Skip to content

👷 streamline pipeline #120

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
gimlichael merged 15 commits into from
May 24, 2025
Merged

👷 streamline pipeline #120

gimlichael merged 15 commits into from
May 24, 2025

Conversation

@gimlichael
Copy link
Member

@gimlichael gimlichael commented May 16, 2025
edited by coderabbitai bot
Loading

This pull request updates the GitHub Actions workflow in .github/workflows/pipelines.yml to modernize the environment, streamline job definitions, and enhance maintainability by reusing shared workflows. The most significant changes include upgrading the Ubuntu runner version, replacing inline job definitions with reusable workflows, and introducing additional permissions for specific jobs.

Environment Updates:

  • Updated the Ubuntu runner version from ubuntu-22.04 to ubuntu-24.04 across all jobs to ensure compatibility with the latest features and security updates. ([[1]](https://github.com/codebeltnet/cuemon/pull/120/files#diff-c40697b077557a99813200fa892d01ac2d8c5201799193bc34320cd9526ee802R21-R27), [[2]](https://github.com/codebeltnet/cuemon/pull/120/files#diff-c40697b077557a99813200fa892d01ac2d8c5201799193bc34320cd9526ee802L66-R69), [[3]](https://github.com/codebeltnet/cuemon/pull/120/files#diff-c40697b077557a99813200fa892d01ac2d8c5201799193bc34320cd9526ee802L159-R162), [[4]](https://github.com/codebeltnet/cuemon/pull/120/files#diff-c40697b077557a99813200fa892d01ac2d8c5201799193bc34320cd9526ee802L188-R191))

Workflow Simplification:

  • Replaced inline job definitions for sonarcloud, codecov, codeql, and deploy with reusable workflows (codebeltnet/jobs-sonarcloud, codebeltnet/jobs-codecov, codebeltnet/jobs-codeql, and codebeltnet/jobs-nuget), reducing redundancy and improving maintainability. ([.github/workflows/pipelines.ymlL233-R272](https://github.com/codebeltnet/cuemon/pull/120/files#diff-c40697b077557a99813200fa892d01ac2d8c5201799193bc34320cd9526ee802L233-R272))

Permissions Enhancements:

  • Added contents: read permissions globally and specific permissions (e.g., security-events: write, contents: write, packages: write) for jobs like codeql and deploy to align with their operational requirements. ([[1]](https://github.com/codebeltnet/cuemon/pull/120/files#diff-c40697b077557a99813200fa892d01ac2d8c5201799193bc34320cd9526ee802R21-R27), [[2]](https://github.com/codebeltnet/cuemon/pull/120/files#diff-c40697b077557a99813200fa892d01ac2d8c5201799193bc34320cd9526ee802L233-R272))

Summary by CodeRabbit

  • Chores
    • Updated workflow jobs to use Ubuntu 24.04 for improved environment consistency.
    • Streamlined code quality, coverage, security scanning, and deployment processes by switching to centralized reusable workflows.
    • Adjusted workflow permissions for enhanced security and compatibility.
    • Separated test preparation from build processes for better pipeline organization.
    • Added integration testing with managed SQL Server dependency for enhanced test coverage.

@gimlichael gimlichael self-assigned this May 16, 2025
@coderabbitai
Copy link

coderabbitai bot commented May 16, 2025
edited
Loading

"""

Walkthrough

The workflow configuration was updated to use Ubuntu 24.04 runners instead of 22.04. Inline steps for sonarcloud, codecov, codeql, and deployment jobs were replaced with calls to centralized reusable workflows. Workflow-level permissions were added, job permissions were refined, and secrets inheritance was specified for relevant jobs. The build and test jobs were restructured to separate test project matrix generation from building, and new prepare_test and integration_test jobs were introduced.

Changes

File(s) Change Summary
.github/workflows/pipelines.yml Updated all jobs to use Ubuntu 24.04 runners; added global workflow-level read permissions; replaced inline steps for sonarcloud, codecov, codeql, and deploy jobs with reusable workflow calls; restructured build and test jobs by splitting test matrix preparation and build; refined job permissions and secrets inheritance; updated test matrix source to use prepare_test output; added new prepare_test and integration_test jobs; renamed deploy job to reusable workflow call.

Possibly related PRs

Poem

🐇
A hop to Ubuntu twenty-four,
Workflows reused—less clutter, more!
Secrets inherited, permissions set,
Deployment’s faster—ready, set!
Code scans and coverage, neat and bright,
This rabbit’s pipeline feels just right.
🌱✨
"""

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6a500ac and 1be96ef.

📒 Files selected for processing (1)
  • .github/workflows/pipelines.yml (3 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • .github/workflows/pipelines.yml

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed May 16, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between e077271 and 2447184.

📒 Files selected for processing (1)
  • .github/workflows/pipelines.yml (5 hunks)
🧰 Additional context used
🪛 YAMLlint (1.37.1)
.github/workflows/pipelines.yml

[warning] 237-237: too few spaces after comma

(commas)

[warning] 247-247: too few spaces after comma

(commas)

[warning] 255-255: too few spaces after comma

(commas)

[warning] 263-263: too few spaces after comma

(commas)

[warning] 263-263: too few spaces after comma

(commas)

[warning] 263-263: too few spaces after comma

(commas)

[warning] 263-263: too few spaces after comma

(commas)

[warning] 263-263: too few spaces after comma

(commas)

🔇 Additional comments (8)
.github/workflows/pipelines.yml (8)

21-23: Global permission scope set to least privilege
The addition of a top-level permissions block granting only contents: read follows the principle of least privilege and simplifies permission management across jobs.

27-27: Upgrade Linux runner to Ubuntu 24.04
Updating runs-on from ubuntu-22.04 to ubuntu-24.04 for prepare_linux ensures compatibility with the latest features and security updates. Verify that all used GitHub Actions and any custom tooling remain supported on this runner.

