Skip to content

Add retry for virtctl download to handle transient SSL errors#5355

Open
Ahmad-Hafe wants to merge 1 commit into
RedHatQE:mainfrom
Ahmad-Hafe:add-retry-to-virtctl-download
Open

Add retry for virtctl download to handle transient SSL errors#5355
Ahmad-Hafe wants to merge 1 commit into
RedHatQE:mainfrom
Ahmad-Hafe:add-retry-to-virtctl-download

Conversation

@Ahmad-Hafe

@Ahmad-Hafe Ahmad-Hafe commented Jun 23, 2026

Copy link
Copy Markdown
Contributor
What this PR does / why we need it:

The virtctl binary download from the cluster CLI route can intermittently fail with transient network errors (SSL handshake failures, connection resets, timeouts) during TLS connection, causing all tests depending on the virtctl_binary fixture to fail in setup.

Wraps the download in TimeoutSampler to retry on SSLError and ConnectionError for up to 2 minutes (10s between attempts).

Which issue(s) this PR fixes:
Special notes for reviewer:

Tested on cluster c01-ahmad422 — both error path and happy path tests passed:

  • TestDisconnectedVirtctlDownload::test_download_virtcli_binary (gating) - PASSED
  • TestDisconnectedVirtctlDownloadAndExecute::test_download_and_execute_virtcli_binary_linux (gating) - PASSED
jira-ticket:

https://redhat.atlassian.net/browse/CNV-83631

Summary by CodeRabbit

  • Bug Fixes
    • Improved reliability when downloading and extracting archives from a cluster.
    • Added automatic retries for temporary network issues, including timeouts, connection errors, and SSL-related failures.
    • Downloads now use a dedicated retry-enabled request flow and will keep attempting for a short time window before failing, reducing impact from intermittent errors.
    • Error handling is more consistent when repeated failures occur.

@coderabbitai

coderabbitai Bot commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

download_and_extract_file_from_cluster now delegates archive downloading to _download_file, which retries SSL, connection, and timeout failures, uses a non-streaming request, and writes the full response body to local_file_name before extraction.

Changes

Retry download with helper

Layer / File(s) Summary
Download helper and call site
utilities/infra.py
_download_file handles retried requests.get calls with verify=False and a timeout, and download_and_extract_file_from_cluster now builds local_file_name and delegates the fetch to that helper.

Estimated code review effort: 2 (Simple) | ~10 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stp Link Required ✅ Passed No files or functions were added under tests/; the PR only modifies utilities/infra.py, so STP/RFE/Jira links are not required.
Title check ✅ Passed The title is concise, under 120 characters, and accurately describes the retry addition for virtctl download.
Description check ✅ Passed The PR description follows the template and includes purpose, reviewer notes, and a Jira ticket; only the issue section is empty.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Warning

Review ran into problems

🔥 Problems

Linked repositories: Your configuration references 1 linked repositories, but your current plan allows 0. Analyzed ``, skipped RedHatQE/openshift-virtualization-tests-design-docs.


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@openshift-virtualization-qe-bot-3

Copy link
Copy Markdown
Contributor

Report bugs in Issues

Welcome! 🎉

This pull request will be automatically processed with the following features:

🔄 Automatic Actions

  • Reviewer Assignment: Reviewers are automatically assigned based on the OWNERS file in the repository root
  • Size Labeling: PR size labels (XS, S, M, L, XL, XXL) are automatically applied based on changes
  • Issue Creation: A tracking issue is created for this PR and will be closed when the PR is merged or closed
  • Branch Labeling: Branch-specific labels are applied to track the target branch
  • Auto-verification: Auto-verified users have their PRs automatically marked as verified
  • Labels: Enabled categories: branch, can-be-merged, cherry-pick, has-conflicts, hold, needs-rebase, size, verified, wip

📋 Available Commands

PR Status Management

  • /wip - Mark PR as work in progress (adds WIP: prefix to title)
  • /wip cancel - Remove work in progress status
  • /hold - Block PR merging (approvers only)
  • /hold cancel - Unblock PR merging
  • /verified - Mark PR as verified
  • /verified cancel - Remove verification status
  • /reprocess - Trigger complete PR workflow reprocessing (useful if webhook failed or configuration changed)
  • /regenerate-welcome - Regenerate this welcome message
  • /security-override - Set security check runs to pass (maintainers only)
  • /security-override cancel - Re-run security checks

Review & Approval

  • /lgtm - Approve changes (looks good to me)
  • /approve - Approve PR (approvers only)
  • /assign-reviewers - Assign reviewers based on OWNERS file
  • /assign-reviewer @username - Assign specific reviewer
  • /check-can-merge - Check if PR meets merge requirements

Testing & Validation

  • /retest tox - Run Python test suite with tox
  • /retest build-container - Rebuild and test container image
  • /retest verify-bugs-are-open - verify-bugs-are-open
  • /retest all - Run all available tests

Container Operations

  • /build-and-push-container - Build and push container image (tagged with PR number)
    • Supports additional build arguments: /build-and-push-container --build-arg KEY=value

Cherry-pick Operations

  • /cherry-pick <branch> - Schedule cherry-pick to target branch when PR is merged
    • Multiple branches: /cherry-pick branch1 branch2 branch3
  • /cherry-pick-retry <branch> - Retry a failed cherry-pick (merged PRs only)

Branch Management

  • /rebase - Rebase this PR branch onto its base branch

Label Management

  • /<label-name> - Add a label to the PR
  • /<label-name> cancel - Remove a label from the PR

✅ Merge Requirements

This PR will be automatically approved when the following conditions are met:

  1. Approval: /approve from at least one approver
  2. LGTM Count: Minimum 2 /lgtm from reviewers
  3. Status Checks: All required status checks must pass
  4. No Blockers: No wip, hold, has-conflicts labels and PR must be mergeable (no conflicts)
  5. Verified: PR must be marked as verified

📊 Review Process

Approvers and Reviewers

Approvers:

  • dshchedr
  • myakove
  • rnetser
  • vsibirsk

Reviewers:

  • RoniKishner
  • dshchedr
  • geetikakay
  • rnetser
  • vsibirsk
Available Labels
  • hold
  • verified
  • wip
  • lgtm
  • approve
AI Features
  • Cherry-Pick Conflict Resolution: Enabled (claude/claude-opus-4-6-1m)
Security Checks
  • Suspicious Path Detection: Monitors paths: .claude/, .vscode/, .cursor/, .devcontainer/, .pi/, .github/workflows/, .github/actions/
  • Committer Identity Check: Verifies last committer matches PR author
  • Mandatory: Security checks block merge (use /security-override to bypass — maintainers only)

💡 Tips

  • WIP Status: Use /wip when your PR is not ready for review
  • Verification: The verified label is removed on new commits unless the push is detected as a clean rebase
  • Cherry-picking: Cherry-pick labels are processed when the PR is merged
  • Container Builds: Container images are automatically tagged with the PR number
  • Permission Levels: Some commands require approver permissions
  • Auto-verified Users: Certain users have automatic verification and merge privileges

For more information, please refer to the project documentation or contact the maintainers.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@utilities/infra.py`:
- Line 695: The requests.get() call in the archive download function disables
TLS certificate verification with verify=False, creating a security
vulnerability where downloads could be intercepted. Enable certificate
verification by changing verify=False to verify=True in the requests.get() call,
or provide the path to a proper CA bundle if the target server uses a custom
certificate authority. Additionally, remove the urllib3.disable_warnings() call
that was suppressing SSL warnings, as proper certificate validation should now
be in place. The retry loop should handle legitimate transient network errors
without compromising security by disabling certificate checks.
- Around line 695-706: The requests.get() call in the _download_file function
lacks a timeout parameter, which allows a stalled socket to block indefinitely
and bypass the TimeoutSampler retry envelope. Additionally, the exceptions_dict
in the TimeoutSampler does not include requests.exceptions.Timeout, so timeout
exceptions won't be caught and retried. Add a timeout parameter (with an
appropriate value) to the requests.get() call, and add
requests.exceptions.Timeout to the exceptions_dict alongside the existing
requests.exceptions.SSLError and requests.exceptions.ConnectionError entries to
ensure transient hangs are properly retried.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 2e2a8e99-0f72-4fde-a7be-79f9fd7b32f6

📥 Commits

Reviewing files that changed from the base of the PR and between 57af127 and 7b7a2f6.

📒 Files selected for processing (1)
  • utilities/infra.py
📜 Review details
⏰ Context from checks skipped due to timeout. (2)
  • GitHub Check: can-be-merged
  • GitHub Check: can-be-merged
🧰 Additional context used
📓 Path-based instructions (3)
**/*.py

📄 CodeRabbit inference engine (AGENTS.md)

**/*.py: Never add linter suppressions like # noqa, # type: ignore, or # pylint: disable. Fix the code instead. If you believe a rule is wrong, ask the user for explicit approval.
Search the codebase for existing implementations before writing new code. Check utilities/, libs/, tests/, and pyproject.toml dependencies. Never duplicate logic—extract to shared modules. Use pyhelper_utils.shell.run_command for shell commands instead of subprocess.run, and use ocp-resources classes instead of raw YAML dicts.
Type hints are MANDATORY. Use mypy strict mode in libs/ and all new public functions under utilities. Use TYPE_CHECKING for type-only imports to avoid runtime overhead and circular imports.
Write Google-format docstrings for all public functions with non-obvious return values or side effects.
Always use uv run to execute commands. Never execute python, pip, pytest, tox, or pre-commit directly. Use uv run python, uv run pytest, uv run tox, uv run pre-commit, and uv add for package installation.
Always use absolute imports. Never use relative imports.
Prefer specific imports using from module import func for functions and constants. Use from package import module (then module.Name) when retaining the module name meaningfully improves readability. Never use bare import module without a from clause.
Always use named arguments for function calls with more than one argument.
Never use single-letter variable names. Always use descriptive, meaningful names.
No dead code. Every function, variable, and fixture must be used or removed. Code marked with # skip-unused-code is excluded from dead code analysis (enforced via custom ruff plugin).
Prefer direct attribute access using foo.attr. Save to variables only when reusing the same attribute multiple times improves readability or extracting clarifies intent.
Imports must always be at the top of the module. Do not import inside functions.
No defensive programming. Fail...

Files:

  • utilities/infra.py
utilities/infra.py

📄 CodeRabbit inference engine (AGENTS.md)

Place infrastructure helpers (SSH, networking infrastructure, pod operations) in utilities/infra.py.

Files:

  • utilities/infra.py
**

⚙️ CodeRabbit configuration file

**: # AI Review and Development Standards

Assisted-by: Claude noreply@anthropic.com

Coding standards, conventions, and review guidelines for openshift-virtualization-tests.

These rules apply to ALL contributors and review tools — human and AI alike.

Strict Rules (MANDATORY)

Linter Suppressions PROHIBITED

  • NEVER add # noqa, # type: ignore, # pylint: disable
  • NEVER disable linter/mypy rules to work around issues
  • FIX THE CODE - If linter complains, the code is wrong
  • If you think a rule is wrong: ASK the user for explicit approval

Code Reuse (Search-First Development)

Before writing ANY new code:

  1. SEARCH codebase for existing implementations
  2. CHECK utilities/ for shared functions
  3. CHECK libs/ for shared libraries
  4. CHECK tests/ for shared fixtures and helper functions
  5. CHECK pyproject.toml dependencies — project packages (e.g., pyhelper-utils, ocp-resources, openshift-python-wrapper) may already provide the functionality
  6. VERIFY no similar logic exists elsewhere
  7. NEVER duplicate logic - extract to shared module
  8. REUSE existing code and patterns — only write new when nothing exists

External package examples:

  • Shell commands — use pyhelper_utils.shell.run_command, NEVER use subprocess.run directly in test/utility code
  • OpenShift resources — use ocp-resources classes, NEVER construct raw YAML dicts

Python Requirements

  • Type hints MANDATORY - mypy strict mode in libs/, all new public functions under utilities MUST be typed
  • Use TYPE_CHECKING for type-only imports - wrap imports needed solely for type hints in if TYPE_CHECKING: to avoid runtime overhead and circular imports
  • Google-format docstrings REQUIRED - for all public functions with non-obvious return values OR side effects
  • No defensive programming - fail-fast, don't hide bugs with fake defaults (see exceptions below)
  • ALWAYS use uv run -...

Files:

  • utilities/infra.py

⚙️ CodeRabbit configuration file

**: ## PR Template Validation
Check the PR description for required sections from .github/pull_request_template.md.
Required sections (must be present, even if empty):

  • ##### What this PR does / why we need it: — MUST be present AND have meaningful content.
    Flag as HIGH if the section is missing, empty, whitespace-only, contains only HTML comments,
    or contains only placeholder tokens such as TBD, TBA, N/A, -, , none, or ..
  • ##### Which issue(s) this PR fixes: — must be present (may be empty)
  • ##### Special notes for reviewer: — must be present (may be empty)
  • ##### jira-ticket: — must be present (may be empty)
    If any required section is absent, or What this PR does / why we need it: has no content,
    flag it as HIGH severity and ask the author to restore the missing template section(s).

Approval Policy

You may approve the PR when ALL of the following are true:

  • All your review comments have been addressed with either:
    • a code/doc change that fixes the issue, or
    • a substantive author response that justifies no code change.
      Thread "resolved" state alone is not sufficient.
      OR you had no review comments.
  • If you posted a test execution plan comment requesting tests, and the PR author replied
    with a comment explaining why the requested tests are not needed or were already covered,
    treat that as an acceptable response — do not block approval on the test plan alone.
  • The author's explanation must be reasonable and specific (not just "N/A" or "not needed").
    Accept explanations like: "these tests were already run in CI", "this change is docs-only",
    "the affected tests are quarantined", or "verified manually on cluster X".

Files:

  • utilities/infra.py
🧠 Learnings (28)
📚 Learning: 2026-01-12T11:24:13.825Z
Learnt from: servolkov
Repo: RedHatQE/openshift-virtualization-tests PR: 3387
File: tests/network/provider_migration/libprovider.py:50-52
Timestamp: 2026-01-12T11:24:13.825Z
Learning: In the RedHatQE/openshift-virtualization-tests repository, when catching exceptions in Python, use LOGGER.error before re-raising and do not replace it with LOGGER.exception in except blocks. This follows the established pattern across the codebase.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-01-12T14:25:05.723Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 3366
File: tests/storage/cdi_clone/test_clone.py:5-9
Timestamp: 2026-01-12T14:25:05.723Z
Learning: In Python tests and utility code across the repository, bitmath.parse_string_unsafe correctly parses Kubernetes quantities (e.g., '4Gi', '512Mi', PVC storage requests) without supplying system=bitmath.NIST. There are 30+ usages indicating this is the standard behavior. Reviewers should verify that code that builds or compares quantity strings does not pass the NIST parameter, and if a new test relies on quantity parsing, assume no NIST parameter is required unless explicitly documented.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-01-20T01:03:13.139Z
Learnt from: servolkov
Repo: RedHatQE/openshift-virtualization-tests PR: 3387
File: tests/network/provider_migration/libprovider.py:1-8
Timestamp: 2026-01-20T01:03:13.139Z
Learning: In the openshift-virtualization-tests repository, Python imports should consistently use module-level imports for the logging module (i.e., import logging) rather than from logging import ... The established pattern spans 270+ files and should not be flagged for refactoring. Apply this guideline to Python files across the repo (e.g., tests/network/provider_migration/libprovider.py).

