Conversation
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
This PR adds GitHub Actions automation to propagate “service update” dependency bumps across repositories and trigger downstream updates on release publication, plus a DocFX footer customization to load an external widget.
Changes:
- Added a release-published workflow to dispatch
repository_dispatchevents to downstream repositories listed in.github/dispatch-targets.json. - Added a service-update workflow that bumps package versions, updates release notes/changelog, and opens a PR.
- Updated DocFX footer HTML to include the Context7 widget script.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| .github/workflows/trigger-downstream.yml | New workflow that reads .github/dispatch-targets.json and dispatches downstream update events on release publish. |
| .github/workflows/service-update.yml | New workflow to perform automated dependency/service updates and open a PR. |
| .github/dispatch-targets.json | Placeholder JSON list of downstream repositories to receive dispatch events. |
| .docfx/docfx.json | Adds an external script tag to the documentation footer for widget integration. |
| NEW="${{ steps.newver.outputs.new }}" | ||
| for f in .nuget/*/PackageReleaseNotes.txt; do | ||
| [ -f "$f" ] || continue | ||
| TFM=$(grep -m1 "^Availability:" "$f" | sed 's/Availability: //' || echo ".NET 10, .NET 9 and .NET Standard 2.0") |
There was a problem hiding this comment.
The TFM=$(grep ... | sed ... || echo ...) fallback will never execute because the pipeline exit status is from sed (which succeeds even when grep finds nothing). This can leave TFM empty if the Availability line is missing. Consider restructuring this to handle the grep-no-match case explicitly (or enable pipefail).
| TFM=$(grep -m1 "^Availability:" "$f" | sed 's/Availability: //' || echo ".NET 10, .NET 9 and .NET Standard 2.0") | |
| AVAIL_LINE=$(grep -m1 "^Availability:" "$f" || true) | |
| if [ -z "$AVAIL_LINE" ]; then | |
| TFM=".NET 10, .NET 9 and .NET Standard 2.0" | |
| else | |
| TFM=${AVAIL_LINE#Availability: } | |
| fi |
| git checkout -b "$BRANCH" | ||
| git add -A | ||
| git diff --cached --quiet && echo "Nothing changed - skipping PR." && exit 0 | ||
| git commit -m "V${NEW}/service update" |
There was a problem hiding this comment.
git push origin "$BRANCH" will use the credentials configured by actions/checkout (typically GITHUB_TOKEN), not the GitHub App token generated in app-token. If the intent is to authenticate pushes as the app (e.g., for audit/bypass/consistent attribution), you need to disable persisted checkout credentials and/or reconfigure the remote URL to use the app token before pushing.
| git commit -m "V${NEW}/service update" | |
| git commit -m "V${NEW}/service update" | |
| git remote set-url origin "https://x-access-token:${GH_TOKEN}@github.com/${{ github.repository }}.git" |
| "globalMetadata": { | ||
| "_appTitle": "Unitify by Codebelt", | ||
| "_appFooter": "<span>Generated by <strong>DocFX</strong>. Copyright 2024-2026 Geekle. All rights reserved.</span>", | ||
| "_appFooter": "<span>Generated by <strong>DocFX</strong>. Copyright 2024-2026 Geekle. All rights reserved.</span><script src=\"https://context7.com/widget.js\" data-library=\"/codebeltnet/unitify\"></script>", |
There was a problem hiding this comment.
Appending an unpinned third-party <script src="https://context7.com/widget.js"> into the DocFX footer introduces a supply-chain/XSS risk for the published documentation site and may violate stricter CSP settings. Consider hosting/pinning the script (or using SRI + a CSP update) and documenting the trust/upgrade process for this external dependency.
| "_appFooter": "<span>Generated by <strong>DocFX</strong>. Copyright 2024-2026 Geekle. All rights reserved.</span><script src=\"https://context7.com/widget.js\" data-library=\"/codebeltnet/unitify\"></script>", | |
| "_appFooter": "<span>Generated by <strong>DocFX</strong>. Copyright 2024-2026 Geekle. All rights reserved.</span>", |
| owner: codebeltnet | ||
|
|
||
| - name: Bump NuGet packages | ||
| run: python3 .github/scripts/bump-nuget.py |
There was a problem hiding this comment.
This workflow invokes python3 .github/scripts/bump-nuget.py, but .github/scripts/bump-nuget.py does not exist in the repository. As written, the workflow will fail at runtime; either add the script (and any dependencies) or update the step to call an existing tool/path.
| run: python3 .github/scripts/bump-nuget.py | |
| shell: bash | |
| run: | | |
| if [ -f ".github/scripts/bump-nuget.py" ]; then | |
| echo "Running .github/scripts/bump-nuget.py to bump NuGet packages..." | |
| python3 .github/scripts/bump-nuget.py | |
| else | |
| echo "Warning: .github/scripts/bump-nuget.py not found; skipping NuGet package bump." | |
| fi |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #18 +/- ##
=======================================
Coverage 83.33% 83.33%
=======================================
Files 19 19
Lines 666 666
Branches 51 51
=======================================
Hits 555 555
Misses 110 110
Partials 1 1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
1 participant
This pull request introduces automation for service updates and downstream release triggers, streamlining dependency management and release workflows. The main changes are the addition of two GitHub Actions workflows for service updates and downstream triggers, as well as minor updates to documentation and configuration files.
CI/CD Workflow Automation
.github/workflows/service-update.ymlto automate service updates, including package version bumps, changelog and release notes updates, and PR creation. The workflow supports both manual and triggered runs, and uses a GitHub App token for authentication..github/workflows/trigger-downstream.ymlto trigger downstream service updates automatically when a release is published, dispatching events to target repositories listed in.github/dispatch-targets.json..github/dispatch-targets.jsonas a placeholder for downstream repositories to receive dispatch events.Documentation and Metadata
.docfx/docfx.jsonto append a script tag for a widget in the documentation footer, enabling integration with an external library.