HotCakeX · HotCakeX · Feb 13, 2025 · Feb 10, 2025 · Feb 10, 2025 · Feb 11, 2025
@@ -8,7 +8,7 @@
 version: 2
 updates:
   - package-ecosystem: "dotnet-sdk"
-    directory: "/AppControl Manager"
+    directory: "/AppControl Manager/"
     schedule:
       interval: "weekly"
       day: "thursday"
@@ -18,8 +18,8 @@ updates:
       - ".NET SDK"
   - package-ecosystem: "nuget"
     directories:
-      - "/AppControl Manager"
-      - "/Harden-Windows-Security Module"
+      - "/AppControl Manager/"
+      - "/Harden-Windows-Security Module/"
     schedule:
       interval: "daily"
       time: "07:30"

@@ -43,7 +43,7 @@ jobs:
           if ($LASTEXITCODE -ne 0) { throw [System.InvalidOperationException]::New('Failed to install .NET SDK') }
 
           Write-Host -Object "`nInstalling Visual Studio Build Tools" -ForegroundColor Magenta
-          $null = winget install --id Microsoft.VisualStudio.2022.BuildTools --exact --accept-package-agreements --accept-source-agreements --uninstall-previous --force --source winget --override '--force --wait --passive --add Microsoft.VisualStudio.Workload.ManagedDesktop --add Microsoft.VisualStudio.Workload.MSBuildTools --add Microsoft.VisualStudio.Workload.UniversalBuildTools --add Microsoft.VisualStudio.ComponentGroup.WindowsAppSDK.Cs --add Microsoft.VisualStudio.Component.VC.Tools.x86.x64 --add Microsoft.VisualStudio.Component.VC.v141.x86.x64 --add Microsoft.VisualStudio.Component.Windows11SDK.26100 --includeRecommended'
+          $null = winget install --id Microsoft.VisualStudio.2022.BuildTools --exact --accept-package-agreements --accept-source-agreements --uninstall-previous --force --source winget --override '--force --wait --passive --add Microsoft.VisualStudio.Workload.ManagedDesktop --add Microsoft.VisualStudio.Workload.VCTools --add Microsoft.VisualStudio.Workload.MSBuildTools --add Microsoft.VisualStudio.Workload.UniversalBuildTools --add Microsoft.VisualStudio.ComponentGroup.WindowsAppSDK.Cs --add Microsoft.VisualStudio.Component.VC.Tools.x86.x64 --add Microsoft.VisualStudio.Component.VC.v141.x86.x64 --add Microsoft.VisualStudio.Component.Windows11SDK.26100 --includeRecommended'
           if ($LASTEXITCODE -ne 0) { throw [System.InvalidOperationException]::New('Failed to install Visual Studio Build Tools') }
 
           Write-Host -Object "`nInstalling Visual C++ Redistributable" -ForegroundColor Magenta
@@ -52,6 +52,14 @@ jobs:
       - name: Check out the repository code
         uses: actions/checkout@v4
 
+      # Runs certain Harden Windows Security application's categories in order to provide security for the build process that starts in the next step
+      - name: Securing the environment
+        id: securing
+        shell: pwsh
+        run: |
+          Install-Module -Name 'Harden-Windows-Security-Module' -Force
+          Protect-WindowsSecurity -Categories MicrosoftSecurityBaselines,MicrosoftDefender,AttackSurfaceReductionRules,MiscellaneousConfigurations -Verbose
+
       - name: Building And Packaging the AppControl Manager
         id: main_buildOp
         shell: pwsh
@@ -578,3 +586,53 @@ jobs:
 
