Add CLAUDE.md and CodeRabbit configuration (#3228)

rnetser · web-flow · commit 8cf3a3fef8f6 · 2026-01-06T22:31:29.000+02:00
## Short description

Add CodeRabbit AI review automation and Claude Code project guidelines
to improve code review quality and establish consistent coding
standards.

## More details

This PR introduces two key components:

### 1. CodeRabbit Configuration (`.coderabbit.yaml`)
- Configures automated PR reviews with assertive profile for strict
enforcement
- Enables multiple linting tools: ruff, mypy, yamllint, shellcheck,
gitleaks, semgrep, actionlint, hadolint, markdownlint
- Adds path-specific review instructions for `tests/`, `utilities/`,
`libs/`, and `conftest.py`
- Integrates with project's knowledge base (CLAUDE.md, coding guides)

### 2. Claude Code Guidelines (`CLAUDE.md`)
- Documents strict rules: no linter suppressions, code reuse
requirements
- Establishes Python requirements: type hints, docstrings, uv-only
execution
- Defines test requirements: single-action fixtures, noun naming,
markers
- Provides essential commands for running tests and development
- Documents code architecture and directory structure
- Explains fixture guidelines and PR process

### 3. Gitignore Updates
- Added `.claude/` directory (Claude Code local config)
- Added `ocp_resources` (generated resources)

## Jira ticket

N/A - Infrastructure improvement

## Upstream PR (when applicable)

N/A

## Additional info

- This enables automated code review feedback on all PRs
- Establishes consistent coding standards documentation
- Improves onboarding for new contributors

&lt;!-- This is an auto-generated comment: release notes by coderabbit.ai
--&gt;
## Summary by CodeRabbit

* **Chores**
* Enabled automated AI-assisted code review with pre-merge enforcement,
incremental auto-reviews, branch-targeting, rich review summaries and
display options, chat auto-reply, path/title filtering, expanded ignore
rules for local/assistant artifacts, and a broad suite of
linting/security checks.

* **Documentation**
* Added a comprehensive developer guide consolidating coding standards,
docstring/testing requirements, workflows, assistant integration, and
review/merge procedures.

&lt;sub&gt;✏️ Tip: You can customize this high-level summary in your review
settings.&lt;/sub&gt;
&lt;!-- end of auto-generated comment: release notes by coderabbit.ai --&gt;
diff --git a/.coderabbit.yaml b/.coderabbit.yaml
@@ -0,0 +1,106 @@
+# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
+# CodeRabbit AI Review Configuration for openshift-virtualization-tests
+# Based on project-specific rules from CLAUDE.md
+
+language: en-US
+
+tone_instructions: "Be direct and specific. Explain WHY rules exist. Provide code examples. Distinguish critical violations from suggestions. Use severity levels: CRITICAL (blocking/security), HIGH (types/fixtures), MEDIUM (style), LOW (suggestions)."
+
+early_access: true
+enable_free_tier: true
+
+reviews:
+  # Assertive profile for strict enforcement of coding standards
+  profile: assertive
+
+  # Request changes for critical violations
+  request_changes_workflow: true
+
+  # Review display settings
+  high_level_summary: true
+  high_level_summary_placeholder: "@coderabbitai summary"
+  auto_title_placeholder: "@coderabbitai"
+  review_status: true
+  commit_status: true
+  poem: false
+  collapse_walkthrough: true
+  sequence_diagrams: false
+  changed_files_summary: true
+
+  # Targeted pre-merge checks - only run on changed files
+  path_filters:
+    - "!**/*.md"  # Skip markdown-only changes for full review
+
+  # Abort review if PR is closed
+  abort_on_close: true
+
+  # Auto-review configuration
+  auto_review:
+    enabled: true
+    auto_incremental_review: true
+    drafts: false
+    ignore_title_keywords:
+      - "WIP"
+    base_branches:
+      - main
+      - cnv-4.20
+      - cnv-4.19
+      - cnv-4.18
+
+  # Enabled linting and security tools
+  tools:
+    # Python linting
+    ruff:
+      enabled: true
+    # Additional Python linting (stricter checks)
+    pylint:
+      enabled: true
+    # Note: mypy is not a supported CodeRabbit tool - type checking is enforced via pre-commit and tox
+    # YAML validation
+    yamllint:
+      enabled: true
+    # Shell script checking
+    shellcheck:
+      enabled: true
+    # Security scanning
+    gitleaks:
+      enabled: true
+    semgrep:
+      enabled: true
+    # GitHub Actions workflow validation
+    actionlint:
+      enabled: true
+    # Dockerfile linting
+    hadolint:
+      enabled: true
+    # Markdown linting
+    markdownlint:
+      enabled: true
+    # GitHub checks integration
+    github-checks:
+      enabled: true
+      timeout_ms: 90000
+
+chat:
+  auto_reply: true
+
+knowledge_base:
+  opt_out: false
+
+  # Enable code guidelines enforcement from CLAUDE.md and docs
+  code_guidelines:
+    enabled: true
+    filePatterns:
+      - "CLAUDE.md"
+
+  # Enable learning from repository patterns
+  learnings:
+    scope: auto
+
+  # Enable learning from issues
+  issues:
+    scope: auto
+
+  # Enable learning from pull requests
+  pull_requests:
+    scope: auto
diff --git a/.gitignore b/.gitignore
@@ -125,5 +125,8 @@ docs/source/rst
 # IntelliJ project folder
 .idea/
 
