V4.0.0/prepare for launch

[gimlichael]

This pull request includes several updates to improve logging, update dependencies, and enhance the build process. The most important changes include the addition of centralized logging messages, updates to permissions in GitHub workflows, and enabling .NET analyzers for better code quality.

Centralized Logging:

• src/Codebelt.Bootstrapper/BootstrapperLogMessages.cs: Introduced a new class to provide centralized logging messages using the LoggerMessage pattern. This includes methods for logging information, warnings, and critical errors.
• src/Codebelt.Bootstrapper.Console/ConsoleHostedService.cs: Refactored logging calls to use the new centralized logging methods. [1] [2] [3]
• src/Codebelt.Bootstrapper.Console/MinimalConsoleHostedService.cs: Updated logging calls to use the new centralized logging methods. [1] [2]

GitHub Workflows:

• .github/workflows/pipelines.yml: Added permissions for contents and security-events to various jobs to enhance security and functionality. [1] [2]

Dependency Updates:

• Directory.Packages.props: Updated the version of Codebelt.Extensions.Xunit.App from 10.0.0-preview.3 to 10.0.0.

Build Configuration:

• Directory.Build.props: Enabled .NET analyzers and set the analysis level to the latest recommended settings to improve code quality.

Miscellaneous:

• CHANGELOG.md: Updated the release date for version 4.0.0 to 2025-04-12.
• app/Codebelt.Bootstrapper.WebApp.App/Properties/launchSettings.json, app/Codebelt.Bootstrapper.WebMvc.App/Properties/launchSettings.json: Changed the applicationUrl for local development. [1] [2]

Summary by CodeRabbit

• Documentation

  • Clarified the official release date for version 4.0.0.

• Chores

  • Enhanced automated workflow security with updated permission settings.
  • Improved project configuration with refined static analysis and upgraded dependency versions.

• Refactor

  • Standardized the logging infrastructure to provide clearer and more consistent event reporting.

[coderabbitai]

Walkthrough

The changes include updates to GitHub Actions workflows with refined permission settings, a release date update in the CHANGELOG for version 4.0.0, and the addition of .NET analyzer properties in project configuration. Package dependencies have been stabilized, and local application URLs have been updated. The logging mechanism in console hosted services now leverages a decorator pattern, with modifications in both the direct logging files and documentation. Additionally, a new logging messages class has been introduced to standardize log outputs using the LoggerMessage pattern.

Changes

File(s)	Change Summary
.github/workflows/pipelines.yml	Added top-level permissions (contents: read) and job-specific permissions: security-events: write for codeql; contents: write and packages: write for deploy.
CHANGELOG.md	Updated release date for version 4.0.0 from "TBD" to "2025-04-12".
Directory.Build.props	Added properties: <EnableNETAnalyzers>true</EnableNETAnalyzers>, <AnalysisLevel>latest</AnalysisLevel>, and <AnalysisMode>Recommended</AnalysisMode>.
Directory.Packages.props	Updated Codebelt.Extensions.Xunit.App version from 10.0.0-preview.3 to 10.0.0.
app/Codebelt...launchSettings.json (WebApp & WebMvc)	Updated applicationUrl values from ports 5001/5000 to 7173/5249.
src/Codebelt...Console/ConsoleHostedService.cs and MinimalConsoleHostedService.cs	Replaced direct logging calls with Decorator.EncloseToExpose(_logger, false) to standardize logging.
src/Codebelt...BootstrapperLifetime.cs	Simplified XML documentation comments for the OnDisposeManagedResources method.
src/Codebelt...BootstrapperLogMessages.cs	Introduced a new static class with extension methods for standardized log messages using the LoggerMessage pattern.

Sequence Diagram(s)

sequenceDiagram
    participant Service as HostedService
    participant Decorator
    participant Logger as BootstrapperLogMessages
    Service->>Decorator: EncloseToExpose(_logger, false)
    Decorator-->>Service: Decorated Logger Instance
    Service->>Logger: Invoke log method (e.g., RunAsyncStarted)
    Logger-->>Service: Log message recorded

Loading

Poem

I'm a hopping rabbit in the codeyard bright,
With decorators weaving logs just right,
Pipelines and properties dance in my view,
URLs and versions updated anew,
My whiskers twitch at each line of change—
In this coding warren, every hop feels strange! 🐇

Tip

⚡💬 Agentic Chat (Pro Plan, General Availability)

• We're introducing multi-step agentic chat in review comments and issue comments, within and outside of PR's. This feature enhances review and issue discussions with the CodeRabbit agentic chat by enabling advanced interactions, including the ability to create pull requests directly from comments and add commits to existing pull requests.

