Hotfix/go #3022
Hotfix/go #3022
Conversation
📝 WalkthroughWalkthroughThis change set primarily restructures and updates CI/CD infrastructure files, focusing on GitHub Actions workflows for Docker image builds, test orchestration, and configuration management. It replaces legacy workflow files with new, auto-generated YAML workflows, refines triggers and path filters, updates template files, and introduces new E2E test configurations and Helm values files, without altering any core application code or exported entities. Changes
Sequence Diagram(s)sequenceDiagram
participant Dev as Developer
participant GitHub as GitHub Actions
participant Workflow as Reusable Workflow (_docker-image.yaml)
participant Registry as Docker Registry
Dev->>GitHub: Push code / open PR
GitHub->>GitHub: Trigger new workflow (e.g., dockers-agent-image.yaml)
GitHub->>Workflow: Call reusable workflow with target (e.g., agent)
Workflow->>Registry: Build and push Docker image
Workflow-->>GitHub: Report build status
GitHub-->>Dev: Update PR/build status
sequenceDiagram
participant PR as Pull Request
participant GitHub as GitHub Actions
participant ConflictChecker as check-conflict.yaml
PR->>GitHub: Open/update PR
GitHub->>ConflictChecker: Run conflict check job
ConflictChecker->>ConflictChecker: Scan for conflict markers
alt Conflict found
ConflictChecker->>GitHub: Post warning comment on PR
ConflictChecker-->>GitHub: Fail job
else No conflict
ConflictChecker-->>GitHub: Succeed job
end
Possibly related PRs
Suggested labels
Suggested reviewers
✨ Finishing Touches
🧪 Generate Unit Tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 5
🔭 Outside diff range comments (3)
.gitfiles (1)
1-2390: Avoid committing massive static manifests
This auto-generated file lists thousands of entries, which will bloat the repo and hamper Git performance. Recommend removing it or generating it dynamically via a script outside version control..github/helm/values/values-correction.yaml (1)
68-73: Validate Cron expression for the corrector
The schedule"1 2 3 4 5"may not represent the intended timing. Please confirm or replace with a valid cron (e.g.,"0 2 * * *")..github/e2e/stream_crud.yaml (1)
438-451: Fix expect block for IndexInfo
The finalIndexInfoexpectonly specifiesvalue: {}and omits astatus_codeand JSONpath. This config is invalid and will not be evaluated. Definestatus_code: okand a validpath(e.g.,$.sum()) with an expected value.
♻️ Duplicate comments (3)
.github/ISSUE_TEMPLATE/security_issue_report.md (1)
19-26: Ensure environment versions are accurate and consistent across templates.
This is the same feedback as provided for the bug report template: verify that the version numbers reflect the actual supported versions..github/e2e/unary_crud.yaml (2)
16-33: Duplicate comment: global config matchesmulti_crud.yaml.
121-160: Duplicate comment: repeated strategy block is already flagged inmulti_crud.yaml.
🧹 Nitpick comments (50)
.github/PULL_REQUEST_TEMPLATE.md (1)
37-37: Consider shortening the special notes prompt.
The reworded prompt is more inviting and clear but could be more concise to avoid verbosity..cspell.json (1)
1-2746: Approve cspell configuration
The JSON is well-formed and the ignorePaths, patterns, and ignoreWords entries align with the project’s needs.Consider modularizing the large ignoreWords/ignoreWordsMap lists into separate JSON imports for improved maintainability as the list grows.
.github/actions/dump-context/action.yaml (1)
51-62: Enhance environment diagnostics
Added steps to log CPU, core count, and memory information. Consider appending|| trueto each command to prevent failures on runners where these utilities might be unavailable..github/actions/setup-go/action.yaml (1)
34-43: Add conditional Go installation
Introduced a check for existing Go installation—good optimization.Consider normalizing version strings by stripping the
goprefix from the installed version before comparison to avoid mismatch (e.g.,${installed_version#go})..github/actions/e2e-deploy-vald-readreplica/action.yaml (1)
88-88: Normalize variable naming and quoting
The local deploy step exportsVALUESbut the Make target expectsHELM_VALUES. To avoid confusion and word-splitting, consider renaming the input tohelm_valuesand quoting it:- run: | - make k8s/vald-readreplica/deploy HELM_VALUES=${VALUES} HELM_EXTRA_OPTIONS="${HELM_EXTRA_OPTIONS}" - env: - VALUES: ${{ inputs.values }} + run: | + make k8s/vald-readreplica/deploy HELM_VALUES="${{ inputs.helm_values }}" HELM_EXTRA_OPTIONS="${{ inputs.helm_extra_options }}" + env: + helm_values: ${{ inputs.values }}.github/helm/values/values-readreplica.yaml (2)
50-50: Document newenable_export_index_info_to_k8sflag
Please add a note in the chart README or values reference to explain how this flag interacts with NGT and downstream consumers.
83-85: Clarify placement ofoperatorsettings
Theoperatorblock is added undermanager.indexalongsidereadreplica. For clarity, consider nesting it underreadreplica(e.g.,readreplica.operator) or renaming toreadreplicaOperatorto make the relationship explicit..github/actions/setup-helm/action.yaml (1)
45-49: Pin the setup-helm action version
Usingazure/setup-helm@v4floating tag may pull a breaking change in the future. Pin to a specific minor or patch release (e.g.,@v4.10.0) for stability..github/workflows/dockers-buildbase-image.yaml (1)
33-46: Consolidate path filters
Thepull_requestandpull_request_targetpath lists are identical. Consider extracting common filters into a namedpaths:anchor or reusing a reusable workflow to reduce duplication..github/workflows/dockers-binfmt-image.yaml (1)
21-70: Consider matrix or generation script for similar workflows
There are dozens of near-identical workflows for each Docker target. Consolidating via a matrix or generating with a script (as hinted bygen/main.go) would reduce maintenance overhead..github/workflows/dockers-gateway-lb-image.yaml (1)
31-141: Consolidate repeated path filters
Thepathsfilters under bothpull_requestandpull_request_targetare largely duplicated across workflows. To DRY up these YAML files, consider using YAML anchors or a shared include for path definitions. This will improve maintainability as you add or remove paths.Also applies to: 142-156
.github/workflows/dockers-index-correction-image.yaml (1)
31-49: Consider centralizing path filter lists
Duplicating extensivepathsentries acrosspull_requestandpull_request_targetincreases maintenance burden. Use YAML anchors or a shared include to keep these definitions DRY.Also applies to: 138-147
.github/workflows/dockers-agent-faiss-image.yaml (1)
31-49: DRY up repetitivepathsdefinitions
This workflow and others share almost identicalpathsfilters. Consider extracting these into YAML anchors or a reusable snippet to simplify updates.Also applies to: 147-156
.github/workflows/dockers-benchmark-job-image.yaml (1)
31-49: Consolidatepathsfilters across workflows
Thepathslists underpull_requestandpull_request_targetare almost identical in multiple workflows. Consider using YAML anchors or a shared include to reduce duplication.Also applies to: 144-152
.github/workflows/dockers-manager-index-image.yaml (1)
31-49: DRY repeatpathsentries
Identicalpathsfilters are defined across several workflows. Extracting these via YAML anchors or includes will simplify future maintenance.Also applies to: 145-153
.github/actions/docker-build/action.yaml (4)
59-60: Quote$GITHUB_OUTPUTin redirection.The unquoted redirection
>> $GITHUB_OUTPUTcan break if the path contains spaces—prefer>> "$GITHUB_OUTPUT".
71-79: Use native$GITHUB_EVENT_NAMEinstead of inlining expressions.Referencing
${{ github.event_name }}inside the script generates a hardcoded string—switch to the built-in$GITHUB_EVENT_NAMEenv var for consistency and easier maintenance.
97-100: Initializeextra_tagsbefore use.
extra_tagsis referenced without an explicit initialization. Prependextra_tags=""before the loop to avoid unexpected behavior in strict shells.
116-120: Simplify label quoting.Escaping quotes inside a multi-line string is hard to read. Consider:
--label org.opencontainers.image.created="$(date --rfc-3339=ns)"instead of
--label org.opencontainers.image.created=\"$(date --rfc-3339=ns)\"..github/workflows/_detect-ci-container.yaml (2)
60-63: Quote$GITHUB_OUTPUTwhen setting outputs.The redirection
>> $GITHUB_OUTPUTshould be>> "$GITHUB_OUTPUT"to prevent word splitting if the variable contains spaces.
