Skip to content

refactor: code review fixes — dead code, error wrapping, deduplication#313

Merged
mchmarny merged 5 commits intomainfrom
refactor/code-review-fixes
Mar 9, 2026
Merged

refactor: code review fixes — dead code, error wrapping, deduplication#313
mchmarny merged 5 commits intomainfrom
refactor/code-review-fixes

Conversation

@mchmarny
Copy link
Member

@mchmarny mchmarny commented Mar 9, 2026
edited
Loading

Summary

Cleanup across the entire codebase. All changes verified with make qualify (tests + lint + e2e + vuln scan + license headers).

  • Fix 3 correctness bugs: file handle leak in bundler handler, data race in recipe metadata store, partial state mutation in sysctl collector
  • Fix streaming checksums: replace os.ReadFile + sha256.Sum256 with streaming io.Copy to bound memory usage
  • Wrap 14 bare error returns with errors.Wrap for better diagnostics (k8s/agent/rbac, all collector ctx.Err paths)
  • Replace ~10 magic literals with named constants from pkg/defaults
  • Unexport 40+ internal-only symbols across server, oci, logging, header, version, manifest, snapshotter, errors, recipe, measurement, component, evidence packages
  • Delete dead code: ExitCodeFromSignal, MustGetComponentRegistry, Snapshotter interface, WithConfig, GetOwnPodTolerations, KindValidationResult, ErrInvalidPrecision, BoolToString, unused metric
  • Deduplicate code: extract shared prepareCluster in validator, truncateLogLines in job/result, deployAndWaitForResult in snapshotter/agent, consolidate matchesCriteriaField, move waitForDeletion to shared helpers
  • Cache evidence templates at package level (parse once, reuse)
  • Fix test connecting to live cluster: snapshot test now uses mock factory
  • Add ctx.Done() check in GetPodLogs scan loop (matching StreamLogs pattern)
  • Add slog.Warn for silent env var parse failures in server config

Test plan

  • make qualify passes (tests + lint + e2e + vuln scan + license headers)
  • All 87 modified files compile cleanly (go build ./..., go vet ./...)
  • No tests connect to live clusters (fixed snapshot test)
  • 74.0% coverage (above 70% threshold)

mchmarny added 5 commits March 9, 2026 11:57
@mchmarny
fix: correctness bugs in handler, metadata store, sysctl, and checksums
7802323 
- Fix file handle leak in bundler handler Walk callback (explicit close after io.Copy)
- Fix data race in recipe metadata store (remove unsynchronized pre-check before sync.Once)
- Fix partial state mutation in sysctl parseMultiLineKeyValue (use temp map)
- Replace os.ReadFile with streaming SHA256 in checksum generation/verification
- Remove unused recipeCacheHits metric (caller removed in metadata store fix)
- Fix snapshot test connecting to live cluster (use mock factory)
@mchmarny
fix: wrap bare errors, replace magic literals with named constants
ec4e3c9 
- Add new constants to pkg/defaults (AgentJobActiveDeadline, FileParserMaxSize, server rate limits)
- Wrap 4 bare error returns in k8s/agent/rbac.go with errors.Wrap
- Replace magic literals in k8s/agent/job.go with defaults constants
- Replace 500ms poll interval literals with defaults.PodPollInterval
- Add ctx.Done() check in GetPodLogs scan loop (matching StreamLogs pattern)
- Wrap bare ctx.Err() returns across all collector packages (10 instances)
- Remove unreachable guard in k8s/node.go parseProvider
- Replace magic literal in file collector with defaults.FileParserMaxSize
- Replace magic literals in server config/middleware with defaults constants
- Add slog.Warn for silent env var parse failures in server config
- Use clusterRoleName constant instead of string literal in rbac.go
@mchmarny
refactor: unexport internal-only symbols and remove dead code
d6b0a88 
Packages: errors, header, version, logging, manifest, snapshotter, k8s/agent,
server, oci

- Delete ExitCodeFromSignal, ExitFlagError, ExitSignalBase (zero callers)
- Unexport ExitCodeFromErrorCode (only internal caller)
- Delete KindValidationResult, ErrInvalidPrecision (zero references)
- Delete Snapshotter interface (never implemented)
- Delete WithConfig option (zero external callers)
- Unexport 20+ symbols only used within their packages:
  HTTPStatusFromCode, ErrorResponse, WriteError, DefaultAPIVersion,
  SetAPIVersionHeader, HealthResponse, Config, HealthResponse,
  ArtifactType, ReproducibleTimestamp, ValidateRegistryReference,
  URIScheme, APIDomain, APIVersion, EnvVarLogLevel, LogPrefixEnvVar,
  NewCLIHandler, HelmFuncMap, PermissionCheck, header.New
@mchmarny
refactor: unexport internal-only symbols in recipe, measurement, comp…
3ea2292 
…onent, evidence

- Unexport recipe validation helpers (ValidateMeasurementExists, ValidateSubtypeExists, etc.)
- Delete MustGetComponentRegistry (panic-on-error, no external callers)
- Delete DefaultRecipeCacheTTL re-export
- Unexport measurement helpers only used in tests (FilterIn, ToReadingWithType, etc.)
- Unexport serializer NewFileReaderAuto
- Unexport component helpers (ComputeChecksum, ExtractCustomLabels, etc.)
- Unexport evidence types (EvidenceEntry, CheckEntry, RequirementMeta)
- Cache parsed templates in evidence renderer (parse once, reuse)
- Delete GetOwnPodTolerations (zero callers)
- Export MatchesCriteriaField from recipe for cross-package use
@mchmarny
refactor: deduplicate code across validator, snapshotter, and conform…
c2f93bc 
…ance

- Extract shared prepareCluster helper in validator (ValidatePhases + ValidatePhase)
- Extract truncateLogLines helper in validator/job/result.go
- Deduplicate matchesCriteriaField (use exported recipe.MatchesCriteriaField)
- Move waitForDeletion to conformance/helpers.go (shared utility)
- Use package-level resourceSliceGVR in conformance/helpers.go
@mchmarny mchmarny requested a review from a team as a code owner March 9, 2026 19:00
@mchmarny mchmarny self-assigned this Mar 9, 2026
@mchmarny mchmarny enabled auto-merge (squash) March 9, 2026 19:05
@mchmarny mchmarny merged commit 7f19890 into main Mar 9, 2026
15 checks passed
@mchmarny mchmarny deleted the refactor/code-review-fixes branch March 9, 2026 19:07
@github-actions
Copy link

github-actions bot commented Mar 9, 2026

Coverage Report ✅

Metric Value
Coverage 73.8%
Threshold 70%
Status Pass
Coverage Badge 
![Coverage](https://img.shields.io/badge/coverage-73.8%25-green)

Merging this branch changes the coverage (3 decrease, 10 increase)

Impacted Packages Coverage Δ 🤖
github.com/NVIDIA/aicr/pkg/bundler 58.77% (ø)
github.com/NVIDIA/aicr/pkg/bundler/checksum 83.10% (+9.13%) 👍
github.com/NVIDIA/aicr/pkg/bundler/validations 84.62% (+0.36%) 👍
github.com/NVIDIA/aicr/pkg/collector/file 100.00% (ø)
github.com/NVIDIA/aicr/pkg/collector/gpu 53.23% (ø)
github.com/NVIDIA/aicr/pkg/collector/k8s 70.22% (+0.61%) 👍
github.com/NVIDIA/aicr/pkg/collector/os 92.71% (+6.39%) 👍
github.com/NVIDIA/aicr/pkg/component 75.69% (-0.13%) 👎
github.com/NVIDIA/aicr/pkg/defaults 100.00% (ø)
github.com/NVIDIA/aicr/pkg/errors 100.00% (ø)
github.com/NVIDIA/aicr/pkg/evidence 88.46% (+1.56%) 👍
github.com/NVIDIA/aicr/pkg/header 100.00% (ø)
github.com/NVIDIA/aicr/pkg/k8s/agent 76.02% (-0.97%) 👎
github.com/NVIDIA/aicr/pkg/k8s/pod 81.03% (-0.54%) 👎
github.com/NVIDIA/aicr/pkg/logging 100.00% (ø)
github.com/NVIDIA/aicr/pkg/manifest 92.00% (ø)
github.com/NVIDIA/aicr/pkg/measurement 97.49% (ø)
github.com/NVIDIA/aicr/pkg/oci 71.84% (ø)
github.com/NVIDIA/aicr/pkg/recipe 90.18% (+0.03%) 👍
github.com/NVIDIA/aicr/pkg/serializer 74.68% (ø)
github.com/NVIDIA/aicr/pkg/server 93.90% (+0.03%) 👍
github.com/NVIDIA/aicr/pkg/snapshotter 50.45% (+3.68%) 👍
github.com/NVIDIA/aicr/pkg/validator 34.80% (+2.68%) 👍
github.com/NVIDIA/aicr/pkg/validator/job 65.13% (+0.66%) 👍
github.com/NVIDIA/aicr/pkg/version 98.80% (ø)
github.com/NVIDIA/aicr/validators 0.00% (ø)
github.com/NVIDIA/aicr/validators/conformance 0.00% (ø)
github.com/NVIDIA/aicr/validators/helper 0.00% (ø)
Coverage by file

Changed files (no unit tests)

Changed File Coverage Δ Total Covered Missed 🤖
github.com/NVIDIA/aicr/pkg/bundler/checksum/checksum.go 83.10% (+9.13%) 71 (-2) 59 (+5) 12 (-7) 👍
github.com/NVIDIA/aicr/pkg/bundler/handler.go 72.27% (ø) 119 86 33
github.com/NVIDIA/aicr/pkg/bundler/validations/checks.go 94.83% (+1.28%) 58 (-4) 55 (-3) 3 (-1) 👍
github.com/NVIDIA/aicr/pkg/collector/file/file.go 100.00% (ø) 61 61 0
github.com/NVIDIA/aicr/pkg/collector/gpu/gpu.go 53.23% (ø) 62 33 29
github.com/NVIDIA/aicr/pkg/collector/k8s/image.go 86.11% (ø) 36 31 5
github.com/NVIDIA/aicr/pkg/collector/k8s/node.go 76.60% (+2.60%) 47 (-3) 36 (-1) 11 (-2) 👍
github.com/NVIDIA/aicr/pkg/collector/k8s/policy.go 41.82% (ø) 55 23 32
github.com/NVIDIA/aicr/pkg/collector/k8s/server.go 75.00% (ø) 8 6 2
github.com/NVIDIA/aicr/pkg/collector/os/grub.go 81.82% (ø) 11 9 2
github.com/NVIDIA/aicr/pkg/collector/os/kmod.go 92.31% (+7.69%) 13 12 (+1) 1 (-1) 👍
github.com/NVIDIA/aicr/pkg/collector/os/release.go 100.00% (+7.14%) 14 14 (+1) 0 (-1) 👍
github.com/NVIDIA/aicr/pkg/collector/os/sysctl.go 90.70% (+4.98%) 43 (+1) 39 (+3) 4 (-2) 👍
github.com/NVIDIA/aicr/pkg/component/base.go 92.86% (ø) 70 65 5
github.com/NVIDIA/aicr/pkg/component/helpers.go 94.12% (-0.48%) 34 (-3) 32 (-3) 2 👎
github.com/NVIDIA/aicr/pkg/component/overrides.go 95.49% (ø) 244 233 11
github.com/NVIDIA/aicr/pkg/defaults/timeouts.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/errors/exitcode.go 100.00% (ø) 15 (-1) 15 (-1) 0
github.com/NVIDIA/aicr/pkg/evidence/renderer.go 88.00% (+1.58%) 75 (-6) 66 (-4) 9 (-2) 👍
github.com/NVIDIA/aicr/pkg/evidence/requirements.go 100.00% (ø) 3 3 0
github.com/NVIDIA/aicr/pkg/evidence/types.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/header/header.go 100.00% (ø) 8 8 0
github.com/NVIDIA/aicr/pkg/k8s/agent/job.go 85.25% (-0.24%) 61 (-1) 52 (-1) 9 👎
github.com/NVIDIA/aicr/pkg/k8s/agent/permissions.go 100.00% (ø) 26 26 0
github.com/NVIDIA/aicr/pkg/k8s/agent/rbac.go 64.91% (-2.43%) 57 (+8) 37 (+4) 20 (+4) 👎
github.com/NVIDIA/aicr/pkg/k8s/pod/logs.go 81.08% (-1.78%) 37 (+2) 30 (+1) 7 (+1) 👎
github.com/NVIDIA/aicr/pkg/k8s/pod/wait.go 70.73% (ø) 41 29 12
github.com/NVIDIA/aicr/pkg/logging/cli.go 100.00% (ø) 24 24 0
github.com/NVIDIA/aicr/pkg/logging/logger.go 100.00% (ø) 16 16 0
github.com/NVIDIA/aicr/pkg/manifest/render.go 92.00% (ø) 25 23 2
github.com/NVIDIA/aicr/pkg/measurement/doc.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/measurement/filter.go 97.56% (ø) 41 40 1
github.com/NVIDIA/aicr/pkg/measurement/types.go 97.01% (ø) 134 130 4