           # Create the pull request
           gh pr create --title $CommitMessageAndPRTitle --body $PRBody --base main --label 'Automated 🤖' --assignee HotCakeX
+
+      - name: Add Body Text to the Draft Release
+        shell: pwsh
+        run: |
+          $ReleaseId = "${{ needs.build.outputs.DRAFT_RELEASE_ID }}"
+          $Repo = "${{ github.repository }}"
+
+          [string]$Note = @"
+
+          # What's New
+
+          <br>
+
+          > [!IMPORTANT]\
+          > **How To Install: Copy and Paste this command in a PowerShell window as Admin. ([Technical explanation available here](https://github.com/HotCakeX/Harden-Windows-Security/wiki/AppControl-Manager#how-to-install-or-update-the-app))**
+          > ``````powershell
+          > (irm 'https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/main/Harden-Windows-Security.ps1')+'AppControl'|iex
+          > ``````
+
+          <br>
+
+          <br>
+
+          How to [verify](https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds#verifying-artifact-attestations-with-the-github-cli) the MSIXBundle's authenticity:
+
+          ``````
+          gh attestation verify "Path To MSIXBundle" --repo HotCakeX/Harden-Windows-Security --format json
+          ``````
+
+          You can [install the GitHub CLI](https://github.com/cli/cli?tab=readme-ov-file#windows) from Winget:
+
+          ``````
+          winget install --id GitHub.cli
+          ``````
+
+          <br>
+
+          > [!NOTE]\
+          > As mentioned at the top, please **[refer to this page](https://github.com/HotCakeX/Harden-Windows-Security/wiki/AppControl-Manager#how-to-install-or-update-the-app)** for installation instructions.
+
+          <br>
+
+          "@
+
+          $Payload = @{ body = $Note } | ConvertTo-Json
+          $Url = "https://api.github.com/repos/$Repo/releases/$ReleaseId"
+          Invoke-RestMethod -Uri $Url -Method Patch -Headers @{
+            "Authorization" = "token ${{ secrets.GITHUB_TOKEN }}"
+            "Content-Type"  = "application/json"
+          } -Body $Payload
@@ -36,7 +36,6 @@
     -->
     <WindowsSdkPackageVersion>10.0.26100.56</WindowsSdkPackageVersion>
 
-
     <!--
     By default .NET runtimes are contained in the MSIX. This line will also include the WindowsAppSDK in the MSIX file
     so that the App will be installable on any system that neither has the .NET runtime nor the latest AppSDK
@@ -47,30 +46,31 @@
     -->
     <WindowsAppSDKSelfContained>true</WindowsAppSDKSelfContained>
 
-
     <!-- Publish Properties -->
     <PublishReadyToRun Condition="'$(Configuration)' == 'Debug'">False</PublishReadyToRun>
     <PublishReadyToRun Condition="'$(Configuration)' != 'Debug'">True</PublishReadyToRun>
 
-
     <!-- Disabling trimming temporarily -->
     <!-- There should be absolutely no trim warnings before this can be enabled
     Otherwise there is no guarantee that the app will work as expected at all times -->
     <!-- https://learn.microsoft.com/en-us/dotnet/core/deploying/trimming/trimming-options -->
-    <PublishTrimmed>false</PublishTrimmed>
-    <!-- <TrimMode>partial</TrimMode> -->
-    <!-- <SuppressTrimAnalysisWarnings>false</SuppressTrimAnalysisWarnings> -->
-    <!-- <TrimmerSingleWarn>false</TrimmerSingleWarn> -->
 
 
+    <PublishTrimmed>false</PublishTrimmed>
+    <!--   
+
+    <TrimMode>partial</TrimMode>
+    <SuppressTrimAnalysisWarnings>false</SuppressTrimAnalysisWarnings>
+    <TrimmerSingleWarn>false</TrimmerSingleWarn>
+    -->
+
     <ImplicitUsings>disable</ImplicitUsings>
     <Description>A modern secure application that simplifies management of Application Control in Windows.</Description>
     <PackageProjectUrl>https://github.com/HotCakeX/Harden-Windows-Security</PackageProjectUrl>
     <RepositoryUrl>https://github.com/HotCakeX/Harden-Windows-Security</RepositoryUrl>
     <PackageTags>App Control,WDAC,AppControl For Business, AppControl Manager</PackageTags>
     <PackageReleaseNotes>https://github.com/HotCakeX/Harden-Windows-Security/releases</PackageReleaseNotes>
 