59-61: Combine the twoawkinvocations.You can collapse:
TAG=$(echo "$TAGS" | awk '{print $1}' | awk -F '=' '{print $2}')into:
TAG=$(echo "$TAGS" | awk -F '[ =]+' '{print $2; exit}')for clarity and performance.
.github/workflows/backport.yaml (3)
51-57: Quote file path in redirection.Using
> ${FETCHED_GITHUB_INFO_PATH}without quotes risks word splitting. Prefer:> "$FETCHED_GITHUB_INFO_PATH"
60-62: Replace legacy backticks and improve quoting.The backtick usage in:
LABEL_NAMES=`cat ${FETCHED_GITHUB_INFO_PATH} | jq …`should be:
LABEL_NAMES=$(jq -r --arg PREFIX "$TARGET_LABEL_NAME_PREFIX" '[…]')and quote
"$FETCHED_GITHUB_INFO_PATH"for robustness.
75-83: Quote variable expansions in shell commands.Unquoted expansions like
for LABEL_NAME in ${LABEL_NAMES}andgit checkout ${BRANCH_NAME}may break on spaces—wrap them in double quotes ("${LABEL_NAMES}","${BRANCH_NAME}", etc.)..github/workflows/dockers-index-creation-image.yaml (1)
21-31: Considerpaths-ignorefor mocks/tests to simplify filters.You’ve listed negative patterns under
paths:—switching topaths-ignorefor_mock.goand_test.gowould clean up the trigger section and reduce repetition..github/workflows/_docker-image.yaml (2)
62-66: Quote SHA variables and simplify condition
Wrap the SHA expansions in quotes and use-nto check non-emptiness:-run: | - if [ "${{ github.event.pull_request.head.sha }}" != "" ]; then +run: | + if [ -n "${{ github.event.pull_request.head.sha }}" ]; then
72-73: Quote$GITHUB_WORKSPACEin git config
Quoting the path avoids edge-case failures if the workspace contains spaces:-run: git config --global --add safe.directory ${GITHUB_WORKSPACE} +run: git config --global --add safe.directory "${GITHUB_WORKSPACE}".github/workflows/check-conflict.yaml (4)
35-36: Quote$GITHUB_WORKSPACEin git config
Wrap the workspace path to prevent potential issues with spaces:-run: git config --global --add safe.directory ${GITHUB_WORKSPACE} +run: git config --global --add safe.directory "${GITHUB_WORKSPACE}"
38-39: Optimize grep to skip binaries
Add-Ito ignore binary files and prevent false positives:-if grep -r "<<<< HEAD" . --exclude-dir=.git --exclude=check-conflict.yaml; then +if grep -RI "<<<< HEAD" . --exclude-dir=.git --exclude=check-conflict.yaml; then
39-43: Use$(…)instead of backticks
Modernize command substitution and improve nesting:-PR_COMMENTS=`curl ${API_URL}?per_page=10000` +PR_COMMENTS=$(curl "${API_URL}?per_page=10000")
46-49: Limit fetched comments pagination
Retrieving 10k comments may be excessive; consider fetching the last 100 or using GraphQL to filter by author..github/helm/values/values-correction.yaml (2)
17-19: Consider production logging level
debugcan be very verbose in CI; ensure this is intentional or override in higher environments.
27-30: Add resourcelimitsalongsiderequests
Defining both requests and limits helps prevent resource overconsumption:resources: requests: cpu: 100m memory: 50Mi limits: cpu: 200m memory: 100Mi.github/workflows/dockers-agent-ngt-image.yaml (2)
21-30: Quote wildcard patterns for clarity.
Unquoted patterns likerelease/v*.*and tag globs (*.*.*) may be misinterpreted by YAML.
31-49: Consider DRY for path filters.
The extensivepathslist is duplicated across multiple workflows. Extract common filters with YAML anchors or include rules to reduce maintenance overhead..github/workflows/dockers-gateway-mirror-image.yaml (2)
23-30: Wrap branch and tag patterns in quotes.
Patterns likerelease/v*.*andv*.*.*-*can benefit from quoting to avoid YAML alias/tag parsing.
31-49: Consolidate path filters across workflows.
This list is largely identical to other mirror and filter gateway workflows. Consider using a shared anchor..github/e2e/multi_crud.yaml (1)
121-160: Extract repeated strategy templates.
The commented circuit breaker and schema templates are duplicated in other E2E configs. Refactor with YAML anchors or shared includes to improve maintainability..github/actions/detect-docker-image-tags/action.yaml (2)
19-22: Update input description to plural.
Thetagsinput now accepts multiple values; adjust the description to "Tag names to check".
59-68: Add fallback when no tag is found.
Currently, missing tags silently produce empty outputs. Consider emitting an error or warning to catch misnamed tags..github/workflows/dockers-benchmark-operator-image.yaml (2)
33-140: Suggest DRYing up the pull_request path filters
The expanded list correctly captures all relevant Go, Dockerfile, Makefile, and proto changes, but maintaining such a long, repetitive filter is error-prone. Consider:
- Using YAML anchors and aliases for common globs.
- Grouping internal paths under a single pattern (
internal/**/*.go) with indexed excludes for mocks/tests.
148-254: Suggest unifying path filters across PR events
Thepull_request_targetblock duplicates the same path filters aspull_request. To reduce maintenance overhead and risk of divergence, extract the filter list into an anchor or external YAML reference..github/e2e/index_correction.yaml (5)
21-30: Replace placeholder values
Thedataset.nameandkubernetes.port_forwardfields still reference_E2E_DATASET_PATH_,_E2E_TARGET_NAMESPACE_, and_E2E_TARGET_NAME_. Please substitute these with actual test harness variables or valid values to avoid runtime failures.
48-53: Remove or justify commentedcircuit_breakerblock
The commented-outcircuit_breakerconfiguration adds noise and may mislead readers. Either remove it or document why it’s intentionally disabled and when it should be enabled.
117-120: Update sample metadata values
Themetadataentries (key1,key2,key3andmetadata_string) use placeholder/sample values. Replace these with realistic metadata or make them configurable to reflect actual test scenarios.
222-230: Add explicit wait durations for Kubernetes wait steps
TheWaitstep that blocks on pod completion has nowaittimeout, which may hang the workflow indefinitely if something fails. Specify a reasonable timeout (e.g.,5m) to ensure the job fails fast on errors.
178-188: Standardize strategy name capitalization
Some strategy names begin with a lowercase letter (e.g.,check Index Property) while others start uppercase (Initial Insert and Wait). Normalize naming (e.g., Title Case) for consistency across scenarios.Also applies to: 191-199, 210-218, 239-247
.github/e2e/stream_crud.yaml (3)
121-176: Remove unused commented templates
The large commented-out block at the top clutters the file. Prune or move it to a template reference so the active test configuration remains focused and maintainable.
211-211: Fix typo in scenario name
Parallel Search Opeation→ should readParallel Search Operation.