✨ Finishing Touches

• 📝 Generate Docstrings

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Copilot]

Copilot reviewed 6 out of 10 changed files in this pull request and generated no comments.

Files not reviewed (4)

• Directory.Build.props: Language not supported
• Directory.Packages.props: Language not supported
• app/Codebelt.Bootstrapper.WebApp.App/Properties/launchSettings.json: Language not supported
• app/Codebelt.Bootstrapper.WebMvc.App/Properties/launchSettings.json: Language not supported

Comments suppressed due to low confidence (1)

src/Codebelt.Bootstrapper.Console/MinimalConsoleHostedService.cs:97

• [nitpick] The use of the null-conditional operator '?.' in this logging call is inconsistent with similar calls (e.g. RunAsyncStarted) that assume _logger is non-null. Consider either consistently applying the null-check or removing '?.' if _logger is guaranteed to be non-null.

Decorator.EncloseToExpose(_logger, false)?.RunAsyncPrematureEnd();

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

app/Codebelt.Bootstrapper.WebApp.App/Properties/launchSettings.json (1)

4-10: Updated Launch Settings and Application URLs

The changes in this block correctly update key profile properties for local development. In particular, the updated applicationUrl ("https://localhost:7173;http://localhost:5249") aligns with the PR objective and should be verified for availability and consistency with any other environment settings. Additionally, double-check that the dotnetRunMessages value as a string ("true") is intentional and complies with your configuration expectations.

app/Codebelt.Bootstrapper.WebMvc.App/Properties/launchSettings.json (1)

5-5: Verify 'dotnetRunMessages' Value Type

The "dotnetRunMessages" property is provided as the string "true" on line 5. Typically, this setting is expected to be a boolean value. Please confirm that the runtime or tooling correctly parses this value without issues.

src/Codebelt.Bootstrapper/BootstrapperLogMessages.cs (1)

1-72: Consider adding unit tests for the logging methods

Since this class centralizes important logging functionality, consider adding unit tests to verify that these methods correctly generate the expected log entries with the proper log levels and message templates.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f0bcd1b and 934feb9.

📒 Files selected for processing (10)

• .github/workflows/pipelines.yml (2 hunks)
• CHANGELOG.md (1 hunks)
• Directory.Build.props (1 hunks)
• Directory.Packages.props (1 hunks)
• app/Codebelt.Bootstrapper.WebApp.App/Properties/launchSettings.json (1 hunks)
• app/Codebelt.Bootstrapper.WebMvc.App/Properties/launchSettings.json (1 hunks)
• src/Codebelt.Bootstrapper.Console/ConsoleHostedService.cs (4 hunks)
• src/Codebelt.Bootstrapper.Console/MinimalConsoleHostedService.cs (3 hunks)
• src/Codebelt.Bootstrapper/BootstrapperLifetime.cs (1 hunks)
• src/Codebelt.Bootstrapper/BootstrapperLogMessages.cs (1 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (2)

src/Codebelt.Bootstrapper.Console/MinimalConsoleHostedService.cs (1)

src/Codebelt.Bootstrapper/BootstrapperLogMessages.cs (5)

• RunAsyncStarted (29-32)
• UnableToActivateInstance (57-60)
• FatalErrorActivating (68-71)
• RunAsyncPrematureEnd (38-41)
• RunAsyncCompleted (47-50)

src/Codebelt.Bootstrapper.Console/ConsoleHostedService.cs (1)

src/Codebelt.Bootstrapper/BootstrapperLogMessages.cs (5)

• RunAsyncStarted (29-32)
• FatalErrorActivating (68-71)
• UnableToActivateInstance (57-60)
• RunAsyncPrematureEnd (38-41)
• RunAsyncCompleted (47-50)

