (-not $pkg) {
+          Write-Error "NuGet package not found in $searchDir"
+          exit 1
+        }
+        
+        Write-Host "Found package: $($pkg.FullName)"
+        echo "NUPKG_PATH=$($pkg.FullName)" >> $env:GITHUB_OUTPUT
+
+    - name: Upload NuGet Package
+      uses: actions/upload-artifact@v6
+      with:
+        name: ${{ inputs.artifact-name }}
+        path: ${{ steps.find-nupkg.outputs.NUPKG_PATH }}
+        retention-days: ${{ inputs.retention-days }}

.github/workflows/build.yml

@@ -91,6 +91,37 @@ jobs:
         run: |
           dotnet test -c Release
 
+  build-nuget-packages:
+    name: Build NuGet Packages
+    runs-on: ${{ fromJson(inputs.use_self_hosted_runners) && fromJson('["self-hosted","Unix"]') || fromJson('["ubuntu-latest"]') }}
+    needs: set-version
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          clean: true
+          fetch-depth: 0
+
+      - name: Setup .NET
+        uses: ./.github/actions/setup-dotnet
+
+      - name: Build and Upload ControlR.ApiClient
+        uses: ./.github/actions/build-upload-nuget
+        with:
+          project-path: ControlR.ApiClient/ControlR.ApiClient.csproj
+          version: ${{ needs.set-version.outputs.version }}
+          artifact-name: ApiClientNuGet
+          retention-days: ${{ env.RETENTION_DAYS_ARTIFACTS }}
+
+      - name: Build and Upload ControlR.Libraries.DataRedaction
+        uses: ./.github/actions/build-upload-nuget
+        with:
+          project-path: Libraries/ControlR.Libraries.DataRedaction/ControlR.Libraries.DataRedaction.csproj
+          version: ${{ needs.set-version.outputs.version }}
+          artifact-name: DataRedactionNuGet
+          retention-days: ${{ env.RETENTION_DAYS_ARTIFACTS }}
+
   build-mac-binaries:
     name: Apple Build
     runs-on: ${{ fromJson(inputs.use_self_hosted_runners) && fromJson('["self-hosted","macOS"]') || fromJson('["macos-latest"]') }}
@@ -182,35 +213,6 @@ jobs:
       - name: Setup .NET
         uses: ./.github/actions/setup-dotnet
 
-      - name: Pack ControlR.ApiClient (Release)
-        run: dotnet build ControlR.ApiClient/ControlR.ApiClient.csproj -c Release -p:Version=${{ env.VERSION }}
-
-      - name: Find ApiClient nupkg
-        id: find-nupkg
-        shell: pwsh
-        run: |
-          $searchDir = 'ControlR.ApiClient\bin\Release'
-          Write-Host "Searching for nupkg in $searchDir"
-          if (!(Test-Path $searchDir)) {
-            Write-Error "Directory $searchDir not found"
-            exit 1
-          }
-          $pkg = Get-ChildItem -Path $searchDir -Filter 'ControlR.ApiClient*.nupkg' -File | Sort-Object LastWriteTime -Descending | Select-Object -First 1
-          if (-not $pkg) {
-            Write-Error 'ApiClient nupkg not found in Release folder.'
-            exit 1
-          }
-          Write-Host "Found package: $($pkg.FullName)"
-          echo "APICLIENT_NUPKG=$($pkg.FullName)" >> $env:GITHUB_OUTPUT
-
-      - name: Upload ApiClient NuGet
-        if: matrix.arch == 'win-x64'
-        uses: actions/upload-artifact@v6
-        with:
-          name: ApiClientNuGet
-          path: ${{ steps.find-nupkg.outputs.APICLIENT_NUPKG }}
-          retention-days: ${{ env.RETENTION_DAYS_ARTIFACTS }}
-
       # ===== Azure Login with OIDC =====
       - name: Azure Login
         uses: azure/login@v2

.github/workflows/publish-nugets.yml

@@ -37,6 +37,14 @@ jobs:
           github-token: ${{ github.token }}
           run-id: ${{ steps.get-run-id.outputs.run_id }}
 
+      - name: Download DataRedaction NuGet Package
+        uses: actions/download-artifact@v7
+        with:
+          name: DataRedactionNuGet
+          path: ./nuget-packages
+          github-token: ${{ github.token }}
+          run-id: ${{ steps.get-run-id.outputs.run_id }}
+
       - name: Setup .NET
         uses: actions/setup-dotnet@v5
         with:
@@ -69,5 +77,6 @@ jobs:
           echo "**Version:** ${{ steps.get-version.outputs.VERSION }}" >> $GITHUB_STEP_SUMMARY
           echo "**Packages Published:**" >> $GITHUB_STEP_SUMMARY
           echo "- ControlR.ApiClient" >> $GITHUB_STEP_SUMMARY
+          echo "- ControlR.Libraries.DataRedaction" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "✅ Successfully published to NuGet.org" >> $GITHUB_STEP_SUMMARY

Libraries/ControlR.Libraries.DataRedaction/ControlR.Libraries.DataRedaction.csproj