378-388: Add wait for IndexDetail step
TheIndexDetailexecution immediately follows a streamingUpdatewithout its ownwait. Insert await: <duration>(e.g.,30s) to ensure the index has updated before validation.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (69)
apis/grpc/v1/agent/core/agent.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/agent/core/agent_vtproto.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/agent/sidecar/sidecar.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/agent/sidecar/sidecar_vtproto.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/discoverer/discoverer.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/discoverer/discoverer_vtproto.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/filter/egress/egress_filter.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/filter/egress/egress_filter_vtproto.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/filter/ingress/ingress_filter.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/filter/ingress/ingress_filter_vtproto.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/manager/index/index_manager.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/manager/index/index_manager_vtproto.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/meta/meta.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/meta/meta_vtproto.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/mirror/mirror.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/mirror/mirror_vtproto.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/payload/payload.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/payload/payload.pb.json.gois excluded by!**/*.pb.json.goapis/grpc/v1/payload/payload_vtproto.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/rpc/errdetails/error_details.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/rpc/errdetails/error_details.pb.json.gois excluded by!**/*.pb.json.goapis/grpc/v1/rpc/errdetails/error_details_vtproto.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/vald/filter.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/vald/filter_vtproto.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/vald/flush.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/vald/flush_vtproto.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/vald/index.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/vald/index_vtproto.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/vald/insert.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/vald/insert_vtproto.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/vald/object.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/vald/object_vtproto.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/vald/remove.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/vald/remove_vtproto.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/vald/search.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/vald/search_vtproto.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/vald/update.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/vald/update_vtproto.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/vald/upsert.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/grpc/v1/vald/upsert_vtproto.pb.gois excluded by!**/*.pb.go,!**/*.pb.goapis/proto/buf.lockis excluded by!**/*.lockassets/docs/guides/observability-configuration/architecture.pngis excluded by!**/*.pngassets/docs/guides/operations/grafana-example.pngis excluded by!**/*.pngassets/docs/guides/read-replica-and-rotator/architecture.pngis excluded by!**/*.pngassets/docs/overview/component/agent/ngt.pngis excluded by!**/*.pngassets/docs/overview/component/agent/sidecar_backup.pngis excluded by!**/*.pngassets/docs/overview/component/agent/sidecar_restore.pngis excluded by!**/*.pngassets/docs/overview/component/mirror-gateway/full-mesh-connection.pngis excluded by!**/*.pngassets/docs/overview/component/mirror-gateway/mirror-gateway.pngis excluded by!**/*.pngassets/docs/overview/component/mirror-gateway/request-forwarding.pngis excluded by!**/*.pngassets/docs/performance/benchmark-grafana.pngis excluded by!**/*.pngassets/docs/tutorial/vald-multicluster-on-k8s.pngis excluded by!**/*.pngassets/docs/usecase/usecase_audio.pngis excluded by!**/*.pngassets/docs/usecase/usecase_data.pngis excluded by!**/*.pngassets/docs/usecase/usecase_image.pngis excluded by!**/*.pngassets/docs/usecase/usecase_text.pngis excluded by!**/*.pngassets/image/png/graphic.pngis excluded by!**/*.pngassets/image/png/logo.pngis excluded by!**/*.pngassets/image/png/logo_darkgray.pngis excluded by!**/*.pngassets/image/png/logo_white.pngis excluded by!**/*.pngassets/image/png/symbol.pngis excluded by!**/*.pngassets/image/png/symbol_darkgray.pngis excluded by!**/*.pngassets/image/png/symbol_white.pngis excluded by!**/*.pngassets/image/vald-users/japansearch_color.pngis excluded by!**/*.pngassets/image/vald-users/lycorp.pngis excluded by!**/*.pngassets/image/vald-users/lycorp_black.pngis excluded by!**/*.pngassets/image/vald-users/lycorp_white.pngis excluded by!**/*.pngassets/image/vald-users/yahoojapan.svgis excluded by!**/*.svgbuf.lockis excluded by!**/*.lock
📒 Files selected for processing (107)
.all-contributorsrc(2 hunks).commit_template(1 hunks).cspell.json(1 hunks).deepsource.toml(2 hunks).devcontainer/postAttachCommand.sh(1 hunks).fossa.yml(1 hunks).gitattributes(2 hunks).gitfiles(1 hunks).gitguardian.yaml(2 hunks).github/ISSUE_TEMPLATE/bug_report.md(1 hunks).github/ISSUE_TEMPLATE/security_issue_report.md(1 hunks).github/PULL_REQUEST_TEMPLATE.md(3 hunks).github/actions/deploy-chaos-mesh/action.yaml(2 hunks).github/actions/detect-docker-image-tags/action.yaml(4 hunks).github/actions/determine-docker-image-tag/action.yaml(3 hunks).github/actions/docker-build/action.yaml(6 hunks).github/actions/dump-context/action.yaml(3 hunks).github/actions/e2e-deploy-vald-helm-operator/action.yaml(4 hunks).github/actions/e2e-deploy-vald-readreplica/action.yaml(3 hunks).github/actions/e2e-deploy-vald/action.yaml(3 hunks).github/actions/e2e-profile/action.yaml(1 hunks).github/actions/notify-slack/action.yaml(2 hunks).github/actions/scan-docker-image/action.yaml(3 hunks).github/actions/setup-e2e/action.yaml(4 hunks).github/actions/setup-go/action.yaml(3 hunks).github/actions/setup-helm/action.yaml(3 hunks).github/actions/setup-k3d/action.yaml(3 hunks).github/actions/setup-yq/action.yaml(2 hunks).github/actions/wait-for-docker-image/action.yaml(2 hunks).github/chatops_permissions.yaml(2 hunks).github/codeql/codeql-config.yaml(1 hunks).github/conflint.yaml(1 hunks).github/dependabot.yml(0 hunks).github/e2e/index_correction.yaml(1 hunks).github/e2e/multi_crud.yaml(1 hunks).github/e2e/stream_crud.yaml(1 hunks).github/e2e/unary_crud.yaml(1 hunks).github/helm/values/vald-mirror-target.yaml(1 hunks).github/helm/values/values-agent-sidecar.yaml(1 hunks).github/helm/values/values-chaos.yaml(2 hunks).github/helm/values/values-correction.yaml(1 hunks).github/helm/values/values-index-management-jobs.yaml(1 hunks).github/helm/values/values-lb.yaml(1 hunks).github/helm/values/values-max-dim.yaml(1 hunks).github/helm/values/values-mirror-01.yaml(1 hunks).github/helm/values/values-mirror-02.yaml(1 hunks).github/helm/values/values-profile.yaml(1 hunks).github/helm/values/values-readreplica.yaml(3 hunks).github/issue_label_bot.yaml(1 hunks).github/kubelinter.yaml(1 hunks).github/labeler.yaml(1 hunks).github/valdrelease/valdrelease.yaml(1 hunks).github/workflows/_detect-ci-container.yaml(1 hunks).github/workflows/_detect-ci-container.yml(0 hunks).github/workflows/_docker-image-scan.yaml(1 hunks).github/workflows/_docker-image.yaml(5 hunks).github/workflows/_release-pr.yaml(4 hunks).github/workflows/_update-protobuf.yaml(1 hunks).github/workflows/backport.yaml(4 hunks).github/workflows/build-binaries.yaml(2 hunks).github/workflows/build-protobuf.yaml(2 hunks).github/workflows/chatops-help.yaml(1 hunks).github/workflows/chatops.yaml(7 hunks).github/workflows/check-conflict.yaml(1 hunks).github/workflows/codeql-analysis.yml(4 hunks).github/workflows/coverage.yaml(4 hunks).github/workflows/detect-internal-config-changes.yaml(1 hunks).github/workflows/dockers-agent-faiss-image.yaml(1 hunks).github/workflows/dockers-agent-faiss-image.yml(0 hunks).github/workflows/dockers-agent-image.yaml(1 hunks).github/workflows/dockers-agent-ngt-image.yaml(1 hunks).github/workflows/dockers-agent-ngt-image.yml(0 hunks).github/workflows/dockers-agent-sidecar-image.yaml(1 hunks).github/workflows/dockers-agent-sidecar-image.yml(0 hunks).github/workflows/dockers-benchmark-job-image.yaml(1 hunks).github/workflows/dockers-benchmark-job-image.yml(0 hunks).github/workflows/dockers-benchmark-operator-image.yaml(2 hunks).github/workflows/dockers-binfmt-image.yaml(1 hunks).github/workflows/dockers-buildbase-image.yaml(1 hunks).github/workflows/dockers-buildkit-image.yaml(1 hunks).github/workflows/dockers-buildkit-syft-scanner-image.yaml(1 hunks).github/workflows/dockers-ci-container-image.yaml(1 hunks).github/workflows/dockers-ci-container-image.yml(0 hunks).github/workflows/dockers-dev-container-image.yaml(1 hunks).github/workflows/dockers-dev-container-image.yml(0 hunks).github/workflows/dockers-discoverer-k8s-image.yaml(1 hunks).github/workflows/dockers-discoverer-k8s-image.yml(0 hunks).github/workflows/dockers-example-client-image.yaml(1 hunks).github/workflows/dockers-gateway-filter-image.yaml(1 hunks).github/workflows/dockers-gateway-filter-image.yml(0 hunks).github/workflows/dockers-gateway-lb-image.yaml(1 hunks).github/workflows/dockers-gateway-lb-image.yml(0 hunks).github/workflows/dockers-gateway-mirror-image.yaml(2 hunks).github/workflows/dockers-helm-operator-image.yaml(1 hunks).github/workflows/dockers-helm-operator-image.yml(0 hunks).github/workflows/dockers-image-scan.yaml(2 hunks).github/workflows/dockers-index-correction-image.yaml(1 hunks).github/workflows/dockers-index-correction.yml(0 hunks).github/workflows/dockers-index-creation-image.yaml(1 hunks).github/workflows/dockers-index-creation.yml(0 hunks).github/workflows/dockers-index-deletion-image.yaml(1 hunks).github/workflows/dockers-index-operator-image.yaml(1 hunks).github/workflows/dockers-index-save-image.yaml(1 hunks).github/workflows/dockers-index-save.yml(0 hunks).github/workflows/dockers-loadtest-image.yml(0 hunks).github/workflows/dockers-manager-index-image.yaml(1 hunks).github/workflows/dockers-manager-index-image.yml(0 hunks)
