Conversation
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
Adds automation to create/trigger “service update” pull requests across Codebelt repos when releases are published, plus small release-notes and DocFX footer updates.
Changes:
- Introduces GitHub Actions workflows to dispatch downstream updates on release and to open service-update PRs in target repos.
- Adds a Python script to selectively bump internal NuGet package versions in
Directory.Packages.props. - Standardizes release note “Version:” formatting and injects a Context7 widget script into the DocFX footer.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
.github/workflows/trigger-downstream.yml |
Dispatches repository_dispatch events to configured downstream repos upon stable release publish. |
.github/workflows/service-update.yml |
Consumes dispatch/manual inputs, bumps packages, updates release notes + changelog, and opens a PR. |
.github/scripts/bump-nuget.py |
Implements selective version bumping for internal packages based on the triggering repo/version. |
.github/dispatch-targets.json |
Configuration list for downstream dispatch targets. |
.nuget/Codebelt.Extensions.Globalization/PackageReleaseNotes.txt |
Standardizes release-note headers to Version: X.Y.Z. |
.docfx/docfx.json |
Extends DocFX footer with an external “contextual widget” script. |
| TFM=$(grep -m1 "^Availability:" "$f" | sed 's/Availability: //' || echo ".NET 10, .NET 9 and .NET Standard 2.0") | ||
| ENTRY="Version: ${NEW}\nAvailability: ${TFM}\n \n# ALM\n- CHANGED Dependencies have been upgraded to the latest compatible versions for all supported target frameworks (TFMs)\n \n" | ||
| { printf "$ENTRY"; cat "$f"; } > "$f.tmp" && mv "$f.tmp" "$f" |
There was a problem hiding this comment.
The TFM=$(grep ... | sed ... || echo ...) fallback won’t work as intended because sed will exit 0 even when grep finds nothing, so the || echo ... branch won’t run. Also, printf "$ENTRY" treats $ENTRY as a format string, so any % in the content can be misinterpreted. Prefer an explicit check for the Availability line and print the entry with a safe format (e.g., printf '%b' ... / printf '%s' ...) to avoid formatting surprises.
| TFM=$(grep -m1 "^Availability:" "$f" | sed 's/Availability: //' || echo ".NET 10, .NET 9 and .NET Standard 2.0") | |
| ENTRY="Version: ${NEW}\nAvailability: ${TFM}\n \n# ALM\n- CHANGED Dependencies have been upgraded to the latest compatible versions for all supported target frameworks (TFMs)\n \n" | |
| { printf "$ENTRY"; cat "$f"; } > "$f.tmp" && mv "$f.tmp" "$f" | |
| AVAIL_LINE=$(grep -m1 "^Availability:" "$f" || true) | |
| if [ -n "$AVAIL_LINE" ]; then | |
| TFM="${AVAIL_LINE#Availability: }" | |
| else | |
| TFM=".NET 10, .NET 9 and .NET Standard 2.0" | |
| fi | |
| ENTRY="Version: ${NEW}\nAvailability: ${TFM}\n \n# ALM\n- CHANGED Dependencies have been upgraded to the latest compatible versions for all supported target frameworks (TFMs)\n \n" | |
| { printf '%b' "$ENTRY"; cat "$f"; } > "$f.tmp" && mv "$f.tmp" "$f" |
| req = urllib.request.Request(url, data=payload, method='POST', headers={ | ||
| 'Authorization': f'Bearer {token}', | ||
| 'Accept': 'application/vnd.github+json', | ||
| 'Content-Type': 'application/json', | ||
| 'X-GitHub-Api-Version': '2022-11-28' | ||
| }) |
There was a problem hiding this comment.
GitHub’s REST API expects a User-Agent header on requests; the urllib.request.Request(..., headers={...}) here omits it, which can cause the dispatch call to be rejected. Add an explicit User-Agent (and optionally handle HTTPError to surface per-repo failures more clearly).
| if not TRIGGER_SOURCE or not TRIGGER_VERSION: | ||
| print( | ||
| "Error: TRIGGER_SOURCE and TRIGGER_VERSION environment variables required" | ||
| ) | ||
| print(f" TRIGGER_SOURCE={TRIGGER_SOURCE}") |
There was a problem hiding this comment.
After validating TRIGGER_SOURCE/TRIGGER_VERSION, the script does not validate that TRIGGER_SOURCE is a supported key in SOURCE_PACKAGE_MAP. If an unknown source is provided, the run will succeed but update nothing, and the workflow may still open a “service update” PR with only changelog/release note changes. Consider failing fast when TRIGGER_SOURCE is not in the map (or when it maps to an empty prefix list) to avoid generating misleading PRs.
| if skipped_third_party: | ||
| print() | ||
| print(f"Skipped {len(skipped_third_party)} third-party package(s):") | ||
| print("\n".join(skipped_third_party[:5])) # Show first 5 |
There was a problem hiding this comment.