@@ -1,15 +1,28 @@
 <Project Sdk="Microsoft.NET.Sdk">
-
   <PropertyGroup>
-    <TargetFramework>net10.0</TargetFramework>
-    <ImplicitUsings>enable</ImplicitUsings>
-    <Nullable>enable</Nullable>
+    <IsPackable>true</IsPackable>
+    <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
+    <Title>ControlR Data Redaction</Title>
+    <Description>
+      A library for data redaction in ControlR, providing tools to redact sensitive information from logs and outputs.
+    </Description>
+    <PackageIcon>appicon.png</PackageIcon>
+    <PackageReadmeFile>README.md</PackageReadmeFile>
+    <PackageLicenseExpression>MIT</PackageLicenseExpression>
   </PropertyGroup>
-
+  <ItemGroup>
+    <None Include="..\..\.assets\appicon.png">
+      <Pack>True</Pack>
+      <PackagePath>\</PackagePath>
+    </None>
+    <None Update="README.md">
+      <Pack>True</Pack>
+      <PackagePath>\</PackagePath>
+    </None>
+  </ItemGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.Extensions.Compliance.Redaction" />
     <PackageReference Include="Microsoft.Extensions.Logging" />
     <PackageReference Include="Microsoft.Extensions.Telemetry" />
   </ItemGroup>
-
-</Project>
+</Project>

Libraries/ControlR.Libraries.DataRedaction/DefaultDataClassifications.cs

@@ -4,7 +4,7 @@ namespace ControlR.Libraries.DataRedaction;
 
 public static class DefaultDataClassifications
 {
-  public static string Name => "DefaultDataClassifications";
+  public const string Name = "DefaultDataClassifications";
   public static DataClassification Protected => new(Name, nameof(Protected));
   public static DataClassification Public => new(Name, nameof(Public));
 }

Libraries/ControlR.Libraries.DataRedaction/README.md

@@ -0,0 +1,134 @@
+# ControlR Data Redaction Library
+
+A lightweight library for redacting sensitive data in logs and outputs using Microsoft's data compliance framework.
+
+## Overview
+
+This library provides tools to automatically redact sensitive information during logging operations, helping you maintain security and comply with data protection regulations. It uses Microsoft's `Microsoft.Extensions.Compliance.Redaction` package to seamlessly integrate with standard .NET logging infrastructure.
+
+## Installation
+
+```bash
+dotnet add package ControlR.Libraries.DataRedaction
+```
+
+## Quick Start
+
+### 1. Register the Redactor
+
+Add the redactor to your service collection:
+
+```csharp
+using ControlR.Libraries.DataRedaction;
+
+var builder = WebApplication.CreateBuilder(args);
+
+// Add redaction services
+builder.Services.AddStarRedactor();
+
+var app = builder.Build();
+```
+
+### 2. Mark Sensitive Properties
+
+Use the `ProtectedDataClassification` attribute to mark properties that should be redacted:
+
+```csharp
+public class User
+{
+  public string Name { get; set; }
+  
+  [ProtectedDataClassification]
+  public string Password { get; set; }
+  
+  [ProtectedDataClassification]
+  public string ApiKey { get; set; }
+}
+```
+
+### 3. Log Structured Data
+
+When you log objects with protected properties, they'll automatically be redacted:
+
+```csharp
+var user = new User 
+{ 
+  Name = "John Doe", 
+  Password = "secret123",
+  ApiKey = "sk_live_abc123"
+};
+
+logger.LogInformation("User details: {@User}", user);
+// Output: User details: { Name: "John Doe", Password: "****", ApiKey: "****" }
+```
+
+## Features
+
+- **Automatic Redaction**: Sensitive data is redacted automatically during logging
+- **Attribute-Based**: Simple `[ProtectedDataClassification]` attribute to mark sensitive properties
+- **Star Redactor**: Replaces sensitive values with `****`
+- **Standard Integration**: Works with Microsoft's logging and compliance infrastructure
+- **Zero Configuration**: Works out of the box with sensible defaults
+
+## API Reference
+
+### `AddStarRedactor()`
+
+Registers the `StarRedactor` and enables redaction in the logging pipeline.
+
+```csharp
+services.AddStarRedactor();
+```
+
+### `ProtectedDataClassificationAttribute`
+
+Marks a property as containing protected data that should be redacted.
+
+```csharp
+[ProtectedDataClassification]
+public string SensitiveData { get; set; }
+```
+
+### `StarRedactor`
+
+The default redactor that replaces sensitive values with `****`.
+
+### `DefaultDataClassifications`
+
+Provides standard data classification types:
+- `Protected`: Data that should be redacted
+- `Public`: Data that can be logged without redaction
+
+## Advanced Usage
+
+### Custom Data Classifications
+
+You can use the built-in classifications for more granular control:
+
+```csharp
+using Microsoft.Extensions.Compliance.Classification;
+
+public class CustomModel
+{
+  [DataClassification(DefaultDataClassifications.Public)]
+  public string PublicInfo { get; set; }
+  
+  [DataClassification(DefaultDataClassifications.Protected)]
+  public string PrivateInfo { get; set; }
+}
+```
+
+## Requirements
+
+- .NET 10.0 or later
+- Microsoft.Extensions.Compliance.Redaction
+- Microsoft.Extensions.Logging
+
+## Learn More
+
+For more information about data redaction in .NET, see the official documentation:
+- [Data Redaction in .NET](https://learn.microsoft.com/en-us/dotnet/core/extensions/data-redaction)
+
+## License
+
+MIT