+# Claude Code assistant
+.claude/
+
 # For local run (debug).
 ocp_resources
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -0,0 +1,155 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+
+## Strict Rules (MANDATORY)
+
+Based on [myk-org/github-metrics CLAUDE.md](https://github.com/myk-org/github-metrics/blob/main/CLAUDE.md#strict-rules-mandatory)
+
+### Linter Suppressions PROHIBITED
+
+- ❌ **NEVER** add `# noqa`, `# type: ignore`, `# pylint: disable`
+- ❌ **NEVER** disable linter/mypy rules to work around issues
+- ✅ **FIX THE CODE** - If linter complains, the code is wrong
+- If you think a rule is wrong: **ASK** the user for explicit approval
+
+### Code Reuse (Search-First Development)
+
+Before writing ANY new code:
+
+1. **SEARCH** codebase for existing implementations
+2. **CHECK** `utilities/` for shared functions
+3. **CHECK** `libs/` for shared libraries
+4. **CHECK** `tests/` for shared fixtures and helper functions
+5. **VERIFY** no similar logic exists elsewhere
+6. **NEVER** duplicate logic - extract to shared module
+7. **REUSE** existing code and patterns — only write new when nothing exists
+
+### Python Requirements
+
+- **Type hints MANDATORY** - mypy strict mode in `libs/`, all new public functions under utilities MUST be typed
+- **Google-format docstrings REQUIRED** - for all public functions with non-obvious return values OR side effects
+- **No defensive programming** - fail-fast, don't hide bugs with fake defaults (see exceptions below)
+- **ALWAYS use `uv run`** - NEVER execute `python`, `pip`, or `pytest` directly. Use `uv run python`, `uv run pytest`, `uv add` for package installation.
+- **ALWAYS use absolute imports** - NEVER use relative imports
+- **ALWAYS import specific functions** - use `from module import func`, NEVER `import module`
+- **ALWAYS use named arguments** - for function calls with more than one argument
+- **NEVER use single-letter variable names** - ALWAYS use descriptive, meaningful names
+- **No dead code** - every function, variable, fixture MUST be used or removed. Code marked with `# skip-unused-code` is excluded from dead code analysis (enforced via custom ruff plugin).
+- **Prefer direct attribute access** - use `foo.attr` directly. Save to variables only when: reusing the same attribute multiple times improves readability, or extracting clarifies intent.
+
+### Acceptable Defensive Checks (Exceptions Only)
+
+The "no defensive programming" rule has these five exceptions:
+
+1. **Destructors/Cleanup** - May be called during incomplete initialization
+2. **Optional Parameters** - Explicitly typed as `Type | None` with default `None`
+3. **Lazy Initialization** - Attributes intentionally starting as `None` before first use
+4. **Platform/Architecture Constants** - Features unavailable on all platforms (x86_64, arm64, s390x)
+5. **Unversioned External Libraries** - External dependencies with unknown API stability
+
+**Still Prohibited (with examples):**
+
+- ❌ **Checking attributes that are ALWAYS provided** - Do NOT check if `vm.name` exists when VirtualMachine always has a name field. If the schema guarantees it, trust it.
+- ❌ **Defensive checks on data guaranteed by architecture** - Do NOT validate that `namespace.client` is not None when the Namespace class always sets client in `__init__`. If the constructor guarantees it, trust it.
+- ❌ **Using `hasattr()` for type discrimination** - Do NOT use `if hasattr(obj, 'some_method')` to detect type. Use `isinstance(obj, ExpectedType)` for explicit type checking.
+- ❌ **Version checking for pinned dependencies** - Do NOT check `if kubernetes_version >= X` when pyproject.toml pins the exact version. The lock file guarantees the version.
+
+### Test Requirements
+
+- **All new tests MUST have markers** - check pytest.ini for available markers, NEVER commit unmarked tests
+- **Each test verifies ONE aspect only** - single purpose, easy to understand
+- **Tests MUST be independent** - use `pytest-dependency` ONLY when test B requires side effects from test A (e.g., cluster-wide configuration).
+  For resource dependencies, use shared fixtures instead. **When using `@pytest.mark.dependency`, a comment explaining WHY the dependency exists is REQUIRED.**
