Refactored Pipeline & Added Docker Ignore

[blebelo]

Summary by CodeRabbit

• Chores
  • Updated deployment environment settings and improved deploy reliability with retry and failure handling.
  • Upgraded application runtime to .NET 10 for better performance and compatibility.
  • Added packaging rules to exclude local/transient files for cleaner builds and smaller images.
  • Increased startup/runtime logging verbosity to aid diagnostics.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
moipone	Ready	Preview, Comment	Mar 5, 2026 10:13pm

[coderabbitai]

Warning

Rate limit exceeded

@blebelo has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 16 minutes and 17 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: e3b3528d-b5f8-484c-ae2a-096f629ec51a

📥 Commits

Reviewing files that changed from the base of the PR and between 8e9d29e and 7b74c76.

📒 Files selected for processing (1)

• aspnet-core/src/Moipone.PublicSite.Web.Host/App_Data/Logs/Logs.txt

Walkthrough

Updates CI/CD workflow environment and deploy curl, adds a Docker ignore file, bumps ASP.NET Docker base images from .NET 8.0 to 10.0, and appends extensive runtime logs to App_Data/Logs/Logs.txt.

Changes

Cohort / File(s)	Summary
CI/CD Workflow .github/workflows/ci-cd.yml	Adds three env vars to Database Update job (App__S3Prefix, App__CorsOrigins, ConnectionStrings__Default) sourced from secrets; replaces deploy curl with a resilient command (--fail --show-error --silent --retry 3 --retry-all-errors --max-time 30 -X POST).
Docker config & build aspnet-core/.dockerignore, aspnet-core/src/Moipone.PublicSite.Web.Host/Dockerfile	Adds .dockerignore with common ignore patterns; updates Dockerfile build/runtime base images from .NET 8.0 to 10.0.
Runtime logs aspnet-core/src/Moipone.PublicSite.Web.Host/App_Data/Logs/Logs.txt	Adds large, verbose runtime startup and error trace log output (module initialization, AutoMapper mappings, service errors and stack traces).

Sequence Diagram(s)

(omitted)

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• Refactored DB Update #29 — Modifies the Database Update job in .github/workflows/ci-cd.yml (related changes to DB update behavior).
• Removed Unused Packages & Refactored ci/cd.yml #25 — Changes CI workflow Database Update/Deploy steps in .github/workflows/ci-cd.yml (overlaps with env/deploy edits).
• Pipeline/dotnet upgrade #30 — Updates Database Update job in the same workflow (startup project/EF configuration overlap).

Suggested reviewers

• codespace-cloudmaindesk
• mblebelo

Poem

🐰 I hopped through workflows, logs, and Docker's den,
Swapped a few bases, tightened curl again.
Secrets tucked in envs, ignore dust in the bin,
Logs now chatter loudly — a rabbit's cheeky grin. 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main changes: CI/CD pipeline improvements (enhanced curl with retry logic and environment variables) and addition of .dockerignore file.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/application

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

aspnet-core/src/Moipone.PublicSite.Web.Host/Dockerfile (1)

21-25: ⚠️ Potential issue | 🟠 Major

Run the final container as a non-root user.

The final stage currently runs as root. Please set an explicit non-root USER to reduce container breakout impact.

🔒 Proposed hardening patch

 FROM mcr.microsoft.com/dotnet/aspnet:10.0
 EXPOSE 80
 WORKDIR /app
 COPY --from=build /publish .
+RUN addgroup --system appgroup \
+    && adduser --system --ingroup appgroup appuser \
+    && chown -R appuser:appgroup /app
+USER appuser
 ENTRYPOINT ["dotnet", "Moipone.PublicSite.Web.Host.dll"]

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@aspnet-core/src/Moipone.PublicSite.Web.Host/Dockerfile` around lines 21 - 25,
The final Dockerfile stage runs the app as root; update the final stage (the
block using FROM mcr.microsoft.com/dotnet/aspnet:10.0 with WORKDIR /app, COPY
--from=build /publish . and ENTRYPOINT ["dotnet",
"Moipone.PublicSite.Web.Host.dll"]) to create a non-root user, chown the app
folder to that user, and set USER to that non-root account before the ENTRYPOINT
so the container runs without root privileges.

🧹 Nitpick comments (1)

aspnet-core/src/Moipone.PublicSite.Web.Host/App_Data/Logs/Logs.txt (1)

58492-58704: Repeated transient DB/network failures need resiliency + alerting follow-up.

The repeated NpgsqlException / socket reset traces during background job fetch/commit indicate an operational reliability issue. Add targeted telemetry/alerts for background-job DB failures and verify retry/backoff + connection timeout settings for the PostgreSQL path.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@aspnet-core/src/Moipone.PublicSite.Web.Host/App_Data/Logs/Logs.txt` around
lines 58492 - 58704, Background job DB operations
(Abp.BackgroundJobs.BackgroundJobStore.GetWaitingJobsAsync and
Abp.BackgroundJobs.BackgroundJobManager.DoWorkAsync) are repeatedly failing with
Npgsql socket/reset errors during commits
(DbContextEfCoreTransactionStrategy.Commit) — add resilience and alerting by:
wrap the DB calls in GetWaitingJobsAsync/BackgroundJobStore and DoWorkAsync with
a configurable retry/backoff policy (or use Npgsql/EF Core execution strategy)
that retries transient NpgsqlException errors, add explicit catches around
DbContextEfCoreTransactionStrategy.Commit to emit telemetry metrics/events and
structured error logs (include exception type and stack), expose and tune Npgsql
connection/command timeouts and pooling/keepalive settings used by your
DbContext (connection string or NpgsqlConnection settings) to reduce
disconnects, and wire these telemetry metrics to an alert (SLO/alert rule) so
ops are notified when background-job DB error rate or retry counts exceed
thresholds.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/ci-cd.yml:
- Line 121: Replace the raw curl command that posts the Render deploy hook with
a fail-fast, bounded invocation: ensure non-2xx responses cause curl to exit
non-zero (use --fail), surface errors (use --silent --show-error or -sS), set an
overall timeout (use --max-time, e.g., 10s) and add a small retry policy (e.g.,
--retry 3 with --retry-delay 2 and --retry-connrefused) so transient network
blips are retried but the workflow fails quickly and deterministically if the
hook cannot be reached; update the curl invocation (the line using curl -X POST
${{ secrets.RENDER_DEPLOY_HOOK_URL }}) accordingly.
- Around line 64-68: The job-level env is exposing sensitive secrets to all
steps in the db_update job; move the secret environment variables
(ConnectionStrings__Default, App__S3Prefix, App__CorsOrigins) out of the job env
block and add them only to the "Update Database" step's env so only that step
receives the secrets, keeping non-secret vars like ASPNETCORE_ENVIRONMENT at job
scope; update the db_update job definition and the step named "Update Database"
accordingly.

In `@aspnet-core/src/Moipone.PublicSite.Web.Host/App_Data/Logs/Logs.txt`:
- Around line 58330-58749: The PR accidentally includes a runtime log file
(App_Data/Logs/Logs.txt) with environment-specific stack traces and local paths;
remove the tracked log and prevent future commits by deleting Logs.txt from the
repo index (e.g., git rm --cached App_Data/Logs/Logs.txt or equivalent), commit
that deletion, and add/ensure an ignore rule for App_Data/Logs/** (or the
existing Logs directory) in .gitignore so new log artifacts are not versioned;
include a brief commit message like "Remove runtime log from repo and ignore
App_Data/Logs/" to document the change.

---

Outside diff comments:
In `@aspnet-core/src/Moipone.PublicSite.Web.Host/Dockerfile`:
- Around line 21-25: The final Dockerfile stage runs the app as root; update the
final stage (the block using FROM mcr.microsoft.com/dotnet/aspnet:10.0 with
WORKDIR /app, COPY --from=build /publish . and ENTRYPOINT ["dotnet",
"Moipone.PublicSite.Web.Host.dll"]) to create a non-root user, chown the app
folder to that user, and set USER to that non-root account before the ENTRYPOINT
so the container runs without root privileges.

---

Nitpick comments:
In `@aspnet-core/src/Moipone.PublicSite.Web.Host/App_Data/Logs/Logs.txt`:
- Around line 58492-58704: Background job DB operations
(Abp.BackgroundJobs.BackgroundJobStore.GetWaitingJobsAsync and
Abp.BackgroundJobs.BackgroundJobManager.DoWorkAsync) are repeatedly failing with
Npgsql socket/reset errors during commits
(DbContextEfCoreTransactionStrategy.Commit) — add resilience and alerting by:
wrap the DB calls in GetWaitingJobsAsync/BackgroundJobStore and DoWorkAsync with
a configurable retry/backoff policy (or use Npgsql/EF Core execution strategy)
that retries transient NpgsqlException errors, add explicit catches around
DbContextEfCoreTransactionStrategy.Commit to emit telemetry metrics/events and
structured error logs (include exception type and stack), expose and tune Npgsql
connection/command timeouts and pooling/keepalive settings used by your
DbContext (connection string or NpgsqlConnection settings) to reduce
disconnects, and wire these telemetry metrics to an alert (SLO/alert rule) so
ops are notified when background-job DB error rate or retry counts exceed
thresholds.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 7e307aac-ff61-4cf4-ad89-4f0e09776244

📥 Commits

Reviewing files that changed from the base of the PR and between 3579069 and 0f1feb6.

📒 Files selected for processing (4)

• .github/workflows/ci-cd.yml
• aspnet-core/.dockerignore
• aspnet-core/src/Moipone.PublicSite.Web.Host/App_Data/Logs/Logs.txt
• aspnet-core/src/Moipone.PublicSite.Web.Host/Dockerfile

[mblebelo]

All checks passed and conversations resolved ✅

[mblebelo]

All checks passed and conversations resolved ✅

[mblebelo]

All checks passed and conversations resolved ✅