Avatar url

[PranavU-Coder]

Please describe the changes this PR makes and why it should be merged:

Status and versioning classification:

• Code changes have been tested locally
• Typings don't need updating

Summary by CodeRabbit

• Bug Fixes

  • Fixed avatar caching logic to ensure avatars refresh correctly when the local cache expires, providing more reliable and timely user profile data.

• Chores

  • Application version updated to 1.0.4, now available through AUR, Homebrew, and Scoop package managers.
  • Updated all vendored Python dependencies to the latest stable versions to improve security and cross-platform compatibility.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request bumps the project version to 1.0.4 across project metadata, CI workflows, and package manager manifests (AUR, Homebrew, Scoop), including updated checksums and vendored Python dependency versions. The avatar cache refresh logic is simplified to unconditionally re-download on staleness rather than comparing URLs.

Changes

Version 1.0.4 Release and Package Manager Updates

Layer / File(s)	Summary
Core version declaration pyproject.toml	Package version updated from 1.0.3 to 1.0.4.
CI automation and package manager manifests .github/workflows/build.yml, contrib/aur/PKGBUILD, contrib/homebrew/homebrew.rb, contrib/scoop/hubfetch.json	GitHub Actions workflow now includes manual workflow_dispatch trigger with version input defaulting to v1.0.4. AUR PKGBUILD version and sha256sums updated; Homebrew formula refreshed with 1.0.4 artifact and updated versions for certifi, click, idna, markdown-it-py, requests, rich, and urllib3. Scoop manifest version, URL, and hash metadata updated to 1.0.4.

Avatar Cache Refresh Simplification

Layer / File(s)	Summary
Avatar cache refresh behavior hubfetch/cache.py	ensure_avatar function simplified to unconditionally call _download_avatar when cached avatar exceeds staleness threshold, removing the previous URL-change comparison logic and adding inline comments before the forced re-download.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A version ascends from one-oh-three,
Through manifests, packages, wild and free,
While avatars refresh when time grows long—
Hubfetch hops forward, steady and strong! 🚀

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'Avatar url' is vague and does not clearly convey the primary changes, which include version bumps (1.0.3→1.0.4), dependency updates, cache logic modifications, and workflow configuration changes.	Revise the title to be more descriptive and specific about the main change, such as 'Bump version to 1.0.4 and update dependencies' or clarify the avatar URL-related change with more context.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch avatar-url

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

hubfetch/cache.py (1)

66-66: ⚡ Quick win

Replace the inline profane comment with neutral rationale.

Line 66 uses profanity; please swap it for a short professional note describing why unconditional refresh is intentional.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@hubfetch/cache.py` at line 66, Replace the profane inline comment "turns out
GitHub avatar urls don't change so fuck this shit honestly" in hubfetch/cache.py
with a short, neutral rationale explaining that GitHub avatar URLs are stable so
an unconditional refresh is intentional (e.g., "GitHub avatar URLs are stable;
skip conditional refresh to simplify caching"). Update the comment near the
existing avatar/cache logic to briefly state the reason for the unconditional
refresh and maintain professional tone.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/build.yml:
- Around line 7-12: The workflow defines workflow_dispatch.inputs.version but
the release step (softprops/action-gh-release@v2) doesn't use it, so the action
falls back to github.ref_name; update the release step to pass the user-provided
input as the tag by setting the action input tag_name to the dispatch input (use
github.event.inputs.version), e.g. add tag_name: ${{ github.event.inputs.version
}} (and optionally use the same input for name/release_name) so the created
release uses the chosen version.

In `@contrib/scoop/hubfetch.json`:
- Line 8: The Scoop manifest contains an empty "hash" field which disables
integrity validation; compute the correct SHA256 of the distributed hubfetch.exe
(the released binary referenced by the manifest) and replace the empty string in
the "hash" JSON property with that hex SHA256 value so the manifest's "hash"
entry contains the correct checksum for hubfetch.exe.

In `@hubfetch/cache.py`:
- Around line 67-70: The code updates cache metadata (meta.update and _save_json
with META_FILE) immediately after calling _download_avatar(current_avatar_url,
dest), which means a failed download still marks avatar_last_checked and
suppresses retries; change this so the metadata is only updated when
_download_avatar succeeds: wrap the download call to detect success (either by
its return value or by catching exceptions from _download_avatar), log or handle
the failure without touching meta, and only perform meta.update({"avatar_url":
current_avatar_url, "avatar_last_checked": now}) and _save_json(META_FILE, meta)
when the download completed successfully (referencing _download_avatar,
meta.update, _save_json, META_FILE, avatar_last_checked, current_avatar_url).

