ContinuousIntegrationBuild detection will trigger env var BuildCheck

[MattKotsenas]

The upcoming BuildCheck to flag env var usage trigger on our ContinuousIntegrationBuild detection logic:

reproducible-builds/src/DotNet.ReproducibleBuilds/DotNet.ReproducibleBuilds.props

Lines 15 to 38 in 94faeb1

	<PropertyGroup>
	<!-- Set by many build agents -->
	<ContinuousIntegrationBuild Condition="'$(CI)' == 'true'">true</ContinuousIntegrationBuild>
	<!-- Azure Pipelines / DevOpsServer https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml#system-variables-devops-services -->
	<ContinuousIntegrationBuild Condition="'$(TF_BUILD)' == 'true' AND '$(ContinuousIntegrationBuild)' != 'true'">true</ContinuousIntegrationBuild>
	<!-- GitHub Actions https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables -->
	<ContinuousIntegrationBuild Condition="'$(GITHUB_ACTIONS)' == 'true' AND '$(ContinuousIntegrationBuild)' != 'true'">true</ContinuousIntegrationBuild>
	<!-- AppVeyor https://www.appveyor.com/docs/environment-variables/ -->
	<ContinuousIntegrationBuild Condition="'$(APPVEYOR)' == 'true' AND '$(ContinuousIntegrationBuild)' != 'true'">true</ContinuousIntegrationBuild>
	<!-- Travis CI https://docs.travis-ci.com/user/environment-variables/#default-environment-variables -->
	<ContinuousIntegrationBuild Condition="'$(TRAVIS)' == 'true' AND '$(ContinuousIntegrationBuild)' != 'true'">true</ContinuousIntegrationBuild>
	<!-- Circle CI https://circleci.com/docs/variables/#built-in-environment-variables -->
	<ContinuousIntegrationBuild Condition="'$(CIRCLECI)' == 'true' AND '$(ContinuousIntegrationBuild)' != 'true'">true</ContinuousIntegrationBuild>
	<!-- AWS CodeBuild https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-env-vars.html -->
	<ContinuousIntegrationBuild Condition="'$(CODEBUILD_BUILD_ID)' != '' AND '$(AWS_REGION)' != '' AND '$(ContinuousIntegrationBuild)' != 'true'">true</ContinuousIntegrationBuild>
	<!-- Jenkins https://www.jenkins.io/doc/book/pipeline/jenkinsfile/#using-environment-variables -->
	<ContinuousIntegrationBuild Condition="'$(BUILD_ID)' != '' AND '$(BUILD_URL)' != '' AND '$(ContinuousIntegrationBuild)' != 'true'">true</ContinuousIntegrationBuild>
	<!-- Google Cloud Build https://cloud.google.com/build/docs/configuring-builds/substitute-variable-values -->
	<ContinuousIntegrationBuild Condition="'$(BUILD_ID)' != '' AND '$(PROJECT_ID)' != '' AND '$(ContinuousIntegrationBuild)' != 'true'">true</ContinuousIntegrationBuild>
	<!-- TeamCity https://www.jetbrains.com/help/teamcity/predefined-build-parameters.html#Server+Build+Properties -->
	<ContinuousIntegrationBuild Condition="'$(TEAMCITY_VERSION)' != '' AND '$(ContinuousIntegrationBuild)' != 'true'">true</ContinuousIntegrationBuild>
	<!-- JetBrains Space https://www.jetbrains.com/help/space/automation-environment-variables.html#general -->
	<ContinuousIntegrationBuild Condition="'$(JB_SPACE_API_URL)' != '' AND '$(ContinuousIntegrationBuild)' != 'true'">true</ContinuousIntegrationBuild>
	</PropertyGroup>

It feels like we should have an opinion on what the correct fix is here. The two main options I see are:

1. Recommend that people that use the BuildCheck not rely on the detection and instead pass /p:ContinuousIntegrationBuild=true directly when in CI
2. Allowlist these variables in some fashion. For that to work smoothly, we likely need to package an analyzerconfig with the values. It's also unclear if BuildChecks currently support packaged analyzerconfig files

[MattKotsenas]

@baronfel, is there anywhere this is currently under discussion? I'm fine with either solution really, I think the main ask is to have a good doc of the rationale and suggested fixes.

[baronfel]

Not currently - I just poked Rainer and Jared about this concept of package-provided configuration though. I think this might be a gap for buildchecks for .NET 9 GA compared to how Roslyn can discover editorconfig configs shipped in packages.

I hope where we end up is that this package could provide some customizations for buildchecks in the package and register those somehow in props, then have MSBuild handle things from there.