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-01-21T21:26:41.805Z
Learnt from: geetikakay
Repo: RedHatQE/openshift-virtualization-tests PR: 3559
File: utilities/infra.py:251-254
Timestamp: 2026-01-21T21:26:41.805Z
Learning: In the RedHatQE/openshift-virtualization-tests repository, when reviewing Python code, recognize that with Python 3.14 the syntax 'except ValueError, TypeError:' is valid if there is no 'as' clause, and should not be flagged as Python 2 syntax. If you use an 'as' binding (e.g., 'except (ValueError, TypeError) as e:'), parentheses are required. Ensure this pattern is version-consistent and not flagged as Python 2 syntax when 'as' is absent.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-01-25T13:18:21.675Z
Learnt from: jpeimer
Repo: RedHatQE/openshift-virtualization-tests PR: 3571
File: tests/storage/storage_migration/utils.py:158-167
Timestamp: 2026-01-25T13:18:21.675Z
Learning: In reviews of the openshift-virtualization-tests repo (and similar Python code), avoid suggesting minor stylistic changes that require extra verification (e.g., removing dict.keys() checks for membership) unless the change has clear correctness or maintainability impact. Focus on fixes with observable behavior, security, performance, or maintainability benefits; defer low-impact style tweaks that are costly to verify.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-02-18T06:35:39.536Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 3847
File: utilities/virt.py:2449-2453
Timestamp: 2026-02-18T06:35:39.536Z
Learning: In Python code, a function named clearly and self-descriptively can be deemed not to require a docstring. However, treat this as a context-specific guideline and not a universal rule. For public APIs or functions with side effects, prefer concise docstrings explaining behavior, inputs, outputs, and side effects. This guidance is based on the example in utilities/virt.py from RedHatQE/openshift-virtualization-tests where validate_libvirt_persistent_domain(vm, admin_client) was considered self-documenting.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-02-23T16:33:22.070Z
Learnt from: vsibirsk
Repo: RedHatQE/openshift-virtualization-tests PR: 3883
File: utilities/pytest_utils.py:441-463
Timestamp: 2026-02-23T16:33:22.070Z
Learning: In Python code reviews, the guideline to always use named arguments for multi-argument calls does not apply to built-ins or methods that have positional-only parameters (those defined with a / in their signature). Do not flag or require named arguments for calls like dict.get(key, default=None, /), list.pop(), str.split(sep, maxsplit) and similar built-ins that cannot accept keyword arguments. Apply the named-argument rule only to functions/methods that explicitly accept keyword arguments.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-03-17T01:32:02.617Z
Learnt from: dshchedr
Repo: RedHatQE/openshift-virtualization-tests PR: 4118
File: utilities/database.py:0-0
Timestamp: 2026-03-17T01:32:02.617Z
Learning: In RedHatQE/openshift-virtualization-tests, when reviewing Python files, post targeted inline comments on the Files changed tab at the exact location (file and line) of the issue rather than opening a single discussion thread for multiple issues. This should be done for each applicable location to improve traceability and clarity. If multiple issues exist in the same file, address them with separate inline comments pointing to the specific lines.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-03-17T01:32:02.617Z
Learnt from: dshchedr
Repo: RedHatQE/openshift-virtualization-tests PR: 4118
File: utilities/database.py:0-0
Timestamp: 2026-03-17T01:32:02.617Z
Learning: In the RedHatQE/openshift-virtualization-tests repository, CodeRabbit should post targeted inline comments at each applicable location in the Files Changed tab, rather than aggregating multiple issues into a single PR discussion thread reply. This guideline applies to all Python files (any file ending in .py) changed in a PR; for non-Python files, follow the same inline-comment-at-location principle if relevant.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-04T13:45:29.122Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 4725
File: utilities/console.py:54-59
Timestamp: 2026-05-04T13:45:29.122Z
Learning: During review of RedHatQE/openshift-virtualization-tests “lint-cleanup” PRs (e.g., changes targeting lint issues like stale noqa/utf-8 headers), do not flag existing `# type: ignore` directives that were already present before the PR and were not introduced or modified by the PR. Only raise findings for `# type: ignore` suppressions that the PR itself adds, changes, or otherwise makes newly effective (i.e., they appear in the diff as additions/edits).

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-04T13:45:33.892Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 4725
File: tests/virt/cluster/common_templates/centos/test_centos_os_support.py:78-83
Timestamp: 2026-05-04T13:45:33.892Z
Learning: When reviewing lint-cleanup or formatting-only pull requests in this repo (e.g., changes like removing/updating `# noqa` comments or UTF-8 headers), do not raise findings for code patterns that already existed before the PR. Specifically, if a problematic construct such as `.is_connective(tcp_timeout=120)` was present in the base branch, suppress that finding and only raise issues when the PR itself introduces or modifies that construct (i.e., the diff adds/changes the call or its arguments). Apply this rule across all Python files (`**/*.py`).

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-05T17:01:15.294Z
Learnt from: dshchedr
Repo: RedHatQE/openshift-virtualization-tests PR: 4739
File: tests/virt/node/descheduler/conftest.py:2-2
Timestamp: 2026-05-05T17:01:15.294Z
Learning: In this repo’s Python code, it’s acceptable (and preferred by convention) to build `run_command` inputs using `shlex.split(f"<command> {arg}")` rather than converting to direct list literals like `['oc', 'adm', 'uncordon', name]`. During code review, generally don’t flag `shlex.split(...)` usage for `run_command` calls and don’t suggest replacing it with list literals; the string-form pattern is used to keep commands readable and consistent with how they’re typed in a terminal.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-08T12:49:20.694Z
Learnt from: geetikakay
Repo: RedHatQE/openshift-virtualization-tests PR: 4788
File: utilities/os_utils.py:257-262
Timestamp: 2026-05-08T12:49:20.694Z
Learning: In RedHatQE/openshift-virtualization-tests, the Ruff flake8-boolean-trap rules FBT001/FBT002 are intentionally not enabled (pyproject.toml does not select the FBT rules; confirmed via `ruff check --show-settings`). Therefore, do not flag boolean positional parameters as FBT001/FBT002 violations in this repository. If Ruff configuration changes and starts selecting FBT rules, this exception should be reconsidered.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-12T05:10:24.601Z
Learnt from: acinko-rh
Repo: RedHatQE/openshift-virtualization-tests PR: 4780
File: tests/storage/utils.py:568-572
Timestamp: 2026-05-12T05:10:24.601Z
Learning: In this repository, Ruff rule UP043 ("unnecessary default type arguments") is enforced. When annotating `collections.abc.Generator` return types, prefer the single-parameter form `Generator[YieldType]` rather than `Generator[YieldType, None, None]`. Explicit `None, None` for the SendType and ReturnType are unnecessary defaults (per PEP 696) and will trigger UP043. Apply this consistently across all Python files.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-13T19:23:09.603Z
Learnt from: Anatw
Repo: RedHatQE/openshift-virtualization-tests PR: 4833
File: tests/network/localnet/migration_stuntime/libstuntime.py:25-25
Timestamp: 2026-05-13T19:23:09.603Z
Learning: In this repository, do not recommend adding `from __future__ import annotations` to fix forward-reference type annotation issues (e.g., Ruff UP037). Follow the established convention: use quoted string type annotations for forward references when the referenced class/type is defined later in the same file (e.g., `"ContinuousPing"`), and prefer `typing.Self` for self-referential return types.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-18T06:30:56.781Z
Learnt from: EdDev
Repo: RedHatQE/openshift-virtualization-tests PR: 4819
File: utilities/unittests/test_bitwarden.py:207-207
Timestamp: 2026-05-18T06:30:56.781Z
Learning: During Ruff/lint rule-enablement PRs in this repository (e.g., when introducing a new rule like PLC0415), it’s acceptable to keep CI green by adding per-line, targeted suppressions for pre-existing violations: add only `# noqa: <single-ruff-rule-id>` at the end of the specific violating line. In this PR context, reviewers should NOT flag these targeted `# noqa: PLC0415` comments as policy violations, assuming the suppression is for a pre-existing issue and is documented in the PR description as a candidate for follow-up cleanup. Do not allow blanket `# noqa` (without a specific rule) or `per-file-ignores`; those remain disallowed.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-18T06:31:12.015Z
Learnt from: EdDev
Repo: RedHatQE/openshift-virtualization-tests PR: 4819
File: utilities/unittests/test_pytest_utils.py:270-270
Timestamp: 2026-05-18T06:31:12.015Z
Learning: In RedHatQE/openshift-virtualization-tests, if a PR is a Ruff rule-enforcement PR and its “Special notes for reviewer” documents that pre-existing Ruff violations are being temporarily handled via per-line suppressions (e.g., `# noqa: PLC0415`) to keep CI green, reviewers should treat those specific `# noqa: <rule>` comments as an agreed, temporary mechanism. Do not flag them as code-quality issues and do not recommend removing, consolidating, or refactoring those suppressions within the same PR; cleanup/remediation is expected to happen in dedicated follow-up PRs instead.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-18T06:31:15.083Z
Learnt from: EdDev
Repo: RedHatQE/openshift-virtualization-tests PR: 4819
File: utilities/unittests/test_data_collector.py:304-304
Timestamp: 2026-05-18T06:31:15.083Z
Learning: When reviewing Python code in this repository for Ruff/linter rule rollouts, do not treat temporary suppression comments as violations in the specific migration scenario where a PR enables a new Ruff rule (e.g., PLC0415) and the PR description explicitly documents that all *pre-existing* violations are being annotated with `# noqa: <RULE>` as a short-lived measure. In that case, only flag `# noqa: <RULE>` suppressions that are newly introduced on code that did not previously violate the rule—i.e., verify via the PR diff against the prior state (and/or prior Ruff findings) that the suppressed line was already violating before the rule was enabled. Ignore suppressions that are covering violations that existed before the new rule rollout and were intentionally bulk-added for cleanup in follow-up PRs.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-18T06:31:20.848Z
Learnt from: EdDev
Repo: RedHatQE/openshift-virtualization-tests PR: 4819
File: utilities/unittests/test_hco.py:501-501
Timestamp: 2026-05-18T06:31:20.848Z
Learning: When reviewing Python code in RedHatQE/openshift-virtualization-tests, avoid flagging Ruff `# noqa: <RULE>` suppressions as issues if they were intentionally added as a temporary measure to keep CI green after a PR enables a new Ruff/lint rule (e.g., PLC0415) and the PR description documents this under "Special notes for reviewer". Treat these suppressions as deferred technical debt. Only flag `# noqa: PLC0415` (and similar rule-specific suppressions) when they are newly introduced without an accompanying documented intent in the PR (and thus appear to be masking a new violation rather than a pre-existing one).

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-18T09:09:09.479Z
Learnt from: EdDev
Repo: RedHatQE/openshift-virtualization-tests PR: 4878
File: utilities/unittests/test_pytest_utils.py:2194-2197
Timestamp: 2026-05-18T09:09:09.479Z
Learning: In this repository (RedHatQE/openshift-virtualization-tests), do not flag missing return type annotations or missing argument type annotations as Ruff “ANN” rule violations (e.g., ANN001/ANN002/ANN201/ANN202). The repo’s Ruff configuration does not enable ANN rules and only uses `extend-select = ["PLC0415"]`, so missing type annotations should not be treated as ANN lint failures during code review.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-19T07:48:17.119Z
Learnt from: azhivovk
Repo: RedHatQE/openshift-virtualization-tests PR: 4784
File: libs/vm/affinity.py:104-104
Timestamp: 2026-05-19T07:48:17.119Z
Learning: When using Kubernetes API models like `NodeSelectorRequirement` or `LabelSelectorRequirement` with operators `Exists` or `DoesNotExist`, the `values` field must not be non-empty. It is valid for `values` to be omitted / left as `None` (Python) / passed as `null`—Kubernetes rejects non-empty `values` for these operators, but does not require the field to be present or explicitly set to an empty list. In code reviews, do not treat missing `values=[]` for `Exists`/`DoesNotExist` as a validation issue; only flag cases where `values` is provided with actual elements.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-19T07:48:17.119Z
Learnt from: azhivovk
Repo: RedHatQE/openshift-virtualization-tests PR: 4784
File: libs/vm/affinity.py:104-104
Timestamp: 2026-05-19T07:48:17.119Z
Learning: When constructing Kubernetes `NodeSelectorRequirement` (or `LabelSelectorRequirement`) objects in code, do not treat `values` being omitted, `None`, or an empty list as an API-validation problem when the requirement’s operator is `Exists` or `DoesNotExist`. Per the Kubernetes API spec, these operators only require that the `values` array is not non-empty (i.e., it must be empty); they do not require the field to be explicitly present as `[]`. Therefore, reviewers should not flag `values=None`/missing `values` for `Exists`/`DoesNotExist`.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-26T15:52:31.613Z
Learnt from: rlobillo
Repo: RedHatQE/openshift-virtualization-tests PR: 4983
File: utilities/hco.py:376-378
Timestamp: 2026-05-26T15:52:31.613Z
Learning: For Python files in this repo, don’t raise review findings for missing type hints or missing/Google-style docstrings on an existing function when the PR’s only functional change is adding one or more new parameters to that function and the PR does not otherwise refactor or substantially rewrite its body/signature. Treat type-annotation/docstring improvements as out of scope for focused parameter-add PRs and defer them to a follow-up. Only raise missing type-hint or docstring issues when the PR introduces an entirely new function or substantially rewrites an existing one.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-06-21T20:28:07.727Z
Learnt from: Anatw
Repo: RedHatQE/openshift-virtualization-tests PR: 5283
File: tests/network/libs/service.py:14-16
Timestamp: 2026-06-21T20:28:07.727Z
Learning: When reviewing Python code in this repository targeting Python 3.14 with PEP 649 (deferred annotation evaluation using descriptors) enabled by default, do not flag annotations that reference types imported only under `if TYPE_CHECKING:` (e.g., `client: DynamicClient | None = None`) as potential runtime `NameError` problems. With PEP 649 enabled, annotations are not evaluated at function definition time, so these patterns are valid without `from __future__ import annotations`.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-02-18T06:34:38.042Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 3847
File: tests/virt/cluster/common_templates/utils.py:58-58
Timestamp: 2026-02-18T06:34:38.042Z
Learning: In RedHatQE/openshift-virtualization-tests, treat 'public' functions as those defined in any Python files under libs/ or utilities/ (any depth). Functions inside nested test directories (e.g., tests/virt/cluster/common_templates/, tests/virt/node/, etc.) are test helpers and do not require Google-format docstrings unless explicitly requested. Use this rule during reviews to decide whether to enforce docstrings on public API functions in libs/utilities.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-03T15:38:09.624Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 4701
File: tests/virt/node/general/test_windows_vtpm_bitlocker.py:50-52
Timestamp: 2026-05-03T15:38:09.624Z
Learning: During review of PRs that are lint cleanups or tooling/version bumps, do not flag code-quality issues for patterns that pre-existed before the PR. Specifically, if the diff does not introduce/modify constructs such as nested `if` blocks or unnecessary list comprehensions, treat them as known/deferred and leave them for dedicated follow-up cleanup PRs. Only raise issues when the PR itself adds, changes, or refactors the problematic code.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-15T18:42:02.504Z
Learnt from: geetikakay
Repo: RedHatQE/openshift-virtualization-tests PR: 4860
File: utilities/hco.py:385-389
Timestamp: 2026-05-15T18:42:02.504Z
Learning: In this repository, under the Python `utilities/` directory (utility/helper modules, not tests), do not flag bare `assert` statements as correctness or style issues. The codebase conventionally uses `assert` in these utilities (e.g., `utilities/virt.py`, `utilities/infra.py`, etc.) and does not enforce running Python with `-O`/`PYTHONOPTIMIZE`, so the usual “asserts may be stripped” concern should not be treated as a review blocker here.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-06-15T10:56:21.758Z
Learnt from: vsibirsk
Repo: RedHatQE/openshift-virtualization-tests PR: 4994
File: tests/network/user_defined_network/ip_specification/test_ip_specification.py:123-127
Timestamp: 2026-06-15T10:56:21.758Z
Learning: In this repository, do not require or flag missing `-> None` return type annotations on pytest test functions/methods (i.e., functions named `test_*`) located under `tests/**`. Return type annotations for `-> None` on these test functions are optional and should not be treated as inconsistent. Separately, in `utilities/**` and `libs/**`, enforce return type annotations for non-test public functions (e.g., functions that are not internal/private such as those not starting with `_`).