-
     <!-- Automatically created for packing -->
     <!-- https://learn.microsoft.com/en-us/windows/msix/app-installer/create-appinstallerfile-vs -->
     <GenerateAppInstallerFile>False</GenerateAppInstallerFile>
@@ -79,7 +79,6 @@
     <AppxPackageSigningTimestampDigestAlgorithm>SHA512</AppxPackageSigningTimestampDigestAlgorithm>
     <AppxAutoIncrementPackageRevision>False</AppxAutoIncrementPackageRevision>
 
-
     <!-- Defining custom directory in the root directory to be created if it doesn't exist. MSIX package after packing will be stored there -->
     <AppxPackageDir>MSIXOutputX64\</AppxPackageDir>
     <AppxSymbolPackageEnabled>True</AppxSymbolPackageEnabled>
@@ -90,33 +89,35 @@
     <EnforceCodeStyleInBuild>True</EnforceCodeStyleInBuild>
     <AssemblyName>AppControlManager</AssemblyName>
     <!-- https://learn.microsoft.com/en-us/dotnet/core/deploying/native-aot/optimizing -->
-    <PublishAot>False</PublishAot>
+    <PublishAot>false</PublishAot>
     <ErrorReport>send</ErrorReport>
-    <FileVersion>1.8.9.0</FileVersion>
+    <FileVersion>1.9.0.0</FileVersion>
     <AssemblyVersion>$(FileVersion)</AssemblyVersion>
     <NeutralLanguage>en-US</NeutralLanguage>
     <PackageLicenseFile>LICENSE</PackageLicenseFile>
     <StartupObject>AppControlManager.Program</StartupObject>
     <GenerateAssemblyInfo>True</GenerateAssemblyInfo>
 
-
     <!-- https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/unsafe-code -->
     <AllowUnsafeBlocks>True</AllowUnsafeBlocks>
 
-
     <Version>$(FileVersion)</Version>
     <Copyright>© 2024-Present</Copyright>
     <Title>AppControl Manager</Title>
-
-
     <CheckForOverflowUnderflow>True</CheckForOverflowUnderflow>
-
+    <NuGetAuditMode>all</NuGetAuditMode>
+    <RepositoryType>git</RepositoryType>
+    <TreatWarningsAsErrors>True</TreatWarningsAsErrors>
   </PropertyGroup>
 
-  <!-- ARM64 doesn't support source generated XML de(serialization) -->
+  <!-- 
+  This section is no longer necessary since this generator is not Native AOT compatible and serialization/deserialization logic has been manually implemented with static code
+
+  ARM64 doesn't support source generated XML de(serialization) 
   <ItemGroup Condition="'$(RuntimeIdentifier)' != 'win-arm64'">
     <DotNetCliToolReference Include="Microsoft.XmlSerializer.Generator" Version="9.0.1" />
-  </ItemGroup>
+  </ItemGroup>  
+  -->
 
   <!--
   For trimming to exclude incompatible assemblies, but currently not working
@@ -134,29 +135,53 @@
     <ProjectCapability Include="Msix" />
   </ItemGroup>
 
