Bugfixes for moved subscription

Author: rvanmaanen

README.md

@@ -9,7 +9,7 @@ Tech Hub is a **modern .NET 10 web application** built with Blazor that serves a
 | **Backend** | ASP.NET Core Minimal API, .NET 10, C# 13 |
 | **Frontend** | Blazor InteractiveServer with prerendering |
 | **Orchestration** | .NET Aspire (service discovery, telemetry, health checks) |
-| **Database** | PostgreSQL (Dapper) or FileSystem (no database) |
+| **Database** | PostgreSQL (Dapper) |
 | **Infrastructure** | Azure Container Apps, Bicep IaC, GitHub Actions CI/CD |
 | **Testing** | xUnit v3, bUnit, Playwright, Pester |
 
@@ -49,7 +49,6 @@ See **[docs/running-and-testing.md](docs/running-and-testing.md)** for the full
 
 - **TechHub.Core** — Domain models and interfaces (framework-agnostic)
 - **TechHub.Infrastructure** — Dapper repositories, markdown processing, caching
-- **collections/** — Markdown content (news, videos, blogs, community, roundups) synced to database at startup
 
 See **[docs/architecture.md](docs/architecture.md)** for full details.
 
@@ -59,11 +58,9 @@ See **[docs/architecture.md](docs/architecture.md)** for full details.
 |-----------|---------|
 | `src/` | Application source code (API, Web, Core, Infrastructure, AppHost) |
 | `tests/` | Unit, integration, component, E2E, and PowerShell tests |
-| `collections/` | Markdown content organized by collection type |
 | `docs/` | Functional and technical documentation |
 | `scripts/` | PowerShell automation (build, deploy, content processing) |
 | `infra/` | Bicep IaC templates for Azure Container Apps |
-| `specs/` | Feature specifications (SpecKit format) |
 
 See **[docs/repository-structure.md](docs/repository-structure.md)** for the complete breakdown.
 

docs/repository-structure.md

@@ -81,8 +81,6 @@ See [src/AGENTS.md](../src/AGENTS.md) for general .NET development patterns and
     - `_news/` - Sample news items
     - `_roundups/` - Sample roundup posts
     - `_videos/` - Sample video content
-  - `DatabaseFixture.cs` - In-memory database setup for integration tests
-  - `TechHubApiFactory.cs` - WebApplicationFactory for API testing
   - `TestCollectionsSeeder.cs` - Seeds test database from TestCollections
   - See [tests/TechHub.TestUtilities/AGENTS.md](../tests/TechHub.TestUtilities/AGENTS.md)
 

scripts/Manage-EntraId.ps1

@@ -22,10 +22,11 @@
     Deployment SP Key Vault roles (staging/production only):
     The GitHub Actions deployment service principal (sp-techhubms, appId: 91fe5f39-bee3-48b1-b976-e8ba4e41d84e)
     is separate from the TechHub OIDC app registration. It uses OIDC federated credentials (no secret)
-    and needs two roles on the subscription to write secrets and manage Key Vault network firewall rules
-    during deploy:
-        - Key Vault Secrets Officer  (write/read/delete secrets)
-        - Key Vault Contributor      (manage network ACL rules)
+    and needs three roles on the subscription to write secrets, manage Key Vault network firewall rules,
+    and create/update subscription-scoped policy assignments during deploy:
+        - Key Vault Secrets Officer      (write/read/delete secrets)
+        - Key Vault Contributor          (manage network ACL rules)
+        - Resource Policy Contributor    (create/update policy assignments in infrastructure.bicep)
     Pass -DeploymentSpObjectId <OID> to assign these roles automatically.
 