Applied to files:

  • utilities/infra.py
🪛 ast-grep (0.44.0)
utilities/infra.py

[info] 694-694: no timeout was given on call to external resource
Context: requests.get(url=url, verify=False, stream=True)
Note: [CWE-1088] Synchronous Access of Remote Resource without Timeout.

(requests-timeout)


[info] 694-694: Make sure cookies are safe and secure
Context: verify=False
Note: [CWE-614] Sensitive Cookie in HTTPS Session Without 'Secure' Attribute.

(secure-cookie)


[warning] 696-696: File path is request-/variable-derived; validate and normalize to prevent path traversal.
Context: open(local_file_name, "wb")
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

(open-filename-from-request)


[error] 694-694: verify should be True
Context: verify=False
Note: [CWE-295] Improper Certificate Validation (TLS verification disabled).

(request-verify)

🪛 OpenGrep (1.23.0)
utilities/infra.py

[WARNING] 695-695: SSL/TLS verification is disabled (verify=False). This allows man-in-the-middle attacks. Remove verify=False or set it to True.

(coderabbit.tls.verify-disabled-python)

🪛 Ruff (0.15.18)
utilities/infra.py

[error] 695-695: Probable use of requests call without timeout

(S113)


[error] 695-695: Probable use of requests call with verify=False disabling SSL certificate checks

(S501)

Comment thread utilities/infra.py Outdated
Comment thread utilities/infra.py Outdated
@openshift-virtualization-qe-bot-3

Copy link
Copy Markdown
Contributor

Clean rebase detected — no code changes compared to previous head (7b7a2f6).
The following labels were preserved: changes-requested-coderabbitai[bot].

@Ahmad-Hafe

Copy link
Copy Markdown
Contributor Author

/reprocess

@Ahmad-Hafe Ahmad-Hafe force-pushed the add-retry-to-virtctl-download branch from daf3c56 to 4a0564d Compare June 24, 2026 06:07
@Ahmad-Hafe

Copy link
Copy Markdown
Contributor Author

/reprocess

@openshift-virtualization-qe-bot-3

Copy link
Copy Markdown
Contributor

Clean rebase detected — no code changes compared to previous head (daf3c56).
The following labels were preserved: changes-requested-coderabbitai[bot].

@geetikakay

Copy link
Copy Markdown
Contributor

/test-plan

@openshift-virtualization-qe-bot-3

Copy link
Copy Markdown
Contributor

@coderabbitai

Test execution plan request details

CRITICAL: You MUST post an inline review comment on the first changed line of the first file.
The inline comment should contain the full Test Execution Plan (smoke decision, gating decision, and specific affected tests).
Do NOT submit a blocking review event (REQUEST_CHANGES/APPROVE).
Post a single inline PR comment on Files Changed (non-blocking COMMENT flow).

As an expert software testing engineer, analyze all modified files in this PR and create a targeted test execution plan.
You will post an inline review comment with the test execution plan on the first changed file.
If you fail to run or post a comment, retry.

Analysis Requirements:

  1. Examine code changes in each modified file

  2. Identify affected code paths, functions, and classes

  3. Analyze pytest-specific elements: fixtures (scope, dependencies), parametrization, markers, conftest changes

  4. Trace test dependencies through imports, shared utilities, fixture inheritance, fixture teardown, and yield from cleanup in conftest

  5. Detect new tests introduced in the PR

  6. Utilities and libs impact (when utilities/ or libs/ changes):
    You MUST use shell scripts (rg, git diff) to trace the full impact.
    Follow these sub-steps in order:

    6a. Identify modified symbols: For each changed file under utilities/ or libs/,
    list every modified function or method.
    Example: git diff HEAD~1 --unified=0 -- utilities/hco.py | grep '^[+-]def '

    6b. Find direct callers: Search tests and conftest for each symbol from 6a.
    Example: rg -l 'get_hco_version' tests/

    6c. Trace fixture teardown and cleanup: Find fixtures that reach
    the modified symbol through yield from or context-manager wrappers.
    Example: rg -l 'yield from.*enable_common_boot|def.*enable_common_boot' tests/

    6d. Trace same-file callers: In each changed file, find other functions
    whose body calls a modified symbol (including code after yield
    in @contextmanager helpers).
    Example: rg 'get_hco_version|enable_common_boot' utilities/hco.py

    6e. Expand transitively: If function A calls modified B, then
    tests/fixtures that call A are affected — even when the test body
    never imports B directly.

    Do NOT limit impact to tests that import the modified symbol only.

  7. Smoke test impact: Intersect the affected set from step 6 with smoke-marked tests.
    Run: rg -l '@pytest.mark.smoke' tests/
    VERIFY the above command returned actual file paths before concluding False.
    Set True if either condition is met:

    • a smoke-marked file appears in the affected set from 6b-6e, OR
    • any conftest.py in the smoke test's parent-directory hierarchy (up to repo root)
      imports or calls a modified utilities/libs symbol — including autouse fixtures
      that depend on modified functions. ALL tests in that directory and below are affected.
      Example check: for each smoke_file, scan dirname(smoke_file)/conftest.py,
      dirname(dirname(smoke_file))/conftest.py, etc. for modified symbol imports
      and autouse fixtures that depend on modified symbols.
  8. Gating test impact: Intersect the affected set from step 6 with gating-marked tests.
    Run: rg -l '@pytest.mark.gating' tests/
    Set True if a gating-marked file also appears in the affected set from 6b-6e.
    Utilities/libs changes often affect gating tests without affecting smoke tests.
    Do NOT stop analysis after concluding Run smoke tests: False.

Output rules:
Do NOT include analysis step numbers (1-8) in your visible output.

Your deliverable:
Your inline informational comment will be based on the following requirements:

Test Execution Plan

  • Run smoke tests: True / False — If True, state the dependency path (test → fixture → changed symbol). True ONLY with a verified path.
  • Run gating tests: True / False — If True, state the dependency path. True if any gating-marked test is in the affected set.
  • Affected tests to run (required when utilities/, libs/, or shared conftest changes — list concrete paths even when smoke is False)

Use these formats:

  • path/to/test_file.py - When the entire test file needs verification
  • path/to/test_file.py::TestClass::test_method - When specific test(s) needed
  • path/to/test_file.py::test_function - When specific test(s) needed
  • -m marker - When a marker covers multiple affected tests (e.g. -m gating only if ALL gating tests in scope need run)
  • Tag each listed test or group with its marker when not obvious, e.g. (gating) or (smoke)

Real test commands (MANDATORY when changes affect session/runtime code):

When the affected code runs at session/collection time (conftest fixtures, pytest plugins,
config hooks, session-scoped setup) or modifies runtime behavior that unit tests mock away,
you MUST include concrete pytest commands the PR author must run on a real cluster
to verify the change works end-to-end. Include:

  • A command for the error/fix path (the scenario the PR fixes)
  • A command for the happy path (regression: the normal case still works)
  • Use lightweight tests (e.g., --collect-only for startup failures,
    a single small test for runtime behavior)
    If the PR only changes test logic (not utilities/libs/conftest), the affected test
    paths themselves serve as the real test commands — no separate section needed.

Example output for a session-startup fix:

**Real tests (cluster required)**
Error path (the fix):
`pytest tests/storage/.../test_foo.py --storage-class-matrix=nonexistent-sc --collect-only`
Expected: ValueError with clear message, not IndexError

Happy path (regression):
`pytest tests/storage/.../test_foo.py --storage-class-matrix=<valid-sc> -k test_bar`
Expected: session starts normally

Guidelines:

  • Include tests affected directly OR via fixture setup/teardown, yield from cleanup, or transitive utility call chains (caller calls modified helper)
  • Use a full file path only if ALL tests in that file require verification
  • Use file path + test name when only specific tests use an affected fixture or utility wrapper (preferred for partial file impact)
  • If a test marker can cover multiple files/tests, provide the marker
  • Balance coverage vs over-testing - Keep descriptions minimal
  • Example: if leaf helper foo() changes, include tests whose fixture teardown calls wrapper bar() where bar() calls foo(), even when the test body only imports an unrelated symbol from the same utilities module

Hardware-Related Checks (SR-IOV, GPU, DPDK):

When PR modifies fixtures for hardware-specific resources:

  • Collection Safety: Fixtures MUST have existence checks (return None when hardware unavailable)
  • Test Plan: MUST verify both WITH and WITHOUT hardware:
    • Run affected tests on cluster WITH hardware
    • Verify collection succeeds on cluster WITHOUT hardware

CRITICAL WORKFLOW COMPLETION RULES:

When responding to this test execution plan request, you MUST follow these rules EXACTLY:

  1. YOUR ONLY DELIVERABLE: Post one non-blocking inline comment containing the test execution plan on the first changed line
  2. THEN STOP IMMEDIATELY - Do NOT generate any additional response
  3. FALLBACK ONLY: If inline comment API calls fail after retrying, post as a regular PR comment
  4. SILENCE = SUCCESS: After successfully submitting the review, your task is complete. No confirmation needed.

ABSOLUTE PROHIBITIONS (violating these creates empty/meaningless reviews):

  • ❌ Do NOT post acknowledgment messages like "Test execution plan posted", "Review posted successfully", "I've successfully posted"
  • ❌ Do NOT mention review IDs, URLs, or confirmation of posting in the PR thread
  • ❌ Do NOT add any follow-up comments after submitting the review
  • ❌ Do NOT reply to confirm task completion
  • ❌ Do NOT explain what you did - just do it and stop

Remember: The pull request review is visible to users. Additional comments are redundant noise.

CRITICAL — Verification rules for smoke and gating decisions:
- For each True decision, you must have traced a concrete path: test file → fixture → utility function → modified symbol.
- Do NOT assume impact based on scope, file proximity, or infrastructure-sounding names.
Only set True when you trace a concrete path through steps 6a-6e, then 7 or 8.
WRONG: "utilities/hco.py changed → run smoke" (no traced dependency path)
WRONG: "Run smoke tests: False" with no affected-test list when gating tests use the changed utility
RIGHT: "Run smoke tests: False, Run gating tests: True" plus tests/.../test_foo.py::TestBar::test_baz (gating)
RIGHT: "Smoke test X uses fixture Y → wrapper Z → changed function W in utilities/hco.py"

@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

repo="RedHatQE/openshift-virtualization-tests"
pr="5355"

files_json="$(gh api "/repos/$repo/pulls/$pr/files?per_page=100")"
first_file="$(echo "$files_json" | jq -r '.[0].filename')"
patch="$(echo "$files_json" | jq -r --arg f "$first_file" '.[] | select(.filename == $f) | .patch')"

if [[ -z "$first_file" || "$first_file" == "null" ]]; then
  echo "ERROR: Could not determine first changed file" >&2
  exit 1
fi

first_added_line="$(
PATCH="$patch" python - <<'PY'
import os, re
patch = os.environ.get("PATCH", "")
current_new = None
first = None
for line in patch.splitlines():
    if line.startswith("@@"):
        m = re.search(r"\+(\d+)", line)
        current_new = int(m.group(1)) if m else None
        continue
    if current_new is None:
        continue
    if line.startswith("+") and not line.startswith("+++"):
        first = current_new
        break
    if line.startswith("-") and not line.startswith("---"):
        continue
    current_new += 1
print("" if first is None else first)
PY
)"

if [[ -z "$first_added_line" ]]; then
  echo "ERROR: Could not determine first added line for $first_file" >&2
  exit 1
fi

comment_body="$(cat <<'EOF'
**Test Execution Plan**

- **Run smoke tests: True** — verified path: `tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dv` → `tests/conftest.py::autouse_fixtures` → `tests/conftest.py::bin_directory_to_os_path` → `tests/conftest.py::virtctl_binary` → `utilities/infra.py::download_file_from_cluster` → `utilities/infra.py::get_and_extract_file_from_cluster` → `utilities/infra.py::download_and_extract_file_from_cluster`
- **Run gating tests: True** — verified path: `tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_pvc` → `tests/conftest.py::autouse_fixtures` → `tests/conftest.py::bin_directory_to_os_path` → `tests/conftest.py::virtctl_binary` → `utilities/infra.py::download_file_from_cluster` → `utilities/infra.py::get_and_extract_file_from_cluster` → `utilities/infra.py::download_and_extract_file_from_cluster`

**Affected tests to run**
- `-m smoke` (smoke)
- `-m gating` (gating)
- `tests/install_upgrade_operators/console_cli_download/test_custom_console_cli_download.py::TestCustomConsoleCliDownload::test_custom_console_cli_download_links_downloadable`
- `tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownload::test_download_virtcli_binary` (gating)
- `tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownloadAndExecute::test_download_and_execute_virtcli_binary_linux` (gating)

**Real tests (cluster required)**
Error path (the fix):
`pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownload and test_download_virtcli_binary'`
Expected: transient `requests.exceptions.SSLError` / `requests.exceptions.ConnectionError` during TLS handshake are retried for up to 2 minutes, and the virtctl download succeeds instead of failing fixture/setup.

Happy path (regression):
`pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownloadAndExecute and test_download_and_execute_virtcli_binary_linux'`
Expected: virtctl downloads successfully on the normal path and the downloaded binary executes successfully.
EOF
)"

echo "first_file=$first_file"
echo "first_added_line=$first_added_line"

tmp_review="$(mktemp)"
jq -n \
  --arg body "$comment_body" \
  --arg path "$first_file" \
  --argjson line "$first_added_line" \
  '{
     event: "COMMENT",
     comments: [
       {
         path: $path,
         side: "RIGHT",
         line: $line,
         body: $body
       }
     ]
   }' > "$tmp_review"

set +e
inline_out="$(gh api \
  --method POST \
  -H "Accept: application/vnd.github+json" \
  "/repos/$repo/pulls/$pr/reviews" \
  --input "$tmp_review" 2>&1)"
inline_status=$?
set -e

echo "== inline review result =="
echo "$inline_out"

if [[ "$inline_status" -eq 0 ]]; then
  exit 0
fi

set +e
fallback_out="$(gh pr comment "$pr" --repo "$repo" --body "$comment_body" 2>&1)"
fallback_status=$?
set -e

echo "== fallback comment result =="
echo "$fallback_out"

exit 0

Length of output: 4808


@openshift-virtualization-qe-bot-3

CRITICAL (blocking): I retried the required posting flow for PR #5355 and GitHub blocked both allowed write paths.

Why this rule exists: the inline comment anchors the test plan to the changed code, and the fallback PR comment preserves the plan when inline comments are unavailable. Here, both failed due to integration permissions, so I cannot complete the posting action from this environment.

  • Inline review comment on utilities/infra.py, Line 693
    POST /repos/RedHatQE/openshift-virtualization-tests/pulls/5355/reviews
    HTTP 403: Resource not accessible by integration
  • Fallback regular PR comment
    GraphQL addComment
    Resource not accessible by integration

Prepared Test Execution Plan

  • Run smoke tests: True — verified path: tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dvtests/conftest.py::autouse_fixturestests/conftest.py::bin_directory_to_os_pathtests/conftest.py::virtctl_binaryutilities/infra.py::download_file_from_clusterutilities/infra.py::get_and_extract_file_from_clusterutilities/infra.py::download_and_extract_file_from_cluster
  • Run gating tests: True — verified path: tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_pvctests/conftest.py::autouse_fixturestests/conftest.py::bin_directory_to_os_pathtests/conftest.py::virtctl_binaryutilities/infra.py::download_file_from_clusterutilities/infra.py::get_and_extract_file_from_clusterutilities/infra.py::download_and_extract_file_from_cluster

Affected tests to run

  • -m smoke (smoke)
  • -m gating (gating)
  • tests/install_upgrade_operators/console_cli_download/test_custom_console_cli_download.py::TestCustomConsoleCliDownload::test_custom_console_cli_download_links_downloadable
  • tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownload::test_download_virtcli_binary (gating)
  • tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownloadAndExecute::test_download_and_execute_virtcli_binary_linux (gating)

Real tests (cluster required)

Error path (the fix):

pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownload and test_download_virtcli_binary'

Expected: transient requests.exceptions.SSLError / requests.exceptions.ConnectionError during TLS handshake are retried for up to 2 minutes, and the virtctl download succeeds instead of failing fixture/setup.

Happy path (regression):

pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownloadAndExecute and test_download_and_execute_virtcli_binary_linux'

Expected: virtctl downloads successfully on the normal path and the downloaded binary executes successfully.

@openshift-virtualization-qe-bot-4

Copy link
Copy Markdown

Clean rebase detected — no code changes compared to previous head (59402f2).
The following labels were preserved: commented-Ahmad-Hafe.

@openshift-virtualization-qe-bot-3

Copy link
Copy Markdown
Contributor

/retest all

Auto-triggered: Files in this PR were modified by merged PR #5323.

Overlapping files

utilities/infra.py

@Ahmad-Hafe

Copy link
Copy Markdown
Contributor Author

/verified

Gating tests — all pass:
tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py
7 passed in 41.66s

Smoke path (virtctl_binary fixture → download_and_extract_file_from_cluster):

tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dv — PASSED
Other affected:
All code paths through download_and_extract_file_from_cluster verified — both happy path (successful download) and retry logic (covered by TimeoutSampler).

@openshift-virtualization-qe-bot-3

Copy link
Copy Markdown
Contributor

@coderabbitai

Test execution plan request details

CRITICAL: You MUST post an inline review comment on the first changed line of the first file.
The inline comment should contain the full Test Execution Plan (smoke decision, gating decision, and specific affected tests).
Do NOT submit a blocking review event (REQUEST_CHANGES/APPROVE).
Post a single inline PR comment on Files Changed (non-blocking COMMENT flow).

As an expert software testing engineer, analyze all modified files in this PR and create a targeted test execution plan.
You will post an inline review comment with the test execution plan on the first changed file.
If you fail to run or post a comment, retry.

Analysis Requirements:

  1. Examine code changes in each modified file

  2. Identify affected code paths, functions, and classes

  3. Analyze pytest-specific elements: fixtures (scope, dependencies), parametrization, markers, conftest changes

  4. Trace test dependencies through imports, shared utilities, fixture inheritance, fixture teardown, and yield from cleanup in conftest

  5. Detect new tests introduced in the PR

  6. Utilities and libs impact (when utilities/ or libs/ changes):
    You MUST use shell scripts (rg, git diff) to trace the full impact.
    Follow these sub-steps in order:

    6a. Identify modified symbols: For each changed file under utilities/ or libs/,
    list every modified function or method.
    Example: git diff HEAD~1 --unified=0 -- utilities/hco.py | grep '^[+-]def '

    6b. Find direct callers: Search tests and conftest for each symbol from 6a.
    Example: rg -l 'get_hco_version' tests/

    6c. Trace fixture teardown and cleanup: Find fixtures that reach
    the modified symbol through yield from or context-manager wrappers.
    Example: rg -l 'yield from.*enable_common_boot|def.*enable_common_boot' tests/

    6d. Trace same-file callers: In each changed file, find other functions
    whose body calls a modified symbol (including code after yield
    in @contextmanager helpers).
    Example: rg 'get_hco_version|enable_common_boot' utilities/hco.py

    6e. Expand transitively: If function A calls modified B, then
    tests/fixtures that call A are affected — even when the test body
    never imports B directly.

    Do NOT limit impact to tests that import the modified symbol only.

  7. Smoke test impact: Intersect the affected set from step 6 with smoke-marked tests.
    Run: rg -l '@pytest.mark.smoke' tests/
    VERIFY the above command returned actual file paths before concluding False.
    Set True if either condition is met:

    • a smoke-marked file appears in the affected set from 6b-6e, OR
    • any conftest.py in the smoke test's parent-directory hierarchy (up to repo root)
      imports or calls a modified utilities/libs symbol — including autouse fixtures
      that depend on modified functions. ALL tests in that directory and below are affected.
      Example check: for each smoke_file, scan dirname(smoke_file)/conftest.py,
      dirname(dirname(smoke_file))/conftest.py, etc. for modified symbol imports
      and autouse fixtures that depend on modified symbols.
  8. Gating test impact: Intersect the affected set from step 6 with gating-marked tests.
    Run: rg -l '@pytest.mark.gating' tests/
    Set True if a gating-marked file also appears in the affected set from 6b-6e.
    Utilities/libs changes often affect gating tests without affecting smoke tests.
    Do NOT stop analysis after concluding Run smoke tests: False.

Output rules:
Do NOT include analysis step numbers (1-8) in your visible output.

Your deliverable:
Your inline informational comment will be based on the following requirements:

Test Execution Plan

  • Run smoke tests: True / False — If True, state the dependency path (test → fixture → changed symbol). True ONLY with a verified path.
  • Run gating tests: True / False — If True, state the dependency path. True if any gating-marked test is in the affected set.
  • Affected tests to run (required when utilities/, libs/, or shared conftest changes — list concrete paths even when smoke is False)

Use these formats:

  • path/to/test_file.py - When the entire test file needs verification
  • path/to/test_file.py::TestClass::test_method - When specific test(s) needed
  • path/to/test_file.py::test_function - When specific test(s) needed
  • -m marker - When a marker covers multiple affected tests (e.g. -m gating only if ALL gating tests in scope need run)
  • Tag each listed test or group with its marker when not obvious, e.g. (gating) or (smoke)

Real test commands (MANDATORY when changes affect session/runtime code):

When the affected code runs at session/collection time (conftest fixtures, pytest plugins,
config hooks, session-scoped setup) or modifies runtime behavior that unit tests mock away,
you MUST include concrete pytest commands the PR author must run on a real cluster
to verify the change works end-to-end. Include:

  • A command for the error/fix path (the scenario the PR fixes)
  • A command for the happy path (regression: the normal case still works)
  • Use lightweight tests (e.g., --collect-only for startup failures,
    a single small test for runtime behavior)
    If the PR only changes test logic (not utilities/libs/conftest), the affected test
    paths themselves serve as the real test commands — no separate section needed.

Example output for a session-startup fix:

**Real tests (cluster required)**
Error path (the fix):
`pytest tests/storage/.../test_foo.py --storage-class-matrix=nonexistent-sc --collect-only`
Expected: ValueError with clear message, not IndexError

Happy path (regression):
`pytest tests/storage/.../test_foo.py --storage-class-matrix=<valid-sc> -k test_bar`
Expected: session starts normally

Guidelines:

  • Include tests affected directly OR via fixture setup/teardown, yield from cleanup, or transitive utility call chains (caller calls modified helper)
  • Use a full file path only if ALL tests in that file require verification
  • Use file path + test name when only specific tests use an affected fixture or utility wrapper (preferred for partial file impact)
  • If a test marker can cover multiple files/tests, provide the marker
  • Balance coverage vs over-testing - Keep descriptions minimal
  • Example: if leaf helper foo() changes, include tests whose fixture teardown calls wrapper bar() where bar() calls foo(), even when the test body only imports an unrelated symbol from the same utilities module

Hardware-Related Checks (SR-IOV, GPU, DPDK):

When PR modifies fixtures for hardware-specific resources:

  • Collection Safety: Fixtures MUST have existence checks (return None when hardware unavailable)
  • Test Plan: MUST verify both WITH and WITHOUT hardware:
    • Run affected tests on cluster WITH hardware
    • Verify collection succeeds on cluster WITHOUT hardware

CRITICAL WORKFLOW COMPLETION RULES:

When responding to this test execution plan request, you MUST follow these rules EXACTLY:

  1. YOUR ONLY DELIVERABLE: Post one non-blocking inline comment containing the test execution plan on the first changed line
  2. THEN STOP IMMEDIATELY - Do NOT generate any additional response
  3. FALLBACK ONLY: If inline comment API calls fail after retrying, post as a regular PR comment
  4. SILENCE = SUCCESS: After successfully submitting the review, your task is complete. No confirmation needed.

ABSOLUTE PROHIBITIONS (violating these creates empty/meaningless reviews):

  • ❌ Do NOT post acknowledgment messages like "Test execution plan posted", "Review posted successfully", "I've successfully posted"
  • ❌ Do NOT mention review IDs, URLs, or confirmation of posting in the PR thread
  • ❌ Do NOT add any follow-up comments after submitting the review
  • ❌ Do NOT reply to confirm task completion
  • ❌ Do NOT explain what you did - just do it and stop

Remember: The pull request review is visible to users. Additional comments are redundant noise.

CRITICAL — Verification rules for smoke and gating decisions:
- For each True decision, you must have traced a concrete path: test file → fixture → utility function → modified symbol.
- Do NOT assume impact based on scope, file proximity, or infrastructure-sounding names.
Only set True when you trace a concrete path through steps 6a-6e, then 7 or 8.
WRONG: "utilities/hco.py changed → run smoke" (no traced dependency path)
WRONG: "Run smoke tests: False" with no affected-test list when gating tests use the changed utility
RIGHT: "Run smoke tests: False, Run gating tests: True" plus tests/.../test_foo.py::TestBar::test_baz (gating)
RIGHT: "Smoke test X uses fixture Y → wrapper Z → changed function W in utilities/hco.py"

@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

repo="RedHatQE/openshift-virtualization-tests"
pr="5355"

files_json="$(gh api "/repos/$repo/pulls/$pr/files?per_page=100")"
first_file="$(echo "$files_json" | jq -r '.[0].filename')"
patch="$(echo "$files_json" | jq -r --arg f "$first_file" '.[] | select(.filename == $f) | .patch')"

if [[ -z "$first_file" || "$first_file" == "null" ]]; then
  echo "ERROR: Could not determine first changed file" >&2
  exit 1
fi

first_added_line="$(
PATCH="$patch" python - <<'PY'
import os, re
patch = os.environ.get("PATCH", "")
current_new = None
first = None
for line in patch.splitlines():
    if line.startswith("@@"):
        m = re.search(r"\+(\d+)", line)
        current_new = int(m.group(1)) if m else None
        continue
    if current_new is None:
        continue
    if line.startswith("+") and not line.startswith("+++"):
        first = current_new
        break
    if line.startswith("-") and not line.startswith("---"):
        continue
    current_new += 1
print("" if first is None else first)
PY
)"

if [[ -z "$first_added_line" ]]; then
  echo "ERROR: Could not determine first added line for $first_file" >&2
  exit 1
fi

comment_body="$(cat <<'EOF'
**Test Execution Plan**

- **Run smoke tests: True** — verified path: `tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dv` → `tests/conftest.py::autouse_fixtures` → `tests/conftest.py::bin_directory_to_os_path` → `tests/conftest.py::virtctl_binary` → `utilities/infra.py::download_file_from_cluster` → `utilities/infra.py::get_and_extract_file_from_cluster` → `utilities/infra.py::download_and_extract_file_from_cluster`
- **Run gating tests: True** — verified path: `tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_pvc` → `tests/conftest.py::autouse_fixtures` → `tests/conftest.py::bin_directory_to_os_path` → `tests/conftest.py::virtctl_binary` → `utilities/infra.py::download_file_from_cluster` → `utilities/infra.py::get_and_extract_file_from_cluster` → `utilities/infra.py::download_and_extract_file_from_cluster`

**Affected tests to run**
- `-m smoke` (smoke)
- `-m gating` (gating)
- `tests/install_upgrade_operators/console_cli_download/test_custom_console_cli_download.py::TestCustomConsoleCliDownload::test_custom_console_cli_download_links_downloadable`
- `tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownload::test_download_virtcli_binary` (gating)
- `tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownloadAndExecute::test_download_and_execute_virtcli_binary_linux` (gating)

**Real tests (cluster required)**
Error path (the fix):
`pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownload and test_download_virtcli_binary'`
Expected: transient `requests.exceptions.SSLError` / `requests.exceptions.ConnectionError` during TLS handshake are retried for up to 2 minutes, and the virtctl download succeeds instead of failing fixture/setup.

Happy path (regression):
`pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownloadAndExecute and test_download_and_execute_virtcli_binary_linux'`
Expected: virtctl downloads successfully on the normal path and the downloaded binary executes successfully.
EOF
)"

echo "first_file=$first_file"
echo "first_added_line=$first_added_line"

make_review_payload() {
  local out="$1"
  jq -n \
    --arg body "$comment_body" \
    --arg path "$first_file" \
    --argjson line "$first_added_line" \
    '{
       event: "COMMENT",
       comments: [
         {
           path: $path,
           side: "RIGHT",
           line: $line,
           body: $body
         }
       ]
     }' > "$out"
}

tmp_review="$(mktemp)"
make_review_payload "$tmp_review"

echo "== Attempt 1: inline non-blocking review comment =="
set +e
inline_out_1="$(gh api \
  --method POST \
  -H "Accept: application/vnd.github+json" \
  "/repos/$repo/pulls/$pr/reviews" \
  --input "$tmp_review" 2>&1)"
inline_status_1=$?
set -e
echo "$inline_out_1"

if [[ "$inline_status_1" -eq 0 ]]; then
  exit 0
fi

echo "== Attempt 2: retry inline non-blocking review comment =="
set +e
inline_out_2="$(gh api \
  --method POST \
  -H "Accept: application/vnd.github+json" \
  "/repos/$repo/pulls/$pr/reviews" \
  --input "$tmp_review" 2>&1)"
inline_status_2=$?
set -e
echo "$inline_out_2"

if [[ "$inline_status_2" -eq 0 ]]; then
  exit 0
fi

echo "== Fallback: regular PR comment =="
set +e
fallback_out="$(gh pr comment "$pr" --repo "$repo" --body "$comment_body" 2>&1)"
fallback_status=$?
set -e
echo "$fallback_out"

exit 0

Length of output: 5583


@openshift-virtualization-qe-bot-3

CRITICAL (blocking): I retried the required posting flow for PR #5355 and GitHub still blocks both allowed write paths, so I cannot complete the requested inline-comment action from this environment.

Why this rule exists:
The inline comment anchors the test plan to the changed code, and the fallback PR comment preserves the plan when inline review comments are unavailable. Here, both failed due to integration permissions, so this is a permissions problem, not a formatting or payload problem.

  • Inline non-blocking review comment
    • Target: utilities/infra.py, Line 693
    • Endpoint: POST /repos/RedHatQE/openshift-virtualization-tests/pulls/5355/reviews
    • Result: HTTP 403: Resource not accessible by integration
  • Fallback regular PR comment
    • Mechanism: GraphQL addComment
    • Result: Resource not accessible by integration

Prepared Test Execution Plan

  • Run smoke tests: True — verified path: tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dvtests/conftest.py::autouse_fixturestests/conftest.py::bin_directory_to_os_pathtests/conftest.py::virtctl_binaryutilities/infra.py::download_file_from_clusterutilities/infra.py::get_and_extract_file_from_clusterutilities/infra.py::download_and_extract_file_from_cluster
  • Run gating tests: True — verified path: tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_pvctests/conftest.py::autouse_fixturestests/conftest.py::bin_directory_to_os_pathtests/conftest.py::virtctl_binaryutilities/infra.py::download_file_from_clusterutilities/infra.py::get_and_extract_file_from_clusterutilities/infra.py::download_and_extract_file_from_cluster

Affected tests to run

  • -m smoke (smoke)
  • -m gating (gating)
  • tests/install_upgrade_operators/console_cli_download/test_custom_console_cli_download.py::TestCustomConsoleCliDownload::test_custom_console_cli_download_links_downloadable
  • tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownload::test_download_virtcli_binary (gating)
  • tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownloadAndExecute::test_download_and_execute_virtcli_binary_linux (gating)

Real tests (cluster required)

Error path (the fix):

pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownload and test_download_virtcli_binary'

Expected: transient requests.exceptions.SSLError / requests.exceptions.ConnectionError during TLS handshake are retried for up to 2 minutes, and the virtctl download succeeds instead of failing fixture/setup.

Happy path (regression):

pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownloadAndExecute and test_download_and_execute_virtcli_binary_linux'

Expected: virtctl downloads successfully on the normal path and the downloaded binary executes successfully.

coderabbitai[bot]
coderabbitai Bot previously approved these changes Jun 30, 2026
@Ahmad-Hafe

Copy link
Copy Markdown
Contributor Author

/verified

Gating tests — all pass:
tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py
7 passed in 41.66s

Smoke path (virtctl_binary fixture → download_and_extract_file_from_cluster):

tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dv — PASSED
Other affected:
All code paths through download_and_extract_file_from_cluster verified — both happy path (successful download) and retry logic (covered by TimeoutSampler).

@openshift-virtualization-qe-bot-3

Copy link
Copy Markdown
Contributor

@coderabbitai

Test execution plan request details

CRITICAL: You MUST post an inline review comment on the first changed line of the first file.
The inline comment should contain the full Test Execution Plan (smoke decision, gating decision, and specific affected tests).
Do NOT submit a blocking review event (REQUEST_CHANGES/APPROVE).
Post a single inline PR comment on Files Changed (non-blocking COMMENT flow).

As an expert software testing engineer, analyze all modified files in this PR and create a targeted test execution plan.
You will post an inline review comment with the test execution plan on the first changed file.
If you fail to run or post a comment, retry.

Analysis Requirements:

  1. Examine code changes in each modified file

  2. Identify affected code paths, functions, and classes

  3. Analyze pytest-specific elements: fixtures (scope, dependencies), parametrization, markers, conftest changes

  4. Trace test dependencies through imports, shared utilities, fixture inheritance, fixture teardown, and yield from cleanup in conftest

  5. Detect new tests introduced in the PR

  6. Utilities and libs impact (when utilities/ or libs/ changes):
    You MUST use shell scripts (rg, git diff) to trace the full impact.
    Follow these sub-steps in order:

    6a. Identify modified symbols: For each changed file under utilities/ or libs/,
    list every modified function or method.
    Example: git diff HEAD~1 --unified=0 -- utilities/hco.py | grep '^[+-]def '

    6b. Find direct callers: Search tests and conftest for each symbol from 6a.
    Example: rg -l 'get_hco_version' tests/

    6c. Trace fixture teardown and cleanup: Find fixtures that reach
    the modified symbol through yield from or context-manager wrappers.
    Example: rg -l 'yield from.*enable_common_boot|def.*enable_common_boot' tests/

    6d. Trace same-file callers: In each changed file, find other functions
    whose body calls a modified symbol (including code after yield
    in @contextmanager helpers).
    Example: rg 'get_hco_version|enable_common_boot' utilities/hco.py

    6e. Expand transitively: If function A calls modified B, then
    tests/fixtures that call A are affected — even when the test body
    never imports B directly.

    Do NOT limit impact to tests that import the modified symbol only.

  7. Smoke test impact: Intersect the affected set from step 6 with smoke-marked tests.
    Run: rg -l '@pytest.mark.smoke' tests/
    VERIFY the above command returned actual file paths before concluding False.
    Set True if either condition is met:

    • a smoke-marked file appears in the affected set from 6b-6e, OR
    • any conftest.py in the smoke test's parent-directory hierarchy (up to repo root)
      imports or calls a modified utilities/libs symbol — including autouse fixtures
      that depend on modified functions. ALL tests in that directory and below are affected.
      Example check: for each smoke_file, scan dirname(smoke_file)/conftest.py,
      dirname(dirname(smoke_file))/conftest.py, etc. for modified symbol imports
      and autouse fixtures that depend on modified symbols.
  8. Gating test impact: Intersect the affected set from step 6 with gating-marked tests.
    Run: rg -l '@pytest.mark.gating' tests/
    Set True if a gating-marked file also appears in the affected set from 6b-6e.
    Utilities/libs changes often affect gating tests without affecting smoke tests.
    Do NOT stop analysis after concluding Run smoke tests: False.

Output rules:
Do NOT include analysis step numbers (1-8) in your visible output.

Your deliverable:
Your inline informational comment will be based on the following requirements:

Test Execution Plan

  • Run smoke tests: True / False — If True, state the dependency path (test → fixture → changed symbol). True ONLY with a verified path.
  • Run gating tests: True / False — If True, state the dependency path. True if any gating-marked test is in the affected set.
  • Affected tests to run (required when utilities/, libs/, or shared conftest changes — list concrete paths even when smoke is False)

Use these formats:

  • path/to/test_file.py - When the entire test file needs verification
  • path/to/test_file.py::TestClass::test_method - When specific test(s) needed
  • path/to/test_file.py::test_function - When specific test(s) needed
  • -m marker - When a marker covers multiple affected tests (e.g. -m gating only if ALL gating tests in scope need run)
  • Tag each listed test or group with its marker when not obvious, e.g. (gating) or (smoke)

Real test commands (MANDATORY when changes affect session/runtime code):

When the affected code runs at session/collection time (conftest fixtures, pytest plugins,
config hooks, session-scoped setup) or modifies runtime behavior that unit tests mock away,
you MUST include concrete pytest commands the PR author must run on a real cluster
to verify the change works end-to-end. Include:

  • A command for the error/fix path (the scenario the PR fixes)
  • A command for the happy path (regression: the normal case still works)
  • Use lightweight tests (e.g., --collect-only for startup failures,
    a single small test for runtime behavior)
    If the PR only changes test logic (not utilities/libs/conftest), the affected test
    paths themselves serve as the real test commands — no separate section needed.

Example output for a session-startup fix:

**Real tests (cluster required)**
Error path (the fix):
`pytest tests/storage/.../test_foo.py --storage-class-matrix=nonexistent-sc --collect-only`
Expected: ValueError with clear message, not IndexError

Happy path (regression):
`pytest tests/storage/.../test_foo.py --storage-class-matrix=<valid-sc> -k test_bar`
Expected: session starts normally

Guidelines:

  • Include tests affected directly OR via fixture setup/teardown, yield from cleanup, or transitive utility call chains (caller calls modified helper)
  • Use a full file path only if ALL tests in that file require verification
  • Use file path + test name when only specific tests use an affected fixture or utility wrapper (preferred for partial file impact)
  • If a test marker can cover multiple files/tests, provide the marker
  • Balance coverage vs over-testing - Keep descriptions minimal
  • Example: if leaf helper foo() changes, include tests whose fixture teardown calls wrapper bar() where bar() calls foo(), even when the test body only imports an unrelated symbol from the same utilities module

Hardware-Related Checks (SR-IOV, GPU, DPDK):

When PR modifies fixtures for hardware-specific resources:

  • Collection Safety: Fixtures MUST have existence checks (return None when hardware unavailable)
  • Test Plan: MUST verify both WITH and WITHOUT hardware:
    • Run affected tests on cluster WITH hardware
    • Verify collection succeeds on cluster WITHOUT hardware

CRITICAL WORKFLOW COMPLETION RULES:

When responding to this test execution plan request, you MUST follow these rules EXACTLY:

  1. YOUR ONLY DELIVERABLE: Post one non-blocking inline comment containing the test execution plan on the first changed line
  2. THEN STOP IMMEDIATELY - Do NOT generate any additional response
  3. FALLBACK ONLY: If inline comment API calls fail after retrying, post as a regular PR comment
  4. SILENCE = SUCCESS: After successfully submitting the review, your task is complete. No confirmation needed.

ABSOLUTE PROHIBITIONS (violating these creates empty/meaningless reviews):

  • ❌ Do NOT post acknowledgment messages like "Test execution plan posted", "Review posted successfully", "I've successfully posted"
  • ❌ Do NOT mention review IDs, URLs, or confirmation of posting in the PR thread
  • ❌ Do NOT add any follow-up comments after submitting the review
  • ❌ Do NOT reply to confirm task completion
  • ❌ Do NOT explain what you did - just do it and stop

Remember: The pull request review is visible to users. Additional comments are redundant noise.

CRITICAL — Verification rules for smoke and gating decisions:
- For each True decision, you must have traced a concrete path: test file → fixture → utility function → modified symbol.
- Do NOT assume impact based on scope, file proximity, or infrastructure-sounding names.
Only set True when you trace a concrete path through steps 6a-6e, then 7 or 8.
WRONG: "utilities/hco.py changed → run smoke" (no traced dependency path)
WRONG: "Run smoke tests: False" with no affected-test list when gating tests use the changed utility
RIGHT: "Run smoke tests: False, Run gating tests: True" plus tests/.../test_foo.py::TestBar::test_baz (gating)
RIGHT: "Smoke test X uses fixture Y → wrapper Z → changed function W in utilities/hco.py"

@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

repo="RedHatQE/openshift-virtualization-tests"
pr="5355"

files_json="$(gh api "/repos/$repo/pulls/$pr/files?per_page=100")"
first_file="$(echo "$files_json" | jq -r '.[0].filename')"
patch="$(echo "$files_json" | jq -r --arg f "$first_file" '.[] | select(.filename == $f) | .patch')"

if [[ -z "$first_file" || "$first_file" == "null" ]]; then
  echo "ERROR: Could not determine first changed file" >&2
  exit 1
fi

first_added_line="$(
PATCH="$patch" python - <<'PY'
import os, re
patch = os.environ.get("PATCH", "")
current_new = None
first = None
for line in patch.splitlines():
    if line.startswith("@@"):
        m = re.search(r"\+(\d+)", line)
        current_new = int(m.group(1)) if m else None
        continue
    if current_new is None:
        continue
    if line.startswith("+") and not line.startswith("+++"):
        first = current_new
        break
    if line.startswith("-") and not line.startswith("---"):
        continue
    current_new += 1
print("" if first is None else first)
PY
)"

if [[ -z "$first_added_line" ]]; then
  echo "ERROR: Could not determine first added line for $first_file" >&2
  exit 1
fi

comment_body="$(cat <<'EOF'
**Test Execution Plan**

- **Run smoke tests: True** — verified path: `tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dv` → `tests/conftest.py::autouse_fixtures` → `tests/conftest.py::bin_directory_to_os_path` → `tests/conftest.py::virtctl_binary` → `utilities/infra.py::download_file_from_cluster` → `utilities/infra.py::get_and_extract_file_from_cluster` → `utilities/infra.py::download_and_extract_file_from_cluster`
- **Run gating tests: True** — verified path: `tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_pvc` → `tests/conftest.py::autouse_fixtures` → `tests/conftest.py::bin_directory_to_os_path` → `tests/conftest.py::virtctl_binary` → `utilities/infra.py::download_file_from_cluster` → `utilities/infra.py::get_and_extract_file_from_cluster` → `utilities/infra.py::download_and_extract_file_from_cluster`

**Affected tests to run**
- `-m smoke` (smoke)
- `-m gating` (gating)
- `tests/install_upgrade_operators/console_cli_download/test_custom_console_cli_download.py::TestCustomConsoleCliDownload::test_custom_console_cli_download_links_downloadable`
- `tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownload::test_download_virtcli_binary` (gating)
- `tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownloadAndExecute::test_download_and_execute_virtcli_binary_linux` (gating)

**Real tests (cluster required)**
Error path (the fix):
`pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownload and test_download_virtcli_binary'`
Expected: transient `requests.exceptions.SSLError` / `requests.exceptions.ConnectionError` during TLS handshake are retried for up to 2 minutes, and the virtctl download succeeds instead of failing fixture/setup.

Happy path (regression):
`pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownloadAndExecute and test_download_and_execute_virtcli_binary_linux'`
Expected: virtctl downloads successfully on the normal path and the downloaded binary executes successfully.
EOF
)"

echo "first_file=$first_file"
echo "first_added_line=$first_added_line"

tmp_review="$(mktemp)"
jq -n \
  --arg body "$comment_body" \
  --arg path "$first_file" \
  --argjson line "$first_added_line" \
  '{
     event: "COMMENT",
     comments: [
       {
         path: $path,
         side: "RIGHT",
         line: $line,
         body: $body
       }
     ]
   }' > "$tmp_review"

echo "== Attempt 1: inline non-blocking review comment =="
set +e
inline_out_1="$(gh api \
  --method POST \
  -H "Accept: application/vnd.github+json" \
  "/repos/$repo/pulls/$pr/reviews" \
  --input "$tmp_review" 2>&1)"
inline_status_1=$?
set -e
echo "$inline_out_1"

if [[ "$inline_status_1" -eq 0 ]]; then
  exit 0
fi

echo "== Attempt 2: retry inline non-blocking review comment =="
set +e
inline_out_2="$(gh api \
  --method POST \
  -H "Accept: application/vnd.github+json" \
  "/repos/$repo/pulls/$pr/reviews" \
  --input "$tmp_review" 2>&1)"
inline_status_2=$?
set -e
echo "$inline_out_2"

if [[ "$inline_status_2" -eq 0 ]]; then
  exit 0
fi

echo "== Fallback: regular PR comment =="
set +e
fallback_out="$(gh pr comment "$pr" --repo "$repo" --body "$comment_body" 2>&1)"
fallback_status=$?
set -e
echo "$fallback_out"

exit 0

Length of output: 5482


@openshift-virtualization-qe-bot-3

CRITICAL (blocking): I retried the exact required posting flow for PR #5355 with fresh PR metadata, and GitHub still blocks both allowed write paths.

