V5.0.4/ci automation

[gimlichael]

This pull request updates the .github/scripts/bump-nuget.py script to enhance how Codebelt-related NuGet package versions are managed, and bumps several third-party package versions in Directory.Packages.props. The script now sets triggered source packages to a specified version while updating all other Codebelt packages to their latest stable NuGet versions. It also improves package detection and adds support for additional Codebelt packages.

Enhancements to the NuGet bump script:

• The script now updates triggered source packages to the specified version and fetches the latest stable NuGet version for all other Codebelt-related packages, skipping non-Codebelt third-party packages. [1] [2] [3] [4]
• Added new Codebelt-related package prefixes to SOURCE_PACKAGE_MAP, including Codebelt.Extensions.Carter, Codebelt.Extensions.AspNetCore.Newtonsoft.Json, Codebelt.Extensions.AspNetCore.Text.Yaml, and Codebelt.SharedKernel.
• Introduced functions to determine if a package is a Codebelt package and to fetch the latest stable version from NuGet, with caching for efficiency.

Package version bumps in Directory.Packages.props:

• Updated the following third-party package versions:
  • AWSSDK.SQS to 4.0.2.15
  • AWSSDK.SimpleNotificationService to 4.0.2.17
  • Azure.Identity to 1.18.0
  • RabbitMQ.Client to 7.2.1 [1] [2]

Summary by CodeRabbit

• Chores
  • Updated dependencies: AWSSDK.SQS (4.0.2.15), AWSSDK.SimpleNotificationService (4.0.2.17), and RabbitMQ.Client (7.2.1).
  • Enhanced automated NuGet package version management with improved dependency resolution and caching.

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR updates the NuGet package bumping script to automatically resolve and apply the latest stable versions for Codebelt packages from NuGet while preserving trigger-based version updates. It also bumps three dependency package versions in Directory.Packages.props.

Changes

Cohort / File(s)	Summary
NuGet Bump Script .github/scripts/bump-nuget.py	Introduces NuGet version resolution logic with caching; adds get_latest_nuget_version() and is_codebelt_package() helpers; extends SOURCE_PACKAGE_MAP with new repository prefixes (e.g., carter); refactors core flow to distinguish triggered packages from Codebelt packages and handle third-party packages separately.
Package Versions Directory.Packages.props	Bump AWSSDK.SQS (4.0.2.14→4.0.2.15), AWSSDK.SimpleNotificationService (4.0.2.16→4.0.2.17), and RabbitMQ.Client (7.2.0→7.2.1).

Sequence Diagram

sequenceDiagram
    participant Script as bump-nuget.py
    participant File as Directory.Packages.props
    participant Codebelt as Codebelt Repos
    participant NuGet as NuGet Registry
    
    Script->>File: Read package list
    Script->>Script: Check if package from trigger source
    alt Triggered Package
        Script->>File: Update to TRIGGER_VERSION
    else Codebelt Package (non-triggered)
        Script->>Codebelt: is_codebelt_package()?
        alt Is Codebelt Package
            Script->>NuGet: get_latest_nuget_version()
            NuGet-->>Script: Return latest stable version
            Script->>Script: Cache result
            Script->>File: Update if newer
        else Non-Codebelt (Third-party)
            Script->>Script: Skip with message
        end
    end
    Script->>File: Write updated packages
    Script->>Script: Print summary (updated/skipped counts)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• Docfx/context7 chat #48: Modifies the same bump-nuget.py script and extends its package-selection and versioning logic.

Poem

🐰 A script hops to NuGet's treasured store,
Caching versions for Codebelt and more,
Triggered packages stay put, others soar,
With helper functions opening new doors! 🎉

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 60.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'V5.0.4/ci automation' is vague and generic, using a version/branch reference and a broad term 'ci automation' that doesn't convey specific details about the substantive changes made to the codebase.	Consider a more specific title that highlights the main change, such as 'Enhance NuGet package version management for Codebelt packages' or 'Improve bump-nuget script with Codebelt package detection and latest version resolution'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch v5.0.4/ci-automation

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Updates CI automation for service updates by enhancing NuGet package version bumping logic (especially for Codebelt-related packages) and refreshing a handful of centrally-managed third-party package versions.

Changes:

• Enhance .github/scripts/bump-nuget.py to set triggered-source packages to TRIGGER_VERSION while updating other Codebelt-related packages to the latest stable versions from NuGet (with caching and expanded package prefix mapping).
• Expand SOURCE_PACKAGE_MAP with additional Codebelt package prefixes (e.g., Carter, ASP.NET Core Newtonsoft/Yaml, SharedKernel).
• Bump select third-party package versions in Directory.Packages.props (AWS SDK, Azure.Identity, RabbitMQ.Client).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
.github/scripts/bump-nuget.py	Adds NuGet “latest stable” lookup + broader Codebelt package detection; changes update behavior to include non-triggered Codebelt packages.
Directory.Packages.props	Updates central versions for several third-party dependencies.

[Copilot]

get_latest_nuget_version claims to fetch the latest stable version, but if no stable versions are present it falls back to versions[-1], which can be a prerelease. That can unexpectedly bump packages to prerelease builds. Consider returning None (keep current) when no stable version exists, or make prerelease fallback explicit/opt-in via an env flag and reflect it in the docstring/log output.

