-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy path.coderabbit.yaml
More file actions
276 lines (248 loc) · 11 KB
/
.coderabbit.yaml
File metadata and controls
276 lines (248 loc) · 11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
# CodeRabbit configuration for telco5g-konflux
# Telco5G/Konflux shared utility scripts and Makefiles repository
# Consumed as a git submodule by downstream operator repos
#
# IMPORTANT — What this configuration introduces:
# - Automated AI-powered code reviews on every PR to main (incremental, skips drafts)
# - Assertive review profile with domain-specific instructions for shell scripts,
# YAML, Makefiles, GitHub Actions workflows, and each scripts/ subdirectory
# - Static analysis via ShellCheck, yamllint, actionlint, checkmake, markdownlint,
# LanguageTool, Gitleaks, and TruffleHog (all other language tools disabled)
# - Auto-generated PR walkthrough with summary, sequence diagrams, effort estimate,
# related issues/PRs, and label suggestions
# - Pre-merge checks: PR title format validation and shell script safety verification
# - Custom "fix-failing-tests" finishing touch for CI failure diagnosis
# - Interactive chat via @coderabbitai mentions in PR comments
language: en-US
tone_instructions: >
Be direct and technical. This repo is maintained by infrastructure/platform
engineers working on Telco5G/OpenShift operators. Prioritize actionable
feedback over verbose explanations.
early_access: true
reviews:
profile: assertive
request_changes_workflow: false
collapse_walkthrough: true
high_level_summary: true
high_level_summary_placeholder: "@coderabbitai summary"
high_level_summary_in_walkthrough: true
high_level_summary_instructions: >
Summarize the changes as concise bullet points. For shell script changes,
note any behavioral impact. For YAML changes, note structural or
configuration impact.
changed_files_summary: true
assess_linked_issues: true
related_issues: true
related_prs: true
suggested_labels: true
poem: false
auto_review:
enabled: true
auto_incremental_review: true
drafts: false
base_branches:
- main
auto_pause_after_reviewed_commits: 5
path_filters:
- "!venv/**"
- "!**/__pycache__/**"
- "!**/*.pyc"
- "!test.json"
- "!**/expected/**"
path_instructions:
- path: "**"
instructions: >
This repository contains shared Telco5G/Konflux utility scripts and
Makefiles consumed as a git submodule by downstream operator repos. Changes
here can have wide blast radius. Pay special attention to: backward
compatibility of script interfaces (arguments, environment variables, exit
codes), idempotency of operations, and consistency with existing patterns in
the codebase. When reviewing shell scripts, be thorough about error
handling, variable quoting, and POSIX compatibility. For test changes,
verify that expected output fixtures are kept in sync with script behavior
changes.
- path: "**/*.sh"
instructions: >
This is a Bash shell script in a Telco/Konflux utilities repo. Review
for: (1) POSIX compliance and portability across bash 4.x+; (2) proper
error handling with set -euo pipefail or equivalent; (3) correct quoting
of variables to prevent word splitting and globbing; (4) avoidance of
common shellcheck pitfalls (SC2086, SC2046, SC2155, etc.); (5) proper
use of local for function variables; (6) secure handling of paths, URLs,
and external input — no eval on untrusted data; (7) idempotency where
appropriate; (8) clarity of exit codes and error messages. If a test is
failing, suggest concrete fixes with corrected shell code.
- path: "**/*.yaml"
instructions: >
This is a YAML configuration file in a Kubernetes/OpenShift/Konflux
ecosystem repo. Review for: (1) valid YAML syntax; (2) correct
indentation (2 spaces); (3) no trailing whitespace; (4) proper use of
anchors/aliases if present; (5) for GitHub Actions workflow files,
validate action version pinning, correct on trigger syntax, and
job/step structure; (6) for operator-related YAML (CSVs, catalogs),
check structural correctness.
- path: "**/*.yml"
instructions: >
This is a YAML configuration file in a Kubernetes/OpenShift/Konflux
ecosystem repo. Review for: (1) valid YAML syntax; (2) correct
indentation (2 spaces); (3) no trailing whitespace; (4) proper use of
anchors/aliases if present; (5) for GitHub Actions workflow files,
validate action version pinning, correct on trigger syntax, and
job/step structure; (6) for operator-related YAML (CSVs, catalogs),
check structural correctness.
- path: "**/Makefile"
instructions: >
This is a GNU Makefile. Review for: (1) correct use of .PHONY
declarations; (2) proper variable quoting and escaping; (3) correct
dependency chains; (4) recipe indentation with tabs not spaces;
(5) avoidance of shell injection via unquoted variables; (6) consistent
use of $(VARIABLE) syntax; (7) clear help/documentation targets.
- path: "**/*.mk"
instructions: >
This is a GNU Makefile. Review for: (1) correct use of .PHONY
declarations; (2) proper variable quoting and escaping; (3) correct
dependency chains; (4) recipe indentation with tabs not spaces;
(5) avoidance of shell injection via unquoted variables; (6) consistent
use of $(VARIABLE) syntax; (7) clear help/documentation targets.
