You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
How to test changes / Special notes to the reviewer
Checklist
For each Chart updated, version bumped in the corresponding Chart.yaml according to Semantic Versioning.
For each Chart updated, variables are documented in the values.yaml and added to the corresponding README.md. The pre-commit utility can be used to generate the necessary content. Use pre-commit run -a to apply changes. The pre-commit Workflow will do this automatically for you if needed.
JSON Schema template updated and re-generated the raw schema via the pre-commit hook.
Tests pass using the Chart Testing tool and the ct lint command.
Here are some key observations to aid the review process:
⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪
🔒 Security concerns
Supply chain risk: The workflow applies a remote Kubernetes manifest directly from a GitHub URL (kubectl create -f https://...sonataflow-operator.yaml) without integrity verification (checksum/signature) or vendoring. If the upstream asset is compromised or the download is intercepted, CI could apply malicious cluster-admin resources. Consider pinning by digest where possible, verifying signatures/checksums, or storing the manifest in-repo.
Replace kubectl create with the idempotent kubectl apply command. This will prevent potential CI failures on reruns if the resources already exist, making the script more robust.
run: |
for crdDir in charts/orchestrator-infra/crds/*; do
- kubectl create -f "${crdDir}"+ kubectl apply -f "${crdDir}"
done
- kubectl create -f https://github.com/apache/incubator-kie-tools/releases/download/10.1.0/apache-kie-10.1.0-incubating-sonataflow-operator.yaml+ kubectl apply -f https://github.com/apache/incubator-kie-tools/releases/download/10.1.0/apache-kie-10.1.0-incubating-sonataflow-operator.yaml
Apply / Chat
Suggestion importance[1-10]: 7
__
Why: The suggestion correctly points out that using kubectl create is not idempotent and could cause CI failures on reruns, proposing to revert to kubectl apply which improves the robustness of the workflow.
Medium
General
Wait for CRDs readiness
Add a kubectl wait command after creating CRDs. This ensures the CRDs are fully established before the operator installation begins, preventing potential race conditions.
for crdDir in charts/orchestrator-infra/crds/*; do
kubectl create -f "${crdDir}"
done
+kubectl wait --for=condition=established --all crd --timeout=60s
Apply / Chat
Suggestion importance[1-10]: 6
__
Why: The suggestion correctly identifies a potential race condition and proposes adding a kubectl wait command to ensure CRDs are established before installing the operator, which improves the reliability of the CI workflow.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of the change
This is to check if this fixes the failures we've been seeing.
Which issue(s) does this PR fix or relate to
https://github.com/redhat-developer/rhdh-chart/actions/runs/20803020591/job/60086142931?pr=291#step:15:5693
How to test changes / Special notes to the reviewer
Checklist
Chart.yamlaccording to Semantic Versioning.values.yamland added to the corresponding README.md. The pre-commit utility can be used to generate the necessary content. Usepre-commit run -ato apply changes. The pre-commit Workflow will do this automatically for you if needed.pre-commithook.ct lintcommand.