69-69: Upgrade build runner to Ubuntu 24.04
Switching the build job to Ubuntu 24.04 aligns with the modernization effort. Ensure all target frameworks (net9.0, net8.0, etc.) compile and run as expected on this environment.

162-162: Upgrade pack runner to Ubuntu 24.04
Migrating the pack job to the new runner is consistent with other jobs. Confirm that packing and artifact uploads work correctly under Ubuntu 24.04.

191-191: Update test matrix to Ubuntu 24.04
The test matrix’s os list now uses ubuntu-24.04. This maintains consistency across CI jobs—please validate that all tests pass in the updated Linux environment.

236-244: Replace inline SonarCloud steps with reusable workflow
The sonarcloud job now delegates to codebeltnet/jobs-sonarcloud via uses, reducing duplication and centralizing maintenance. The provided with inputs and secrets: inherit look correct.

🧰 Tools
🪛 YAMLlint (1.37.1)

[warning] 237-237: too few spaces after comma

(commas)

246-252: Replace inline Codecov steps with reusable workflow
The codecov job has been refactored to call codebeltnet/jobs-codecov, passing the repository input and inheriting secrets. This keeps the pipeline DRY and maintainable.

🧰 Tools
🪛 YAMLlint (1.37.1)

[warning] 247-247: too few spaces after comma

(commas)

261-273: Replace inline deploy steps with reusable workflow
The deploy job now calls codebeltnet/jobs-nuget, explicitly sets contents: write and packages: write, and inherits secrets. The if: github.event_name != 'pull_request' guard is properly in place. This streamlines deployment logic.

🧰 Tools
🪛 YAMLlint (1.37.1)

[warning] 263-263: too few spaces after comma

(commas)

[warning] 263-263: too few spaces after comma

(commas)

[warning] 263-263: too few spaces after comma

(commas)

[warning] 263-263: too few spaces after comma

(commas)

[warning] 263-263: too few spaces after comma

(commas)

.github/workflows/pipelines.yml
Comment on lines 253 to 259
codeql:
name: 🛡️ Security Analysis
needs: [prepare_linux, build, test]
runs-on: ubuntu-22.04
timeout-minutes: 15
steps:
- name: Checkout
uses: codebeltnet/git-checkout@v1

- name: Install .NET
uses: codebeltnet/install-dotnet@v1
with:
includePreview: true

- name: Restore Dependencies
uses: codebeltnet/dotnet-restore@v2
with:
useRestoreCache: true
restoreCacheKey: ${{ needs.prepare_linux.outputs.restoreCacheKey }}

- name: Prepare CodeQL SAST Analysis
uses: codebeltnet/codeql-scan@v1

- name: Download cuemon.snk file
uses: codebeltnet/gcp-download-file@v1
with:
serviceAccountKey: ${{ secrets.GCP_TOKEN }}
bucketName: ${{ secrets.GCP_BUCKETNAME }}
objectName: cuemon.snk

- name: Build
uses: codebeltnet/dotnet-build@v2
with:
uploadBuildArtifact: false

- name: Finalize CodeQL SAST Analysis
uses: codebeltnet/codeql-scan-finalize@v1
name: call-codeql
needs: [build,test]
uses: codebeltnet/jobs-codeql/.github/workflows/default.yml@v1
permissions:
security-events: write

Copy link

@coderabbitai coderabbitai bot May 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Ensure CodeQL job retains read access
Currently, the codeql job’s permissions block lists only security-events: write. Because job-level permissions override the global ones, this removes the default contents: read, which CodeQL requires to scan the repository. Update it as follows:

 codeql:
   name: call-codeql
   needs: [build,test]
   uses: codebeltnet/jobs-codeql/.github/workflows/default.yml@v1
-  permissions:
-    security-events: write
+  permissions:
+    contents: read
+    security-events: write
+  secrets: inherit
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
codeql:
name: 🛡️ Security Analysis
needs: [prepare_linux, build, test]
runs-on: ubuntu-22.04
timeout-minutes: 15
steps:
- name: Checkout
uses: codebeltnet/git-checkout@v1
- name: Install .NET
uses: codebeltnet/install-dotnet@v1
with:
includePreview: true
- name: Restore Dependencies
uses: codebeltnet/dotnet-restore@v2
with:
useRestoreCache: true
restoreCacheKey: ${{ needs.prepare_linux.outputs.restoreCacheKey }}
- name: Prepare CodeQL SAST Analysis
uses: codebeltnet/codeql-scan@v1
- name: Download cuemon.snk file
uses: codebeltnet/gcp-download-file@v1
with:
serviceAccountKey: ${{ secrets.GCP_TOKEN }}
bucketName: ${{ secrets.GCP_BUCKETNAME }}
objectName: cuemon.snk
- name: Build
uses: codebeltnet/dotnet-build@v2
with:
uploadBuildArtifact: false
- name: Finalize CodeQL SAST Analysis
uses: codebeltnet/codeql-scan-finalize@v1
name: call-codeql
needs: [build,test]
uses: codebeltnet/jobs-codeql/.github/workflows/default.yml@v1
permissions:
security-events: write
codeql:
name: call-codeql
needs: [build,test]
uses: codebeltnet/jobs-codeql/.github/workflows/default.yml@v1
permissions:
contents: read
security-events: write
secrets: inherit
🧰 Tools
🪛 YAMLlint (1.37.1)

[warning] 255-255: too few spaces after comma

(commas)

🤖 Prompt for AI Agents 
In .github/workflows/pipelines.yml around lines 253 to 259, the codeql job's
permissions only specify 'security-events: write', which overrides and removes
the default 'contents: read' permission needed by CodeQL to scan the repository.
To fix this, add 'contents: read' alongside 'security-events: write' in the
permissions block to ensure CodeQL retains the necessary read access.