- path: "test/overlay/**/*.sh"
instructions: >
This is a shell-based integration test for the Konflux bundle overlay
system. Review for: (1) proper sourcing of common-test-lib.sh;
(2) correct use of the run_csv_overlay_test function from the shared
framework; (3) accurate expected output in expected/ directories;
(4) adequate edge case coverage; (5) clear test names and failure
messages. If a test failure is detected (e.g., from CI logs or diffs),
suggest exact fixes to the test script or expected data.
- path: "scripts/download/**"
instructions: >
These scripts download CLI tools (yq, opm, jq, operator-sdk, yamllint,
shellcheck, bashate, go tools). Review for: (1) checksum/integrity
verification of downloaded binaries; (2) correct URL construction and
version pinning; (3) fallback behavior on download failure; (4) proper
cleanup of temp files; (5) cross-platform path handling.
- path: "scripts/rpm-lock/**"
instructions: >
These scripts generate RPM lock files for RHEL8/RHEL9 using
podman/UBI images. Review for: (1) correct podman invocations and
volume mounts; (2) proper RHEL version detection; (3) RHSM
subscription handling; (4) lock file format correctness;
(5) idempotent behavior.
- path: "scripts/catalog/**"
instructions: >
These scripts handle FBC (File-Based Catalog) operations for operator
catalogs. Review for: (1) correct use of opm and operator-sdk
commands; (2) proper catalog template structure; (3) diff/compare
logic correctness; (4) validation completeness.
- path: ".github/workflows/**"
instructions: >
These are GitHub Actions CI workflow files. Review for: (1) action
version pinning (prefer SHA pinning); (2) correct trigger
configuration; (3) proper error handling and artifact upload on
failure; (4) runner security (avoid running untrusted code with
elevated permissions); (5) step dependency correctness.
# NOTE: The labels below must be created in the GitHub repository settings
# (Settings > Labels) before CodeRabbit can apply them to PRs. If they don't
# exist, CodeRabbit will suggest them in the walkthrough comment but won't be
# able to assign them automatically.
labeling_instructions:
- label: scripts
instructions: "Apply when the PR modifies files under scripts/"
- label: tests
instructions: "Apply when the PR modifies files under test/"
- label: ci
instructions: "Apply when the PR modifies GitHub Actions workflows under .github/workflows/"
- label: lint
instructions: "Apply when the PR modifies linting configuration (Makefile lint targets, .yamllint.yaml, requirements.txt)"
- label: docs
instructions: "Apply when the PR modifies documentation files (*.md, README, SUBMODULE_USAGE.md)"
- label: overlay
instructions: "Apply when the PR modifies bundle overlay scripts or tests (scripts/bundle/, test/overlay/)"
- label: breaking-change
instructions: "Apply when the PR changes script interfaces, arguments, environment variables, or exit codes in a backward-incompatible way"
tools:
# Disabled — already run in-repo via make lint and the make-all.yaml workflow
shellcheck:
enabled: false
yamllint:
enabled: false
actionlint:
enabled: true
checkmake:
enabled: true
markdownlint:
enabled: true
languagetool:
enabled: true
gitleaks:
enabled: true
trufflehog:
enabled: true
# Disabled — no relevant source code in this repo
eslint:
enabled: false
biome:
enabled: false
ruff:
enabled: false
pylint:
enabled: false
flake8:
enabled: false
golangci-lint:
enabled: false
hadolint:
enabled: false
swiftlint:
enabled: false
phpstan:
enabled: false
detekt:
enabled: false
clippy:
enabled: false
finishing_touches:
unit_tests:
enabled: false
docstrings:
enabled: false
simplify:
enabled: true
custom:
- name: "fix-failing-tests"
instructions: >
Analyze the failing CI checks (overlay tests, download script tests,
RPM lock tests). For each failure: (1) identify the root cause from
the CI log output; (2) determine if the failure is in the test script,
the tested script, or the expected output fixture; (3) provide an
exact code fix. For overlay test failures, check if the expected/
directory output matches the actual overlay script output and fix the
diff. For shellcheck/bashate lint failures, provide the corrected
shell code.
pre_merge_checks:
title:
mode: warning
requirements: >
PR title must be concise, descriptive, and follow the pattern:
<area>: <description> (e.g., overlay: fix CSV merge for 4.20,
download: add checksum verification for yq)
description:
mode: warning
custom_checks:
- name: "shell-script-safety"
mode: warning
instructions: >
Verify that all new or modified shell scripts: (1) include
set -euo pipefail or equivalent safety flags; (2) do not use eval on
external input; (3) properly quote all variable expansions; (4) use
local for function-scoped variables; (5) have meaningful exit codes
for error conditions.
chat:
auto_reply: true
knowledge_base:
learnings:
scope: auto
web_search:
enabled: true
code_guidelines:
enabled: true