V9.0.5/service update

[gimlichael]

This pull request includes updates to dependencies, workflow configurations, and Dockerfile setups across multiple files. The changes aim to enhance compatibility, streamline workflows, and ensure the use of the latest versions of dependencies and tools.

Dependency Updates:

• .nuget/Codebelt.Extensions.Globalization/PackageReleaseNotes.txt: Updated to version 9.0.5, highlighting upgraded dependencies for all supported target frameworks.
• Directory.Packages.props: Incremented the version of Codebelt.Extensions.Xunit from 10.0.3 to 10.0.4.

Workflow Configuration Updates:

• .github/workflows/pipelines.yml: Updated sonarcloud and codeql job configurations to use version v2 of their respective workflows. [1] [2]

Dockerfile Enhancements:

• .docfx/Dockerfile.docfx: Parameterized the NGINX version using an ARG directive and updated the base and final stages to use the new version (1.29.0-alpine). [1] [2]

Test Environment Update:

• testenvironments.json: Updated the Docker image for the Docker-Ubuntu test environment to gimlichael/ubuntu-testrunner:net8.0.412-9.0.302.

Changelog Update:

• CHANGELOG.md: Added an entry for version 9.0.5, describing it as a service update focused on package dependencies.

Summary by CodeRabbit

• Chores
  • Updated package dependencies to the latest compatible versions for all supported frameworks.
  • Upgraded the version of "Codebelt.Extensions.Xunit" used in the project.
  • Centralized and updated the NGINX version specification in the Dockerfile for easier maintenance.
  • Updated CI/CD workflows to use the latest versions of reusable GitHub Actions.
  • Refreshed the Docker image tag for the Ubuntu test environment.
  • Added new release notes and changelog entry for version 9.0.5.

[coderabbitai]

Walkthrough

This update introduces a build argument for the nginx version in the Dockerfile, updates reusable workflow versions in the CI/CD pipeline, documents a new package release, updates a package dependency version, and refreshes a test environment Docker image tag. All changes are configuration or documentation updates without code-level modifications.

Changes

File(s)	Change Summary
.docfx/Dockerfile.docfx	Added NGINX_VERSION build argument; centralized nginx version specification.
.github/workflows/pipelines.yml	Updated reusable workflow versions for sonarcloud and codeql jobs from v1 to v2; added projects input.
.nuget/Codebelt.Extensions.Globalization/PackageReleaseNotes.txt	Added release notes for version 9.0.5; noted dependency upgrades for all supported TFMs.
CHANGELOG.md	Added changelog entry for 9.0.5, noting service update for package dependencies.
Directory.Packages.props	Bumped Codebelt.Extensions.Xunit from 10.0.3 to 10.0.4; YamlDotNet from 9.0.4 to 9.0.5.
testenvironments.json	Updated Docker-Ubuntu test runner image tag to net8.0.412-9.0.302.

Possibly related PRs

• V9.0.4/service update #8: Continued parameterization of nginx version in the Dockerfile using a build argument.
• V9.0.3/package maintenance #6: Previous update to the nginx version in the Dockerfile and broader workflow refactoring.
• V9.0.2/housekeeping #5: Earlier refactor of the workflow file, introducing reusable workflow calls for CI/CD jobs.

Poem

🐇
A hop, a skip, a version bump,
Nginx and workflows get a jump.
Dependencies fresh, release notes new,
Docker tags updated too!
With every tweak and tidy line,
The codebase shines—oh, how divine!

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4e32f6e and 7fe3e34.

📒 Files selected for processing (2)

• .github/workflows/pipelines.yml (2 hunks)
• Directory.Packages.props (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• Directory.Packages.props
• .github/workflows/pipelines.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: call-test (windows-2022, Debug) / 🧪 Test
• GitHub Check: call-test (windows-2022, Release) / 🧪 Test

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Copilot]

Pull Request Overview

This service update (v9.0.5) bumps dependency versions, updates CI workflows, parameterizes the DocFX Docker setup, and refreshes the test environment image.

• Bumped Codebelt.Extensions.Xunit and global package versions.
• Switched GitHub Actions sonarcloud/codeql jobs to v2 and added ARG for NGINX version in Dockerfile.
• Updated Docker test runner image and added a v9.0.5 entry to changelog and release notes.