+- **ALWAYS use `@pytest.mark.usefixtures`** - REQUIRED when fixture return value is not used by test
+
+### Fixture Guidelines (CRITICAL)
+
+1. **Single Action REQUIRED**: Fixtures MUST do ONE action only (single responsibility)
+2. **Naming REQUIRED**: ALWAYS use NOUNS (what they provide), NEVER verbs
+   - ✅ `vm_with_disk`
+   - ❌ `create_vm_with_disk`
+3. **Parametrization format**: Use `request.param` with dict structure for complex parameters
+4. **Ordering REQUIRED**: pytest native fixtures first, then session-scoped, then module/class/function scoped
+5. **Fixture scope rules**:
+   - Use `scope="function"` (default) - for setup requiring test isolation
+   - Use `scope="class"` - for setup shared across test class
+   - Use `scope="module"` - for expensive setup in a test module
+   - Use `scope="session"` - for setup that persists the entire test run (e.g., storage class, namespace)
+   - **NEVER use broader scope if fixture modifies state or creates per-test resources**
+
+
+### Logging Guidelines
+
+- **INFO level REQUIRED for** - test phase transitions, resource creation/deletion, configuration changes, API responses, intermediate state
+- **ERROR level REQUIRED for** - exceptions with full context: what failed, expected vs actual values, resource state
+- **NEVER use DEBUG level** - if a log is needed, use INFO.
+- **NEVER log** - secrets, tokens, passwords, or PII
+- **Log format REQUIRED** - structured key-value pairs for searchability: `LOGGER.info("VM created", extra={"name": vm_name, "namespace": ns})`
+
+### Code Patterns (Not Enforced by Linters)
+
+**Exception Handling:**
+- **ALWAYS re-raise with context** - use `raise NewError("message") from original_error` to preserve stack trace
+- **Do not catch bare `Exception`** - catch specific exception types only
+- **NEVER silently swallow exceptions** - at minimum, log the error before continuing
+
+**Context Managers:**
+- **ALWAYS use `with` for resources** - files, connections, locks MUST use context managers
+- **Fixtures with cleanup MUST use yield** - use `yield resource` followed by cleanup code, NEVER return + finalizer
+
+**Timeouts and Polling:**
+- **ALWAYS use `timeout_sampler`** - from `timeout_sampler` package for any operation that waits for a condition:
+  ```python
+  from timeout_sampler import TimeoutSampler
+  for sample in TimeoutSampler(wait_timeout=60, sleep=5, func=check_condition):
+      if sample:
+          break
+  ```
+- **NEVER use `time.sleep()` in loops** - use `timeout_sampler` with appropriate wait time
+
+**Assertions:**
+- **Use pytest assertions** - `assert actual == expected`, NEVER `self.assertEqual()`
+- **Include failure messages** - `assert condition, "descriptive message explaining failure"`
+
+**Boolean Checks:**
+- **Use implicit boolean** - `if items:` NOT `if len(items) > 0:` or `if items != []:`
+- **Use identity for None** - `if x is None:` NOT `if x == None:`
+- **NEVER compare to True/False** - `if flag:` NOT `if flag == True:`
+
+### Tests Directory Organization
+
+- **Feature subdirectories REQUIRED** - each feature MUST have its own subdirectory under component (e.g., `tests/network/ipv6/`)
+- **Test file naming REQUIRED** - ALWAYS use `test_<functionality>.py` format
+- **Local helpers location** - place helper utils in `<feature_dir>/utils.py`
+- **Local fixtures location** - place in `<feature_dir>/conftest.py`
+- **Move to shared location** - move to `utilities/` or `tests/conftest.py` ONLY when used by different team directories
+
+### Internal API Stability
+
+This is a test suite - internal APIs have NO backward compatibility requirements:
+
+- Return types and method signatures can change freely
+- Internal utility functions can be refactored without deprecation
+- Only external interfaces (pytest markers, CLI options) need stability
+
+## Essential Commands
+
+### Before commiting Verification (MANDATORY)
+
+Before committing, these checks MUST pass:
+
+```bash
+# Required before every commit
+pre-commit run --all-files  # Linting and formatting
+
+# Full CI checks
+tox
+
+# Run utilities unit tests
+tox -e utilities-unittests
+
+```
+
+**No exceptions.** Fix all failures before committing. Do not use `--no-verify` to bypass hooks.