github.com/NVIDIA/aicr/pkg/oci/push.go 81.40% (ø) 129 105 24
github.com/NVIDIA/aicr/pkg/oci/reference.go 44.44% (ø) 45 20 25
github.com/NVIDIA/aicr/pkg/recipe/adapter.go 87.72% (ø) 57 50 7
github.com/NVIDIA/aicr/pkg/recipe/components.go 90.43% (+0.63%) 94 (-4) 85 (-3) 9 (-1) 👍
github.com/NVIDIA/aicr/pkg/recipe/criteria.go 90.11% (ø) 263 237 26
github.com/NVIDIA/aicr/pkg/recipe/handler.go 76.67% (ø) 30 23 7
github.com/NVIDIA/aicr/pkg/recipe/metadata_store.go 82.39% (-0.30%) 176 (-3) 145 (-3) 31 👎
github.com/NVIDIA/aicr/pkg/recipe/metrics.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/recipe/recipe.go 97.56% (ø) 41 40 1
github.com/NVIDIA/aicr/pkg/serializer/doc.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/serializer/reader.go 59.13% (ø) 115 68 47
github.com/NVIDIA/aicr/pkg/server/config.go 100.00% (ø) 12 (+2) 12 (+2) 0
github.com/NVIDIA/aicr/pkg/server/errors.go 100.00% (ø) 41 41 0
github.com/NVIDIA/aicr/pkg/server/health.go 100.00% (ø) 17 17 0
github.com/NVIDIA/aicr/pkg/server/middleware.go 97.73% (-0.05%) 44 (-1) 43 (-1) 1 👎
github.com/NVIDIA/aicr/pkg/server/server.go 80.95% (ø) 63 51 12
github.com/NVIDIA/aicr/pkg/server/version.go 100.00% (ø) 14 14 0
github.com/NVIDIA/aicr/pkg/snapshotter/agent.go 38.00% (+6.16%) 150 (-29) 57 93 (-29) 👍
github.com/NVIDIA/aicr/pkg/snapshotter/snapshot.go 76.81% (-8.48%) 69 (+1) 53 (-5) 16 (+6) 👎
github.com/NVIDIA/aicr/pkg/snapshotter/types.go 100.00% (ø) 1 1 0
github.com/NVIDIA/aicr/pkg/snapshotter/version.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/pkg/validator/job/result.go 83.61% (+2.65%) 61 (-2) 51 10 (-2) 👍
github.com/NVIDIA/aicr/pkg/validator/validator.go 30.00% (+2.46%) 190 (-17) 57 133 (-17) 👍
github.com/NVIDIA/aicr/pkg/version/version.go 98.80% (ø) 83 82 1
github.com/NVIDIA/aicr/validators/conformance/helpers.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/validators/conformance/secure_access_check.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/validators/helper/pod.go 0.00% (ø) 0 0 0
github.com/NVIDIA/aicr/validators/runner.go 0.00% (ø) 0 0 0

Please note that the "Total", "Covered", and "Missed" counts above refer to code statements instead of lines of code. The value in brackets refers to the test coverage of that file in the old version of the code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lalitadithya lalitadithya lalitadithya approved these changes

Assignees

@mchmarny mchmarny

Labels

area/bundler area/collector area/validator size/XL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mchmarny @lalitadithya