CNF-23812: Add OLM annotation lint workflow#760
Conversation
|
@sebrandon1: This pull request references CNF-23812 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: sebrandon1 The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Warning Review limit reached
More reviews will be available in 59 minutes and 51 seconds. Learn how PR review limits work. Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file). ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (2)
📝 WalkthroughWalkthroughAdds a pull-request GitHub Actions workflow and a Makefile target to run the OLM annotation linter against the repository root while excluding ChangesOLM Annotation Linting
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
sebrandon1
force-pushed
the
add-olm-annotation-lint-workflow
branch
from
01f77a4 to
93a6300
Compare
|
I really like the checking of annotations and deeper verification that this brings, but three questions:
|
|
Good questions! For:
I'll ping you when it's updated. |
|
@sebrandon1: This pull request references CNF-23812 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
sebrandon1
force-pushed
the
add-olm-annotation-lint-workflow
branch
from
e6ebea1 to
a8f5225
Compare
|
Okay I have created a |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
🧹 Nitpick comments (1)
.github/workflows/olm-annotation-lint.yml (1)
8-9: ⚡ Quick winConsider pinning actions to commit SHAs for supply chain security.
Using version tags like
@v6and@v1allows the underlying action code to change without notice if tags are moved. Pinning to immutable commit SHAs prevents unexpected changes and supply chain attacks.🔒 Example: pinning to commit SHA
- - uses: actions/checkout@v6 - - uses: openshift-kni/olm-annotation-lint@v1 + - uses: actions/checkout@ea960f4e5f8dc486d805e0d398e0b8d75443c3fc # v6 + - uses: openshift-kni/olm-annotation-lint@<commit-sha> # v1You can find the current commit SHA for each action version in their respective repositories.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/olm-annotation-lint.yml around lines 8 - 9, The workflow currently uses mutable tags for actions (uses: actions/checkout@v6 and uses: openshift-kni/olm-annotation-lint@v1); replace those tag references with the corresponding commit SHAs to pin each action to an immutable revision (e.g., uses: actions/checkout@<commit-sha> and uses: openshift-kni/olm-annotation-lint@<commit-sha>), locating the exact SHAs from each action's repository and updating the two uses lines in the workflow file.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In @.github/workflows/olm-annotation-lint.yml:
- Around line 8-9: The workflow currently uses mutable tags for actions (uses:
actions/checkout@v6 and uses: openshift-kni/olm-annotation-lint@v1); replace
those tag references with the corresponding commit SHAs to pin each action to an
immutable revision (e.g., uses: actions/checkout@<commit-sha> and uses:
openshift-kni/olm-annotation-lint@<commit-sha>), locating the exact SHAs from
each action's repository and updating the two uses lines in the workflow file.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Enterprise
Run ID: 9ec84720-b243-43a0-ba11-f2dfb45f41f6
📒 Files selected for processing (2)
.github/workflows/olm-annotation-lint.ymlMakefile
sebrandon1
force-pushed
the
add-olm-annotation-lint-workflow
branch
from
58fdabf to
ec12495
Compare
|
@sebrandon1: This pull request references CNF-23812 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Add a GitHub Actions workflow that runs olm-annotation-lint v1.0.2 on pull requests to validate OLM annotations on Kubernetes resources. Add a make olm-annotation-lint target for local linting that auto-detects OS/arch, downloads the latest release binary to a temp file, runs it, and cleans up automatically.
sebrandon1
force-pushed
the
add-olm-annotation-lint-workflow
branch
from
ec12495 to
806eb9e
Compare
4 participants
Summary
olm.*,operatorframework.io/*) on Kubernetes resources in the repomake olm-annotation-linttarget for running the linter locally — auto-detects OS/arch, downloads the latest release binary to a temp file, runs it, and cleans up automaticallyThis would have caught the invalid
olm.operatorframework.io/bundle-install-timeoutannotation that was removed in #759. Going forward, any PR introducing an unknown, mistyped, or misused OLM annotation will fail CI.Related to
What it checks
Local usage
No dependencies required — the binary is downloaded from the latest GitHub release and removed after execution.
Test plan
make olm-annotation-lintworks locally