skipped_third_party is populated for every package that doesn’t match the triggering source, including other internal Codebelt packages (not just third-party ones). This makes the summary output misleading ("Skipped ... third-party package(s)"). Consider renaming the variable/message to something like “skipped non-target packages” or explicitly distinguishing third-party vs other internal packages if that matters.
| "globalMetadata": { | ||
| "_appTitle": "Extensions for Globalization by Codebelt", | ||
| "_appFooter": "<span>Generated by <strong>DocFX</strong>. Copyright 2024-2026 Geekle. All rights reserved.</span>", | ||
| "_appFooter": "<span>Generated by <strong>DocFX</strong>. Copyright 2024-2026 Geekle. All rights reserved.</span>\n<script src=\"https://context7.com/widget.js\" data-library=\"/codebeltnet/globalization\" data-color=\"#059669\" data-position=\"bottom-right\" data-placeholder=\"Ask about Codebelt Globalization\"></script>", |
There was a problem hiding this comment.
The footer now injects a third-party script from https://context7.com/widget.js into the generated docs. This increases supply-chain/XSS risk for the published site; consider hosting/pinning the script (or adding Subresource Integrity + a documented allowlist/CSP) so the build output isn’t executing unpinned remote code.
| "_appFooter": "<span>Generated by <strong>DocFX</strong>. Copyright 2024-2026 Geekle. All rights reserved.</span>\n<script src=\"https://context7.com/widget.js\" data-library=\"/codebeltnet/globalization\" data-color=\"#059669\" data-position=\"bottom-right\" data-placeholder=\"Ask about Codebelt Globalization\"></script>", | |
| "_appFooter": "<span>Generated by <strong>DocFX</strong>. Copyright 2024-2026 Geekle. All rights reserved.</span>", |
| [ -f "$f" ] || continue | ||
| TFM=$(grep -m1 "^Availability:" "$f" | sed 's/Availability: //' || echo ".NET 10, .NET 9 and .NET Standard 2.0") | ||
| ENTRY="Version: ${NEW}\nAvailability: ${TFM}\n \n# ALM\n- CHANGED Dependencies have been upgraded to the latest compatible versions for all supported target frameworks (TFMs)\n \n" | ||
| { printf "$ENTRY"; cat "$f"; } > "$f.tmp" && mv "$f.tmp" "$f" |
There was a problem hiding this comment.
PackageReleaseNotes.txt currently starts with a UTF-8 BOM; prepending content via { printf ...; cat "$f"; } will push the BOM into the middle of the file (as part of the old first line), which can show up as a stray character in some consumers. Consider preserving/removing the BOM explicitly (e.g., rewrite using a tool that keeps BOM at the beginning, or strip it before concatenation).
| { printf "$ENTRY"; cat "$f"; } > "$f.tmp" && mv "$f.tmp" "$f" | |
| { | |
| printf "$ENTRY" | |
| python3 - << 'EOF' < "$f" | |
| import sys | |
| data = sys.stdin.read() | |
| if data.startswith('\ufeff'): | |
| data = data[1:] | |
| sys.stdout.write(data) | |
| EOF | |
| } > "$f.tmp" && mv "$f.tmp" "$f" |
| - name: Bump NuGet packages | ||
| run: python3 .github/scripts/bump-nuget.py | ||
| env: | ||
| TRIGGER_SOURCE: ${{ steps.trigger.outputs.source }} | ||
| TRIGGER_VERSION: ${{ steps.trigger.outputs.version }} |
There was a problem hiding this comment.
The workflow_dispatch inputs source_repo / source_version default to empty, but the Bump NuGet packages step will fail when either is empty (the script exits 1). Consider making the inputs required for manual runs, or guard this step (and later PR creation) with a check that resolved source/version are non-empty.
|
1 participant
This pull request introduces a new automated workflow for handling service updates, specifically targeting dependency version bumps for Codebelt and related packages. It adds scripts and workflows to streamline downstream package updates when a new release is published, while ensuring only relevant internal packages are updated (not third-party dependencies). Additionally, it standardizes the formatting of release notes and makes a minor documentation enhancement.
The most important changes are:
Automated Service Update Workflows:
.github/workflows/service-update.ymlto automate service update pull requests, including bumping internal package versions, updating release notes, and creating PRs when triggered by upstream releases or manual dispatch..github/workflows/trigger-downstream.ymlto automatically trigger downstream service update workflows in other repositories when a new release is published, using a dispatch mechanism and a list of target repositories..github/dispatch-targets.jsonas a configuration file to specify downstream repositories for automated update dispatches.Dependency Bumping Script:
.github/scripts/bump-nuget.py, a Python script that selectively bumps only Codebelt/Cuemon/Savvyio package versions inDirectory.Packages.propsbased on the triggering source and version, skipping unrelated third-party packages.Release Notes and Documentation:
.nuget/Codebelt.Extensions.Globalization/PackageReleaseNotes.txtby changingVersion X.Y.ZtoVersion: X.Y.Zthroughout the file. [1] [2].docfx/docfx.jsonto include a contextual widget script for user assistance.