coderabbitai[bot]
coderabbitai bot reviewed May 16, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

♻️ Duplicate comments (1)
.github/workflows/pipelines.yml (1)

256-260: Ensure CodeQL job retains required permissions and secrets
The current block overrides the global contents: read, leaving only security-events: write. CodeQL needs repository read access and generally requires secrets: inherit. Please add:

 codeql:
   uses: codebeltnet/jobs-codeql/...@v1
-  permissions:
-    security-events: write
+  permissions:
+    contents: read
+    security-events: write
+  secrets: inherit
🧰 Tools
🪛 YAMLlint (1.37.1)

[warning] 257-257: too few spaces after comma

(commas)

🧹 Nitpick comments (2)
.github/workflows/pipelines.yml (2)

263-275: Simplify configuration fallback logic in deploy job
Since configuration has a default of Release in workflow_dispatch, the ternary check is redundant. You can simplify:

-    configuration: ${{ inputs.configuration == '' && 'Release' || inputs.configuration }}
+    configuration: ${{ inputs.configuration }}

This reduces complexity without changing behavior.

🧰 Tools
🪛 YAMLlint (1.37.1)

[warning] 265-265: too few spaces after comma

(commas)

[warning] 265-265: too few spaces after comma

(commas)

[warning] 265-265: too few spaces after comma

(commas)

[warning] 265-265: too few spaces after comma

(commas)

[warning] 265-265: too few spaces after comma

(commas)

237-237: Add spaces after commas in list syntax
YAML lint warns about missing spaces after commas in inline lists. Please update for readability and lint compliance:

-needs: [build,test]
+needs: [build, test]
-needs: [build,pack,test,sonarcloud,codecov,codeql]
+needs: [build, pack, test, sonarcloud, codecov, codeql]

Apply similarly at lines 248 and 257.

Also applies to: 248-248, 257-257, 265-265

🧰 Tools
🪛 YAMLlint (1.37.1)

[warning] 237-237: too few spaces after comma

(commas)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 2447184 and 26a13b2.

📒 Files selected for processing (1)
  • .github/workflows/pipelines.yml (5 hunks)
🧰 Additional context used
🪛 YAMLlint (1.37.1)
.github/workflows/pipelines.yml

[warning] 237-237: too few spaces after comma

(commas)

[warning] 248-248: too few spaces after comma

(commas)

[warning] 257-257: too few spaces after comma

(commas)

[warning] 265-265: too few spaces after comma

(commas)

[warning] 265-265: too few spaces after comma

(commas)

[warning] 265-265: too few spaces after comma

(commas)

[warning] 265-265: too few spaces after comma

(commas)

[warning] 265-265: too few spaces after comma

(commas)

🔇 Additional comments (7)
.github/workflows/pipelines.yml (7)

21-23: Global permissions for repository contents
Adding a minimal global contents: read permission aligns with the principle of least privilege and ensures jobs can access repository files as needed.

27-27: Upgrade Linux runner to Ubuntu 24.04
Updating prepare_linux to use ubuntu-24.04 ensures we’re on a more current, secure, and feature-complete runner.

69-69: Upgrade Build job runner to Ubuntu 24.04
Aligning the build job’s runner with the latest LTS version helps maintain compatibility and security.

162-162: Upgrade Pack job runner to Ubuntu 24.04
Switching the pack job to ubuntu-24.04 keeps the pipeline consistent and up-to-date.

191-191: Upgrade Test matrix to Ubuntu 24.04
Updating the test matrix OS to include ubuntu-24.04 ensures tests run on the latest environment.

236-244: Verify SonarCloud reusable workflow configuration
You’ve correctly replaced inline steps with uses: codebeltnet/jobs-sonarcloud. Please confirm that the organization: geekle and projectKey: Cuemon values match your SonarCloud setup.

🧰 Tools
🪛 YAMLlint (1.37.1)

[warning] 237-237: too few spaces after comma

(commas)

247-253: Verify Codecov reusable workflow inputs
The job now calls codebeltnet/jobs-codecov with repository: gimlichael/Cuemon. Ensure this identifier matches the Codecov project slug.

🧰 Tools
🪛 YAMLlint (1.37.1)

[warning] 248-248: too few spaces after comma

(commas)

@codecov
Copy link

codecov bot commented May 17, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 80.17%. Comparing base (e077271) to head (1be96ef).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #120   +/-   ##
=======================================
  Coverage   80.17%   80.17%           
=======================================
  Files         596      596           
  Lines       18513    18513           
  Branches     1902     1902           
=======================================
  Hits        14843    14843           
  Misses       3599     3599           
  Partials       71       71

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

coderabbitai[bot]
coderabbitai bot reviewed May 19, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

♻️ Duplicate comments (1)
.github/workflows/pipelines.yml (1)

193-199: ⚠️ Potential issue

Missing contents: read in CodeQL job permissions
Setting permissions at the job level overrides the global workflow permissions, removing contents: read which CodeQL requires to scan the repository. Please update as follows:

   codeql:
     name: call-codeql
     needs: [build,test]
     uses: codebeltnet/jobs-codeql/.github/workflows/default.yml@v1
-  permissions:
-    security-events: write
+  permissions:
+    contents: read
+    security-events: write
+  secrets: inherit

This ensures CodeQL retains repository read access and inherits necessary secrets.

🧹 Nitpick comments (1)
.github/workflows/pipelines.yml (1)

202-214: Simplify configuration input fallback
The expression ${{ inputs.configuration == '' && 'Release' || inputs.configuration }} is redundant because the configuration input already defaults to Release. You can simplify to:

-      configuration: ${{ inputs.configuration == '' && 'Release' || inputs.configuration }}
+      configuration: ${{ inputs.configuration }}

This reduces complexity and improves readability.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 26a13b2 and 0b2cd90.

📒 Files selected for processing (1)
  • .github/workflows/pipelines.yml (4 hunks)
🔇 Additional comments (10)
.github/workflows/pipelines.yml (10)

21-23: Global minimal permissions set
Good adoption of least privilege by granting only contents: read at the workflow level. This establishes a secure default for all jobs.

27-27: Runner updated for Linux preparation
Updating prepare_linux to ubuntu-24.04 ensures you're on the latest LTS with security patches. Confirmed compatibility with your .NET installers.

67-73: New prepare_test job for test matrix generation
Separating test-project discovery into its own job is a solid move—improves clarity and reusability. Ensure the json output is consumed correctly downstream (you do from needs.prepare_test.outputs.json).

83-97: Build job now leverages a reusable workflow
Switching to codebeltnet/jobs-dotnet centralizes your .NET build logic. Verify that the external workflow supports the restore-cache-key and strong-name-key-filename inputs and handles your GCP secrets as expected.

100-100: Runner updated for packaging
Changing pack to run on ubuntu-24.04 aligns it with other jobs—consistent environments reduce surprise issues.

125-125: Test job dependencies extended
Including prepare_test alongside the existing build, prepare_linux, and prepare_windows ensures your test matrix is generated before execution.

129-129: Test matrix OS updated
Switching the os entries to include ubuntu-24.04 standardizes the Linux runner across jobs.

131-131: Matrix project source switched
Consuming ${{ fromJson(needs.prepare_test.outputs.json) }} correctly ties your test projects to the generated matrix—great decoupling.

174-183: SonarCloud call consolidated via reusable workflow
Refactoring to codebeltnet/jobs-sonarcloud centralizes analysis steps. Inputs and token mapping look correct.

185-192: Codecov call consolidated via reusable workflow
Switching to codebeltnet/jobs-codecov cleans up inline steps. The repository and CODECOV_TOKEN inputs are properly wired.

coderabbitai[bot]
coderabbitai bot reviewed May 21, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

♻️ Duplicate comments (1)
.github/workflows/pipelines.yml (1)

181-187: Ensure CodeQL retains read access to repository
Job-level permissions override the global scope. The codeql job currently only grants security-events: write, which strips away the required contents: read. Please update as follows:

   permissions:
-    security-events: write
+    contents: read
+    security-events: write
+  secrets: inherit
🧹 Nitpick comments (1)
.github/workflows/pipelines.yml (1)

67-72: Validate generated test project matrix
Consider adding a validation step to ensure steps.test-projects.outputs.result is a non-empty JSON array before it's consumed in the test job matrix. This will fail fast if no test projects are discovered.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 0b2cd90 and e6d53fc.

📒 Files selected for processing (1)
  • .github/workflows/pipelines.yml (3 hunks)
🔇 Additional comments (8)
.github/workflows/pipelines.yml (8)

21-23: Global permissions added
The workflow now grants contents: read at the global level, ensuring all jobs have repository read access by default.

83-97: Use reusable workflow for build
The shift to codebeltnet/jobs-dotnet-build with a streamlined matrix and explicit secrets is well done. It centralizes build logic and reduces inline duplication.

98-110: Use reusable workflow for packaging
Replacing inline pack steps with codebeltnet/jobs-dotnet-pack enhances maintainability and keeps versioning/artefact logic consistent across projects.

113-120: Consume test matrix from prepare_test
The test job correctly references ${{ fromJson(needs.prepare_test.outputs.json) }} for its project matrix. The updated dependency chain and matrix restructuring align well with the new prepare phase.

162-170: Use reusable workflow for SonarCloud analysis
Leveraging codebeltnet/jobs-sonarcloud ensures consistency in static analysis and reduces maintenance overhead in this repository.

173-180: Use reusable workflow for Codecov
The migration to codebeltnet/jobs-codecov correctly encapsulates coverage reporting, making the workflow more concise.

190-202: Use reusable workflow for NuGet deployment
Switching to codebeltnet/jobs-nuget-push with scoped permissions (contents: write, packages: write) and an explicit PR guard (if: github.event_name != 'pull_request') is a solid improvement.

27-27:

Details

✅ Verification successful

Runner version upgrade: verify ubuntu-24.04 support
Multiple jobs now target ubuntu-24.04. Please confirm that GitHub Actions currently supports ubuntu-24.04 as a hosted runner label before merging.

Also applies to: 117-117

🌐 Web query:

Does GitHub Actions support the 'ubuntu-24.04' runner label?

💡 Result:

GitHub Actions Support for ubuntu-24.04 Runner Label

Yes, GitHub Actions supports the ubuntu-24.04 runner label.

  • As of September 2024, the Ubuntu 24.04 image is generally available (GA) for all users on GitHub Actions. You can select it in your workflow by specifying runs-on: ubuntu-24.04 in your YAML file[2][4].

"The Ubuntu 24.04 image for Actions is now generally available. To use Ubuntu 24 directly on your GitHub-hosted runners update runs-on: in your workflow file to ubuntu-24.04."[4]

  • The ubuntu-24.04 label is fully supported and is no longer in preview. Using this label ensures that your job runs on a virtual machine provisioned with Ubuntu 24.04 LTS[2][4].
  • There are changes in the set of pre-installed software tools on this image compared to previous versions (such as Ubuntu 22.04), so you should review and test your workflows for compatibility, especially if you depend on certain pre-installed packages[2][5].

Upcoming Default:

  • The ubuntu-latest label will be migrating to use Ubuntu 24.04 as its default version between September and October 2024, and the rollout is expected to complete by January 2025[1][4][5].
  • Until that migration is complete, both ubuntu-22.04 and ubuntu-24.04 will be available as explicit image labels[1][5].

How to Use:

jobs:
  build:
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4
      - name: Build
        run: make build

This will ensure your job runs on an Ubuntu 24.04 VM[4].

Summary Table

Label Supported Notes
ubuntu-24.04 Yes Generally available, use explicitly in workflows[2][4]
ubuntu-latest Yes Will point to 24.04 by Jan 2025[1][4][5]
ubuntu-22.04 Yes Still supported; maintained for two more years[1][5]

Recommendation:
If you want to specify Ubuntu 24.04 explicitly for your workflows, you can safely use runs-on: ubuntu-24.04 today[2][4]. If you use ubuntu-latest, be aware it will soon point to Ubuntu 24.04 as the migration completes. Review your workflows for compatibility with the new image, as some pre-installed packages may differ or be missing compared to prior LTS images[5].

Citations:

Runner version upgrade: ubuntu-24.04 support confirmed
GitHub Actions added GA support for the ubuntu-24.04 runner label in September 2024. You can safely use runs-on: ubuntu-24.04 in your workflows. Please continue to review and test your jobs for any compatibility changes in the pre-installed toolchain.

• Files and locations:

  • .github/workflows/pipelines.yml, line 27
  • .github/workflows/pipelines.yml, line 117

No further changes required.

coderabbitai[bot]
coderabbitai bot reviewed May 21, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (1)
.github/workflows/pipelines.yml (1)

193-199: Retain contents: read for CodeQL
Job-level permissions override global ones. You still need contents: read alongside security-events: write (and ideally secrets: inherit) for CodeQL to scan the repository.

🧹 Nitpick comments (3)
.github/workflows/pipelines.yml (3)

85-87: Debug JSON output step
The echo step prints the JSON to logs but does not affect job outputs. If this is only for debugging, consider removing it once the matrix is validated to reduce noise.

145-147: Inconsistent .NET installer versions
Most jobs use install-dotnet@v1, but integration tests use install-dotnet@v2. Consider standardizing on v2 for all to leverage the latest features and consistency.

202-208: Refactor deploy to reusable NuGet push job
Converting to codebeltnet/jobs-nuget-push clarifies deployment.

The configuration fallback expression is redundant—inputs.configuration already defaults to Release. You can simplify to:

configuration: ${{ inputs.configuration }}
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between e6d53fc and 2971613.

📒 Files selected for processing (1)
  • .github/workflows/pipelines.yml (3 hunks)
⏰ Context from checks skipped due to timeout of 90000ms (2)
  • GitHub Check: call-build (Debug) / 🛠️ Build
  • GitHub Check: call-build (Release) / 🛠️ Build
🔇 Additional comments (14)
.github/workflows/pipelines.yml (14)

21-23: Global read permissions added
Granting contents: read at the workflow level is a solid security improvement and provides the default access needed by most jobs.

27-27: Upgrade Linux runner to ubuntu-24.04
This aligns with the objective to modernize the CI environment. Ensure any OS-specific steps are compatible with the new runner.

67-73: Introduce Prepare Test job for matrix generation
The new prepare_test job cleanly separates test discovery by emitting a JSON matrix of project paths. Ensure the json output is consumed correctly by downstream jobs.

81-83: Exclude specific test project in pattern
Using !test/**/Cuemon.Data.SqlClient.Tests.csproj correctly filters out the undesired project. Confirm the globbing action supports exclusion patterns as shown.

88-94: Refactor build to reusable workflow
Switching to codebeltnet/jobs-dotnet-build and reducing the matrix to only configuration simplifies maintenance. Ensure the reusable workflow uses the intended runner version under the hood or document any difference.

95-101: Pass restore cache key and GCP secrets to build
Supplying restore-cache-key, GCP_TOKEN, and GCP_BUCKETNAME correctly wires up caching and artifact staging. Double-check that the secret names match those in the repo settings.

103-109: Refactor pack to reusable workflow
Offloading packaging to codebeltnet/jobs-dotnet-pack makes the job definition much cleaner. Verify that upload-packed-artifact: true has the desired effect in your release pipeline.

110-114: Ensure version and cache inputs for pack
Passing version from build output and reusing the cache key is correct. Confirm that version aligns with your NuGet package versioning strategy.

117-125: Use test matrix with prepare_test output
Matrixing over fromJson(needs.prepare_test.outputs.json) dynamically drives test coverage. The OS and configuration axes look good, but read on regarding cache resolution.

131-139: Add integration_test job for SQL-backed tests
Introducing integration_test provides valuable end-to-end coverage against a live SQL Server container. Ensure your Docker-Compose and connection strings align with the test schema.

164-164: Verify action input name for cache key
The dotnet-test@v3 step uses restoreCacheKey: as its input. Confirm this matches the action’s restore-cache-key parameter naming exactly; otherwise, caching may silently fail.

174-181: Replace SonarCloud inline steps with reusable workflow
Delegating to codebeltnet/jobs-sonarcloud streamlines CI. Ensure the organization and projectKey match your SonarCloud setup.

185-191: Replace Codecov inline steps with reusable workflow
Using codebeltnet/jobs-codecov reduces duplication. Verify that gimlichael/Cuemon is the correct Codecov project slug.

209-213: Grant write permissions for deployment
Assigning contents: write and packages: write aligns with NuGet push requirements. Ensure NUGET_TOKEN has the necessary scope.

coderabbitai[bot]
coderabbitai bot reviewed May 21, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (1)
.github/workflows/pipelines.yml (1)

194-199: ⚠️ Potential issue

Restore CodeQL contents: read permission
Job-level permissions override the global defaults, so the CodeQL job currently lacks contents: read—required for repository scanning. Please update to:

 codeql:
   uses: codebeltnet/jobs-codeql/...@v1
-  permissions:
-    security-events: write
+  permissions:
+    contents: read
+    security-events: write
+  secrets: inherit

This will restore read access and inherit necessary secrets.