[Copilot]

The script prints the trigger source/version but doesn’t validate that TRIGGER_SOURCE is a supported key in SOURCE_PACKAGE_MAP. If an unexpected value is provided (e.g., typo/new repo not yet mapped), no packages will be treated as “triggered source” and they’ll instead be handled by the “other Codebelt packages” path. Consider failing fast with a clear error when TRIGGER_SOURCE.lower() is not in SOURCE_PACKAGE_MAP (and list the allowed values).

[Copilot]

is_triggered_package looks up SOURCE_PACKAGE_MAP using TRIGGER_SOURCE without normalizing case. Since the map keys are lowercase, setting TRIGGER_SOURCE to e.g. CUEMON/Cuemon will cause triggered packages not to be recognized and they’ll be treated as “other Codebelt packages” (bumped from NuGet instead of forced to TRIGGER_VERSION). Normalize TRIGGER_SOURCE once (e.g., TRIGGER_SOURCE = ... .lower()) or use SOURCE_PACKAGE_MAP.get(TRIGGER_SOURCE.lower(), []).

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/scripts/bump-nuget.py (1)

99-113: ⚠️ Potential issue | 🟠 Major

Fail fast on unknown TRIGGER_SOURCE to prevent unintended broad bumps.

If TRIGGER_SOURCE is mistyped or unmapped, no package is treated as triggered, and the fallback path (Line 137) can still update other mapped packages from NuGet. Add explicit source validation before processing.

Proposed fix

 def main():
     if not TRIGGER_SOURCE or not TRIGGER_VERSION:
         print(
             "Error: TRIGGER_SOURCE and TRIGGER_VERSION environment variables required"
         )
         print(f"  TRIGGER_SOURCE={TRIGGER_SOURCE}")
         print(f"  TRIGGER_VERSION={TRIGGER_VERSION}")
         sys.exit(1)
+    if TRIGGER_SOURCE not in SOURCE_PACKAGE_MAP:
+        print(f"Error: Unknown TRIGGER_SOURCE '{TRIGGER_SOURCE}'")
+        print(f"  Valid sources: {', '.join(sorted(SOURCE_PACKAGE_MAP))}")
+        sys.exit(1)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/scripts/bump-nuget.py around lines 99 - 113, The script's main()
currently accepts any TRIGGER_SOURCE and silently proceeds, which can cause
unintended package bumps; add explicit validation of TRIGGER_SOURCE before
continuing: check TRIGGER_SOURCE against the known mapping/key set used later
(the mapping referenced by the fallback logic) and if it's missing or unmapped,
print an error showing TRIGGER_SOURCE and TRIGGER_VERSION (like the existing
prints), then sys.exit(1); place this validation right after computing
target_version (or immediately after reading the env vars) so main() fails fast
on unknown sources and prevents the fallback NuGet updates from running.

🧹 Nitpick comments (1)

.github/scripts/bump-nuget.py (1)

91-93: Narrow the exception handling in NuGet fetch.

Line 91 catches Exception broadly, which can hide non-network defects and make CI failures harder to diagnose. Narrow it to the specific exceptions that the try block can raise:

Proposed fix

+import socket
+import urllib.error
 import urllib.request
@@
-    except Exception as exc:
+    except (
+        urllib.error.URLError,
+        socket.timeout,
+        json.JSONDecodeError,
+    ) as exc:
         print(f"  Warning: Could not fetch latest version for {package_name}: {exc}")
         result = None

Note: urllib.request.urlopen() can raise URLError (which covers HTTPError as a subclass) or socket.timeout directly; json.loads() raises JSONDecodeError.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/scripts/bump-nuget.py around lines 91 - 93, The broad except
Exception hides real errors; narrow the handler around the operations using
urllib.request.urlopen and json.loads by catching urllib.error.URLError (covers
HTTPError), socket.timeout, and json.JSONDecodeError instead of Exception, so
when the fetch of package_name fails you still set result = None but only
swallow expected network/JSON errors while letting other exceptions surface for
CI; update the except block that currently references package_name and result to
catch those three specific exception types.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In @.github/scripts/bump-nuget.py:
- Around line 99-113: The script's main() currently accepts any TRIGGER_SOURCE
and silently proceeds, which can cause unintended package bumps; add explicit
validation of TRIGGER_SOURCE before continuing: check TRIGGER_SOURCE against the
known mapping/key set used later (the mapping referenced by the fallback logic)
and if it's missing or unmapped, print an error showing TRIGGER_SOURCE and
TRIGGER_VERSION (like the existing prints), then sys.exit(1); place this
validation right after computing target_version (or immediately after reading
the env vars) so main() fails fast on unknown sources and prevents the fallback
NuGet updates from running.

---

Nitpick comments:
In @.github/scripts/bump-nuget.py:
- Around line 91-93: The broad except Exception hides real errors; narrow the
handler around the operations using urllib.request.urlopen and json.loads by
catching urllib.error.URLError (covers HTTPError), socket.timeout, and
json.JSONDecodeError instead of Exception, so when the fetch of package_name
fails you still set result = None but only swallow expected network/JSON errors
while letting other exceptions surface for CI; update the except block that
currently references package_name and result to catch those three specific
exception types.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between efcfb53 and db6b0e7.

📒 Files selected for processing (2)

• .github/scripts/bump-nuget.py
• Directory.Packages.props

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 79.11%. Comparing base (efcfb53) to head (db6b0e7).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #50   +/-   ##
=======================================
  Coverage   79.11%   79.11%           
=======================================
  Files         177      177           
  Lines        3711     3711           
  Branches      365      365           
=======================================
  Hits         2936     2936           
  Misses        774      774           
  Partials        1        1           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud