chore: remove Trivy security scanner from CI#88
Merged
devops-thiago merged 1 commit intomainfrom Mar 25, 2026
Merged
Conversation
Trivy was removed due to a supply chain security incident. Made-with: Cursor
devops-thiago
force-pushed
the
chore/remove-trivy
branch
from
737f17d to
c63b7ca
Compare
There was a problem hiding this comment.
Pull request overview
This PR updates CI/CD by removing Trivy-related scanning/upload behavior and revising the pipeline (coverage generation/threshold + Docker PR builds), while also introducing a substantial refactor of the User domain model/API surface (moving from first/last name + phone to a single Name plus Bio) and updating services and tests accordingly.
Changes:
- Update CI workflow: adjust concurrency, switch coverage report generation/threshold checking to Cobertura/SonarQube formats, and add PR Docker image build validation.
- Refactor User model/DTOs/services/controllers to use
Name+Bioinstead ofFirstName/LastName/PhoneNumber. - Update and expand test suite (including new formatter and DbContext tests) and align formatting rules (file-scoped namespaces, using placement).
Reviewed changes
Copilot reviewed 1 out of 1 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
coverlet.runsettings |
Adds shared coverlet configuration for Cobertura output and exclusions. |
UserApi.Tests/UserApi.Tests.csproj |
Adds EF Core Sqlite provider for in-memory SQLite tests. |
UserApi.Tests/TestUtilities.cs |
Updates test helpers for new DTO shape and file-scoped namespace. |
UserApi.Tests/TestConfiguration.cs |
Refactors test web factory to file-scoped namespace and configures in-memory DB swap. |
UserApi.Tests/Services/UserServiceTests.cs |
Updates service tests to assert against Name/Bio fields and revised behavior. |
UserApi.Tests/Models/UserModelTests.cs |
Updates model tests for new User properties and nullability expectations. |
UserApi.Tests/Infrastructure/CompatibleSystemTextJsonOutputFormatterTests.cs |
Adds unit tests for the custom JSON output formatter. |
UserApi.Tests/GlobalUsings.cs |
Expands/reorders global usings for test project. |
UserApi.Tests/Data/UserDbContextTests.cs |
Adds DbContext tests using SQLite in-memory to exercise seeding and constraints. |
UserApi.Tests/DTOs/UserDtoValidationTests.cs |
Updates DTO validation tests for Name/Bio fields and new annotations. |
UserApi.Tests/Controllers/UserControllerUnitTests.cs |
Updates controller unit tests for new DTO shape and refactored code style. |
UserApi.Tests/Controllers/UserControllerIntegrationTests.cs |
Updates integration tests for new DTO shape and test data generation. |
UserApi.Tests/Controllers/UserControllerHelperMethodsTests.cs |
Refactors helper method tests for file-scoped namespaces and formatting. |
Services/UserService.cs |
Updates service implementation and mapping to use Name/Bio; keeps email sanitization. |
Program.cs |
Reorders usings; continues registering the custom JSON formatter and service wiring. |
Models/User.cs |
Refactors entity model to Name + Bio with updated annotations. |
Infrastructure/CompatibleSystemTextJsonOutputFormatter.cs |
Refactors formatter to file-scoped namespace; retains Stream-based serialization approach. |
Data/UserDbContext.cs |
Updates model configuration and seed data for new User fields. |
DTOs/UserDto.cs |
Refactors DTOs to Name/Bio shape and updates validation attributes. |
Controllers/UserController.cs |
Updates controller endpoints and logging/telemetry tags for new DTO model. |
.github/workflows/ci.yml |
Removes Trivy usage and overhauls coverage handling + adds Docker PR build job + other pipeline edits. |
.editorconfig |
Enforces file-scoped namespaces and using directive placement/sorting. |
Comments suppressed due to low confidence (3)
.github/workflows/ci.yml:186
- The embedded Python snippet used to read Cobertura's
line-rateis indented in the YAML block, which will be included in thepython3 -cstring and causesIndentationError: unexpected indent. Use a non-indentedpython3 -cone-liner, or a heredoc (e.g.,python3 - <<'PY' ... PY) to avoid leading whitespace.
if [ -f "coverage/coverage.cobertura.xml" ]; then
# Extract line-rate from Cobertura XML root element
LINE_RATE=$(python3 -c "
import xml.etree.ElementTree as ET
tree = ET.parse('coverage/coverage.cobertura.xml')
print(tree.getroot().attrib.get('line-rate', '0'))
")
.github/workflows/ci.yml:371
docker-buildrequestssecurity-events: write, but this job no longer uploads SARIF (Trivy upload was removed). Please drop this permission (or add the missing SARIF upload step) to follow least-privilege.
permissions:
contents: read
security-events: write
.github/workflows/ci.yml:12
- The PR title/description says this change is only about removing Trivy from CI, but this workflow update also introduces new coverage generation/threshold logic and new Docker build/publish behavior. Please update the PR description/title to reflect the broader scope, or split these workflow changes into a separate PR so reviewers can assess CI behavior changes independently.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #88 +/- ##
=======================================
Coverage 97.56% 97.56%
=======================================
Files 5 5
Lines 287 287
Branches 14 14
=======================================
Hits 280 280
Misses 5 5
Partials 2 2
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
References
aquasecurity/trivy-action#457
Made with Cursor