🧹 Nitpick comments (2)
.github/workflows/pipelines.yml (2)

85-86: Optional: Remove debugging echo or clarify its purpose
The JSON output step simply echoes the matrix payload. If this is for debugging, consider removing it in production or renaming it (e.g., “Debug: show test projects”) to avoid confusion.

202-213: Simplify configuration input expression
Since inputs.configuration already has a default (Release), the conditional in

configuration: ${{ inputs.configuration == '' && 'Release' || inputs.configuration }}

is redundant. You can simplify to:

configuration: ${{ inputs.configuration }}

This makes the pipeline more readable.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 2971613 and 2a18ba5.

📒 Files selected for processing (1)
  • .github/workflows/pipelines.yml (3 hunks)
🔇 Additional comments (10)
.github/workflows/pipelines.yml (10)

21-23: Add workflow-level minimal permissions
Global permissions block now restricts default access to contents: read, which is a good security measure to enforce least privilege.

27-27: Update runner to Ubuntu 24.04
Changing the prepare_linux job to runs-on: ubuntu-24.04 aligns with our goal to use the latest LTS environment.

67-73: Introduce prepare_test job to generate test matrix
The new prepare_test job cleanly produces a JSON list of test projects via shell-globbing, outputs it, and runs on Ubuntu 24.04. The step IDs and outputs appear correctly wired (steps.test-projects.outputs.resultoutputs.json).

79-84: Validate glob pattern for test project discovery
You’re using codebeltnet/shell-globbing@v2 with an include/exclude pattern. Please verify that:

  1. The action supports multi-line pattern with ! exclusions.
  2. The resulting JSON array excludes Cuemon.Data.SqlClient.Tests.csproj as intended.
    Can you run a dry-run to confirm the output matches expectations?

88-101: Review build job matrix on reusable workflow
Switching to the codebeltnet/jobs-dotnet-build reusable workflow simplifies maintenance. Ensure that GH Actions supports a strategy.matrix when calling a reusable workflow job, and that the strong-name-key-filename, restore-cache-key, and secrets inputs map correctly. Consider validating matrix expansion locally or via a dry-run.

103-115: Review pack job with reusable workflow and artifact upload
Refactoring pack to use jobs-dotnet-pack is consistent. Please verify that:

  • The upload-packed-artifact: true flag triggers the expected artifact behavior.
  • The version input from needs.build.outputs.version flows correctly.
  • The matrix execution works as expected on both Debug and Release.
    [Test a CI pipeline run to confirm.]

146-146: Upgrade .NET installer action to v2
Updating codebeltnet/install-dotnet to v2 in the integration tests is a good modernization—ensure v2 supports the same inputs (includePreview usage).

164-164: Verify restoreCacheKey key naming consistency
In integration tests you pass restoreCacheKey, whereas other jobs use restore-cache-key. Please confirm the reusable jobs-dotnet-test workflow expects the camelCase input in this context, or harmonize the property name.

174-182: Use reusable SonarCloud workflow
Refactoring to codebeltnet/jobs-sonarcloud with explicit organization, projectKey, and version inputs is clean and DRY.

185-191: Use reusable Codecov workflow
The switch to codebeltnet/jobs-codecov with the repository input and token secret appropriately scoped enhances maintainability.

.github/workflows/pipelines.yml
Comment on lines 117 to 130
name: call-test
needs: [build, prepare_test, prepare_linux, prepare_windows]
strategy:
fail-fast: false
matrix:
os: [ubuntu-24.04, windows-2022]
configuration: [Debug, Release]
project: ${{ fromJson(needs.prepare_test.outputs.json) }}
uses: codebeltnet/jobs-dotnet-test/.github/workflows/default.yml@v1
with:
configuration: ${{ matrix.configuration }}
projects: ${{ matrix.project }}
restore-cache-key: ${{ matrix.os == 'Linux' && needs.prepare_linux.outputs.restoreCacheKey || needs.prepare_windows.outputs.restoreCacheKey }}

Copy link

@coderabbitai coderabbitai bot May 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Fix OS-based cache key resolution
The expression

restore-cache-key: ${{ matrix.os == 'Linux' && needs.prepare_linux.outputs.restoreCacheKey || needs.prepare_windows.outputs.restoreCacheKey }}

will never match (matrix.os is ubuntu-24.04 or windows-2022). As a result, Linux runs use the Windows cache.
Apply this diff:

- restore-cache-key: ${{ matrix.os == 'Linux' && needs.prepare_linux.outputs.restoreCacheKey || needs.prepare_windows.outputs.restoreCacheKey }}
+ restore-cache-key: ${{ (startsWith(matrix.os, 'ubuntu') && needs.prepare_linux.outputs.restoreCacheKey) || needs.prepare_windows.outputs.restoreCacheKey }}

This ensures the correct cache key is selected per OS.

🤖 Prompt for AI Agents 
In .github/workflows/pipelines.yml around lines 117 to 130, the
restore-cache-key expression incorrectly compares matrix.os to 'Linux', which
never matches since matrix.os values are 'ubuntu-24.04' or 'windows-2022'.
Update the condition to check if matrix.os starts with 'ubuntu' or equals
'ubuntu-24.04' to correctly select the Linux cache key; otherwise, use the
Windows cache key. This will ensure the proper cache key is used based on the
actual OS in the matrix.

coderabbitai[bot]
coderabbitai bot reviewed May 22, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

♻️ Duplicate comments (2)
.github/workflows/pipelines.yml (2)

197-199: Ensure CodeQL retains read access
Defining permissions at the job scope overrides the global defaults—currently only security-events: write is set, which strips away the required contents: read.

Please update to:

  permissions:
+   contents: read
    security-events: write
  secrets: inherit

130-130: ⚠️ Potential issue

Fix OS-based cache-key resolution
The expression still checks matrix.os == 'Linux', but the matrix values are now ubuntu-24.04 and windows-2022. This logic will never select the Linux cache key.