-  <!-- Nuget packages -->
+  <!-- Nuget packages
+  All transitive/nested packages under the main packages are added 
+  so they can be updated separately and receive bug/security vulnerability fixes faster
+
+  https://devblogs.microsoft.com/nuget/introducing-transitive-dependencies-in-visual-studio/
+  -->
   <ItemGroup>
-    <PackageReference Include="CommunityToolkit.WinUI.Animations" Version="8.1.240916" />
-    <PackageReference Include="CommunityToolkit.WinUI.Controls.Primitives" Version="8.1.240916" />
-    <PackageReference Include="CommunityToolkit.WinUI.Controls.RadialGauge" Version="8.1.240916" />
-    <PackageReference Include="CommunityToolkit.WinUI.Controls.Segmented" Version="8.1.240916" />
-    <PackageReference Include="CommunityToolkit.WinUI.Controls.SettingsControls" Version="8.1.240916" />
-    <PackageReference Include="CommunityToolkit.WinUI.Controls.Sizers" Version="8.1.240916" />
+    <PackageReference Include="CommunityToolkit.Common" Version="8.4.0" />
+    <PackageReference Include="CommunityToolkit.WinUI.Animations" Version="8.2.250129-preview2" />
+    <PackageReference Include="CommunityToolkit.WinUI.Controls.Primitives" Version="8.2.250129-preview2" />
+    <PackageReference Include="CommunityToolkit.WinUI.Controls.RadialGauge" Version="8.2.250129-preview2" />
+    <PackageReference Include="CommunityToolkit.WinUI.Controls.Segmented" Version="8.2.250129-preview2" />
+    <PackageReference Include="CommunityToolkit.WinUI.Controls.SettingsControls" Version="8.2.250129-preview2" />
+    <PackageReference Include="CommunityToolkit.WinUI.Controls.Sizers" Version="8.2.250129-preview2" />
+    <PackageReference Include="CommunityToolkit.WinUI.Extensions" Version="8.2.250129-preview2" />
+    <PackageReference Include="CommunityToolkit.WinUI.Helpers" Version="8.2.250129-preview2" />
     <PackageReference Include="CommunityToolkit.WinUI.Lottie" Version="8.1.240821" />
+    <PackageReference Include="CommunityToolkit.WinUI.Triggers" Version="8.2.250129-preview2" />
     <PackageReference Include="CommunityToolkit.WinUI.UI.Controls.DataGrid" Version="7.1.2" />
     <PackageReference Include="Microsoft.Graphics.Win2D" Version="1.3.2" />
-    <PackageReference Include="Microsoft.Identity.Client" Version="4.67.2" />
-    <PackageReference Include="Microsoft.Windows.CsWin32" Version="0.3.162">
+    <PackageReference Include="Microsoft.Identity.Client" Version="4.68.0" />
+    <PackageReference Include="Microsoft.IdentityModel.Abstractions" Version="8.4.0" />
+    <PackageReference Include="Microsoft.Web.WebView2" Version="1.0.3065.39" />
+    <PackageReference Include="Microsoft.Windows.CsWin32" Version="0.3.183">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
     <PackageReference Include="Microsoft.Windows.CsWinRT" Version="2.2.0" />
-    <PackageReference Include="Microsoft.WindowsAppSDK" Version="1.6.250108002" />
-    <!-- ARM64 doesn't support source generated XML de(serialization) -->
-    <PackageReference Include="Microsoft.XmlSerializer.Generator" Version="9.0.1" Condition="'$(RuntimeIdentifier)' != 'win-arm64'" />
-    <PackageReference Include="System.Diagnostics.EventLog" Version="9.0.1" />
-    <PackageReference Include="System.Management" Version="9.0.1" />
-    <PackageReference Include="System.Security.Cryptography.Pkcs" Version="9.0.1" />
+    <PackageReference Include="Microsoft.Windows.SDK.BuildTools" Version="10.0.26100.1742" />
+    <PackageReference Include="Microsoft.Windows.SDK.Win32Docs" Version="0.1.42-alpha" />
+    <PackageReference Include="Microsoft.Windows.SDK.Win32Metadata" Version="63.0.31-preview" />
+    <PackageReference Include="Microsoft.Windows.WDK.Win32Metadata" Version="0.13.25-experimental" />
+    <PackageReference Include="Microsoft.WindowsAppSDK" Version="1.6.250205002" />
+    <PackageReference Include="System.CodeDom" Version="9.0.2" />
+    <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="9.0.2" />
+
+
+    <!--
+    No longer needed - manual static code has been implemented
+
+    ARM64 doesn't support source generated XML de(serialization) 
+    <PackageReference Include="Microsoft.XmlSerializer.Generator" Version="9.0.2" Condition="'$(RuntimeIdentifier)' != 'win-arm64'" />
+   -->
+
+    <PackageReference Include="System.Diagnostics.EventLog" Version="9.0.2" />
+    <PackageReference Include="System.Management" Version="9.0.2" />
+    <PackageReference Include="System.Security.Cryptography.Pkcs" Version="9.0.2" />
   </ItemGroup>
 
   <ItemGroup>