⛔ Files not processed due to max files limit (42)
- .github/workflows/dockers-readreplica-rotate-image.yaml
- .github/workflows/dockers-readreplica-rotate.yml
- .github/workflows/dockers-release-branch-image.yaml
- .github/workflows/e2e-chaos.yaml
- .github/workflows/e2e-code-bench-agent.yaml
- .github/workflows/e2e-max-dim.yaml
- .github/workflows/e2e-profiling.yaml
- .github/workflows/e2e.v2.yaml
- .github/workflows/e2e.yaml
- .github/workflows/format.yaml
- .github/workflows/fossa.yaml
- .github/workflows/helm-lint.yaml
- .github/workflows/helm.yaml
- .github/workflows/issue-metrics.yaml
- .github/workflows/labeler.yaml
- .github/workflows/release.yaml
- .github/workflows/reviewdog-hadolint.yaml
- .github/workflows/reviewdog-k8s.yaml
- .github/workflows/reviewdog-markdown.yaml
- .github/workflows/reviewdog.yaml
- .github/workflows/semver-major-minor.yaml
- .github/workflows/semver-patch.yaml
- .github/workflows/test-hack.yaml
- .github/workflows/unit-test-rust.yaml
- .github/workflows/unit-test.yaml
- .github/workflows/update-deps.yaml
- .github/workflows/update-protobuf.yaml
- .github/workflows/update-pull-request-and-issue-template.yaml
- .github/workflows/update-web-docs.yaml
- .gitignore
- .golangci.json
- .golangci.yml
- .prh.yaml
- .textlintrc
- .yamlfmt
- CHANGELOG.md
- LICENSE
- Makefile
- Makefile.d/actions.mk
- Makefile.d/bench.mk
- Makefile.d/build.mk
- Makefile.d/client.mk
💤 Files with no reviewable changes (17)
- .github/workflows/dockers-manager-index-image.yml
- .github/workflows/dockers-dev-container-image.yml
- .github/workflows/dockers-index-save.yml
- .github/dependabot.yml
- .github/workflows/dockers-index-correction.yml
- .github/workflows/dockers-agent-sidecar-image.yml
- .github/workflows/dockers-benchmark-job-image.yml
- .github/workflows/dockers-helm-operator-image.yml
- .github/workflows/dockers-gateway-filter-image.yml
- .github/workflows/dockers-gateway-lb-image.yml
- .github/workflows/dockers-agent-faiss-image.yml
- .github/workflows/dockers-agent-ngt-image.yml
- .github/workflows/dockers-discoverer-k8s-image.yml
- .github/workflows/dockers-loadtest-image.yml
- .github/workflows/dockers-index-creation.yml
- .github/workflows/dockers-ci-container-image.yml
- .github/workflows/_detect-ci-container.yml
🧰 Additional context used
🪛 actionlint (1.7.7)
.github/workflows/backport.yaml
52-52: shellcheck reported issue in this script: SC2086:info:2:75: Double quote to prevent globbing and word splitting
(shellcheck)
52-52: shellcheck reported issue in this script: SC2086:info:3:5: Double quote to prevent globbing and word splitting
(shellcheck)
52-52: shellcheck reported issue in this script: SC2086:info:4:6: Double quote to prevent globbing and word splitting
(shellcheck)
59-59: shellcheck reported issue in this script: SC2006:style:1:13: Use $(...) notation instead of legacy backticks ...
(shellcheck)
59-59: shellcheck reported issue in this script: SC2086:info:1:18: Double quote to prevent globbing and word splitting
(shellcheck)
59-59: shellcheck reported issue in this script: SC2086:info:1:67: Double quote to prevent globbing and word splitting
(shellcheck)
59-59: shellcheck reported issue in this script: SC2086:info:2:38: Double quote to prevent globbing and word splitting
(shellcheck)
67-67: shellcheck reported issue in this script: SC2006:style:1:10: Use $(...) notation instead of legacy backticks ...
(shellcheck)
67-67: shellcheck reported issue in this script: SC2086:info:1:15: Double quote to prevent globbing and word splitting
(shellcheck)
67-67: shellcheck reported issue in this script: SC2006:style:2:9: Use $(...) notation instead of legacy backticks ...
(shellcheck)
67-67: shellcheck reported issue in this script: SC2086:info:2:14: Double quote to prevent globbing and word splitting
(shellcheck)
67-67: shellcheck reported issue in this script: SC2006:style:3:8: Use $(...) notation instead of legacy backticks ...
(shellcheck)
67-67: shellcheck reported issue in this script: SC2086:info:3:13: Double quote to prevent globbing and word splitting
(shellcheck)
67-67: shellcheck reported issue in this script: SC2006:style:4:16: Use $(...) notation instead of legacy backticks ...
(shellcheck)
67-67: shellcheck reported issue in this script: SC2086:info:4:21: Double quote to prevent globbing and word splitting
(shellcheck)
67-67: shellcheck reported issue in this script: SC2153:info:8:19: Possible misspelling: LABEL_NAMES may not be assigned. Did you mean LABEL_NAME?
(shellcheck)
67-67: shellcheck reported issue in this script: SC2006:style:9:17: Use $(...) notation instead of legacy backticks ...
(shellcheck)
67-67: shellcheck reported issue in this script: SC2001:style:9:18: See if you can use ${variable//search/replace} instead
(shellcheck)
67-67: shellcheck reported issue in this script: SC2086:info:16:18: Double quote to prevent globbing and word splitting
(shellcheck)
67-67: shellcheck reported issue in this script: SC2086:info:17:21: Double quote to prevent globbing and word splitting
(shellcheck)
67-67: shellcheck reported issue in this script: SC2086:info:20:21: Double quote to prevent globbing and word splitting
(shellcheck)
67-67: shellcheck reported issue in this script: SC2086:info:21:21: Double quote to prevent globbing and word splitting
(shellcheck)
67-67: shellcheck reported issue in this script: SC2086:info:23:25: Double quote to prevent globbing and word splitting
(shellcheck)
.github/workflows/_docker-image.yaml
61-61: shellcheck reported issue in this script: SC2086:info:2:57: Double quote to prevent globbing and word splitting
(shellcheck)
61-61: shellcheck reported issue in this script: SC2086:info:4:33: Double quote to prevent globbing and word splitting
(shellcheck)
.github/workflows/check-conflict.yaml
34-34: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting
(shellcheck)
37-37: shellcheck reported issue in this script: SC2006:style:2:15: Use $(...) notation instead of legacy backticks ...
(shellcheck)
37-37: shellcheck reported issue in this script: SC2086:info:2:21: Double quote to prevent globbing and word splitting
(shellcheck)
37-37: shellcheck reported issue in this script: SC2006:style:3:8: Use $(...) notation instead of legacy backticks ...
(shellcheck)
37-37: shellcheck reported issue in this script: SC2086:info:12:5: Double quote to prevent globbing and word splitting
(shellcheck)
.github/workflows/_detect-ci-container.yaml
59-59: shellcheck reported issue in this script: SC2086:info:3:22: Double quote to prevent globbing and word splitting
(shellcheck)
⏰ Context from checks skipped due to timeout of 90000ms (2)
- GitHub Check: GitGuardian Security Checks
- GitHub Check: Cloudflare Pages
🔇 Additional comments (234)
.github/codeql/codeql-config.yaml (1)
2-2: Update copyright year
This housekeeping change aligns the header with the new year and matches updates across other CI config files..devcontainer/postAttachCommand.sh (1)
4-4: Update license header to current year.The copyright range has been extended to 2019–2025 to stay current.
.github/conflint.yaml (1)
2-2: Bump header copyright year
Updated the range from 2019–2024 to 2019–2025 to keep the license header current. No configuration logic changes..github/workflows/detect-internal-config-changes.yaml (1)
2-2: Routine metadata update
Extended the copyright year to 2025; no functional impact..github/kubelinter.yaml (1)
2-2: Update copyright year to 2025
The header has been bumped from 2024 to 2025 to stay in sync with the other CI/CD and config files..github/issue_label_bot.yaml (1)
2-2: Copyright header extension is correct
The year range has been updated from 2019-2024 to 2019-2025. This is a non-functional change and aligns with the repository’s header updates..github/ISSUE_TEMPLATE/bug_report.md (1)
25-32: Ensure environment versions are accurate and consistent across templates.
The updated environment section now includes new entries for Vald, Rust, Helm, and Faiss. Please verify that these version numbers are correct and align with the supported versions in your release documentation..github/PULL_REQUEST_TEMPLATE.md (2)
6-6: Enhance description guidelines: explicit "What" and "Why".
The new comment encourages contributors to detail what changed and why, improving PR clarity.
18-25: Ensure environment versions are accurate and consistent across templates.
Confirm that the versions listed here match release documentation and align with other templates for consistency..github/labeler.yaml (2)
2-2: Update license year to 2025
Year bump from 2024 to 2025 is correct and consistent with the current date.
1-173: ```shell
#!/bin/bashVerify no loadtest references remain in the entire repository
rg -n "loadtest" .
</details> <details> <summary>.github/workflows/_update-protobuf.yaml (1)</summary> `2-2`: **Approve copyright year bump to 2019-2025.** This is a comment-only update with no functional changes. </details> <details> <summary>.github/helm/values/values-mirror-02.yaml (1)</summary> `2-2`: **Approve copyright year bump to 2019-2025.** Consistent header update; no configuration changes. </details> <details> <summary>.github/helm/values/values-max-dim.yaml (1)</summary> `2-2`: **Approve copyright year bump to 2019-2025.** Purely a header update; values remain unchanged. </details> <details> <summary>.github/valdrelease/valdrelease.yaml (1)</summary> `2-2`: **Approve copyright year bump to 2019-2025.** No YAML spec or field modifications. </details> <details> <summary>.commit_template (1)</summary> `2-2`: **Approve copyright year bump to 2019-2025.** Comment header updated; template content unaffected. </details> <details> <summary>.github/helm/values/vald-mirror-target.yaml (1)</summary> `2-2`: **Consistent license header update** Extended copyright year from 2019-2024 to 2019-2025; no functional changes. </details> <details> <summary>.github/workflows/chatops-help.yaml (1)</summary> `2-2`: **Consistent license header update** Updated the copyright year to 2019-2025. </details> <details> <summary>.fossa.yml (1)</summary> `2-2`: **License header and formatting cleanup** Extended copyright year to 2019-2025 and removed the trailing blank line. </details> <details> <summary>.github/helm/values/values-mirror-01.yaml (1)</summary> `2-2`: **Consistent license header update** Extended copyright year to 2019-2025; no config changes. </details> <details> <summary>.github/helm/values/values-chaos.yaml (2)</summary> `2-2`: **Consistent license header update** Updated copyright year to 2019-2025. --- `37-37`: **Verify ingress host replacement** The gateway ingress host was changed from `"localhost"` to `"host.docker.internal"`. Confirm this is intended for all target environments and update corresponding documentation if needed. </details> <details> <summary>.github/helm/values/values-profile.yaml (1)</summary> `2-2`: **Update metadata to current year.** The copyright header year has been updated to 2019-2025; this is a routine maintenance change. </details> <details> <summary>.github/actions/notify-slack/action.yaml (1)</summary> `2-2`: **Bump copyright year and fix grammar.** Updated the header to 2019-2025 and corrected the description to “An action to notify Slack.” No functional changes introduced. Also applies to: 17-17 </details> <details> <summary>.github/actions/setup-yq/action.yaml (1)</summary> `2-2`: **Bump year and refine description.** The copyright year has been updated to 2019-2025, and the description now reads “An action to set up yq.” Everything else remains unchanged. Also applies to: 17-17 </details> <details> <summary>.github/actions/deploy-chaos-mesh/action.yaml (1)</summary> `2-2`: **Update year and correct description.** Header year updated to 2019-2025 and description corrected to “An action to deploy Chaos Mesh.” No impact on functionality. Also applies to: 17-17 </details> <details> <summary>.gitguardian.yaml (3)</summary> `2-2`: **Update metadata to current year.** Header copyright updated to 2019-2025; routine maintenance update. --- `16-16`: **Confirm GitGuardian version compatibility.** Bumping `version` from `v1` to `2` indicates a schema change. Please verify that the CI pipeline and any GitGuardian integrations support the new config schema. --- `17-22`: **Add ignored paths for secret scanning.** A new `secret.ignored_paths` section excludes internal test data, docs, and the LICENSE file. This aligns with standard practice to avoid false positives in scanning. </details> <details> <summary>.deepsource.toml (3)</summary> `2-2`: **Approve updated copyright year** Year bump to 2025 is correct. --- `75-77`: **Approve trusted registries update** Adding `gcr.io/distroless` and reordering registries improves security posture. --- `50-70`: **Verify Dockerfile path entries** Multiple new Dockerfile paths were added—please confirm each one exists and remove any duplicates (e.g., the two `readreplica` entries under different parent directories). Suggested script: ```shell #!/bin/bash # Ensure all listed Dockerfile paths exist grep -R "dockerfile_paths" -A 50 .deepsource.toml | \ sed -n 's/^\s*"\(.*Dockerfile\)".*/\1/p' | \ while read -r path; do if [ ! -f "$path" ]; then echo "Missing: $path" fi done.gitattributes (5)
2-2: Approve updated copyright year
Updated to 2025 for consistency.
16-16: Approve global text settings
Default UTF-8 encoding and LF line endings ensure cross-platform consistency.
18-33: Approve language-specific attributes
The new diff, linguist, and merge settings for various languages are well-aligned with repository conventions.
39-50: Approve binary filter and LFS configuration
Patterns and LFS filters correctly handle large binaries.
51-64: Approve merge/export-ignore rules
Merge strategies and export-ignore settings look good..github/helm/values/values-agent-sidecar.yaml (1)
2-2: Confirm copyright year bump
Updated from 2019-2024 to 2019-2025 correctly; no functional or configuration changes..github/helm/values/values-index-management-jobs.yaml (1)
2-2: Confirm copyright year bump
Updated from 2019-2024 to 2019-2025 correctly; no functional or configuration changes..github/helm/values/values-lb.yaml (1)
2-2: Confirm copyright year bump
Updated from 2019-2024 to 2019-2025 correctly; no functional or configuration changes..github/workflows/_docker-image-scan.yaml (1)
2-2: Confirm copyright year bump
Updated from 2019-2024 to 2019-2025 correctly; no functional or workflow changes..github/actions/wait-for-docker-image/action.yaml (3)
2-2: Update copyright year
The copyright year has been bumped to 2025, matching other action files.
17-17: Fix action description grammar
The description has been updated to “An action to wait for Docker images,” improving readability.
22-22: Ensure consistency of default image list
You’ve addedvdaas/vald-index-operatorandvdaas/vald-readreplica-rotateto the default images. Verify that downstream workflows (e.g., detect-docker-image-tags) and composite actions handle these new entries correctly..github/workflows/build-protobuf.yaml (4)
2-2: Update copyright year
Bumped from 2024 to 2025 in the header.
37-37: Align workflow reference extension
Changed the detect-ci-container workflow reference to.yamlto match the renamed file.
42-42: Standardize container tag input
Switched fromTAG_NAMEtoTAGto match the output of the detect-ci-container job.
43-45: Verify container registry credentials
You’ve addedPACKAGE_USERandPACKAGE_TOKENsecrets for registry auth. Ensure these secrets exist in the repository settings and have the correct permissions..github/actions/scan-docker-image/action.yaml (4)
2-2: Update copyright year
Header updated to 2025.
17-17: Fix action description grammar
Changed to “An action to scan the Docker image” for grammatical consistency.
36-36: Add scan timeout
A30mtimeout was introduced to both trivy steps to avoid hanging scans. This is a useful safeguard.Also applies to: 44-44
46-46: Upgrade SARIF uploader version
Theupload-sarifaction was bumped to@v3. Please confirm that v3 supports the same inputs and SARIF format as v2..all-contributorsrc (2)
177-249: Add new contributors
Multiple new contributors have been appended, each with appropriate metadata. This aligns with the expanded team involvement.
259-260: Verify.all-contributorsrcschema change
The newcommitType: "docs"field was added next tocommitConvention. Please confirm that the.all-contributorstool supports this new key..github/actions/dump-context/action.yaml (2)
2-2: Update copyright year
Bumped to 2025, consistent with other actions.
17-17: Fix action description grammar
Description updated to “An action to dump context to log.”.github/workflows/build-binaries.yaml (3)
2-2: Update copyright year
Approved update; matches repository standard.
28-28: Verify workflow path reference
Ensure the renamed_detect-ci-container.yamlfile exists under.github/workflowsand is correctly referenced to avoid missing workflow errors.
33-36: Add container registry authentication
Good addition of credentials for pulling the CI container image; verify thatPACKAGE_USERandPACKAGE_TOKENsecrets are configured and have appropriate scopes..github/actions/e2e-deploy-vald/action.yaml (3)
2-2: Update copyright year
Matches the updated license header convention.
17-17: Fix action description grammar
The description now correctly reads “An action” instead of “A action.”
98-98: Remove default image tag flag
TheVERSIONparameter has been removed from the local deploy command. Confirm that the chart’s default tag behavior covers this gap and no regressions occur..github/workflows/coverage.yaml (5)
2-2: Update copyright year
Consistent update across workflows.
22-22: Correct workflow path filters
The path filters now referencecoverage.yamlrather than.yml, ensuring triggers fire on changes to this file.Also applies to: 28-28
39-39: Ensure updated detect-ci-container usage
The new_detect-ci-container.yamlreference aligns with other workflows; verify its outputs includeTAG.
44-47: Configure container registry credentials
Good practice to authenticate before pulling the container image; ensure secrets exist.
60-60: Upgrade Codecov action version
Bumped to@v5; confirm compatibility with existing parameters and CI reporting..github/workflows/dockers-image-scan.yaml (3)
2-2: Update copyright year
Approved; matches other CI files.
73-80: Rename and add image scan jobs
Jobsindex-deletionandindex-saveare reorganized. Confirm that the targets correspond to valid scan targets in_docker-image-scan.yaml.
88-88: Standardize operator-helm target
Changed tohelm-operator—ensure this matches the underlying Docker image scan pattern..github/actions/setup-go/action.yaml (2)
2-2: Update copyright year
Header updated correctly.
45-49: Conditionally setup Go tool
Ensure the version comparison logic (steps.check_go.outputs.installed_version != steps.go_version.outputs.version) aligns with the format ofsteps.go_version.outputs.version..github/actions/e2e-deploy-vald-readreplica/action.yaml (2)
2-2: Update copyright year to 2025
Matches the rest of the repository headers.
17-17: Correct action description grammar
The revised description reads more clearly..github/helm/values/values-readreplica.yaml (1)
2-2: Update copyright year to 2025
Consistent with project licensing updates..github/actions/setup-helm/action.yaml (4)
2-2: Update copyright year to 2025
Header bump to reflect current year.
17-17: Improve description clarity
The updated description is more concise.
34-43: Robustly detect Helm installation
The newcheck_helmstep correctly setshelm_installedand trims the leadingvfrom versions. This covers most Linux runners.
52-52: Simplify verification step
Runninghelm version --short --clientis sufficient to confirm the install; no further changes needed..github/workflows/dockers-buildbase-image.yaml (2)
17-18: DO_NOT_EDIT guard is present
This file is auto-generated; manual edits will be overwritten.
65-70: Use reusable Docker-image workflow
Good use of the_docker-image.yamlreusable workflow withtarget: buildbaseandplatforms..github/workflows/dockers-binfmt-image.yaml (2)
17-18: DO_NOT_EDIT guard is present
This workflow is generated; manual edits will be clobbered.
65-70: Use reusable Docker-image workflow
Consistent pattern fortarget: binfmtbuilds. Well structured..github/workflows/dockers-buildkit-image.yaml (3)
19-33: CI Triggers Configuration Looks Good
Schedule and push triggers are set appropriately for thebuildkitimage, and path filters align with expected sources.
34-63: Pull Request Target Triggers are Consistent
The PR and PR target path filters mirror the push triggers, ensuring reproducible behavior in forks and main repo.
64-70: Reusable Workflow Invocation is Correct
Thebuildjob uses the_docker-image.yamlworkflow with the correctbuildkittarget and inherits secrets..github/chatops_permissions.yaml (3)
80-82: Approve: Added "author" to vankichi
This aligns vankichi’s chatops permissions with their updated contributor status.
83-86: Approve: Added "author" to datelier
Consistent with new contributor metadata in.all-contributorsrc.
87-90: Approve: Added Matts966 as contributor and author
New contributor roles are correctly defined for chat operations..github/workflows/dockers-discoverer-k8s-image.yaml (4)
19-31: Push Triggers Configured Correctly
Push events formain,release/v*.*, and semantic tags target the discoverer-k8s image appropriately.
32-63: Pull Request Triggers with Path Filters Are Comprehensive
The PR path filters include all relevant Go files and Dockerfiles, and exclude mocks/tests to minimize unnecessary builds.
144-162: Pull Request Target Section Mirrors PR Triggers
Ensures maintainable branch protection workflows by aligningpull_request_targettriggers.
263-268: Job Definition References Reusable Workflow
The build job correctly reuses the_docker-image.yamlworkflow withdiscoverer-k8starget..github/workflows/dockers-buildkit-syft-scanner-image.yaml (4)
19-33: Schedule and Push Triggers are Properly Defined
Hourly schedule, branch/tag filters, and included files for thebuildkit-syft-scannerimage are correctly set.
34-45: Pull Request Path Filters Ensure Targeted Builds
The PR path filters include relevant source and Dockerfile paths, excluding mocks and tests.
47-63: Pull Request Target Mirrors PR Filters
pull_request_targetevent settings align withpull_requestto handle forks safely.
65-70: Build Job Invocation is Correct
Thebuildjob uses the reusable workflow withbuildkit-syft-scannertarget and inherits secrets..github/workflows/dockers-index-operator-image.yaml (4)
19-30: Push Triggers Correct forindex-operator
Branch and tag filters are consistent with other Docker image workflows in this PR.
31-47: Pull Request Filters Capture All Relevant Paths
Source files, Dockerfile, and config are included while excluding mocks/tests.
134-142: Pull Request Target Event Mirrors PR Settings
Ensures safe execution of workflows in pull_request_target context.
243-248: Job Definition is Consistent with Reusable Pattern
Theindex-operatortarget is correctly passed to the shared_docker-image.yamlworkflow..github/workflows/dockers-helm-operator-image.yaml (4)
1-18: Skip autogenerated header
This is the standard license and generation notice; no changes required.
19-30: Triggers correctly scoped to main, release branches, and semantic tags
Branch and tag patterns, including the negated release/v*.. filter, align with the intended semver strategy.
31-67: PR path filters are comprehensive and component-specific
The pull_request and pull_request_target path filters include only relevant charts, Dockerfiles, templates, and generator scripts.
68-73: Job uses the reusable Docker-image workflow correctly
Thehelm-operatortarget and inherited secrets are properly wired..github/workflows/dockers-ci-container-image.yaml (4)
1-18: Skip autogenerated header
Standard license and DO_NOT_EDIT notice are in place.
19-30: Branch and tag triggers look correct
Push filters match main, 2-segment release branches, and semver tags.
31-57: Pull request path filters target only CI container assets
Includes proto files, base Dockerfile, Makefiles, and hack scripts—nothing extraneous.
58-64: Build job configured with linux/amd64 platform
CI container is limited to amd64. Please confirm this constraint is intentional..github/workflows/dockers-dev-container-image.yaml (4)
1-18: Skip autogenerated header
Header and generation comment are standard.
19-30: Push and tag triggers follow project conventions
Patterns match main, release branches, and semantic tags as expected.
31-57: PR filters correctly include dev-container artifacts
Paths cover Dockerfile, proto, Makefiles, and codegen scripts.
58-63: Job invocation is correct for dev-container
Target and secret inheritance are configured properly..github/workflows/dockers-agent-image.yaml (5)
1-18: Skip autogenerated header
Standard license and generation notice.
19-30: Push and tag patterns are consistent
Branch and tag filters align with other Docker workflows.
31-49: PR path filters for agent component look complete
Includes Dockerfile, Rust manifests, source, and version files.
50-73: PR-target path filters mirror pull_request settings
Ensures target events trigger on the same set of files.
74-80: Agent build job properly reuses the common workflow
Theagenttarget and secrets are correctly specified..github/workflows/dockers-gateway-filter-image.yaml (5)
1-18: Skip autogenerated header
License block and generator notice are in place.
19-30: Push and tag triggers are aligned with repository standards
Branch and semantic tag patterns are correctly defined.
31-142: pull_request filters exclude mocks/tests and include only relevant packages
Negative globs and path inclusions ensure precise triggering for gateway-filter changes.
143-259: pull_request_target filters match pull_request settings exactly
Consistency between PR and PR-target triggers prevents drift.