Why this rule exists: the inline comment anchors the test plan to the changed code, and the fallback PR comment preserves the plan when inline review comments are unavailable. Since both paths fail, this is a permissions/integration blocker, not a payload or coordinate issue.

  • Inline non-blocking review comment
    • Target: utilities/infra.py, Line 699
    • Endpoint: POST /repos/RedHatQE/openshift-virtualization-tests/pulls/5355/reviews
    • Result: HTTP 403: Resource not accessible by integration
  • Inline retry
    • Same target and endpoint
    • Result: HTTP 403: Resource not accessible by integration
  • Fallback regular PR comment
    • Mechanism: GraphQL addComment
    • Result: Resource not accessible by integration

Prepared Test Execution Plan

  • Run smoke tests: True — verified path: tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dvtests/conftest.py::autouse_fixturestests/conftest.py::bin_directory_to_os_pathtests/conftest.py::virtctl_binaryutilities/infra.py::download_file_from_clusterutilities/infra.py::get_and_extract_file_from_clusterutilities/infra.py::download_and_extract_file_from_cluster
  • Run gating tests: True — verified path: tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_pvctests/conftest.py::autouse_fixturestests/conftest.py::bin_directory_to_os_pathtests/conftest.py::virtctl_binaryutilities/infra.py::download_file_from_clusterutilities/infra.py::get_and_extract_file_from_clusterutilities/infra.py::download_and_extract_file_from_cluster

Affected tests to run

  • tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dv (smoke)
  • tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_pvc (gating)
  • tests/install_upgrade_operators/console_cli_download/test_custom_console_cli_download.py::TestCustomConsoleCliDownload::test_custom_console_cli_download_links_downloadable
  • tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownload::test_download_virtcli_binary (gating)
  • tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownloadAndExecute::test_download_and_execute_virtcli_binary_linux (gating)

Real tests (cluster required)

Error path (the fix):

pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownload and test_download_virtcli_binary'

Expected: transient requests.exceptions.SSLError / requests.exceptions.ConnectionError during TLS handshake are retried for up to 2 minutes, and the virtctl download succeeds instead of failing fixture/setup.

Happy path (regression):

pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownloadAndExecute and test_download_and_execute_virtcli_binary_linux'

Expected: virtctl downloads successfully on the normal path and the downloaded binary executes successfully.

@Ahmad-Hafe

Copy link
Copy Markdown
Contributor Author

/verified

@Ahmad-Hafe

Copy link
Copy Markdown
Contributor Author

/verified

Gating tests — all pass:
tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py
7 passed in 41.66s

Smoke path (virtctl_binary fixture → download_and_extract_file_from_cluster):

tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dv — PASSED
Other affected:
All code paths through download_and_extract_file_from_cluster verified — both happy path (successful download) and retry logic (covered by TimeoutSampler).

@openshift-virtualization-qe-bot-3

Copy link
Copy Markdown
Contributor

@coderabbitai

Test execution plan request details

CRITICAL: You MUST post an inline review comment on the first changed line of the first file.
The inline comment should contain the full Test Execution Plan (smoke decision, gating decision, and specific affected tests).
Do NOT submit a blocking review event (REQUEST_CHANGES/APPROVE).
Post a single inline PR comment on Files Changed (non-blocking COMMENT flow).

As an expert software testing engineer, analyze all modified files in this PR and create a targeted test execution plan.
You will post an inline review comment with the test execution plan on the first changed file.
If you fail to run or post a comment, retry.

Analysis Requirements:

  1. Examine code changes in each modified file

  2. Identify affected code paths, functions, and classes

  3. Analyze pytest-specific elements: fixtures (scope, dependencies), parametrization, markers, conftest changes

  4. Trace test dependencies through imports, shared utilities, fixture inheritance, fixture teardown, and yield from cleanup in conftest

  5. Detect new tests introduced in the PR

  6. Utilities and libs impact (when utilities/ or libs/ changes):
    You MUST use shell scripts (rg, git diff) to trace the full impact.
    Follow these sub-steps in order:

    6a. Identify modified symbols: For each changed file under utilities/ or libs/,
    list every modified function or method.
    Example: git diff HEAD~1 --unified=0 -- utilities/hco.py | grep '^[+-]def '

    6b. Find direct callers: Search tests and conftest for each symbol from 6a.
    Example: rg -l 'get_hco_version' tests/

    6c. Trace fixture teardown and cleanup: Find fixtures that reach
    the modified symbol through yield from or context-manager wrappers.
    Example: rg -l 'yield from.*enable_common_boot|def.*enable_common_boot' tests/

    6d. Trace same-file callers: In each changed file, find other functions
    whose body calls a modified symbol (including code after yield
    in @contextmanager helpers).
    Example: rg 'get_hco_version|enable_common_boot' utilities/hco.py

    6e. Expand transitively: If function A calls modified B, then
    tests/fixtures that call A are affected — even when the test body
    never imports B directly.

    Do NOT limit impact to tests that import the modified symbol only.

  7. Smoke test impact: Intersect the affected set from step 6 with smoke-marked tests.
    Run: rg -l '@pytest.mark.smoke' tests/
    VERIFY the above command returned actual file paths before concluding False.
    Set True if either condition is met:

    • a smoke-marked file appears in the affected set from 6b-6e, OR
    • any conftest.py in the smoke test's parent-directory hierarchy (up to repo root)
      imports or calls a modified utilities/libs symbol — including autouse fixtures
      that depend on modified functions. ALL tests in that directory and below are affected.
      Example check: for each smoke_file, scan dirname(smoke_file)/conftest.py,
      dirname(dirname(smoke_file))/conftest.py, etc. for modified symbol imports
      and autouse fixtures that depend on modified symbols.
  8. Gating test impact: Intersect the affected set from step 6 with gating-marked tests.
    Run: rg -l '@pytest.mark.gating' tests/
    Set True if a gating-marked file also appears in the affected set from 6b-6e.
    Utilities/libs changes often affect gating tests without affecting smoke tests.
    Do NOT stop analysis after concluding Run smoke tests: False.

Output rules:
Do NOT include analysis step numbers (1-8) in your visible output.

Your deliverable:
Your inline informational comment will be based on the following requirements:

Test Execution Plan

  • Run smoke tests: True / False — If True, state the dependency path (test → fixture → changed symbol). True ONLY with a verified path.
  • Run gating tests: True / False — If True, state the dependency path. True if any gating-marked test is in the affected set.
  • Affected tests to run (required when utilities/, libs/, or shared conftest changes — list concrete paths even when smoke is False)

Use these formats:

  • path/to/test_file.py - When the entire test file needs verification
  • path/to/test_file.py::TestClass::test_method - When specific test(s) needed
  • path/to/test_file.py::test_function - When specific test(s) needed
  • -m marker - When a marker covers multiple affected tests (e.g. -m gating only if ALL gating tests in scope need run)
  • Tag each listed test or group with its marker when not obvious, e.g. (gating) or (smoke)

Real test commands (MANDATORY when changes affect session/runtime code):

When the affected code runs at session/collection time (conftest fixtures, pytest plugins,
config hooks, session-scoped setup) or modifies runtime behavior that unit tests mock away,
you MUST include concrete pytest commands the PR author must run on a real cluster
to verify the change works end-to-end. Include:

  • A command for the error/fix path (the scenario the PR fixes)
  • A command for the happy path (regression: the normal case still works)
  • Use lightweight tests (e.g., --collect-only for startup failures,
    a single small test for runtime behavior)
    If the PR only changes test logic (not utilities/libs/conftest), the affected test
    paths themselves serve as the real test commands — no separate section needed.

Example output for a session-startup fix:

**Real tests (cluster required)**
Error path (the fix):
`pytest tests/storage/.../test_foo.py --storage-class-matrix=nonexistent-sc --collect-only`
Expected: ValueError with clear message, not IndexError

Happy path (regression):
`pytest tests/storage/.../test_foo.py --storage-class-matrix=<valid-sc> -k test_bar`
Expected: session starts normally

Guidelines:

  • Include tests affected directly OR via fixture setup/teardown, yield from cleanup, or transitive utility call chains (caller calls modified helper)
  • Use a full file path only if ALL tests in that file require verification
  • Use file path + test name when only specific tests use an affected fixture or utility wrapper (preferred for partial file impact)
  • If a test marker can cover multiple files/tests, provide the marker
  • Balance coverage vs over-testing - Keep descriptions minimal
  • Example: if leaf helper foo() changes, include tests whose fixture teardown calls wrapper bar() where bar() calls foo(), even when the test body only imports an unrelated symbol from the same utilities module

Hardware-Related Checks (SR-IOV, GPU, DPDK):

When PR modifies fixtures for hardware-specific resources:

  • Collection Safety: Fixtures MUST have existence checks (return None when hardware unavailable)
  • Test Plan: MUST verify both WITH and WITHOUT hardware:
    • Run affected tests on cluster WITH hardware
    • Verify collection succeeds on cluster WITHOUT hardware

CRITICAL WORKFLOW COMPLETION RULES:

When responding to this test execution plan request, you MUST follow these rules EXACTLY:

  1. YOUR ONLY DELIVERABLE: Post one non-blocking inline comment containing the test execution plan on the first changed line
  2. THEN STOP IMMEDIATELY - Do NOT generate any additional response
  3. FALLBACK ONLY: If inline comment API calls fail after retrying, post as a regular PR comment
  4. SILENCE = SUCCESS: After successfully submitting the review, your task is complete. No confirmation needed.

ABSOLUTE PROHIBITIONS (violating these creates empty/meaningless reviews):

  • ❌ Do NOT post acknowledgment messages like "Test execution plan posted", "Review posted successfully", "I've successfully posted"
  • ❌ Do NOT mention review IDs, URLs, or confirmation of posting in the PR thread
  • ❌ Do NOT add any follow-up comments after submitting the review
  • ❌ Do NOT reply to confirm task completion
  • ❌ Do NOT explain what you did - just do it and stop

Remember: The pull request review is visible to users. Additional comments are redundant noise.

CRITICAL — Verification rules for smoke and gating decisions:
- For each True decision, you must have traced a concrete path: test file → fixture → utility function → modified symbol.
- Do NOT assume impact based on scope, file proximity, or infrastructure-sounding names.
Only set True when you trace a concrete path through steps 6a-6e, then 7 or 8.
WRONG: "utilities/hco.py changed → run smoke" (no traced dependency path)
WRONG: "Run smoke tests: False" with no affected-test list when gating tests use the changed utility
RIGHT: "Run smoke tests: False, Run gating tests: True" plus tests/.../test_foo.py::TestBar::test_baz (gating)
RIGHT: "Smoke test X uses fixture Y → wrapper Z → changed function W in utilities/hco.py"

@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

repo="RedHatQE/openshift-virtualization-tests"
pr="5355"

files_json="$(gh api "/repos/$repo/pulls/$pr/files?per_page=100")"
first_file="$(echo "$files_json" | jq -r '.[0].filename')"
patch="$(echo "$files_json" | jq -r --arg f "$first_file" '.[] | select(.filename == $f) | .patch')"

if [[ -z "$first_file" || "$first_file" == "null" ]]; then
  echo "ERROR: Could not determine first changed file" >&2
  exit 1
fi

first_added_line="$(
PATCH="$patch" python - <<'PY'
import os, re
patch = os.environ.get("PATCH", "")
current_new = None
first = None
for line in patch.splitlines():
    if line.startswith("@@"):
        m = re.search(r"\+(\d+)", line)
        current_new = int(m.group(1)) if m else None
        continue
    if current_new is None:
        continue
    if line.startswith("+") and not line.startswith("+++"):
        first = current_new
        break
    if line.startswith("-") and not line.startswith("---"):
        continue
    current_new += 1
print("" if first is None else first)
PY
)"

if [[ -z "$first_added_line" ]]; then
  echo "ERROR: Could not determine first added line for $first_file" >&2
  exit 1
fi

comment_body="$(cat <<'EOF'
**Test Execution Plan**

- **Run smoke tests: True** — verified path: `tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dv` → `tests/conftest.py::autouse_fixtures` → `tests/conftest.py::bin_directory_to_os_path` → `tests/conftest.py::virtctl_binary` → `utilities/infra.py::download_file_from_cluster` → `utilities/infra.py::get_and_extract_file_from_cluster` → `utilities/infra.py::download_and_extract_file_from_cluster`
- **Run gating tests: True** — verified path: `tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_pvc` → `tests/conftest.py::autouse_fixtures` → `tests/conftest.py::bin_directory_to_os_path` → `tests/conftest.py::virtctl_binary` → `utilities/infra.py::download_file_from_cluster` → `utilities/infra.py::get_and_extract_file_from_cluster` → `utilities/infra.py::download_and_extract_file_from_cluster`

**Affected tests to run**
- `tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dv` (smoke)
- `tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_pvc` (gating)
- `tests/install_upgrade_operators/console_cli_download/test_custom_console_cli_download.py::TestCustomConsoleCliDownload::test_custom_console_cli_download_links_downloadable`
- `tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownload::test_download_virtcli_binary` (gating)
- `tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownloadAndExecute::test_download_and_execute_virtcli_binary_linux` (gating)

**Real tests (cluster required)**

Error path (the fix):
`pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownload and test_download_virtcli_binary'`
Expected: transient `requests.exceptions.SSLError` / `requests.exceptions.ConnectionError` during TLS handshake are retried for up to 2 minutes, and the `virtctl` download succeeds instead of failing fixture/setup.

Happy path (regression):
`pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownloadAndExecute and test_download_and_execute_virtcli_binary_linux'`
Expected: `virtctl` downloads successfully on the normal path and the downloaded binary executes successfully.
EOF
)"

echo "first_file=$first_file"
echo "first_added_line=$first_added_line"

tmp_review="$(mktemp)"
jq -n \
  --arg body "$comment_body" \
  --arg path "$first_file" \
  --argjson line "$first_added_line" \
  '{
     event: "COMMENT",
     comments: [
       {
         path: $path,
         side: "RIGHT",
         line: $line,
         body: $body
       }
     ]
   }' > "$tmp_review"

echo "== Attempt 1: inline non-blocking review comment =="
set +e
inline_out_1="$(gh api \
  --method POST \
  -H "Accept: application/vnd.github+json" \
  "/repos/$repo/pulls/$pr/reviews" \
  --input "$tmp_review" 2>&1)"
inline_status_1=$?
set -e
echo "$inline_out_1"

if [[ "$inline_status_1" -eq 0 ]]; then
  exit 0
fi

echo "== Attempt 2: retry inline non-blocking review comment =="
set +e
inline_out_2="$(gh api \
  --method POST \
  -H "Accept: application/vnd.github+json" \
  "/repos/$repo/pulls/$pr/reviews" \
  --input "$tmp_review" 2>&1)"
inline_status_2=$?
set -e
echo "$inline_out_2"

if [[ "$inline_status_2" -eq 0 ]]; then
  exit 0
fi

echo "== Fallback: regular PR comment =="
set +e
fallback_out="$(gh pr comment "$pr" --repo "$repo" --body "$comment_body" 2>&1)"
fallback_status=$?
set -e
echo "$fallback_out"

exit 0

Length of output: 5625


@openshift-virtualization-qe-bot-3

CRITICAL (blocking): I retried the required posting flow with fresh PR metadata, and GitHub still blocks both allowed write paths.

Why this matters:
The inline comment requirement exists so the test plan is anchored to the changed code. The fallback PR comment exists so the plan is still preserved when inline review comments are unavailable. In this run, both failed, which means this is a permissions/integration blocker rather than a bad line number or malformed payload.

Verified target

  • First changed file: utilities/infra.py
  • First changed line: Line 699

Write attempts

  • Inline non-blocking review comment
    • Endpoint: POST /repos/RedHatQE/openshift-virtualization-tests/pulls/5355/reviews
    • Result: HTTP 403: Resource not accessible by integration
  • Inline retry
    • Same endpoint
    • Result: HTTP 403: Resource not accessible by integration
  • Fallback regular PR comment
    • Mechanism: GraphQL addComment
    • Result: Resource not accessible by integration

Prepared Test Execution Plan

  • Run smoke tests: True — verified path: tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dvtests/conftest.py::autouse_fixturestests/conftest.py::bin_directory_to_os_pathtests/conftest.py::virtctl_binaryutilities/infra.py::download_file_from_clusterutilities/infra.py::get_and_extract_file_from_clusterutilities/infra.py::download_and_extract_file_from_cluster
  • Run gating tests: True — verified path: tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_pvctests/conftest.py::autouse_fixturestests/conftest.py::bin_directory_to_os_pathtests/conftest.py::virtctl_binaryutilities/infra.py::download_file_from_clusterutilities/infra.py::get_and_extract_file_from_clusterutilities/infra.py::download_and_extract_file_from_cluster

Affected tests to run

  • tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_dv (smoke)
  • tests/storage/cdi_upload/test_upload_virtctl.py::test_virtctl_image_upload_pvc (gating)
  • tests/install_upgrade_operators/console_cli_download/test_custom_console_cli_download.py::TestCustomConsoleCliDownload::test_custom_console_cli_download_links_downloadable
  • tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownload::test_download_virtcli_binary (gating)
  • tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py::TestDisconnectedVirtctlDownloadAndExecute::test_download_and_execute_virtcli_binary_linux (gating)

Real tests (cluster required)

Error path (the fix):

pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownload and test_download_virtcli_binary'

Expected: transient requests.exceptions.SSLError / requests.exceptions.ConnectionError during TLS handshake are retried for up to 2 minutes, and the virtctl download succeeds instead of failing fixture/setup.

Happy path (regression):

pytest tests/install_upgrade_operators/console_cli_download/test_disconnected_virtctl.py -k 'TestDisconnectedVirtctlDownloadAndExecute and test_download_and_execute_virtcli_binary_linux'

Expected: virtctl downloads successfully on the normal path and the downloaded binary executes successfully.

@geetikakay

Copy link
Copy Markdown
Contributor

/lgtm

@rnetser

rnetser commented Jun 30, 2026

Copy link
Copy Markdown
Collaborator

/approve
/lgtm

@Ahmad-Hafe

Copy link
Copy Markdown
Contributor Author

/retest tox

@Ahmad-Hafe

Copy link
Copy Markdown
Contributor Author

/retest build-container

@Ahmad-Hafe

Copy link
Copy Markdown
Contributor Author

/retest all

@Ahmad-Hafe

Copy link
Copy Markdown
Contributor Author

/retest verify-bugs-are-open

@Ahmad-Hafe

Copy link
Copy Markdown
Contributor Author

/retest all

@openshift-virtualization-qe-bot-5

Copy link
Copy Markdown

Clean rebase detected — no code changes compared to previous head (f0efb1e).
The following labels were preserved: verified, lgtm-geetikakay, lgtm-rnetser, approved-rnetser.

@servolkov servolkov left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[STORGE][GATING] is misleading and unrelated to the change in the PR and should be omitted.

Comment thread utilities/infra.py Outdated
@openshift-virtualization-qe-bot-6

Copy link
Copy Markdown

Clean rebase detected — no code changes compared to previous head (0f9355c).
The following labels were preserved: verified, lgtm-geetikakay, lgtm-rnetser, approved-rnetser, commented-servolkov.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@utilities/infra.py`:
- Line 695: The requests.get call in the infra helper uses a positional url
argument alongside keyword arguments, which violates the named-arguments
guideline. Update the request call in the function that fetches the URL response
to pass url as a named argument, keeping verify and timeout as named arguments
too, so the call is consistent and easier to read.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 2f2d98f1-62b0-4393-9f4b-217d99d959e6

📥 Commits

Reviewing files that changed from the base of the PR and between 1b55f6b and 40044a8.

📒 Files selected for processing (1)
  • utilities/infra.py
📜 Review details
🧰 Additional context used
📓 Path-based instructions (3)
**/*.py

📄 CodeRabbit inference engine (AGENTS.md)

**/*.py: Never add linter suppressions like # noqa, # type: ignore, or # pylint: disable. Fix the code instead. If you believe a rule is wrong, ask the user for explicit approval.
Search the codebase for existing implementations before writing new code. Check utilities/, libs/, tests/, and pyproject.toml dependencies. Never duplicate logic—extract to shared modules. Use pyhelper_utils.shell.run_command for shell commands instead of subprocess.run, and use ocp-resources classes instead of raw YAML dicts.
Type hints are MANDATORY. Use mypy strict mode in libs/ and all new public functions under utilities. Use TYPE_CHECKING for type-only imports to avoid runtime overhead and circular imports.
Write Google-format docstrings for all public functions with non-obvious return values or side effects.
Always use uv run to execute commands. Never execute python, pip, pytest, tox, or pre-commit directly. Use uv run python, uv run pytest, uv run tox, uv run pre-commit, and uv add for package installation.
Always use absolute imports. Never use relative imports.
Prefer specific imports using from module import func for functions and constants. Use from package import module (then module.Name) when retaining the module name meaningfully improves readability. Never use bare import module without a from clause.
Always use named arguments for function calls with more than one argument.
Never use single-letter variable names. Always use descriptive, meaningful names.
No dead code. Every function, variable, and fixture must be used or removed. Code marked with # skip-unused-code is excluded from dead code analysis (enforced via custom ruff plugin).
Prefer direct attribute access using foo.attr. Save to variables only when reusing the same attribute multiple times improves readability or extracting clarifies intent.
Imports must always be at the top of the module. Do not import inside functions.
No defensive programming. Fail...

Files:

  • utilities/infra.py
utilities/infra.py

📄 CodeRabbit inference engine (AGENTS.md)

Place infrastructure helpers (SSH, networking infrastructure, pod operations) in utilities/infra.py.

Files:

  • utilities/infra.py
**

⚙️ CodeRabbit configuration file

**: # AI Review and Development Standards

Assisted-by: Claude noreply@anthropic.com

Coding standards, conventions, and review guidelines for openshift-virtualization-tests.

These rules apply to ALL contributors and review tools — human and AI alike.

Strict Rules (MANDATORY)

Linter Suppressions PROHIBITED

  • NEVER add # noqa, # type: ignore, # pylint: disable
  • NEVER disable linter/mypy rules to work around issues
  • FIX THE CODE - If linter complains, the code is wrong
  • If you think a rule is wrong: ASK the user for explicit approval

Code Reuse (Search-First Development)

Before writing ANY new code:

  1. SEARCH codebase for existing implementations
  2. CHECK utilities/ for shared functions
  3. CHECK libs/ for shared libraries
  4. CHECK tests/ for shared fixtures and helper functions
  5. CHECK pyproject.toml dependencies — project packages (e.g., pyhelper-utils, ocp-resources, openshift-python-wrapper) may already provide the functionality
  6. VERIFY no similar logic exists elsewhere
  7. NEVER duplicate logic - extract to shared module
  8. REUSE existing code and patterns — only write new when nothing exists

External package examples:

  • Shell commands — use pyhelper_utils.shell.run_command, NEVER use subprocess.run directly in test/utility code
  • OpenShift resources — use ocp-resources classes, NEVER construct raw YAML dicts

Python Requirements

  • Type hints MANDATORY - mypy strict mode in libs/, all new public functions under utilities MUST be typed
  • Use TYPE_CHECKING for type-only imports - wrap imports needed solely for type hints in if TYPE_CHECKING: to avoid runtime overhead and circular imports
  • Google-format docstrings REQUIRED - for all public functions with non-obvious return values OR side effects
  • No defensive programming - fail-fast, don't hide bugs with fake defaults (see exceptions below)
  • ALWAYS use uv run -...

Files:

  • utilities/infra.py

⚙️ CodeRabbit configuration file

**: ## PR Template Validation
Check the PR description for required sections from .github/pull_request_template.md.
Required sections (must be present, even if empty):

  • ##### What this PR does / why we need it: — MUST be present AND have meaningful content.
    Flag as HIGH if the section is missing, empty, whitespace-only, contains only HTML comments,
    or contains only placeholder tokens such as TBD, TBA, N/A, -, , none, or ..
  • ##### Which issue(s) this PR fixes: — must be present (may be empty)
  • ##### Special notes for reviewer: — must be present (may be empty)
  • ##### jira-ticket: — must be present (may be empty)
    If any required section is absent, or What this PR does / why we need it: has no content,
    flag it as HIGH severity and ask the author to restore the missing template section(s).

Approval Policy

You may approve the PR when ALL of the following are true:

  • All your review comments have been addressed with either:
    • a code/doc change that fixes the issue, or
    • a substantive author response that justifies no code change.
      Thread "resolved" state alone is not sufficient.
      OR you had no review comments.
  • If you posted a test execution plan comment requesting tests, and the PR author replied
    with a comment explaining why the requested tests are not needed or were already covered,
    treat that as an acceptable response — do not block approval on the test plan alone.
  • The author's explanation must be reasonable and specific (not just "N/A" or "not needed").
    Accept explanations like: "these tests were already run in CI", "this change is docs-only",
    "the affected tests are quarantined", or "verified manually on cluster X".

Files:

  • utilities/infra.py
🧠 Learnings (28)
📚 Learning: 2026-01-12T11:24:13.825Z
Learnt from: servolkov
Repo: RedHatQE/openshift-virtualization-tests PR: 3387
File: tests/network/provider_migration/libprovider.py:50-52
Timestamp: 2026-01-12T11:24:13.825Z
Learning: In the RedHatQE/openshift-virtualization-tests repository, when catching exceptions in Python, use LOGGER.error before re-raising and do not replace it with LOGGER.exception in except blocks. This follows the established pattern across the codebase.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-01-12T14:25:05.723Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 3366
File: tests/storage/cdi_clone/test_clone.py:5-9
Timestamp: 2026-01-12T14:25:05.723Z
Learning: In Python tests and utility code across the repository, bitmath.parse_string_unsafe correctly parses Kubernetes quantities (e.g., '4Gi', '512Mi', PVC storage requests) without supplying system=bitmath.NIST. There are 30+ usages indicating this is the standard behavior. Reviewers should verify that code that builds or compares quantity strings does not pass the NIST parameter, and if a new test relies on quantity parsing, assume no NIST parameter is required unless explicitly documented.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-01-20T01:03:13.139Z
Learnt from: servolkov
Repo: RedHatQE/openshift-virtualization-tests PR: 3387
File: tests/network/provider_migration/libprovider.py:1-8
Timestamp: 2026-01-20T01:03:13.139Z
Learning: In the openshift-virtualization-tests repository, Python imports should consistently use module-level imports for the logging module (i.e., import logging) rather than from logging import ... The established pattern spans 270+ files and should not be flagged for refactoring. Apply this guideline to Python files across the repo (e.g., tests/network/provider_migration/libprovider.py).

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-01-21T21:26:41.805Z
Learnt from: geetikakay
Repo: RedHatQE/openshift-virtualization-tests PR: 3559
File: utilities/infra.py:251-254
Timestamp: 2026-01-21T21:26:41.805Z
Learning: In the RedHatQE/openshift-virtualization-tests repository, when reviewing Python code, recognize that with Python 3.14 the syntax 'except ValueError, TypeError:' is valid if there is no 'as' clause, and should not be flagged as Python 2 syntax. If you use an 'as' binding (e.g., 'except (ValueError, TypeError) as e:'), parentheses are required. Ensure this pattern is version-consistent and not flagged as Python 2 syntax when 'as' is absent.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-01-25T13:18:21.675Z
Learnt from: jpeimer
Repo: RedHatQE/openshift-virtualization-tests PR: 3571
File: tests/storage/storage_migration/utils.py:158-167
Timestamp: 2026-01-25T13:18:21.675Z
Learning: In reviews of the openshift-virtualization-tests repo (and similar Python code), avoid suggesting minor stylistic changes that require extra verification (e.g., removing dict.keys() checks for membership) unless the change has clear correctness or maintainability impact. Focus on fixes with observable behavior, security, performance, or maintainability benefits; defer low-impact style tweaks that are costly to verify.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-02-18T06:35:39.536Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 3847
File: utilities/virt.py:2449-2453
Timestamp: 2026-02-18T06:35:39.536Z
Learning: In Python code, a function named clearly and self-descriptively can be deemed not to require a docstring. However, treat this as a context-specific guideline and not a universal rule. For public APIs or functions with side effects, prefer concise docstrings explaining behavior, inputs, outputs, and side effects. This guidance is based on the example in utilities/virt.py from RedHatQE/openshift-virtualization-tests where validate_libvirt_persistent_domain(vm, admin_client) was considered self-documenting.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-02-23T16:33:22.070Z
Learnt from: vsibirsk
Repo: RedHatQE/openshift-virtualization-tests PR: 3883
File: utilities/pytest_utils.py:441-463
Timestamp: 2026-02-23T16:33:22.070Z
Learning: In Python code reviews, the guideline to always use named arguments for multi-argument calls does not apply to built-ins or methods that have positional-only parameters (those defined with a / in their signature). Do not flag or require named arguments for calls like dict.get(key, default=None, /), list.pop(), str.split(sep, maxsplit) and similar built-ins that cannot accept keyword arguments. Apply the named-argument rule only to functions/methods that explicitly accept keyword arguments.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-03-17T01:32:02.617Z
Learnt from: dshchedr
Repo: RedHatQE/openshift-virtualization-tests PR: 4118
File: utilities/database.py:0-0
Timestamp: 2026-03-17T01:32:02.617Z
Learning: In RedHatQE/openshift-virtualization-tests, when reviewing Python files, post targeted inline comments on the Files changed tab at the exact location (file and line) of the issue rather than opening a single discussion thread for multiple issues. This should be done for each applicable location to improve traceability and clarity. If multiple issues exist in the same file, address them with separate inline comments pointing to the specific lines.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-03-17T01:32:02.617Z
Learnt from: dshchedr
Repo: RedHatQE/openshift-virtualization-tests PR: 4118
File: utilities/database.py:0-0
Timestamp: 2026-03-17T01:32:02.617Z
Learning: In the RedHatQE/openshift-virtualization-tests repository, CodeRabbit should post targeted inline comments at each applicable location in the Files Changed tab, rather than aggregating multiple issues into a single PR discussion thread reply. This guideline applies to all Python files (any file ending in .py) changed in a PR; for non-Python files, follow the same inline-comment-at-location principle if relevant.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-04T13:45:29.122Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 4725
File: utilities/console.py:54-59
Timestamp: 2026-05-04T13:45:29.122Z
Learning: During review of RedHatQE/openshift-virtualization-tests “lint-cleanup” PRs (e.g., changes targeting lint issues like stale noqa/utf-8 headers), do not flag existing `# type: ignore` directives that were already present before the PR and were not introduced or modified by the PR. Only raise findings for `# type: ignore` suppressions that the PR itself adds, changes, or otherwise makes newly effective (i.e., they appear in the diff as additions/edits).

