Skip to content

Fix PR #70 review comments: pin action SHA, reject whitespace-only names#71

Closed
Copilot wants to merge 5 commits intomainfrom
copilot/fix-checks-and-address-comments
Closed

Fix PR #70 review comments: pin action SHA, reject whitespace-only names#71
Copilot wants to merge 5 commits intomainfrom
copilot/fix-checks-and-address-comments

Conversation

Copy link
Contributor

Copilot AI commented Mar 3, 2026
edited
Loading

PR #70 had unresolved review comments around supply-chain security for unpinned GitHub Actions and a validation gap allowing whitespace-only user names to pass [Required].

Changes

  • CI (ci.yml): Pin docker/build-push-action in the docker-build job to commit SHA (10e90e3...) matching what the docker-publish job already uses — eliminates the mutable @v6 tag reference
  • DTO validation (UserDto.cs): Add [RegularExpression(@".*\S.*")] to CreateUserDto.Name[Required] alone accepts " " as valid; the regex enforces at least one non-whitespace character
  • Test coverage (UserDtoValidationTests.cs): Add [InlineData(" ")] to CreateUserDto_WithInvalidName_ShouldFailValidation to assert the new validation rule
[Required]
[StringLength(100)]
[RegularExpression(@".*\S.*", ErrorMessage = "Name cannot be empty or contain only whitespace.")]
public string Name { get; set; } = string.Empty;

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

devops-thiago and others added 3 commits March 2, 2026 22:10
@devops-thiago
ci: add format/lint jobs and align PR checks across all repos
5b7f97d 
- Add concurrency block to cancel stale runs
- Add format and lint jobs (repo-specific tooling)
- Gate test/build on format+lint passing
- Add PR docker-build job with Trivy vulnerability scan
- Align job structure with Go/Node.js/Python pattern
@devops-thiago
ci: address PR review comments from Copilot and Cursor
766439d 
- Pin trivy-action from @master to @0.24.0 for supply-chain safety
- Guard SARIF upload to same-repo PRs only (fixes fork permission issue)
- Remove [InlineData("   ")] from name validation test: [Required] does not
  reject whitespace-only strings, making that case incorrect
- Replace Substring(0, 5) with Guid.NewGuid().ToString("N")[..5] in
  AutoFixture customizations to eliminate flaky ArgumentOutOfRangeException
Initial plan
6938624
Copilot AI and others added 2 commits March 3, 2026 14:08
Merge branch 'ci/add-format-lint-pr-checks' of https://github.com/dev…
ffed429 
…ops-thiago/otel-core-example into copilot/fix-checks-and-address-comments
@devops-thiago
fix: address PR #70 review comments - pin docker action SHA, fix whit…
82ee13c 
…espace validation

Co-authored-by: devops-thiago <2332561+devops-thiago@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix failing checks and address comments in PR #70 Fix PR #70 review comments: pin action SHA, reject whitespace-only names Mar 3, 2026
@devops-thiago devops-thiago deleted the copilot/fix-checks-and-address-comments branch March 3, 2026 14:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@devops-thiago devops-thiago

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@devops-thiago