261-266: Build job correctly delegates to reusable workflow
Thegateway-filtertarget and secret inheritance are set up as expected..github/workflows/dockers-gateway-lb-image.yaml (3)
17-17: Workflow file is auto-generated
The DO_NOT_EDIT directive correctly indicates this file is generated byhack/docker/gen/main.go.
21-30: Verify branch filter patterns
The branch include/exclude patterns (release/v*.*with an exclusion ofrelease/v*.*.*) may be confusing; ensure this aligns with your release branch naming conventions. Consider documenting branch naming expectations for clarity.
258-263: Reuses the standard Docker image workflow
Thebuildjob correctly leverages the reusable_docker-image.yamlworkflow with thegateway-lbtarget and inherited secrets..github/workflows/dockers-index-correction-image.yaml (3)
17-17: Workflow file is auto-generated
DO_NOT_EDIT comment correctly references the generator script.
21-30: Verify branch filter patterns
The inclusion ofrelease/v*.*and exclusion ofrelease/v*.*.*needs to match your branch lifecycle. Confirm this pattern aligns with your release branch policy to avoid missing CI runs.
251-256: Build job configuration is consistent
Thebuildjob correctly invokes the reusable workflow withindex-correctionas the target and secrets inheritance..github/workflows/dockers-agent-faiss-image.yaml (3)
17-17: Workflow file is auto-generated
The DO_NOT_EDIT comment correctly indicates this file is generated.
21-30: Branch filters need validation
Ensure the combination of branch includes (main,release/v*.*) and excludes (!release/v*.*.*) aligns with your intended release branch patterns.
267-272: Reuses the standard build workflow
Thebuildjob correctly leverages the reusable_docker-image.yamlaction withagent-faissas the target and inherits secrets..github/workflows/dockers-benchmark-job-image.yaml (3)
17-17: Workflow file is auto-generated
The DO_NOT_EDIT directive correctly flags this as generated code.
21-30: Validate branch inclusion/exclusion patterns
The mix ofrelease/v*.*inclusion and!release/v*.*.*exclusion can be error-prone. Confirm it reflects your release branch naming scheme.
263-268: Build job correctly configured
The jobbuilduses the centralized_docker-image.yamlworkflow withbenchmark-jobas the target and inherited secrets..github/workflows/dockers-manager-index-image.yaml (3)
17-17: Workflow file is auto-generated
The DO_NOT_EDIT comment correctly identifies this as a generated workflow.
21-30: Revisit branch filter logic
Confirm that includingrelease/v*.*while excludingrelease/v*.*.*aligns with your branching strategy to ensure no unintentional CI gaps.
265-270: Correct use of reusable workflow
Thebuildjob properly invokes the_docker-image.yamlworkflow for themanager-indextarget with secret inheritance..github/workflows/chatops.yaml (6)
2-2: Trivial license update
27-34: Containerize ChatOps label job
Runs the job in the standardizedvald-ci-containerand secures registry credentials via secrets.
80-87: Containerize ChatOps rebase job
Aligns with other ChatOps jobs by using thevald-ci-containerand reuses registry credentials.
158-167: Containerize ChatOps gen-test job
Standardizes the gen-test workflow execution environment with the CI container and credentials.
273-283: Containerize ChatOps format job
Ensures formatting steps run consistently inside the CI container with proper credentials.
408-418: Containerize ChatOps approve job
Brings the approval step into the shared CI container, centralizing credentials and environment..github/actions/e2e-deploy-vald-helm-operator/action.yaml (4)
2-2: Trivial license update
17-17: Add action description
Provides a clear summary for the Helm operator deployment action.
77-77: Usemakefor local charts deployment
Switching tomake k8s/vald-helm-operator/deployaligns this action with repository build targets.
89-90: Enhance readiness checks
Waiting on bothReadyandContainersReadyconditions improves deployment stability..github/workflows/dockers-index-save-image.yaml (4)
17-19: Mark generated workflow
TheDO_NOT_EDITheader and workflow name correctly indicate automated generation.
20-30: Push trigger patterns
Branch and tag filters accurately cover main, release branches, and semantic version tags.
31-49: Pull request path filters
Paths are scoped to relevant source and Docker artifacts, reducing unnecessary CI runs.
245-249: Use reusable Docker-image job
Thebuildjob leverages the_docker-image.yamlworkflow with theindex-savetarget and inherited secrets..github/workflows/_release-pr.yaml (8)
2-2: Trivial license update
35-35: Reuse detect-ci-container workflow
Switching to the_detect-ci-container.yamlworkflow enhances maintainability.
43-46: Parameterize CI container credentials
Usingsecrets.PACKAGE_USERandPACKAGE_TOKENsecures access to the CI container image.
80-82: Extend chart version updates
Addingvald-readreplicaandvald-benchmark-operatorto the version bump keeps charts in sync.
92-92: Generate benchmark-operator docs
Includinghelm/docs/vald-benchmark-operatorensures documentation is updated for the new release.
117-124: Improve release PR creation logic
ExtractingPR_NUMviajqand echoing it makes the process more robust and traceable.
126-132: Automate backport labeling
Adding theBACKPORT_MAIN_LABEL_NAMElabel via API helps track backport PRs automatically.
136-137: Set backport environment variables
DefiningBACKPORT_MAIN_LABEL_NAMEandAPI_BASE_URLcentralizes these parameters inenv..github/workflows/dockers-index-deletion-image.yaml (4)
17-19: Mark generated workflow
TheDO_NOT_EDITheader and workflow name correctly indicate automated generation.
20-30: Push trigger patterns
Branch and tag filters match repository release strategy and semantic versioning.
31-49: Pull request path filters
Scoped changes ensure the CI only runs when relevant code is modified.
245-249: Use reusable Docker-image job
Thebuildjob delegates to_docker-image.yamlwithindex-deletion, ensuring consistency..github/actions/docker-build/action.yaml (1)
88-93: Ensureversionsdirectory exists before writing.Writing
versions/VALD_VERSIONwill fail if theversionsfolder is missing. Add amkdir -p versionsor validate the directory path prior toecho.Can you confirm that
versions/always exists in the workspace when this action runs?.github/actions/setup-e2e/action.yaml (2)
43-47: Approve addition of new target images.Extending
target_imageswithvald-index-operatorandvald-readreplica-rotatealigns with E2E coverage expansion.
81-82: Approve multi-tag support.Switching
tag_nametotagsfordetect-docker-image-tagsreflects the new multi-tag workflow and is correctly implemented..github/workflows/dockers-index-creation-image.yaml (1)
245-250: Reusable workflow usage looks good.Leveraging
./.github/workflows/_docker-image.yamlfor theindex-creationtarget cleanly standardizes your Docker build process..github/workflows/_docker-image.yaml (7)
4-4: Copyright update for 2025
The year bump is correct and up-to-date.
43-57: Expand build triggers to include schedule & approved labels
Includingscheduleand thepull_request_targetpath with aci/approvedlabel improves flexibility and security for forked PR builds.
73-83: Authenticate to DockerHub and GHCR up front
Adding separate login steps ensures we can pull/push images from both registries before QEMU/Buildx setup.
85-89: Switch to nightly binfmt image on GHCR
Pointing toghcr.io/vdaas/vald/vald-binfmt:nightlycentralizes maintenance and versioning.
96-98: Customize BuildKit image & enable stargz snapshotter
Using the nightly buildkit with--oci-worker-snapshotter=stargzis a solid performance optimization.
107-110: Run image scan only on tag pushes
Scoping the scan step torefs/tags/reduces unnecessary scans on non-release builds.
112-115: Limit Slack notifications to main branch or tags
This minimizes noise by only alerting on production-relevant events..github/workflows/check-conflict.yaml (3)
25-27: Restrict conflict check to in-repo PRs
Blocking only non-fork pull requests ensures external contributors aren’t inadvertently blocked.
29-33: ValidateDISPATCH_TOKENpermissions
You’re usingsecrets.DISPATCH_TOKENfor the checkout. Confirm it's scoped minimally (read-only checkout + comment write) to avoid overprivileged tokens.Can you verify
DISPATCH_TOKENgrants only necessary permissions?
57-59: Confirm env var scoping
GITHUB_TOKENandAPI_URLare scoped to this step. Verify downstream steps cannot access these if not intended.Are these env vars strictly needed only here?
.github/workflows/dockers-example-client-image.yaml (4)
17-18: DO_NOT_EDIT header is correct
This flag clearly indicates the file is generated; no manual edits should be made.
21-30: Branch & tag triggers align with repo conventions
main,release/v*.*, and semver tags are correctly included/excluded.
31-37: Effective path filters to reduce CI runs
Excluding mocks/tests and non-relevant files focuses CI on meaningful changes.
