refactor(cli): share Linux binary acquisition for run and vendoring#2015
Conversation
cb8152d to
408285f
Compare
Site previewPreview: https://0e5f0a39-site.fullsend-ai.workers.dev Commit: |
d9d93cb to
54d2f49
Compare
ReviewPrior findings resolved
FindingsMedium
Low
Previous runReviewPrior findings resolved
FindingsMedium
Low
Previous run (2)ReviewPrior findings resolved
FindingsMedium
Low
Previous run (3)ReviewPrior findings resolved
FindingsMedium
Low
Previous run (4)ReviewFindingsMedium
Low
|
10bc6e4 to
4367c8c
Compare
waynesun09
left a comment
There was a problem hiding this comment.
Review Squad Report — 8 agents dispatched (2x claude-coder, 2x claude-researcher, 2x gemini-code-review, 2x cursor-code-review)
81 raw findings → 17 after dedup → 3 false positives removed → 5 MEDIUM, 7 LOW, 5 INFO
Well-executed refactor with no behavioral regressions in the core fullsend run path. Security properties (checksum verification, tar traversal protection, size limits) are fully preserved. The 5 MEDIUM findings above are UX/polish issues, not correctness bugs. No CRITICAL or HIGH issues survived verification.
ggallen
left a comment
There was a problem hiding this comment.
No to vendoring at all. We should not be committing any binaries to the respository.
@ggallen how do you suggest we solve the issue of running e2e tests with the code from the commit under test instead of whatever the latest release happens to be? |
How about just building it out of the repo? |
I guess that is doable, we will need to make sure we share the same build action and cache everywhere, so that, for e.g we only build once duiring an e2e test run. @rh-hemartin WDYT? can we do that? It also means I can go ahead with #1954 and put it behind a |
|
@ifireball I created #2026 to address it. Given we add a parameter to the shim, it will detect that the parameter does not correspond to a version and pull the repository for compilation. I just tested it and it works. I'll open a PR soon and let's see how it goes. |
@rh-hemartin ok, lets keep going with this for now... I want to get tihs done soome because its sometihng I'm doing along the way for something else I'm also doing along the way for something... |
|
🤖 Finished Review · ✅ Success · Started 10:07 AM UTC · Completed 10:20 AM UTC |
Extract internal/binary for run and --vendor-fullsend-binary resolution, wire --fullsend-binary on install/setup, and use title+body commit messages for vendored binary upload and stale cleanup. Signed-off-by: Barak Korren <bkorren@redhat.com> Co-authored-by: Cursor <cursoragent@cursor.com> Signed-off-by: Barak Korren <bkorren@redhat.com> Signed-off-by: Barak Korren <bkorren@redhat.com>
Use a dedicated 30s client for refreshOIDCToken instead of http.DefaultClient, and restore TestDownloadChecksumForAsset_InvalidHex in internal/binary. Signed-off-by: Barak Korren <bkorren@redhat.com> Co-authored-by: Cursor <cursoragent@cursor.com>
Validate --fullsend-binary requires --vendor-fullsend-binary, update flag help text, improve download size-limit errors, restore run arch hint and 120s OIDC timeout, and add ResolveForRun fallback tests. Signed-off-by: Barak Korren <bkorren@redhat.com> Co-authored-by: Cursor <cursoragent@cursor.com>
ResolveForVendor already logs acquisition progress to stderr; remove redundant StepStart/StepDone pairs. Use binary.ValidArch in sandboxArch. Signed-off-by: Barak Korren <bkorren@redhat.com> Co-authored-by: Cursor <cursoragent@cursor.com>
69d5a34 to
db20367
Compare
|
🤖 Finished Review · ✅ Success · Started 6:17 AM UTC · Completed 6:30 AM UTC |
|
🤖 Finished Retro · ✅ Success · Started 6:39 AM UTC · Completed 6:47 AM UTC |
Retro: PR #2015 —
|
Summary
internal/binarysofullsend runand--vendor-fullsend-binaryshare release download, cross-compile, and ELF validation logic--fullsend-binary→ checkout cross-compile → matching release (released CLI only) → fail; no latest-release fallback--fullsend-binaryonadmin installandgithub setup, including per-repo setup vendoring and stale-binary cleanupTest plan
go test ./internal/binary/... ./internal/layers/... ./internal/cli/... -shortgo test -tags e2e -c ./e2e/admin/...(compile)go test -tags e2e ./e2e/admin/... -run TestVendorFromSubdirectory(requires E2E credentials)Made with Cursor