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
testenvironments.json	Updated dockerImage tag to net8.0.412-9.0.302
Directory.Packages.props	Bumped Codebelt.Extensions.Xunit from 10.0.3 to 10.0.4
CHANGELOG.md	Added ## [9.0.5] - 2025-07-11 entry
.nuget/Codebelt.Extensions.Globalization/PackageReleaseNotes.txt	Updated to Version 9.0.5 with upgraded dependency notes
.github/workflows/pipelines.yml	Changed sonarcloud/codeql workflow references from @v1 to @v2
.docfx/Dockerfile.docfx	Introduced ARG NGINX_VERSION=1.29.0-alpine and replaced hardcoded versions

[Copilot]

[nitpick] Consider moving the ARG NGINX_VERSION declaration before the first FROM to keep all build arguments centralized and ensure consistency if additional stages are added.

[Copilot]

For improved reproducibility and security, consider pinning the Docker image to a specific digest instead of a mutable tag.

Suggested change

	"dockerImage": "gimlichael/ubuntu-testrunner:net8.0.412-9.0.302"
	"dockerImage": "gimlichael/ubuntu-testrunner@sha256:<digest>"

[Copilot]

[nitpick] Remove the leading BOM or hidden character before Version 9.0.5 to avoid encoding issues and ensure consistent formatting across environments.

Suggested change

	Version 9.0.5
	Availability: .NET 9, .NET 8 and .NET Standard 2.0
	Version 9.0.5
	Availability: .NET 9, .NET 8 and .NET Standard 2.0

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

CHANGELOG.md (1)

10-13: Consider adding concrete details to the changelog entry.

The new 9.0.5 entry repeats the generic “service update” wording used in previous versions. Calling out which dependencies were upgraded (e.g., Xunit 10.0.4, NGINX 1.29.0-alpine) provides more value to readers.

.nuget/Codebelt.Extensions.Globalization/PackageReleaseNotes.txt (1)

1-5: Release notes entry looks correct – watch out for BOM + leading space artifacts.

The file now starts with a UTF-8 BOM and a zero-width space before “Version”. Some tooling renders these characters; if that becomes an issue, consider stripping them.

.docfx/Dockerfile.docfx (1)

13-13: Repeat ARG NGINX_VERSION after the last FROM for maximum compatibility.

Some older Docker versions require re-declaring build args after each stage transition. Harmless on newer engines and prevents “unknown variable” issues.

 FROM nginx:${NGINX_VERSION} AS final
+ARG NGINX_VERSION

.github/workflows/pipelines.yml (1)

82-82: Ensure jobs-codeql@v2 remains compatible & consider aligning Codecov

Same concern as above—pipeline will fail if @v2 is missing or its required inputs changed.
Additionally, the codecov job still references @v1; consider bumping it for consistency once you confirm a stable v2 exists.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 55a19f1 and 4e32f6e.

📒 Files selected for processing (6)

• .docfx/Dockerfile.docfx (2 hunks)
• .github/workflows/pipelines.yml (2 hunks)
• .nuget/Codebelt.Extensions.Globalization/PackageReleaseNotes.txt (1 hunks)
• CHANGELOG.md (1 hunks)
• Directory.Packages.props (1 hunks)
• testenvironments.json (1 hunks)

🔇 Additional comments (4)

Directory.Packages.props (1)

6-6: Version bump looks fine – make sure consuming projects restore the new package.

Codebelt.Extensions.Xunit 10.0.4 is a patch update, so no breaking changes are expected, but double-check that CI still passes for all target frameworks after the restore.

testenvironments.json (1)

12-12: Verify that the new test-runner image is available and pulls successfully.

Before merging, confirm that gimlichael/ubuntu-testrunner:net8.0.412-9.0.302 exists in the registry and that CI can pull it; otherwise pipeline jobs will fail.

.docfx/Dockerfile.docfx (1)

1-3: Good move parameterising the NGINX version.

Centralising the version with ARG NGINX_VERSION simplifies future upgrades and reduces duplication.

.github/workflows/pipelines.yml (1)

64-69: ✅ jobs-sonarcloud@v2 tag and inputs verified.

• v2 tag exists in codebeltnet/jobs-sonarcloud
• Required inputs (organization, projectKey, version) match exactly
• Optional inputs (host, include-preview, parameters, timeout-minutes) have sensible defaults
• secrets: inherit will pass through SONAR_TOKEN as expected

No changes needed.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
2 Accepted issues

Measures
2 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube Cloud