---

Nitpick comments:
In `@hubfetch/cache.py`:
- Line 66: Replace the profane inline comment "turns out GitHub avatar urls
don't change so fuck this shit honestly" in hubfetch/cache.py with a short,
neutral rationale explaining that GitHub avatar URLs are stable so an
unconditional refresh is intentional (e.g., "GitHub avatar URLs are stable; skip
conditional refresh to simplify caching"). Update the comment near the existing
avatar/cache logic to briefly state the reason for the unconditional refresh and
maintain professional tone.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ec8396da-cb32-41cd-9d7a-90354103e2e6

📥 Commits

Reviewing files that changed from the base of the PR and between 4152869 and f824a51.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (6)

• .github/workflows/build.yml
• contrib/aur/PKGBUILD
• contrib/homebrew/homebrew.rb
• contrib/scoop/hubfetch.json
• hubfetch/cache.py
• pyproject.toml

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

For softprops/action-gh-release@v2, what tag is used by default on workflow_dispatch events, and is tag_name required to force a specific release tag?

💡 Result:

For softprops/action-gh-release@v2, the tag_name input defaults to github.ref_name [1][2][3]. When running via a workflow_dispatch event, github.ref_name corresponds to the branch or tag from which the workflow was triggered, which may not be a valid release tag [1][2][4]. Because the action requires a valid Git tag to create a GitHub Release, it will fail if the default github.ref_name is not a valid tag [4]. Therefore, while tag_name is technically optional in the action's configuration schema, it is effectively required for workflow_dispatch events to ensure the release is associated with a specific, valid tag [4]. To force a specific release tag, you must explicitly provide the desired tag to the tag_name input [3][5][6].

Citations:

• 1: https://github.com/softprops/action-gh-release/tree/refs/tags/v2
• 2: https://github.com/softprops/action-gh-release
• 3: https://github.com/softprops/action-gh-release/blob/master/README.md
• 4: default tag name not work softprops/action-gh-release#270
• 5: https://chromium.googlesource.com/external/github.com/google/error-prone/+/refs/heads/test_671794396/.github/workflows/release.yml
• 6: https://oneuptime.com/blog/post/2025-12-20-workflow-dispatch-inputs-github-actions/view

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

file=".github/workflows/build.yml"
if [ ! -f "$file" ]; then
  echo "Missing $file" >&2
  exit 1
fi

echo "== Top of file =="
sed -n '1,120p' "$file" | nl -ba -w2 -s': '

echo
echo "== Release step context =="
rg -n "Create GitHub Release|action-gh-release|softprops/action-gh-release" "$file" || true

Repository: PranavU-Coder/hubfetch

Length of output: 146

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

file=".github/workflows/build.yml"
if [ ! -f "$file" ]; then
  echo "Missing $file" >&2
  exit 1
fi

echo "== Top of file =="
sed -n '1,120p' "$file" | nl -ba -w2 -s': '

echo
echo "== Release step context =="
rg -n "Create GitHub Release|action-gh-release|softprops/action-gh-release" "$file" || true

Repository: PranavU-Coder/hubfetch

Length of output: 146

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

file=".github/workflows/build.yml"
[ -f "$file" ] || { echo "Missing $file" >&2; exit 1; }

echo "== workflow_dispatch block (lines ~1-60) =="
awk 'NR>=1 && NR<=60 {printf "%4d: %s\n", NR, $0}' "$file" | sed -n '1,60p'

echo
echo "== Release step + surrounding lines (search) =="
awk 'NR>=1 && NR<=120 {print NR ":" $0}' "$file" | rg -n "softprops/action-gh-release|Create GitHub Release|with:|tag_name|github\.event\.inputs\.version|workflow_dispatch" -n || true

Repository: PranavU-Coder/hubfetch

Length of output: 1768

---

🌐 Web query:

softprops/action-gh-release v2 tag_name must exist as git tag workflow_dispatch default github.ref_name branch

💡 Result:

The softprops/action-gh-release action (including v2) does not strictly require the tag_name to exist as a pre-existing Git tag in your repository before the action runs [1][2]. If you do not explicitly provide a tag_name, the action defaults to using github.ref_name [1][2]. When triggered by a workflow_dispatch or other events, github.ref_name will reflect the branch or tag name that triggered the workflow [1][2]. If you want to use this action to create a release based on a specific commit or branch, you can explicitly set the tag_name input [1][2]. Key considerations: 1. Tag Creation: If the tag_name provided does not exist as a Git reference, the action can still create a GitHub Release associated with the provided target_commitish (which defaults to the repository's default branch) [1][2]. 2. Workflow Triggers: When using workflow_dispatch, github.ref_name will typically be the branch from which the workflow was manually triggered. If you manually trigger the workflow on a branch, the action will use that branch name as the release tag_name unless you override it [1][2]. 3. Permissions: Ensure your job has the appropriate permissions (contents: write) to create releases, otherwise you may encounter a 403 error [3]. In summary, while the action is commonly used with Git tags (e.g., via on: push: tags:), it is flexible enough to create releases for arbitrary commit SHAs or branch names by explicitly defining the tag_name input [1][2].

Citations:

• 1: https://github.com/softprops/action-gh-release
• 2: https://github.com/softprops/action-gh-release/blob/master/README.md
• 3: https://stackoverflow.com/questions/76362343/creating-a-release-using-github-action-fails-with-http-403

---

Use the workflow_dispatch version input for the release tag (tag_name)

.github/workflows/build.yml defines workflow_dispatch.inputs.version, but the “Create GitHub Release” step (softprops/action-gh-release@v2) never uses it; without tag_name, the action uses github.ref_name (typically the branch name for manual dispatch), so the created release tag won’t match the operator’s chosen version.

Proposed fix

       - name: Create GitHub Release
         uses: softprops/action-gh-release@v2
         with:
+          tag_name: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.version || github.ref_name }}
           files: artifacts/*
           generate_release_notes: true

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/build.yml around lines 7 - 12, The workflow defines
workflow_dispatch.inputs.version but the release step
(softprops/action-gh-release@v2) doesn't use it, so the action falls back to
github.ref_name; update the release step to pass the user-provided input as the
tag by setting the action input tag_name to the dispatch input (use
github.event.inputs.version), e.g. add tag_name: ${{ github.event.inputs.version
}} (and optionally use the same input for name/release_name) so the created
release uses the chosen version.

[PranavU-Coder]

true

[coderabbitai]

@PranavU-Coder, glad you agree! When you're ready, you can apply the proposed fix to ensure the workflow_dispatch-triggered release uses the operator-supplied version instead of falling back to github.ref_name (the branch name):

       - name: Create GitHub Release
         uses: softprops/action-gh-release@v2
         with:
+          tag_name: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.version || github.ref_name }}
           files: artifacts/*
           generate_release_notes: true

This way, both push-tag and manual dispatch workflows will correctly target the intended release tag.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Handle avatar download failure before advancing cache metadata.

If _download_avatar fails on Line 67, Lines 69-70 still mark the avatar as freshly checked. That suppresses retries for 6 hours and can leave stale/broken cache state.

Proposed fix

-    _download_avatar(current_avatar_url, dest)
-
-    meta.update({"avatar_url": current_avatar_url, "avatar_last_checked": now})
-    _save_json(META_FILE, meta)
+    if _download_avatar(current_avatar_url, dest):
+        meta.update({"avatar_url": current_avatar_url, "avatar_last_checked": now})
+        _save_json(META_FILE, meta)
+    else:
+        # Keep prior last_checked so next call retries sooner.
+        if not dest.exists():
+            return None

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@hubfetch/cache.py` around lines 67 - 70, The code updates cache metadata
(meta.update and _save_json with META_FILE) immediately after calling
_download_avatar(current_avatar_url, dest), which means a failed download still
marks avatar_last_checked and suppresses retries; change this so the metadata is
only updated when _download_avatar succeeds: wrap the download call to detect
success (either by its return value or by catching exceptions from
_download_avatar), log or handle the failure without touching meta, and only
perform meta.update({"avatar_url": current_avatar_url, "avatar_last_checked":
now}) and _save_json(META_FILE, meta) when the download completed successfully
(referencing _download_avatar, meta.update, _save_json, META_FILE,
avatar_last_checked, current_avatar_url).

[PranavU-Coder]

will look into it

[coderabbitai]

@PranavU-Coder, sounds good! When you do, the proposed fix in the comment above should be a straightforward change — just gate the meta.update and _save_json calls on the return value of _download_avatar. Feel free to ping me if you have any questions. 🐇