Merge branch 'main' into python_version

Author: dbasunag

.coderabbit.yaml

@@ -1,111 +1,57 @@
-language: en-US
-tone_instructions: ''
-early_access: false
-enable_free_tier: true
+# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
+# Inherits from org-wide config: https://github.com/opendatahub-io/coderabbit
+# Only overrides listed below differ from the org baseline.
+
+inheritance: true
+
 reviews:
-  profile: chill
-  request_changes_workflow: false
-  high_level_summary: true
-  high_level_summary_placeholder: '@coderabbitai summary'
-  high_level_summary_in_walkthrough: false
-  auto_title_placeholder: '@coderabbitai'
-  auto_title_instructions: ''
   review_status: false
-  commit_status: true
-  fail_commit_status: false
-  collapse_walkthrough: true
   changed_files_summary: true
-  sequence_diagrams: false
-  assess_linked_issues: true
-  related_issues: true
-  related_prs: true
   suggested_labels: true
-  auto_apply_labels: false
   suggested_reviewers: true
-  auto_assign_reviewers: false
-  poem: false
-  labeling_instructions: []
-  path_filters: ["!.github/**"]
-  path_instructions: []
-  abort_on_close: true
-  disable_cache: false
-  auto_review:
-    enabled: true
-    auto_incremental_review: true
-    ignore_title_keywords: ['wip', 'do not merge', 'do not review',
-                            'lock file maintenance', 'pre-commit autoupdate']
-    labels: []
-    drafts: false
-    base_branches: []
+  related_issues: true
+  related_prs: true
+
+  path_filters:
+    - "!.github/**"
+
   finishing_touches:
     docstrings:
       enabled: true
     unit_tests:
       enabled: true
+
+  auto_review:
+    ignore_title_keywords:
+      - "wip"
+      - "do not merge"
+      - "do not review"
+      - "lock file maintenance"
+      - "pre-commit autoupdate"
+
   tools:
-    ast-grep:
-      rule_dirs: []
-      util_dirs: []
-      essential_rules: true
-      packages: []
-    shellcheck:
-      enabled: true
-    ruff:
-      enabled: true
-    markdownlint:
-      enabled: true
-    github-checks:
-      enabled: true
-      timeout_ms: 90000
     languagetool:
       enabled: true
-      enabled_rules: []
-      disabled_rules: []
-      enabled_categories: []
-      disabled_categories: []
-      enabled_only: false
-      level: default
     biome:
       enabled: true
-    hadolint:
-      enabled: true
     swiftlint:
       enabled: true
     phpstan:
       enabled: true
-      level: default
-    golangci-lint:
-      enabled: true
-    yamllint:
-      enabled: true
-    gitleaks:
-      enabled: true
-    checkov:
-      enabled: true
     detekt:
       enabled: true
-    eslint:
-      enabled: true
     rubocop:
       enabled: true
     buf:
       enabled: true
     regal:
       enabled: true
-    actionlint:
-      enabled: true
     pmd:
       enabled: true
-    cppcheck:
-      enabled: true
-    semgrep:
-      enabled: true
     circleci:
       enabled: true
     clippy:
       enabled: true
-    sqlfluff:
-      enabled: true
     prismaLint:
       enabled: true
     pylint:
@@ -120,32 +66,12 @@ reviews:
       enabled: true
     dotenvLint:
       enabled: true
+
 chat:
   auto_reply: true
-  integrations:
-    jira:
-      usage: auto
-    linear:
-      usage: auto
+
 knowledge_base:
-  opt_out: false
   web_search:
     enabled: true
-  learnings:
-    scope: auto
-  issues:
-    scope: auto
-  jira:
-    usage: auto
-    project_keys: []
-  linear:
-    usage: auto
-    team_keys: []
   pull_requests:
     scope: auto
-code_generation:
-  docstrings:
-    language: en-US
-    path_instructions: []
-  unit_tests:
-    path_instructions: []

.gitleaks.toml

@@ -0,0 +1,57 @@
+# Gitleaks configuration for opendatahub-io repos
+# Synced from security-config. Do not edit in target repos.
+#
+# Path allowlists use Go regex syntax.
+# Real credentials should NEVER be committed to any repository.
+
+[extend]
+  useDefault = true
+
+[allowlist]
+  description = "Exclude test fixtures, mock data, sample configs, and CI resources"
+  paths = [
+    # Go testdata directories
+    '''testdata/''',
+
+    # Python test data directories
+    '''test_data/''',
+
+    # Test fixtures
+    '''fixtures/''',
+
+    # JavaScript/TypeScript mocks
+    '''__mocks__/''',
+
+    # Go/Java/TS mock directories
+    '''mocks/''',
+    '''k8mocks/''',
+
+    # Sample and example configs with placeholder credentials
+    '''docs/samples/''',
+    '''config/samples/''',
+    '''config/overlays/test/''',
+
+    # CI/GitHub Actions test resources
+    '''\.github/resources/''',
+
+    # E2E test credentials
+    '''test/e2e/credentials/''',
+    '''tests/e2e/credentials/''',
+
+    # OpenShift CI sample resources
+    '''openshift-ci/resources/samples/''',
+
+    # Cypress test data
+    '''cypress/fixtures/''',
+    '''cypress/tests/mocked/''',
+
+    # Test certificate and key files
+    '''tests/data/.*\.(pem|crt|key)$''',
+  ]
+
+  # Known test/placeholder credentials used in documentation and tests
+  regexes = [
+    '''database-password\s*:\s*"?(The)?BlurstOfTimes"?''',
+    '''database-user\s*:\s*"?mlmduser"?''',
+    '''database-user\s*:\s*"?modelregistryuser"?''',
+  ]

.gitleaksignore

@@ -0,0 +1,5 @@
+# Gitleaks ignore file
+# Add false positive fingerprints below (one per line)
+# Format: commit:file:rule-id:line or file:rule-id:line
+#
+# For path-based exclusions, use .gitleaks.toml allowlist instead.

.pre-commit-config.yaml

@@ -33,10 +33,10 @@ repos:
     rev: v1.5.0
     hooks:
       - id: detect-secrets
-        exclude: .*/__snapshots__/.*|.*-input\.json$
+        exclude: .*/__snapshots__/.*|.*-input\.json$|^semgrep\.yaml$
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.15.2
+    rev: v0.15.5
     hooks:
       - id: ruff
       - id: ruff-format
@@ -81,7 +81,7 @@ repos:
           pass_filenames: false
 
   - repo: https://github.com/rhysd/actionlint
-    rev: v1.7.4
+    rev: v1.7.11
     hooks:
       - id: actionlint
 

pytest.ini

@@ -10,10 +10,11 @@ markers =
     parallel: marks tests that can run in parallel along with pytest-xdist
 
     # CI
-    smoke: Mark tests as smoke tests; covers core functionality of the product. Aims to ensure that the build is stable enough for further testing.
+    smoke: Mark tests as smoke tests; very high critical priority tests. Covers core functionality of the product. Aims to ensure that the build is stable enough for further testing.
     sanity: Mark tests as sanity tests. Aims to verify that specific functionality is working as expected.
-    tier1: Mark tests as tier1. Aims to cover frequently used functionality of the product and basic user flows.
-    tier2: Mark tests as tier2. Aims to cover more advanced functionality of the product.
+    tier1: Mark tests as tier1. High-priority tests.
+    tier2: Mark tests as tier2. Medium/low-priority positive tests.
+    tier3: Mark tests as tier3. Negative and destructive tests.
     slow: Mark tests which take more than 10 minutes as slow tests.
     pre_upgrade: Mark tests which should be run before upgrading the product.
     post_upgrade: Mark tests which should be run after upgrading the product.