⏰ Context from checks skipped due to timeout of 90000ms (6)

• GitHub Check: 🧪 Test (ubuntu-24.04, Debug)
• GitHub Check: 🧪 Test (ubuntu-24.04, Release)
• GitHub Check: 🧪 Test (windows-2022, Release)
• GitHub Check: 🧪 Test (windows-2022, Debug)
• GitHub Check: 📦 Pack (Debug)
• GitHub Check: 📦 Pack (Release)

🔇 Additional comments (20)

app/Codebelt.Bootstrapper.WebMvc.App/Properties/launchSettings.json (2)

4-7: Updated Local Development Settings and URL

The "applicationUrl" on line 7 has been updated to "https://localhost:7173;http://localhost:5249", which aligns with the PR objective to standardize local development endpoints. Additionally, the settings for "commandName", "dotnetRunMessages", and "launchBrowser" appear to follow the intended configuration for the project. Please ensure these changes integrate well with your local services.

---

8-10: Environment Variables Configuration Check

The environment variables—setting "ASPNETCORE_ENVIRONMENT" to "LocalDevelopment" and configuring "ASPNETCORE_HOSTINGSTARTUPASSEMBLIES" appropriately—are correctly structured and meet the local development requirements. No changes are needed here.

CHANGELOG.md (1)

7-7: Release date finalized for version 4.0.0.

The update to include a specific release date (April 12, 2025) helps provide clarity on the project timeline and aligns with the PR objective of preparing for the 4.0.0 launch.

Directory.Packages.props (1)

7-7: Package dependency stabilized from preview to release version.

Upgrading from 10.0.0-preview.3 to the stable 10.0.0 release is a good preparation step before finalizing v4.0.0. This eliminates potential issues with preview dependencies in a production release.

src/Codebelt.Bootstrapper/BootstrapperLifetime.cs (1)

89-91: Improved XML documentation format.

The documentation reference format has been simplified from fully qualified names to a more readable format while maintaining the same semantic meaning.

.github/workflows/pipelines.yml (3)

21-23: Enhanced security with explicit workflow permissions.

Adding default read-only content permissions at the workflow level follows the security principle of least privilege, providing only the necessary access for the workflow to function.

---

136-137: Appropriate permission for CodeQL security analysis.

Adding the security-events: write permission is necessary for the CodeQL job to write security analysis results, ensuring this security scanning feature functions correctly.

---

145-147: Required permissions added for deployment operations.

The contents: write and packages: write permissions are necessary for the deploy job to push packages and potentially update repository content during release. This explicitly defines the required access level for deployment operations.

Directory.Build.props (1)

35-37: Great addition of .NET Analyzers!

Adding .NET Analyzers with the latest analysis level and recommended mode will help enforce coding standards and catch potential issues early in development.

src/Codebelt.Bootstrapper.Console/MinimalConsoleHostedService.cs (5)

7-7: Added Cuemon namespace for decorator pattern

The added using statement imports the necessary Decorator class from the Cuemon namespace.

---

61-61: Refactored logging to use centralized message pattern

The direct logging call has been replaced with the decorator pattern that uses the centralized RunAsyncStarted method from BootstrapperLogMessages, improving logging consistency.

---

67-67: Refactored warning log to use centralized message pattern

The direct warning log has been replaced with the decorator pattern that uses the centralized UnableToActivateInstance method from BootstrapperLogMessages.

---

72-72: Refactored critical error log to use centralized message pattern

The direct critical log has been replaced with the decorator pattern that uses the centralized FatalErrorActivating method from BootstrapperLogMessages.

---

97-97:

❓ Verification inconclusive

Verify null handling in decorator pattern

The null-conditional operator (?.) is now used on the result of Decorator.EncloseToExpose(_logger, false) rather than directly on _logger. Ensure that the EncloseToExpose method properly handles null _logger values.

Also applies to: 101-101

---

🏁 Script executed:

#!/bin/bash
# Look for the definition of EncloseToExpose and check its null handling
ast-grep --pattern $'Decorator.EncloseToExpose'

Length of output: 1660

---

I'll run another search to locate the actual implementation of Decorator.EncloseToExpose to verify how it handles a null _logger value.