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-04T13:45:33.892Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 4725
File: tests/virt/cluster/common_templates/centos/test_centos_os_support.py:78-83
Timestamp: 2026-05-04T13:45:33.892Z
Learning: When reviewing lint-cleanup or formatting-only pull requests in this repo (e.g., changes like removing/updating `# noqa` comments or UTF-8 headers), do not raise findings for code patterns that already existed before the PR. Specifically, if a problematic construct such as `.is_connective(tcp_timeout=120)` was present in the base branch, suppress that finding and only raise issues when the PR itself introduces or modifies that construct (i.e., the diff adds/changes the call or its arguments). Apply this rule across all Python files (`**/*.py`).

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-05T17:01:15.294Z
Learnt from: dshchedr
Repo: RedHatQE/openshift-virtualization-tests PR: 4739
File: tests/virt/node/descheduler/conftest.py:2-2
Timestamp: 2026-05-05T17:01:15.294Z
Learning: In this repo’s Python code, it’s acceptable (and preferred by convention) to build `run_command` inputs using `shlex.split(f"<command> {arg}")` rather than converting to direct list literals like `['oc', 'adm', 'uncordon', name]`. During code review, generally don’t flag `shlex.split(...)` usage for `run_command` calls and don’t suggest replacing it with list literals; the string-form pattern is used to keep commands readable and consistent with how they’re typed in a terminal.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-08T12:49:20.694Z
Learnt from: geetikakay
Repo: RedHatQE/openshift-virtualization-tests PR: 4788
File: utilities/os_utils.py:257-262
Timestamp: 2026-05-08T12:49:20.694Z
Learning: In RedHatQE/openshift-virtualization-tests, the Ruff flake8-boolean-trap rules FBT001/FBT002 are intentionally not enabled (pyproject.toml does not select the FBT rules; confirmed via `ruff check --show-settings`). Therefore, do not flag boolean positional parameters as FBT001/FBT002 violations in this repository. If Ruff configuration changes and starts selecting FBT rules, this exception should be reconsidered.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-12T05:10:24.601Z
Learnt from: acinko-rh
Repo: RedHatQE/openshift-virtualization-tests PR: 4780
File: tests/storage/utils.py:568-572
Timestamp: 2026-05-12T05:10:24.601Z
Learning: In this repository, Ruff rule UP043 ("unnecessary default type arguments") is enforced. When annotating `collections.abc.Generator` return types, prefer the single-parameter form `Generator[YieldType]` rather than `Generator[YieldType, None, None]`. Explicit `None, None` for the SendType and ReturnType are unnecessary defaults (per PEP 696) and will trigger UP043. Apply this consistently across all Python files.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-13T19:23:09.603Z
Learnt from: Anatw
Repo: RedHatQE/openshift-virtualization-tests PR: 4833
File: tests/network/localnet/migration_stuntime/libstuntime.py:25-25
Timestamp: 2026-05-13T19:23:09.603Z
Learning: In this repository, do not recommend adding `from __future__ import annotations` to fix forward-reference type annotation issues (e.g., Ruff UP037). Follow the established convention: use quoted string type annotations for forward references when the referenced class/type is defined later in the same file (e.g., `"ContinuousPing"`), and prefer `typing.Self` for self-referential return types.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-18T06:30:56.781Z
Learnt from: EdDev
Repo: RedHatQE/openshift-virtualization-tests PR: 4819
File: utilities/unittests/test_bitwarden.py:207-207
Timestamp: 2026-05-18T06:30:56.781Z
Learning: During Ruff/lint rule-enablement PRs in this repository (e.g., when introducing a new rule like PLC0415), it’s acceptable to keep CI green by adding per-line, targeted suppressions for pre-existing violations: add only `# noqa: <single-ruff-rule-id>` at the end of the specific violating line. In this PR context, reviewers should NOT flag these targeted `# noqa: PLC0415` comments as policy violations, assuming the suppression is for a pre-existing issue and is documented in the PR description as a candidate for follow-up cleanup. Do not allow blanket `# noqa` (without a specific rule) or `per-file-ignores`; those remain disallowed.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-18T06:31:12.015Z
Learnt from: EdDev
Repo: RedHatQE/openshift-virtualization-tests PR: 4819
File: utilities/unittests/test_pytest_utils.py:270-270
Timestamp: 2026-05-18T06:31:12.015Z
Learning: In RedHatQE/openshift-virtualization-tests, if a PR is a Ruff rule-enforcement PR and its “Special notes for reviewer” documents that pre-existing Ruff violations are being temporarily handled via per-line suppressions (e.g., `# noqa: PLC0415`) to keep CI green, reviewers should treat those specific `# noqa: <rule>` comments as an agreed, temporary mechanism. Do not flag them as code-quality issues and do not recommend removing, consolidating, or refactoring those suppressions within the same PR; cleanup/remediation is expected to happen in dedicated follow-up PRs instead.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-18T06:31:15.083Z
Learnt from: EdDev
Repo: RedHatQE/openshift-virtualization-tests PR: 4819
File: utilities/unittests/test_data_collector.py:304-304
Timestamp: 2026-05-18T06:31:15.083Z
Learning: When reviewing Python code in this repository for Ruff/linter rule rollouts, do not treat temporary suppression comments as violations in the specific migration scenario where a PR enables a new Ruff rule (e.g., PLC0415) and the PR description explicitly documents that all *pre-existing* violations are being annotated with `# noqa: <RULE>` as a short-lived measure. In that case, only flag `# noqa: <RULE>` suppressions that are newly introduced on code that did not previously violate the rule—i.e., verify via the PR diff against the prior state (and/or prior Ruff findings) that the suppressed line was already violating before the rule was enabled. Ignore suppressions that are covering violations that existed before the new rule rollout and were intentionally bulk-added for cleanup in follow-up PRs.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-18T06:31:20.848Z
Learnt from: EdDev
Repo: RedHatQE/openshift-virtualization-tests PR: 4819
File: utilities/unittests/test_hco.py:501-501
Timestamp: 2026-05-18T06:31:20.848Z
Learning: When reviewing Python code in RedHatQE/openshift-virtualization-tests, avoid flagging Ruff `# noqa: <RULE>` suppressions as issues if they were intentionally added as a temporary measure to keep CI green after a PR enables a new Ruff/lint rule (e.g., PLC0415) and the PR description documents this under "Special notes for reviewer". Treat these suppressions as deferred technical debt. Only flag `# noqa: PLC0415` (and similar rule-specific suppressions) when they are newly introduced without an accompanying documented intent in the PR (and thus appear to be masking a new violation rather than a pre-existing one).

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-18T09:09:09.479Z
Learnt from: EdDev
Repo: RedHatQE/openshift-virtualization-tests PR: 4878
File: utilities/unittests/test_pytest_utils.py:2194-2197
Timestamp: 2026-05-18T09:09:09.479Z
Learning: In this repository (RedHatQE/openshift-virtualization-tests), do not flag missing return type annotations or missing argument type annotations as Ruff “ANN” rule violations (e.g., ANN001/ANN002/ANN201/ANN202). The repo’s Ruff configuration does not enable ANN rules and only uses `extend-select = ["PLC0415"]`, so missing type annotations should not be treated as ANN lint failures during code review.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-19T07:48:17.119Z
Learnt from: azhivovk
Repo: RedHatQE/openshift-virtualization-tests PR: 4784
File: libs/vm/affinity.py:104-104
Timestamp: 2026-05-19T07:48:17.119Z
Learning: When using Kubernetes API models like `NodeSelectorRequirement` or `LabelSelectorRequirement` with operators `Exists` or `DoesNotExist`, the `values` field must not be non-empty. It is valid for `values` to be omitted / left as `None` (Python) / passed as `null`—Kubernetes rejects non-empty `values` for these operators, but does not require the field to be present or explicitly set to an empty list. In code reviews, do not treat missing `values=[]` for `Exists`/`DoesNotExist` as a validation issue; only flag cases where `values` is provided with actual elements.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-19T07:48:17.119Z
Learnt from: azhivovk
Repo: RedHatQE/openshift-virtualization-tests PR: 4784
File: libs/vm/affinity.py:104-104
Timestamp: 2026-05-19T07:48:17.119Z
Learning: When constructing Kubernetes `NodeSelectorRequirement` (or `LabelSelectorRequirement`) objects in code, do not treat `values` being omitted, `None`, or an empty list as an API-validation problem when the requirement’s operator is `Exists` or `DoesNotExist`. Per the Kubernetes API spec, these operators only require that the `values` array is not non-empty (i.e., it must be empty); they do not require the field to be explicitly present as `[]`. Therefore, reviewers should not flag `values=None`/missing `values` for `Exists`/`DoesNotExist`.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-26T15:52:31.613Z
Learnt from: rlobillo
Repo: RedHatQE/openshift-virtualization-tests PR: 4983
File: utilities/hco.py:376-378
Timestamp: 2026-05-26T15:52:31.613Z
Learning: For Python files in this repo, don’t raise review findings for missing type hints or missing/Google-style docstrings on an existing function when the PR’s only functional change is adding one or more new parameters to that function and the PR does not otherwise refactor or substantially rewrite its body/signature. Treat type-annotation/docstring improvements as out of scope for focused parameter-add PRs and defer them to a follow-up. Only raise missing type-hint or docstring issues when the PR introduces an entirely new function or substantially rewrites an existing one.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-06-21T20:28:07.727Z
Learnt from: Anatw
Repo: RedHatQE/openshift-virtualization-tests PR: 5283
File: tests/network/libs/service.py:14-16
Timestamp: 2026-06-21T20:28:07.727Z
Learning: When reviewing Python code in this repository targeting Python 3.14 with PEP 649 (deferred annotation evaluation using descriptors) enabled by default, do not flag annotations that reference types imported only under `if TYPE_CHECKING:` (e.g., `client: DynamicClient | None = None`) as potential runtime `NameError` problems. With PEP 649 enabled, annotations are not evaluated at function definition time, so these patterns are valid without `from __future__ import annotations`.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-02-18T06:34:38.042Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 3847
File: tests/virt/cluster/common_templates/utils.py:58-58
Timestamp: 2026-02-18T06:34:38.042Z
Learning: In RedHatQE/openshift-virtualization-tests, treat 'public' functions as those defined in any Python files under libs/ or utilities/ (any depth). Functions inside nested test directories (e.g., tests/virt/cluster/common_templates/, tests/virt/node/, etc.) are test helpers and do not require Google-format docstrings unless explicitly requested. Use this rule during reviews to decide whether to enforce docstrings on public API functions in libs/utilities.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-03T15:38:09.624Z
Learnt from: rnetser
Repo: RedHatQE/openshift-virtualization-tests PR: 4701
File: tests/virt/node/general/test_windows_vtpm_bitlocker.py:50-52
Timestamp: 2026-05-03T15:38:09.624Z
Learning: During review of PRs that are lint cleanups or tooling/version bumps, do not flag code-quality issues for patterns that pre-existed before the PR. Specifically, if the diff does not introduce/modify constructs such as nested `if` blocks or unnecessary list comprehensions, treat them as known/deferred and leave them for dedicated follow-up cleanup PRs. Only raise issues when the PR itself adds, changes, or refactors the problematic code.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-05-15T18:42:02.504Z
Learnt from: geetikakay
Repo: RedHatQE/openshift-virtualization-tests PR: 4860
File: utilities/hco.py:385-389
Timestamp: 2026-05-15T18:42:02.504Z
Learning: In this repository, under the Python `utilities/` directory (utility/helper modules, not tests), do not flag bare `assert` statements as correctness or style issues. The codebase conventionally uses `assert` in these utilities (e.g., `utilities/virt.py`, `utilities/infra.py`, etc.) and does not enforce running Python with `-O`/`PYTHONOPTIMIZE`, so the usual “asserts may be stripped” concern should not be treated as a review blocker here.

Applied to files:

  • utilities/infra.py
📚 Learning: 2026-06-15T10:56:21.758Z
Learnt from: vsibirsk
Repo: RedHatQE/openshift-virtualization-tests PR: 4994
File: tests/network/user_defined_network/ip_specification/test_ip_specification.py:123-127
Timestamp: 2026-06-15T10:56:21.758Z
Learning: In this repository, do not require or flag missing `-> None` return type annotations on pytest test functions/methods (i.e., functions named `test_*`) located under `tests/**`. Return type annotations for `-> None` on these test functions are optional and should not be treated as inconsistent. Separately, in `utilities/**` and `libs/**`, enforce return type annotations for non-test public functions (e.g., functions that are not internal/private such as those not starting with `_`).

Applied to files:

  • utilities/infra.py
🪛 ast-grep (0.44.0)
utilities/infra.py

[warning] 694-694: Request-controlled URL passed to requests; validate against an allowlist to prevent SSRF.
Context: requests.get(url, verify=False, timeout=TIMEOUT_30SEC)
Note: [CWE-918] Server-Side Request Forgery (SSRF).

(ssrf-requests)


[info] 694-694: Make sure cookies are safe and secure
Context: verify=False
Note: [CWE-614] Sensitive Cookie in HTTPS Session Without 'Secure' Attribute.

(secure-cookie)


[error] 694-694: verify should be True
Context: verify=False
Note: [CWE-295] Improper Certificate Validation (TLS verification disabled).

(request-verify)


[warning] 696-696: File path is request-/variable-derived; validate and normalize to prevent path traversal.
Context: open(local_file_name, "wb")
Note: [CWE-22] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

(open-filename-from-request)

🪛 OpenGrep (1.23.0)
utilities/infra.py

[WARNING] 695-695: SSL/TLS verification is disabled (verify=False). This allows man-in-the-middle attacks. Remove verify=False or set it to True.

(coderabbit.tls.verify-disabled-python)

🪛 Ruff (0.15.20)
utilities/infra.py

[error] 695-695: Probable use of requests call with verify=False disabling SSL certificate checks

(S501)

🔇 Additional comments (4)
utilities/infra.py (4)

695-695: 🔒 Security & Privacy

TLS verification disabled — already litigated, not new to this PR.

verify=False predates this diff and was already flagged/withdrawn twice in prior reviews of this exact function as pre-existing behavior, not a regression introduced here.


684-693: LGTM!


696-699: LGTM!


713-716: LGTM!

Comment thread utilities/infra.py Outdated
…rrors

Signed-off-by: Ahmad Hafe <ahafe@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Signed-off-by: Ahmad Hafe <ahafe@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.