ci: add format/lint jobs and align PR checks across all repos#70
Merged
devops-thiago merged 9 commits intomainfrom Mar 5, 2026
Merged
ci: add format/lint jobs and align PR checks across all repos#70devops-thiago merged 9 commits intomainfrom
devops-thiago merged 9 commits intomainfrom
Conversation
- Add concurrency block to cancel stale runs - Add format and lint jobs (repo-specific tooling) - Gate test/build on format+lint passing - Add PR docker-build job with Trivy vulnerability scan - Align job structure with Go/Node.js/Python pattern
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
There was a problem hiding this comment.
Pull request overview
This PR updates CI to add a PR-only Docker build with Trivy scanning and adjusts deployment gating, while also introducing a broad .NET refactor that changes the User domain model/DTO contract and updates tests accordingly.
Changes:
- Add a PR-only
docker-buildjob that builds the image and runs a Trivy SARIF scan; changedeployto depend ondocker-publish. - Enforce file-scoped namespaces / using placement via
.editorconfigand apply formatting across the .NET codebase. - Rename the User contract from
FirstName/LastName/PhoneNumbertoName/Bioand update services/controllers/tests.
Reviewed changes
Copilot reviewed 18 out of 18 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| UserApi.Tests/TestUtilities.cs | Formatting + DTO field updates in test helpers. |
| UserApi.Tests/TestConfiguration.cs | File-scoped namespace formatting; test DB setup retained. |
| UserApi.Tests/Services/UserServiceTests.cs | Updates assertions/fixtures for new Name/Bio model. |
| UserApi.Tests/Models/UserModelTests.cs | Updates model property tests for Name/Bio. |
| UserApi.Tests/GlobalUsings.cs | Reorders/expands global usings for test project. |
| UserApi.Tests/DTOs/UserDtoValidationTests.cs | Updates DTO validation tests for new DTO shape. |
| UserApi.Tests/Controllers/UserControllerUnitTests.cs | Updates controller unit tests for new DTO/model fields. |
| UserApi.Tests/Controllers/UserControllerIntegrationTests.cs | Updates integration tests + AutoFixture customizations for new fields. |
| UserApi.Tests/Controllers/UserControllerHelperMethodsTests.cs | Formatting-only updates for helper method tests. |
| Services/UserService.cs | Updates service mapping/business logic for Name/Bio. |
| Program.cs | Reorders usings; keeps custom JSON output formatter registration. |
| Models/User.cs | Replaces name/phone fields with Name + Bio and updates annotations. |
| Infrastructure/CompatibleSystemTextJsonOutputFormatter.cs | Formatting-only updates; keeps custom formatter behavior. |
| Data/UserDbContext.cs | Updates EF model config + seed data for new fields. |
| DTOs/UserDto.cs | Updates DTO contract (Name/Bio) and response DTO. |
| Controllers/UserController.cs | Keeps behavior but updates types + adds/keeps telemetry + sanitized logging helpers. |
| .github/workflows/ci.yml | Adds PR docker-build + Trivy scan; adjusts deploy dependency. |
| .editorconfig | Enforces file-scoped namespaces and using directive placement/sorting. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #70 +/- ##
==========================================
+ Coverage 89.97% 97.56% +7.58%
==========================================
Files 7 5 -2
Lines 459 287 -172
Branches 61 14 -47
==========================================
- Hits 413 280 -133
+ Misses 30 5 -25
+ Partials 16 2 -14
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
- Pin trivy-action from @master to @0.24.0 for supply-chain safety - Guard SARIF upload to same-repo PRs only (fixes fork permission issue) - Remove [InlineData(" ")] from name validation test: [Required] does not reject whitespace-only strings, making that case incorrect - Replace Substring(0, 5) with Guid.NewGuid().ToString("N")[..5] in AutoFixture customizations to eliminate flaky ArgumentOutOfRangeException
Copilot AI
added a commit
that referenced
this pull request
Mar 3, 2026
…espace validation Co-authored-by: devops-thiago <[email protected]>
- guard cancel-in-progress for main branch runs - fix codecov deprecated 'file' param to 'files' - pin docker/build-push-action to SHA in docker-build job - upgrade trivy-action from 0.24.0 to 0.34.2 - add exit-code: '0' to trivy to prevent failure on findings - remove unnecessary TRIVY_SKIP_VERSION_CHECK env var
The coverage artifact was being extracted to the repo root instead of the coverage/ directory, so SonarCloud couldn't find the OpenCover.xml and Cobertura.xml reports. Add path: coverage to the download-artifact step to restore the expected directory structure.
- add RegularExpression validation on CreateUserDto.Name to reject whitespace-only input (addresses Copilot review comment) - add whitespace InlineData test case for name validation - add UserDbContext tests with SQLite provider to cover seed data branch, unique email index, required fields, and primary key config - add CompatibleSystemTextJsonOutputFormatter tests covering constructor, JSON serialization, null object, and Unicode encoding - add Microsoft.EntityFrameworkCore.Sqlite test dependency All 118 tests pass locally.
- Pin docker/setup-buildx-action, aquasecurity/trivy-action, github/codeql-action/upload-sarif, and docker/login-action to full commit SHAs (resolves SonarCloud security hotspot S7637) - Switch coverage report format from OpenCover (paid-only in reportgenerator) to SonarQube generic format - Use sonar.coverageReportPaths instead of sonar.cs.opencover.reportsPaths - Update coverage threshold check to use Cobertura XML
Replace broken dotnet-coverage report command (removed in v18) with python3 xml.etree to extract line-rate from Cobertura XML. The step now fails the build if coverage is below the threshold or if the coverage report file is missing.
Add coverlet.runsettings to exclude obj/ and Migrations/ paths plus compiler-generated attributes from XPlat Code Coverage. Fixes false 65% line-rate caused by uncoverable OpenAPI source-generated files in obj/. Actual project coverage is 98.2%.
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Pure POCO/DTO classes contain only auto-properties with no executable logic. Coverlet cannot instrument them, so SonarCloud sees uncovered new lines, dragging the new-code coverage to 70%. Add **/Models/** and **/DTOs/** to sonar.coverage.exclusions in both the PR-analysis and branch-analysis scanner blocks.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Align CI pipeline structure across all 6 OTel repos.
Changes
Note
Medium Risk
Touches API/data model and EF seed/mapping, which can be breaking for clients and migrations, and makes substantial CI pipeline changes that could fail builds if coverage/report paths differ across environments.
Overview
This PR changes the user domain model and API contract from
FirstName/LastName/PhoneNumberto a singleNameplus optionalBio, updatingModels/User,DTOs/UserDto, EF mappings/seed data inUserDbContext, and the CRUD flow inUserService/UserController(including sanitized email logging/tracing).It also overhauls CI: adds formatting + lint gates, conditional concurrency cancellation, switches coverage generation/checking to Cobertura +
SonarQube.xmlviareportgeneratorand acoverlet.runsettings, updates SonarCloud configuration, and adds a PR-onlydocker-buildjob that builds the image and runs Trivy with SARIF upload; tests are updated/expanded (new SQLite-basedUserDbContextTests, formatter tests) andMicrosoft.EntityFrameworkCore.Sqliteis added for test coverage of seeding/constraints.Written by Cursor Bugbot for commit c62cc2e. This will update automatically on new commits. Configure here.