Apply one of the following diffs to correct the condition:

- restore-cache-key: ${{ matrix.os == 'Linux' && needs.prepare_linux.outputs.restoreCacheKey || needs.prepare_windows.outputs.restoreCacheKey }}
+ restore-cache-key: ${{ (startsWith(matrix.os, 'ubuntu') && needs.prepare_linux.outputs.restoreCacheKey) || needs.prepare_windows.outputs.restoreCacheKey }}
🧹 Nitpick comments (1)
.github/workflows/pipelines.yml (1)

146-146: Align install-dotnet action versions
You're using install-dotnet@v2 in integration_test while prepare_linux uses @v1. For consistency and reproducible environments, consider standardizing on one version (or document the need for v2 here).

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2b443b1 and da82036.

📒 Files selected for processing (1)
  • .github/workflows/pipelines.yml (3 hunks)
🔇 Additional comments (7)
.github/workflows/pipelines.yml (7)

21-23: Global workflow permissions set appropriately
Adding a workflow-level permissions: contents: read ensures all jobs retain minimal read access unless overridden downstream. This aligns with least-privilege security best practices.

27-27: Upgrade Linux runner to Ubuntu 24.04
Bumping runs-on to ubuntu-24.04 in prepare_linux keeps the environment current and secure.

67-73: Decouple test discovery into a dedicated job
Introducing prepare_test to glob and output test projects is a good separation of concerns. Excluding Cuemon.Data.SqlClient.Tests.csproj at glob-time simplifies downstream matrix logic.

89-99: Leverage reusable workflow for build
Replacing the inline multi-framework build with jobs-dotnet-build reduces duplication and centralizes versioning, caching, and signing logic in a single, shareable workflow.

103-114: Leverage reusable workflow for packing artifacts
The jobs-dotnet-pack call streamlines packaging logic and ensures consistency across projects. Passing version, restore-cache-key, and upload-packed-artifact flags is clear and complete.

174-182: Use reusable workflow for SonarCloud analysis
Switching to jobs-sonarcloud with explicit organization, projectKey, and version inputs cleans up the pipeline and centralizes SonarCloud configuration.

185-192: Use reusable workflow for Codecov reporting
Invoking jobs-codecov with the repository input and token secret reduces inline scripting and promotes consistency in coverage reporting.

coderabbitai[bot]
coderabbitai bot reviewed May 23, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🔭 Outside diff range comments (1)
.github/workflows/pipelines.yml (1)

132-166: ⚠️ Potential issue

Correct integration_test restore-cache-key input
The integration_test step uses restoreCacheKey (camelCase) but the reusable test action expects restore-cache-key (kebab-case) for cache restoration:

-          restoreCacheKey: ${{ needs.prepare_linux.outputs.restoreCacheKey }}
+          restore-cache-key: ${{ needs.prepare_linux.outputs.restoreCacheKey }}

This ensures the cache key is passed correctly to the dotnet-test action.

♻️ Duplicate comments (2)
.github/workflows/pipelines.yml (2)

198-199: Restore contents: read for CodeQL job
Adding contents: read alongside security-events: write is necessary since job-level permissions override the global scope, and CodeQL needs read access:

 codeql:
   permissions:
-    security-events: write
+    contents: read
+    security-events: write

130-131: ⚠️ Potential issue

Fix cache-key OS check
The expression matrix.os == 'Linux' will never match (matrix.os is 'ubuntu-24.04' or 'windows-2022'). Please update it, for example:

- restore-cache-key: ${{ matrix.os == 'Linux' && needs.prepare_linux.outputs.restoreCacheKey || needs.prepare_windows.outputs.restoreCacheKey }}
+ restore-cache-key: ${{ (startsWith(matrix.os, 'ubuntu') && needs.prepare_linux.outputs.restoreCacheKey) || needs.prepare_windows.outputs.restoreCacheKey }}
🧹 Nitpick comments (1)
.github/workflows/pipelines.yml (1)

203-214: Simplify deploy configuration expression
The conditional inputs.configuration == '' && 'Release' || inputs.configuration is redundant given the default is already Release. You can simplify to:

-      configuration: ${{ inputs.configuration == '' && 'Release' || inputs.configuration }}
+      configuration: ${{ inputs.configuration }}
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between da82036 and 7432912.

📒 Files selected for processing (1)
  • .github/workflows/pipelines.yml (3 hunks)
⏰ Context from checks skipped due to timeout of 90000ms (2)
  • GitHub Check: call-build (Debug) / 🛠️ Build
  • GitHub Check: call-build (Release) / 🛠️ Build
🔇 Additional comments (8)
.github/workflows/pipelines.yml (8)

21-23: Approve global permissions addition
Adding contents: read at the workflow level is a good baseline for repository access.

27-27: Upgrade Ubuntu runner for Linux preparation
Updating the runs-on from ubuntu-22.04 to ubuntu-24.04 ensures compatibility with the latest OS features and security patches.

67-86: New prepare_test job for dynamic test matrix
The prepare_test job correctly discovers and outputs the CSProj test projects (excluding the SQL client tests) as JSON for downstream matrix usage.

88-102: Refactor build to reusable workflow
Switching the build job to codebeltnet/jobs-dotnet-build improves maintainability and DRYness. Inputs and secrets look properly configured.

103-114: Refactor pack to reusable workflow
The pack job now calls the centralized jobs-dotnet-pack workflow with the correct inputs for configuration, version, and cache key.

117-129: Restructure test job to reusable workflow
Good separation of concerns: the test job now leverages the jobs-dotnet-test workflow with a matrix over OS, configuration, and dynamically generated projects.

175-183: Approve sonarcloud job refactor
The sonarcloud job is correctly replaced with the jobs-sonarcloud reusable workflow, passing the organization, project key, version, and SONAR_TOKEN.

185-192: Approve codecov job refactor
The codecov job now uses the centralized jobs-codecov workflow with the proper repository and token inputs.

coderabbitai[bot]
coderabbitai bot reviewed May 23, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (1)
.github/workflows/pipelines.yml (1)

195-200: ⚠️ Potential issue

Restore contents: read for CodeQL job
Job-level permissions override the global settings, so omitting contents: read here prevents CodeQL from scanning the repository. Please include it alongside security-events: write, and re-add secrets: inherit if needed:

 codeql:
   name: call-codeql
   needs: [build,test,integration_test]
   uses: codebeltnet/jobs-codeql/.github/workflows/default.yml@v1
-  permissions:
-    security-events: write
+  permissions:
+    contents: read
+    security-events: write
+  secrets: inherit
🧹 Nitpick comments (2)
.github/workflows/pipelines.yml (2)

130-130: Make OS check more resilient
Strictly comparing matrix.os == 'ubuntu-24.04' will break if the runner name changes in future (e.g., ubuntu-25.04). Consider using:

restore-cache-key: ${{ (startsWith(matrix.os, 'ubuntu-') && needs.prepare_linux.outputs.restoreCacheKey) || needs.prepare_windows.outputs.restoreCacheKey }}

147-147: Align .NET installer versions across jobs
Integration tests use install-dotnet@v2 while prep jobs use @v1. For consistency and to leverage bug fixes, consider upgrading all .NET install steps to v2.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7432912 and 6a500ac.

📒 Files selected for processing (1)
  • .github/workflows/pipelines.yml (3 hunks)
🔇 Additional comments (11)
.github/workflows/pipelines.yml (11)

21-23: Global workflow-level permissions added correctly
Granting contents: read at the workflow root ensures all jobs retain default repository read access without needing actions/checkout overrides.

27-27: Runner upgraded for Prepare Linux job
Switching to ubuntu-24.04 keeps the build environment current with the latest security patches.

67-73: New prepare_test job for dynamic test matrix
Introducing a lightweight job to glob test projects and output JSON simplifies the test matrix generation. Outputs are correctly wired for downstream consumption.

79-83: Globbing step configured correctly
The include/exclude patterns in codebeltnet/shell-globbing@v2 will yield all *.csproj under test/ except the SQL client tests, which matches the PR objectives.

85-87: Echo step for JSON debugging
Printing ${{ steps.test-projects.outputs.result }} to logs is useful for validating the matrix payload.

94-101: Build job refactored to reusable workflow
Replacing multi-framework inline steps with codebeltnet/jobs-dotnet-build centralizes logic and reduces duplication. Inputs and secrets are correctly mapped.

103-114: Pack job refactored to reusable workflow
Leveraging codebeltnet/jobs-dotnet-pack simplifies packaging. The upload-packed-artifact and cache-key inputs are correctly passed through.

117-124: Test job now calls reusable workflow with updated matrix

  • Runs on ubuntu-24.04 and windows-2022 as intended.
  • Projects sourced from the new prepare_test output.
  • Fail-fast disabled to collect all test results.

175-183: SonarCloud job refactored to reusable workflow
Switching to codebeltnet/jobs-sonarcloud centralizes your Sonar integration. Organization, project key, and version are correctly passed, and SONAR_TOKEN is scoped under secrets.

185-193: Codecov job refactored to reusable workflow
Using codebeltnet/jobs-codecov simplifies coverage reporting. The repository input and CODECOV_TOKEN secret are correctly provided.

203-214: Deploy job refactored to reusable workflow
Calling codebeltnet/jobs-nuget-push with the correct inputs (version, environment, configuration) and permissions (contents: write, packages: write) streamlines your NuGet publish process.

.github/workflows/pipelines.yml
restoreCacheKey: ${{ runner.os == 'Linux' && needs.prepare_linux.outputs.restoreCacheKey || needs.prepare_windows.outputs.restoreCacheKey }}
buildSwitches: ${{ contains(matrix.project, 'Cuemon.Extensions.Globalization.Tests') && '-p:SkipSignAssembly=false' || '-p:SkipSignAssembly=true' }}
testArguments: -- RunConfiguration.DisableAppDomain=true
restoreCacheKey: ${{ needs.prepare_linux.outputs.restoreCacheKey }}
Copy link

@coderabbitai coderabbitai bot May 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Input name casing mismatch on restore key
The integration_test step uses restoreCacheKey, but all other reusable workflows expect restore-cache-key (hyphenated). This will likely cause a missing-input failure.

Please update it to:

-          restoreCacheKey: ${{ needs.prepare_linux.outputs.restoreCacheKey }}
+          restore-cache-key: ${{ needs.prepare_linux.outputs.restoreCacheKey }}
🤖 Prompt for AI Agents 
In .github/workflows/pipelines.yml at line 165, the input name for the restore
cache key is incorrectly cased as restoreCacheKey, but it should be
restore-cache-key with hyphens to match the expected input name in other
reusable workflows. Change restoreCacheKey to restore-cache-key to fix the input
name casing mismatch and prevent missing-input failures.

@sonarqubecloud
Copy link

sonarqubecloud bot commented May 23, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@gimlichael gimlichael merged commit 7ebefc1 into main May 24, 2025
162 checks passed
@gimlichael gimlichael deleted the codebelt/ci-streamlining branch May 24, 2025 11:15
@coderabbitai coderabbitai bot mentioned this pull request May 29, 2025
Merged
@coderabbitai coderabbitai bot mentioned this pull request Jul 8, 2025
Merged
@coderabbitai coderabbitai bot mentioned this pull request Nov 22, 2025
Merged
@coderabbitai coderabbitai bot mentioned this pull request Dec 6, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

@gimlichael gimlichael

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gimlichael