Skip to content

Rename konflux dockerfiles#256

Merged
kylape merged 1 commit into
opendatahub-io:mainfrom
kylape:change-dockerfile-names
Jun 15, 2026
Merged

Rename konflux dockerfiles#256
kylape merged 1 commit into
opendatahub-io:mainfrom
kylape:change-dockerfile-names

Conversation

@kylape

@kylape kylape commented Jun 15, 2026

Copy link
Copy Markdown

This is required to pass downstream validation gates.

Summary by CodeRabbit

  • Chores
    • Updated build pipeline configurations to standardize Dockerfile naming conventions across pipeline definitions.

This is required to pass downstream validation gates.

Signed-off-by: Kyle Lape <klape@redhat.com>
@kylape kylape requested a review from zdtsw June 15, 2026 18:45
@coderabbitai

coderabbitai Bot commented Jun 15, 2026

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 4ed9130d-1f26-4cb9-9009-61d5c6d4f93c

📥 Commits

Reviewing files that changed from the base of the PR and between 6831d5f and a02cbd8.

📒 Files selected for processing (6)
  • .tekton/odh-llm-d-router-disagg-sidecar-pull-request.yaml
  • .tekton/odh-llm-d-router-disagg-sidecar-push.yaml
  • .tekton/odh-llm-d-router-endpoint-picker-pull-request.yaml
  • .tekton/odh-llm-d-router-endpoint-picker-push.yaml
  • Dockerfile.konflux.epp
  • Dockerfile.konflux.sidecar

📝 Walkthrough

Walkthrough

Four Tekton PipelineRun manifests in .tekton/ are updated with a single-line change each: the dockerfile parameter is renamed from the Dockerfile.<component>.konflux pattern to Dockerfile.konflux.<component>. This affects both the pull-request and push pipeline variants for the disagg-sidecar and endpoint-picker components. No other pipeline parameters, refs, service accounts, workspaces, or annotations are modified.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes


CWE-912 / Supply Chain (CI/CD config): These files directly control which Dockerfile is consumed during image build in the Konflux pipeline. A wrong or attacker-controlled filename here maps to an arbitrary build context (CWE-912: Hidden Functionality via supply chain substitution). Verify the renamed Dockerfiles (Dockerfile.konflux.sidecar, Dockerfile.konflux.epp) actually exist at the repository root or the expected path — a missing file that silently falls back to a default or is later injected is a concrete supply chain risk. Confirm no wildcard or fallback resolution exists in the referenced pipeline task that could pick up an unintended file.

🚥 Pre-merge checks | ✅ 10
✅ Passed checks (10 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title directly describes the main change: renaming Konflux dockerfiles across four Tekton configuration files.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Contribution Quality And Spam Detection ✅ Passed This PR updates Tekton pipeline configs to reference correctly-named Dockerfile files (Dockerfile.konflux.sidecar, Dockerfile.konflux.epp). Not a security fix, no validation logic added. Legitimate...
No Hardcoded Secrets ✅ Passed PR contains only Dockerfile name changes in Tekton config files. No hardcoded secrets, API keys, tokens, passwords, long base64 strings, or embedded credentials detected.
No Weak Cryptography ✅ Passed PR only renames Tekton dockerfile parameters; introduces no cryptographic code or weak primitives. Existing codebase uses strong crypto (RSA-4096, X509, Go stdlib crypto).
No Injection Vectors ✅ Passed PR contains only hardcoded YAML configuration changes to Tekton dockerfile parameters with no injection vectors (CWE-89, CWE-78, CWE-94, CWE-502, CWE-79).
No Privileged Containers ✅ Passed No privileged container configurations detected. Tekton PipelineRun files contain no securityContext, hostNetwork, hostPID, hostIPC, or privilege escalation settings. Referenced Dockerfiles run as...
No Sensitive Data In Logs ✅ Passed PR only changes Tekton YAML dockerfile parameter names. No logging statements introduced; Dockerfiles and YAML files contain no sensitive data exposure.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@kylape kylape merged commit 503f46c into opendatahub-io:main Jun 15, 2026
43 of 44 checks passed
@kylape kylape deleted the change-dockerfile-names branch June 15, 2026 20:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants