Create release.yml

[guibranco]

User description

📑 Description

Create release.yml

✅ Checks

• My pull request adheres to the code style of this project
• My code requires changes to the documentation
• I have updated the documentation as required
• All the tests have passed

☢️ Does this introduce a breaking change?

• Yes
• No

---

Summary by Sourcery

Add an automated release workflow that builds, tests, analyzes, packages, and publishes the project on pushes to the main branch.

CI:

• Introduce a GitHub Actions release pipeline that runs build, tests with coverage, and static analysis on main pushes.
• Integrate SonarCloud, Codecov, and Codacy reporting into the CI pipeline.
• Automatically version builds using GitVersion and tag release commits in Git.
• Automatically create GitHub releases with bundled binaries, coverage artifacts, and NuGet packages.
• Publish generated NuGet packages to NuGet.org as part of the release workflow.

Summary by CodeRabbit

• Chores
  • Added automated release management workflow with semantic versioning
  • Integrates code quality scanning and coverage reporting tools
  • Automatically publishes packages to NuGet.org
  • Creates GitHub releases with build artifacts

---

Description

• Introduced an automated release workflow that builds, tests, analyzes, packages, and publishes the project on pushes to the main branch.
• Integrated SonarCloud, Codecov, and Codacy for code quality and coverage reporting.
• Automated versioning using GitVersion and tagging of release commits in Git.
• Enabled publishing of NuGet packages to NuGet.org as part of the release process.

---

Changes walkthrough 📝

	Relevant files
Enhancement	release.yml Comprehensive Automated Release Workflow Implementation    .github/workflows/release.yml Added a comprehensive automated release workflow. Integrated CI tools for testing, coverage, and code quality. Configured automatic versioning and tagging of releases. Implemented publishing of NuGet packages to NuGet.org. +271/-0

---

💡 Penify usage:
Comment /help on the PR to get a list of all available Penify tools and their descriptions

[sourcery-ai]

Reviewer's Guide

Adds a new GitHub Actions workflow that automates versioning, build, tests with coverage, code quality analysis, packaging, NuGet publishing, and GitHub Releases on pushes to main.

Flow diagram for build, test, package, and release pipeline

flowchart TB
  Trigger["Push to main branch"] --> StartJob["Start Release job"]

  subgraph Setup["Environment setup"]
    Checkout["Checkout repository (fetch-depth 0)"]
    DotNet["Setup .NET 10 SDK"]
    Java["Setup Java 21"]
    GitVersionInstall["Install GitVersion"]
    SonarTool["Install dotnet-sonarscanner"]

    StartJob --> Checkout --> DotNet --> Java --> GitVersionInstall --> SonarTool
  end

  subgraph Versioning["Version resolution"]
    GitVersionRun["Run GitVersion (compute semVer)"]
    PatchProps["Patch *.props versions with semVer"]
    ResolveSln["Resolve solution name (*.sln)"]

    SonarTool --> GitVersionRun --> PatchProps --> ResolveSln
  end

  subgraph AnalysisBuildTest["Code analysis, build, tests"]
    Restore["dotnet restore"]
    SonarBegin["SonarCloud begin scan"]
    Build["dotnet build --no-restore"]
    Test["dotnet test for each Tests/*.csproj with coverage"]
    PublishTestResults["Upload JUnit test results as artifact"]
    SonarEnd["SonarCloud end scan"]

    ResolveSln --> Restore --> SonarBegin --> Build --> Test --> PublishTestResults --> SonarEnd
  end

  subgraph CoverageReporting["Coverage reporting"]
    ToCodecov["Upload coverage to Codecov"]
    ToCodacy["Upload coverage to Codacy"]

    SonarEnd --> ToCodecov --> ToCodacy
  end

  subgraph Packaging["Collect and package artifacts"]
    CollectArtifacts["Collect binaries and coverage into Artifacts/"]
    ZipArchives["Create per-TFM and coverage zip archives in Zips/"]
    CollectNuGet["Collect .nupkg and .snupkg into Zips/"]

    ToCodacy --> CollectArtifacts --> ZipArchives --> CollectNuGet
  end

  subgraph PublishAndRelease["Publish and release"]
    PushNuGet["Push .nupkg to NuGet.org (skip-duplicate)"]
    TagVersion["Create and push git tag v<semVer>"]
    CreateRelease["Create GitHub Release with Zips/* and autogenerated notes"]

    CollectNuGet --> PushNuGet --> TagVersion --> CreateRelease
  end

  CreateRelease --> End["Release pipeline complete"]

Loading

File-Level Changes

Change	Details	Files
Introduce end-to-end release GitHub Actions workflow triggered on main branch pushes.	Define a single release job with concurrency control and environment variables for .NET and project packaging configuration Configure a CouchDB service container used during tests Check out the repository with full history and configure .NET 10 and Java 21 toolchains	.github/workflows/release.yml
Automate version calculation and propagation into project metadata.	Install and run GitVersion to compute semantic version information Patch all .props files to update Version, PackageVersion, AssemblyVersion, FileVersion, and InformationalVersion elements based on GitVersion output Resolve the solution name dynamically by discovering the first .sln file	.github/workflows/release.yml
Integrate static analysis and test coverage reporting into the pipeline.	Install and run dotnet-sonarscanner to perform SonarCloud analysis using the computed version and solution name Run dotnet restore, build, and test for all test projects with coverage generation in multiple formats Upload JUnit test results as artifacts and send coverage reports to Codecov and Codacy Complete the SonarCloud analysis by finalizing the scan step	.github/workflows/release.yml
Package build outputs and test coverage artifacts for release.	Collect per-target-framework build outputs for the core project and configured sub-projects into a structured Artifacts directory Copy generated coverage reports into an Artifacts/Coverage folder Compress coverage and per-target-framework binaries into versioned ZIP archives under a Zips directory	.github/workflows/release.yml
Publish NuGet packages and create tagged GitHub releases.	Copy generated .nupkg and .snupkg files for the core and sub-projects into the Zips directory Push all NuGet packages in Zips to nuget.org using a repository secret API key, skipping duplicates Create a git tag based on the computed semantic version and push it to origin Create a GitHub Release for the new tag with auto-generated release notes and attach all ZIP and package artifacts	.github/workflows/release.yml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

Walkthrough

A new GitHub Actions workflow for automated release management on the main branch. The workflow provisions development tools, computes semantic versioning via GitVersion, performs static analysis via SonarCloud, executes tests with coverage collection, publishes binaries and packages to NuGet.org, and creates GitHub releases with automatically generated release notes.

Changes

Cohort / File(s)	Summary
GitHub Actions Release Workflow .github/workflows/release.yml	New 271-line CI/CD workflow that orchestrates versioning (GitVersion), code analysis (SonarCloud), testing with coverage (Codecov, Codacy), artifact collection across target frameworks, NuGet package publication, and GitHub release creation on pushes to main.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Poem

🐰 A pipeline so grand, from code to release,
With SonarCloud whispers and NuGet's sweet peace,
Through frameworks and coverage, the versions align,
GitHub tags glisten—automation divine! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Create release.yml' is vague and generic, using minimal descriptive information that doesn't convey the purpose or significance of the workflow being added.	Consider a more descriptive title like 'Add GitHub Actions release workflow with versioning, testing, and publishing' to better communicate the main purpose of the changeset.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch guibranco-patch-3

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• The CouchDB service is configured with hardcoded credentials in the workflow; consider moving the username/password to encrypted GitHub Secrets and referencing them via ${{ secrets.* }} to avoid exposing credentials in the repo.
• The workflow references net9.0 (e.g., in TARGET_FRAMEWORKS and coverage file paths) but only installs the .NET 10.0.x SDK; ensure the .NET SDK version(s) required to build/test all target frameworks (including net9.0) are explicitly installed with actions/setup-dotnet.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The CouchDB service is configured with hardcoded credentials in the workflow; consider moving the username/password to encrypted GitHub Secrets and referencing them via `${{ secrets.* }}` to avoid exposing credentials in the repo.
- The workflow references `net9.0` (e.g., in `TARGET_FRAMEWORKS` and coverage file paths) but only installs the `.NET 10.0.x` SDK; ensure the .NET SDK version(s) required to build/test all target frameworks (including `net9.0`) are explicitly installed with `actions/setup-dotnet`.

## Individual Comments

### Comment 1
<location path=".github/workflows/release.yml" line_range="128-136" />
<code_context>
+        run: dotnet build --no-restore --verbosity minimal ${{ steps.solution.outputs.name }}.sln
+
+      # ── Test + coverage ───────────────────────────────────────────────────────
+      - name: Test with coverage
+        run: |
+          for TEST_PROJ in $(find ./Tests -name "*.csproj" -type f); do
+            dotnet test "$TEST_PROJ" \
+              --no-build \
+              --verbosity minimal \
+              /p:CollectCoverage=true \
+              /p:CoverletOutputFormat='"cobertura,opencover,lcov"' \
+              --logger:"junit;LogFilePath=test-results.xml"
+          done
+
</code_context>
<issue_to_address>
**issue (bug_risk):** Coverage report file naming may not match the hardcoded paths used later for Sonar/Codecov/Codacy.

`dotnet test` is run with Coverlet enabled but without an explicit `CoverletOutput` (or per-framework outputs). With multiple TFMs/projects, Coverlet typically generates framework/project-specific filenames (e.g. `coverage.net9.0.opencover.xml`), while later steps assume a single fixed path (`Tests/${SLN}.Tests/coverage.net9.0.opencover.xml`) for SonarCloud/Codecov/Codacy. This mismatch can cause those tools to miss or fail on coverage. Consider either setting `CoverletOutput` explicitly per test project/TFM to match the expected path, or using globs and merging coverage reports before passing them on.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue (bug_risk): Coverage report file naming may not match the hardcoded paths used later for Sonar/Codecov/Codacy.

dotnet test is run with Coverlet enabled but without an explicit CoverletOutput (or per-framework outputs). With multiple TFMs/projects, Coverlet typically generates framework/project-specific filenames (e.g. coverage.net9.0.opencover.xml), while later steps assume a single fixed path (Tests/${SLN}.Tests/coverage.net9.0.opencover.xml) for SonarCloud/Codecov/Codacy. This mismatch can cause those tools to miss or fail on coverage. Consider either setting CoverletOutput explicitly per test project/TFM to match the expected path, or using globs and merging coverage reports before passing them on.

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (1)

.github/workflows/release.yml (1)

225-250: The package-on-build configuration is already in place; consider hardening the publish loop for safety.

Directory.Build.props already has <GeneratePackageOnBuild>true</GeneratePackageOnBuild> enabled, so packages will be generated during the build step. However, the publish loop should still guard against empty glob expansion:

Defensive guard for the publish loop

       - name: Push to NuGet.org
         run: |
-          for PKG in Zips/*.nupkg; do
+          shopt -s nullglob
+          PACKAGES=(Zips/*.nupkg)
+          [ ${`#PACKAGES`[@]} -gt 0 ] || { echo "No .nupkg files found in Zips/"; exit 1; }
+          for PKG in "${PACKAGES[@]}"; do
             echo "Publishing $PKG …"
             dotnet nuget push "$PKG" \
               --api-key "${{ secrets.NUGET_TOKEN }}" \
               --source https://api.nuget.org/v3/index.json \
               --skip-duplicate
           done

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yml around lines 225 - 250, The "Push to
NuGet.org" publish loop (step name "Push to NuGet.org", loop variable PKG over
Zips/*.nupkg) currently risks iterating a literal pattern when no packages
exist; add a defensive guard before the loop to ensure there are matching files
(e.g., test with compgen -G "Zips/*.nupkg" or ls/check -e) and skip/passthrough
the publish step when none are found so the dotnet nuget push loop only runs
when real .nupkg files exist.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/release.yml:
- Line 121: The workflow currently passes a hard-coded report path
"/d:sonar.cs.opencover.reportsPaths=Tests/${SLN}.Tests/coverage.net9.0.opencover.xml"
which only includes the `${SLN}.Tests` project; update these reporter/copy
arguments (the Sonar `sonar.cs.opencover.reportsPaths`, the Codecov/Codacy
upload and any copy steps referenced at the same locations) to accept a glob
that aggregates all test project coverage files such as
`Tests/**/coverage.net9.0.opencover.xml` (or build the list from the
`Tests/**/*.csproj` step), ensuring the Sonar/Codecov/Codacy parameters use that
aggregated list instead of the single `Tests/${SLN}.Tests/...` path; apply the
same change to the other occurrences mentioned (the blocks around the other
lines referenced) so all test projects’ coverage is uploaded.
- Line 27: The PACKAGE_PROJECTS environment list in the release workflow is
missing the CouchDB project, so update the PACKAGE_PROJECTS value (the variable
named PACKAGE_PROJECTS in the release.yml workflow) to include "CouchDB" among
the space-separated projects used by the binary/NuGet collection and publish
loops; ensure the entry matches the project folder/name (e.g., add CouchDB to
the existing string "Configuration ElasticSearch Elmah EventLog I18n.PtBr
Log4Net RabbitMQ Redis Utils") so the
Src/CrispyWaffle.CouchDB/CrispyWaffle.CouchDB.csproj artifacts are picked up and
published.
- Line 28: The TARGET_FRAMEWORKS value in the release workflow is out of sync
with the project files: update the TARGET_FRAMEWORKS variable (the symbol
TARGET_FRAMEWORKS) from "netstandard2.0 netstandard2.1 net6.0 net9.0" to include
net8.0 instead of net6.0 (e.g. "netstandard2.0 netstandard2.1 net8.0 net9.0") so
the artifact creation loop picks up the real net8.0 build outputs rather than
creating empty net6.0 zips.
- Around line 255-261: The "Tag release version" step currently always runs git
tag -a "$VERSION" which will fail on reruns if the tag already exists; update
the step to be idempotent by detecting whether the tag already exists (e.g., use
git ls-remote --tags origin "$VERSION" or git rev-parse -q --verify
"refs/tags/$VERSION") and only create and push the tag if it is missing,
otherwise skip tagging; reference the VERSION variable, the git tag -a command
and the git push origin "$VERSION" invocation when implementing the conditional
check.

---

Nitpick comments:
In @.github/workflows/release.yml:
- Around line 225-250: The "Push to NuGet.org" publish loop (step name "Push to
NuGet.org", loop variable PKG over Zips/*.nupkg) currently risks iterating a
literal pattern when no packages exist; add a defensive guard before the loop to
ensure there are matching files (e.g., test with compgen -G "Zips/*.nupkg" or
ls/check -e) and skip/passthrough the publish step when none are found so the
dotnet nuget push loop only runs when real .nupkg files exist.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e274053e-9aa8-47eb-9669-7d08f475f686

📥 Commits

Reviewing files that changed from the base of the PR and between 9918953 and 1266094.

📒 Files selected for processing (1)

• .github/workflows/release.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Add CouchDB to PACKAGE_PROJECTS.

Src/CrispyWaffle.CouchDB/CrispyWaffle.CouchDB.csproj:1-10 already carries package metadata, but this list omits it. The binary and NuGet loops below therefore never collect or publish the CouchDB artifacts.

Suggested fix

-      PACKAGE_PROJECTS: "Configuration ElasticSearch Elmah EventLog I18n.PtBr Log4Net RabbitMQ Redis Utils"
+      PACKAGE_PROJECTS: "Configuration CouchDB ElasticSearch Elmah EventLog I18n.PtBr Log4Net RabbitMQ Redis Utils"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yml at line 27, The PACKAGE_PROJECTS environment
list in the release workflow is missing the CouchDB project, so update the
PACKAGE_PROJECTS value (the variable named PACKAGE_PROJECTS in the release.yml
workflow) to include "CouchDB" among the space-separated projects used by the
binary/NuGet collection and publish loops; ensure the entry matches the project
folder/name (e.g., add CouchDB to the existing string "Configuration
ElasticSearch Elmah EventLog I18n.PtBr Log4Net RabbitMQ Redis Utils") so the
Src/CrispyWaffle.CouchDB/CrispyWaffle.CouchDB.csproj artifacts are picked up and
published.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Sync TARGET_FRAMEWORKS with Directory.Build.props.

Directory.Build.props:2-4 and Src/CrispyWaffle/CrispyWaffle.csproj:1-10 currently build netstandard2.0;netstandard2.1;net8.0;net9.0. Keeping net6.0 here means the artifact loops below skip the real net8.0 output and still create empty net6.0 release zips.

Suggested fix

-      TARGET_FRAMEWORKS: "netstandard2.0 netstandard2.1 net6.0 net9.0"
+      TARGET_FRAMEWORKS: "netstandard2.0 netstandard2.1 net8.0 net9.0"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yml at line 28, The TARGET_FRAMEWORKS value in the
release workflow is out of sync with the project files: update the
TARGET_FRAMEWORKS variable (the symbol TARGET_FRAMEWORKS) from "netstandard2.0
netstandard2.1 net6.0 net9.0" to include net8.0 instead of net6.0 (e.g.
"netstandard2.0 netstandard2.1 net8.0 net9.0") so the artifact creation loop
picks up the real net8.0 build outputs rather than creating empty net6.0 zips.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Aggregate coverage from all test projects, not just ${SLN}.Tests.

The test step runs every Tests/**/*.csproj, but all reporting/copy steps only read Tests/${SLN}.Tests/.... The repo already has Tests/CrispyWaffle.IntegrationTests, so its coverage will never reach SonarCloud, Codecov, Codacy, or the coverage bundle.

Also applies to: 128-137, 147-163, 198-201

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yml at line 121, The workflow currently passes a
hard-coded report path
"/d:sonar.cs.opencover.reportsPaths=Tests/${SLN}.Tests/coverage.net9.0.opencover.xml"
which only includes the `${SLN}.Tests` project; update these reporter/copy
arguments (the Sonar `sonar.cs.opencover.reportsPaths`, the Codecov/Codacy
upload and any copy steps referenced at the same locations) to accept a glob
that aggregates all test project coverage files such as
`Tests/**/coverage.net9.0.opencover.xml` (or build the list from the
`Tests/**/*.csproj` step), ensuring the Sonar/Codecov/Codacy parameters use that
aggregated list instead of the single `Tests/${SLN}.Tests/...` path; apply the
same change to the other occurrences mentioned (the blocks around the other
lines referenced) so all test projects’ coverage is uploaded.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Make tag creation idempotent.

git tag -a will fail on any rerun for the same version. That blocks recovery from a transient failure after packages were already pushed, unless someone manually deletes the tag first.

Suggested fix

       - name: Tag release version
         run: |
           VERSION="v${{ steps.gitversion.outputs.semVer }}"
           git config user.name  "github-actions[bot]"
           git config user.email "github-actions[bot]@users.noreply.github.com"
-          git tag -a "$VERSION" -m "Release $VERSION"
-          git push origin "$VERSION"
+          if git ls-remote --exit-code --tags origin "refs/tags/$VERSION" >/dev/null 2>&1; then
+            echo "Tag $VERSION already exists; skipping"
+          else
+            git tag -a "$VERSION" -m "Release $VERSION"
+            git push origin "$VERSION"
+          fi

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Tag release version
	run: |
	VERSION="v${{ steps.gitversion.outputs.semVer }}"
	git config user.name "github-actions[bot]"
	git config user.email "github-actions[bot]@users.noreply.github.com"
	git tag -a "$VERSION" -m "Release $VERSION"
	git push origin "$VERSION"
	- name: Tag release version
	run: |
	VERSION="v${{ steps.gitversion.outputs.semVer }}"
	git config user.name "github-actions[bot]"
	git config user.email "github-actions[bot]@users.noreply.github.com"
	if git ls-remote --exit-code --tags origin "refs/tags/$VERSION" >/dev/null 2>&1; then
	echo "Tag $VERSION already exists; skipping"
	else
	git tag -a "$VERSION" -m "Release $VERSION"
	git push origin "$VERSION"
	fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yml around lines 255 - 261, The "Tag release
version" step currently always runs git tag -a "$VERSION" which will fail on
reruns if the tag already exists; update the step to be idempotent by detecting
whether the tag already exists (e.g., use git ls-remote --tags origin "$VERSION"
or git rev-parse -q --verify "refs/tags/$VERSION") and only create and push the
tag if it is missing, otherwise skip tagging; reference the VERSION variable,
the git tag -a command and the git push origin "$VERSION" invocation when
implementing the conditional check.

[penify-dev]

PR Review 🔍

⏱️ Estimated effort to review [1-5]	4, because the addition of a complete GitHub Actions workflow involves multiple steps and integrations that require careful consideration and testing.
🧪 Relevant tests	Yes
⚡ Possible issues	Configuration Issue: Ensure that the secrets used in the workflow (e.g., SONAR_TOKEN, CODECOV_TOKEN, NUGET_TOKEN) are correctly set in the repository settings.
	Security Concern: The CouchDB password is hardcoded in the workflow. It should be stored as a secret instead to prevent exposure.
🔒 Security concerns	Sensitive information exposure: The CouchDB password is visible in the workflow file. It should be replaced with a reference to a secret to enhance security.

[penify-dev]

PR Code Suggestions ✨

Category	Suggestion	Score
Security	Replace hardcoded sensitive information with GitHub Secrets for enhanced security Avoid hardcoding sensitive information like passwords directly in the workflow file; instead, use GitHub Secrets for better security practices. .github/workflows/release.yml [36] -COUCHDB_PASSWORD: myP@ssw0rd +COUCHDB_PASSWORD: ${{ secrets.COUCHDB_PASSWORD }} Suggestion importance[1-10]: 10 Why: The suggestion addresses a critical security issue by recommending the use of GitHub Secrets instead of hardcoding sensitive information, which is essential for protecting credentials.	10
Best practice	Specify exact versions for tools to ensure build consistency Use a more specific version for the dotnet and java setup actions to ensure consistent builds and avoid unexpected issues from future updates. .github/workflows/release.yml [57-63] -dotnet-version: "10.0.x" -java-version: "21" +dotnet-version: "10.0.100" # specify a fixed version +java-version: "21.0.0" # specify a fixed version Suggestion importance[1-10]: 8 Why: Specifying exact versions for tools enhances build stability and predictability, which is important for maintaining a reliable CI/CD pipeline.	8
Possible issue	Add a success check for the git tag command to prevent issues during the release process Consider adding a check to ensure that the git tag command succeeds before proceeding to push the tag to avoid potential issues with tagging. .github/workflows/release.yml [260-261] -git tag -a "$VERSION" -m "Release $VERSION" +git tag -a "$VERSION" -m "Release $VERSION" && git push origin "$VERSION" Suggestion importance[1-10]: 7 Why: Adding a success check for the git tag command helps prevent issues during the release process, making the workflow more robust.	7
Performance	Remove redundant directory creation commands to streamline the workflow Ensure that the mkdir -p Zips command is executed only once at the beginning of the release phase to avoid redundancy. .github/workflows/release.yml [229] -mkdir -p Zips mkdir -p Zips Suggestion importance[1-10]: 5 Why: While removing redundancy is good for performance, this change is minor and does not significantly impact the overall functionality of the workflow.	5

[gitguardian]

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secret in your pull request

GitGuardian id	GitGuardian status	Secret	Commit	Filename
13768420	Triggered	Generic Password	1266094	.github/workflows/release.yml	View secret

🛠 Guidelines to remediate hardcoded secrets

1. Understand the implications of revoking this secret by investigating where it is used in your code.
2. Replace and store your secret safely. Learn here the best practices.
3. Revoke and rotate this secret.
4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

• following these best practices for managing and storing secrets including API keys and other credentials
• install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.

---

^{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}

[AppVeyorBot]

✅ Build CrispyWaffle 10.0.1277 completed (commit 6676bcf50f by @guibranco)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 40.62%. Comparing base (da73900) to head (641687a).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #868      +/-   ##
==========================================
+ Coverage   40.53%   40.62%   +0.08%     
==========================================
  Files          83       83              
  Lines        3631     3631              
  Branches      519      519              
==========================================
+ Hits         1472     1475       +3     
+ Misses       2057     2053       -4     
- Partials      102      103       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[codacy-production]

Not up to standards ⛔

🟢 Coverage ∅ diff coverage · +0.00% coverage variation

Metric	Results
Coverage variation	✅ +0.00% coverage variation (-1.00%)
Diff coverage	✅ ∅ diff coverage

View coverage diff in Codacy

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (da73900)	3681	1620	44.01%
Head commit (641687a)	3681 (+0)	1620 (+0)	44.01% (+0.00%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#868)	0	0	∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

_{TIP This summary will be updated as you push new changes. Give us feedback}

[AppVeyorBot]

✅ Build CrispyWaffle 10.0.1308 completed (commit 89be9e768e by @gstraccini[bot])

[github-actions]

Infisical secrets check: ✅ No secrets leaked!

💻 Scan logs

2026-04-21T15:43:57Z INF scanning for exposed secrets...
3:43PM INF 796 commits scanned.
2026-04-21T15:43:58Z INF scan completed in 1.19s
2026-04-21T15:43:58Z INF no leaks found

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[AppVeyorBot]

❌ Build CrispyWaffle 10.0.1543 failed (commit acd1a8a5c8 by @guibranco)