     Secret delivery:
@@ -621,8 +622,9 @@ if (-not $isLocalhost -and $DeploymentSpObjectId) {
     $subscriptionScope = "/subscriptions/$subscriptionId"
 
     $kvRoles = @(
-        @{ Name = 'Key Vault Secrets Officer'; Reason = 'write/read/delete secrets during deploy' },
-        @{ Name = 'Key Vault Contributor';     Reason = 'manage network ACL firewall rules' }
+        @{ Name = 'Key Vault Secrets Officer';    Reason = 'write/read/delete secrets during deploy' },
+        @{ Name = 'Key Vault Contributor';        Reason = 'manage network ACL firewall rules' },
+        @{ Name = 'Resource Policy Contributor';  Reason = 'create/update subscription-scoped policy assignments in infrastructure.bicep' }
     )
 
     foreach ($kvRole in $kvRoles) {

src/TechHub.Infrastructure/Services/Newsletter/NewsletterService.cs

@@ -143,13 +143,31 @@ public async Task<bool> SendCombinedWeeklyAsync(IReadOnlyList<string> roundupSlu
                     successful++;
                 }
 
-                await _subscriberRepository.RecordSubscriberSendAsync(subscriber.Email, isWeekly: true, succeeded: emailSent, ct);
+#pragma warning disable CA1031 // Best-effort: status recording must not affect the send result
+                try
+                {
+                    await _subscriberRepository.RecordSubscriberSendAsync(subscriber.Email, isWeekly: true, succeeded: emailSent, ct);
+                }
+                catch (Exception dbEx) when (dbEx is not OperationCanceledException)
+                {
+                    _logger.LogWarning(dbEx, "Failed recording weekly send status for subscriber — continuing");
+                }
+#pragma warning restore CA1031
             }
 #pragma warning disable CA1031 // Best-effort: continue with other subscribers if one fails
             catch (Exception ex) when (ex is not OperationCanceledException)
             {
                 _logger.LogWarning(ex, "Failed sending weekly newsletter to subscriber — skipping");
-                await _subscriberRepository.RecordSubscriberSendAsync(subscriber.Email, isWeekly: true, succeeded: false, CancellationToken.None);
+#pragma warning disable CA1031 // Best-effort: status recording must not abort the loop
+                try
+                {
+                    await _subscriberRepository.RecordSubscriberSendAsync(subscriber.Email, isWeekly: true, succeeded: false, CancellationToken.None);
+                }
+                catch (Exception dbEx) when (dbEx is not OperationCanceledException)
+                {
+                    _logger.LogWarning(dbEx, "Failed recording weekly send failure status for subscriber — continuing");
+                }
+#pragma warning restore CA1031
             }
 #pragma warning restore CA1031
         }
@@ -421,13 +439,31 @@ public async Task<bool> SendDailyOverviewAsync(DateOnly day, CancellationToken c
                     sent++;
                 }
 
-                await _subscriberRepository.RecordSubscriberSendAsync(subscriber.Email, isWeekly: false, succeeded: emailSent, ct);
+#pragma warning disable CA1031 // Best-effort: status recording must not affect the send result
+                try
+                {
+                    await _subscriberRepository.RecordSubscriberSendAsync(subscriber.Email, isWeekly: false, succeeded: emailSent, ct);
+                }
+                catch (Exception dbEx) when (dbEx is not OperationCanceledException)
+                {
+                    _logger.LogWarning(dbEx, "Failed recording daily send status for subscriber — continuing");
+                }
+#pragma warning restore CA1031
             }
 #pragma warning disable CA1031 // Best-effort: continue with other subscribers if one fails
             catch (Exception ex) when (ex is not OperationCanceledException)
             {
                 _logger.LogWarning(ex, "Failed sending daily newsletter to subscriber — skipping");
-                await _subscriberRepository.RecordSubscriberSendAsync(subscriber.Email, isWeekly: false, succeeded: false, CancellationToken.None);
+#pragma warning disable CA1031 // Best-effort: status recording must not abort the loop
+                try
+                {
+                    await _subscriberRepository.RecordSubscriberSendAsync(subscriber.Email, isWeekly: false, succeeded: false, CancellationToken.None);
+                }
+                catch (Exception dbEx) when (dbEx is not OperationCanceledException)
+                {
+                    _logger.LogWarning(dbEx, "Failed recording daily send failure status for subscriber — continuing");
+                }
+#pragma warning restore CA1031
             }
 #pragma warning restore CA1031
         }