Updated build

[mitchelsellers]

Summary by CodeRabbit

• Chores
  • Updated continuous integration pipeline tools for improved build versioning and efficiency
  • Enhanced testing infrastructure with updated dependencies
  • Configured automated changelog generation for structured release notes

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This PR updates build and release workflows to GitVersion v4.2.0, upgrades test project dependencies, adds release changelog configuration with category mappings, and modifies GitVersion configuration by removing a label-pattern setting.

Changes

Cohort / File(s)	Summary
Release Configuration \.github/release\.yml	New changelog configuration defining four release note categories (Exciting New Features, Squashed Bugs, Administrative, Other Changes) with associated GitHub labels for automated changelog generation.
CI/CD Workflows \.github/workflows/ci-build\.yml, \.github/workflows/release-build\.yml	Updated GitVersion actions from v3.1.11 to v4.2.0 with versionSpec upgraded from 6.0.5 to 6.4.0. In ci-build, sonar token source changed from secrets to environment variables.
GitVersion Configuration GitVersion\.yml	Removed label-number-pattern configuration from the pull-request branch stanza, changing how PR numbers are parsed from labels.
Test Dependencies src/AspNetCore\.Utilities\.Bootstrap5TagHelpers\.Tests/AspNetCore\.Utilities\.Bootstrap5TagHelpers\.Tests\.csproj	Updated test package versions: Coverlet.collector 6.0.2→6.0.4, Microsoft.NET.Test.Sdk 17.11.1→18.0.1, xunit 2.9.1→2.9.3, xunit.runner.visualstudio 2.8.2→3.1.5.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• GitVersion.yml label-pattern removal: Verify this change doesn't break PR versioning logic and confirm the new parsing behavior is acceptable.
• Sonar token migration: Ensure environment variable setup in workflows provides the token correctly for SonarQube integration.
• GitVersion v4 upgrade: Confirm compatibility with the updated versionSpec 6.4.0 and validate release workflow behavior post-upgrade.

Poem

🐰 Hop into the future with GitVersion's might,
Dependencies dancing to versions so bright,
Release notes flowing from labels so true,
Configuration refined, workflows anew! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Updated build' is vague and generic, using non-descriptive language that doesn't convey specific information about the actual changes (GitVersion upgrades, workflow updates, dependency updates, configuration changes).	Consider a more specific title that highlights the main changes, such as 'Upgrade GitVersion to v4.2.0 and update build dependencies' or 'Update build workflows, GitVersion, and test dependencies'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/build

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 72362a7 and 0966a1c.

📒 Files selected for processing (5)

• .github/release.yml (1 hunks)
• .github/workflows/ci-build.yml (2 hunks)
• .github/workflows/release-build.yml (1 hunks)
• GitVersion.yml (0 hunks)
• src/AspNetCore.Utilities.Bootstrap5TagHelpers.Tests/AspNetCore.Utilities.Bootstrap5TagHelpers.Tests.csproj (1 hunks)

💤 Files with no reviewable changes (1)

• GitVersion.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build and Analyze

🔇 Additional comments (6)

src/AspNetCore.Utilities.Bootstrap5TagHelpers.Tests/AspNetCore.Utilities.Bootstrap5TagHelpers.Tests.csproj (2)

1-59: XML structure and formatting look good.

The csproj file structure is well-formed, and the snapshot verification setup is correctly configured. No syntax or configuration issues detected in the file itself.

---

12-25: Dependency versions are compatible with net9.0 target framework.

The package upgrades have been verified:

• Microsoft.NET.Test.Sdk 18.0.1: Fully compatible with net9.0; no breaking changes.
• xunit.runner.visualstudio 3.1.5: The adapter works reliably with net9.0. While the v3 adapter line requires .NET 8 minimum (which net9.0 exceeds), this project's test code remains on xunit 2.9.3 (v2), so no test code migration is needed. The adapter upgrade is safe.

The patch-level updates (Coverlet.collector, xunit) are low-risk and routine.

.github/release.yml (1)

1-23: Well-structured release notes configuration.

The changelog categories and label mappings are clear and provide good coverage of typical PR types. The wildcard catch-all ensures no labeled changes are overlooked.

.github/workflows/ci-build.yml (2)

34-34: GitVersion upgrade requires compatibility verification (same as release-build.yml).

Same GitVersion v3→v4 upgrade with versionSpec change as in release-build.yml. Ensure v4.2.0 compatibility with your existing GitVersion.yml configuration.

Also applies to: 36-36, 40-40

---

65-65: SonarQube token sourcing change is sound.

The switch from directly referencing ${{ secrets.SONAR_TOKEN }} to reading from ${{ env.SONAR_TOKEN }} (set on line 65) is an improvement. This approach:

• Aligns with how GITHUB_TOKEN is already handled (line 64)
• Ensures secrets aren't interpolated directly in commands
• Allows GitHub to properly mask the token from logs

This change is functionally equivalent but more secure.

Also applies to: 68-68, 72-72

.github/workflows/release-build.yml (1)

28-30: Remove inaccurate claims about removed configuration; v4.2.0 compatibility concerns are valid but misdiagnosed.

This PR upgrades GitVersion actions from v3.1.11 to v4.2.0 and versionSpec from 6.0.5 to 6.4.0. While the major action version upgrade (3→4) warrants migration validation, the original review contains inaccurate technical claims:

1. useConfigFile: true removal claim: The execute step (line 34) contains no with: block or parameters in either version—this parameter was never present in this workflow.
2. label-number-pattern removal claim: The GitVersion.yml configuration file contains no such field, so no removal occurred.

The legitimate v3→v4 migration concerns are:

• Runtime/dependency version compatibility between action versions
• Validation that generated version outputs (majorMinorPatch, used on line 39) remain unchanged
• versionSpec 6.4.0 is properly supported (confirmed as a valid GitVersion release)

The existing fetch-depth: 0 (line 20) requirement is correctly maintained.

Recommend: Test the version determination step in CI to confirm version outputs remain correct before merge.

Likely an incorrect or invalid review comment.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate failed

Failed conditions
2 Security Hotspots

See analysis details on SonarQube Cloud