---

🏁 Script executed:

#!/bin/bash
# Search for the definition of EncloseToExpose in the repository
rg "EncloseToExpose\\s*\\(" -n .

Length of output: 1666

---

Review Verification: Confirm Null Handling in Decorator.EncloseToExpose

• The code now conditionally invokes methods on the result of Decorator.EncloseToExpose(_logger, false) (e.g. using ?.RunAsyncPrematureEnd() and ?.RunAsyncCompleted() in MinimalConsoleHostedService.cs and ConsoleHostedService.cs) while other calls (e.g. RunAsyncStarted(), FatalErrorActivating(), etc.) assume a non-null result.
• Please verify that the implementation of EncloseToExpose properly handles a null _logger by either:
  • Returning a safe no-op decorator instance when _logger is null, or
  • Documenting and enforcing that _logger should never be null.
• Ensure consistency in handling across all invocations so that the presence or absence of the null-conditional operator is intentional and safe.

src/Codebelt.Bootstrapper.Console/ConsoleHostedService.cs (3)

1-1: Reordered and added necessary imports

Added the Cuemon namespace for the Decorator pattern and reordered System namespace imports.

Also applies to: 5-7

---

59-59: Refactored logging to use centralized message pattern

Direct logging calls have been replaced with the decorator pattern that uses centralized methods from BootstrapperLogMessages, ensuring consistent logging across the application.

Also applies to: 65-65, 74-74

---

95-95:

❓ Verification inconclusive

Verify null handling in decorator pattern

As in the MinimalConsoleHostedService, the null-conditional operator (?.) is now used on the result of Decorator.EncloseToExpose(_logger, false). Confirm that this approach correctly handles null logger instances.

Also applies to: 99-99

---

🏁 Script executed:

#!/bin/bash
# Check how null loggers are handled in production code
rg -A 2 -B 2 "EncloseToExpose.*null" --type=cs

Length of output: 48

---

Attention: Verify Decorator’s Null-Handling Behavior

The current change uses the null-conditional operator (?.) on the result of Decorator.EncloseToExpose(_logger, false), ensuring that if the decorator returns null (for instance, when _logger is null), the subsequent call to RunAsyncPrematureEnd() won’t be executed. This approach mirrors the null handling seen in MinimalConsoleHostedService.

Before finalizing, please manually verify that:

• The implementation of Decorator.EncloseToExpose indeed returns null when a null logger (or any equivalent undesirable state) is encountered.
• The behavior remains consistent with the handling in MinimalConsoleHostedService (specifically at lines 99-99).

Once these points have been confirmed, the null-handling logic in ConsoleHostedService can be considered correct.

src/Codebelt.Bootstrapper/BootstrapperLogMessages.cs (3)

1-13: Well-designed centralized logging implementation

The new BootstrapperLogMessages class follows Microsoft's recommended LoggerMessage pattern for high-performance logging. The class is well-documented, including a link to the relevant Microsoft documentation.

---

14-23: Good event ID organization and message categorization

The logging messages are well-organized with clear event ID ranges for different log levels:

• 1000-range for Information
• 2000-range for Warning
• 3000-range for Critical

This makes log filtering and analysis much easier.

---

25-72: Well-documented extension methods

The extension methods for the IDecorator<ILogger> interface are well-documented with XML comments that clearly explain their purpose. Each method correctly delegates to its corresponding definition method.

[codecov]

Codecov Report

Attention: Patch coverage is 56.66667% with 13 lines in your changes missing coverage. Please review.

Please upload report for BASE (main@f0bcd1b). Learn more about missing BASE report.

Files with missing lines	Patch %	Lines
...c/Codebelt.Bootstrapper/BootstrapperLogMessages.cs	55.00%	9 Missing ⚠️
...ebelt.Bootstrapper.Console/ConsoleHostedService.cs	60.00%	2 Missing ⚠️
...ootstrapper.Console/MinimalConsoleHostedService.cs	60.00%	2 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #11   +/-   ##
=======================================
  Coverage        ?   76.17%           
=======================================
  Files           ?       20           
  Lines           ?      256           
  Branches        ?       16           
=======================================
  Hits            ?      195           
  Misses          ?       61           
  Partials        ?        0           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
44.7% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud