Add verify-test stage to operator Containerfile#2062
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
WalkthroughA ChangesContainerfile verification update
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Suggested reviewers
🚥 Pre-merge checks | ✅ 14 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (14 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
e9678ce to
9189a4b
Compare
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@Containerfile.bpfman-operator.openshift`:
- Line 10: The verify stage is copying the entire build context with COPY . .,
which can pull in unintended files and secrets. Update the
Containerfile.bpfman-operator.openshift build steps to copy only the Go module
metadata and the specific source/test directories needed for the compile check,
using the relevant build stage instructions around the COPY step instead of
broad context copying.
- Line 8: The new verify-test stage is hard-pinning the UBI toolset image tag,
which should instead follow the repo policy for Red Hat images by using a
floating tag. Update the base image reference in the verify-test stage of
Containerfile.bpfman-operator.openshift to a floating Red Hat tag so it tracks
Red Hat-managed updates consistently with the rest of the fleet.
- Around line 11-12: The verification stage is building with default module mode
and tags, so it can diverge from the real shipped build configuration. Update
the RUN step to mirror the operator build flags used later in the Containerfile
by applying the same module mode and build tags (for example, the flags used for
the final binary build) to the fail-fast `go build` command, while keeping the
`GOFLAGS` integration test invocation separate. This keeps the verification
behavior aligned with the actual build and ensures the stage exercises the same
dependency/tag set as the final operator image.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 64db33fe-26c0-4c92-96d3-246a2bd579c6
📒 Files selected for processing (1)
Containerfile.bpfman-operator.openshift
28781f7 to
8e4c6de
Compare
Add a dedicated build stage that compiles all code including integration tests (`-tags=integration_tests`). This catches build failures like duplicate symbols or missing imports before the main build proceeds. Co-Authored-By: Claude
8e4c6de to
5fa7432
Compare
|
Is it worth adding a throwaway commit that adds broken Go code to the tests / integration tests and proves the failure is surfaced? |
dde6ec9 to
5fa7432
Compare
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: alebedev87, frobware The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Summary
Add a dedicated
verify-testbuild stage toContainerfile.bpfman-operator.openshiftthat compiles all code including integration tests (-tags=integration_tests). Thebpfman-operator-buildstage depends onverify-testvia aCOPY --from, so the verification runs before the main build proceeds.This would have caught the
podExecduplicate symbol introduced by #2037 (cherry-pick of upstream PRs #530 and #536 without their dependency #528).Summary by CodeRabbit