69-74: Reuse core Docker build workflow with inherited secrets
Centralizing the build logic via_docker-image.yamlis a best practice..github/workflows/dockers-agent-sidecar-image.yaml (1)
17-23: Auto-generatedagent-sidecarworkflow is consistent
Triggers, path filters, and the reuse of_docker-image.yamlmirror other component workflows. No manual changes required..github/helm/values/values-correction.yaml (1)
19-21: VerifynetworkPolicyresource definitions
Enabling network policies is sound—confirm the Helm chart includes matchingNetworkPolicymanifests.Can you confirm that your Helm templates respect this setting?
.github/workflows/dockers-agent-ngt-image.yaml (3)
19-19: Naming consistency confirmed.
The workflow name clearly identifies the target component.
149-156: Align triggers withpull_request.
Thepull_request_targetblock mirrorspull_requestfilters correctly. Good reuse of path scope and event types.
273-277: Reusable job invocation is correct.
Thebuildjob reuses_docker-image.yamlwithtarget: agent-ngtand inherits secrets as intended..github/workflows/dockers-gateway-mirror-image.yaml (3)
19-20: Workflow name matches component.
gateway-mirroris clearly referenced in the title.
145-155:pull_request_targetcorrectly reflectspull_request.
Types and paths are consistent, enabling proper MR labeling and synchronization handling.
263-267: Jobs block reuse looks good.
Referencing the reusable image build workflow ensures uniform CI behavior..github/e2e/multi_crud.yaml (2)
16-33: Verify placeholder substitution in global config.
Ensure_E2E_DATASET_PATH_,_E2E_TARGET_NAMESPACE_, and_E2E_TARGET_NAME_are correctly injected at runtime.
291-300: Reevaluate linear search timeouts.
timeout: 1000sis significantly higher than the30sused elsewhere. Confirm this value or adjust to prevent excessively long test hangs..github/actions/detect-docker-image-tags/action.yaml (2)
26-27: Default image list updated correctly.
New imagesvdaas/vald-index-operatorandvdaas/vald-readreplica-rotateare included as intended.
41-57: Associative array mappings are consistent.
All image‐to‐Helm key mappings align with defaults in dependent workflows..github/workflows/dockers-benchmark-operator-image.yaml (5)
2-2: Approve copyright year bump
Updating the year range to include 2025 is straightforward and aligns with the rest of the repository.
17-17: Approve generated-file notice
The “DO_NOT_EDIT” comment correctly signals that this file is auto-generated byhack/docker/gen/main.go.
24-25: Approve branch filter enhancements
Includingrelease/v*.*and excluding patch releases (release/v*.*.*) sharpens CI coverage for major/minor branches.
29-30: Approve tag filter additions
Addingv*.*.*andv*.*.*-*tag patterns ensures coverage of versioned and pre-release builds.
142-147: Approve addition of pull_request_target trigger
Includingopened,reopened,synchronize, andlabeledforpull_request_targetcovers PR events that need write access..github/actions/determine-docker-image-tag/action.yaml (8)
2-2: Approve copyright year bump
Extending to 2025 across all GitHub Actions metadata is consistent.
17-27: Approve outputs expansion
Switching from a single tag output toTAGS,PRIMARY_TAG, andSECONDARY_TAGSenhances flexibility for downstream workflows.
44-62: Approve tag-priority logic for tag refs
The new multi‐stage priority (exact tag, release branch, commit hash, minor tag,latest) covers edge cases around image build timing.
63-78: Approve pull_request tag logic
Generatingpr-<number>and conditionally appendingrelease-<x.y>ornightlymeets expected CI practices for PR builds.
79-85: Approve main-branch tag logic
Using the short commit SHA followed bynightlyaligns with main–branch Docker tagging conventions.
86-93: Approve release-branch tag logic
Prefacing release-branch builds withrelease-<x.y>plus SHA is clear and consistent.
95-100: Approve fallback tag logic
Theunknown-<event>-...scheme ensures a deterministic tag even for unexpected events.
102-111: Approve output assignment and logging
Capturing and exporting all three outputs, with debug echo statements, completes the composite action contract..github/workflows/codeql-analysis.yml (8)
2-2: Approve copyright year update
Year bump to 2025 is correct and consistent with other workflows.
34-34: Approve path filter extension
Switchingcodeql-analysis.ymlto.yamlin thepull_requestfilter aligns with the actual filename.
45-45: Approve detect-ci-container reference update
Pointing to_detect-ci-container.yaml(instead of.yml) matches the renamed workflow.
46-68: Approve matrix-based analyze job
Introducing a language/build-mode matrix (actions, go, rust) with fail-fast disabled addresses multi‐language support elegantly.
69-73: Approve container and credential configuration
Usingneeds.detect-ci-container.outputs.TAGand injecting credentials viasecretssecures the CodeQL container build.
84-88: Approve CodeQL init update
Upgrading togithub/codeql-action/init@v3and driving parameters from the matrix modernizes the setup.
90-92: Approve conditional autobuild
Executingautobuildonly for Go speeds up builds for other languages.
93-96: Approve CodeQL analyze update
Moving toanalyze@v3with acategoryinput per language is the recommended pattern..github/actions/setup-k3d/action.yaml (10)
2-2: Approve copyright year bump
Consistent metadata update for 2025.
17-17: Approve description addition
Adding a cleardescriptionfield improves action discoverability.
20-22: Approve version inputs defaults
Allowing empty inputs and falling back toversions/K3D_VERSIONorK3S_VERSIONprovides flexibility.
50-57: Approve k3d version detection
Detecting and defaultingK3D_VERSIONfrom file orlatestis robust.
64-71: Approve k3s version detection
Mirroring the same pattern forK3S_VERSIONis consistent.
78-83: Approve k3d installation check
Emittingk3d_installedandinstalled_versionenables conditional installs.
85-85: Approve conditional install step
Theifguard correctly triggers installation only when needed.
97-102: Approve ingress options logic
Dynamically buildingK3D_OPTIONSbased oningress_portis flexible and clear.
110-116: Approve cluster creation invocation
Passing all inputs into themake k3d/startcommand ties the action together.
124-130: Approve kubeconfig export
WritingKUBECONFIGto$GITHUB_ENVand verifying it is essential for downstream steps..github/actions/e2e-profile/action.yaml (9)
1-16: Approve file header and metadata
Correct copyright bump and license header.
17-23: Approve inputs section
Requiringdispatch_useranddispatch_tokenis necessary for pushing artifacts and comments.
30-36: Approve port-forward and trapping logic
Launchingkubectl port-forwardwith an exit trap ensures clean shutdown of the background process.
40-43: Approve profile collection loop
Iterating services and profile types covers all required endpoints.
44-53: Approve artifact and cache steps
Uploading raw profiles and caching them by${{ github.sha }}improves CI performance.
62-74: Approve tag determination for graphs
The multi‐branch logic for naming graph diffs (pr-,main-,v<release>-, fallback toVALD_VERSION) is well thought-out.
76-94: Approve graph generation loops
Usinggo tool pprofto emit both SVG and PNG, and diffing against the main profiles, provides clear visual regression data.
100-111: Approve pushing graphs to external repo
Cloningvald-ci-images, committing under${GITHUB_SHA::6}, and pushing with provided credentials is appropriate.
117-124: Approve PR comment step
Building an HTML table of images and posting it via the GitHub API completes the feedback loop for PR profiling.
| schedule: | ||
| - cron: 0 * * * * | ||
| push: | ||
| branches: | ||
| - main | ||
| - release/v*.* | ||
| - "!release/v*.*.*" | ||
| tags: | ||
| - "*.*.*" | ||
| - "*.*.*-*" | ||
| - v*.*.* | ||
| - v*.*.*-* |
There was a problem hiding this comment.
Invalid negation in branch/tag patterns
GitHub Actions does not support ! globs for push.branches or push.tags. These negations will be ignored, potentially triggering on unintended refs. Please remove or rework exclusion patterns.
🤖 Prompt for AI Agents
In .github/workflows/dockers-buildbase-image.yaml around lines 21 to 32, the
push.branches section uses an invalid negation pattern with "!release/v*.*.*"
which GitHub Actions does not support. Remove the negation pattern from the
branches list and instead explicitly list only the branches you want to trigger
on, or restructure the workflow logic to avoid using negations in branch or tag
filters.
| schedule: | ||
| - cron: 0 * * * * | ||
| push: | ||
| branches: | ||
| - main | ||
| - release/v*.* | ||
| - "!release/v*.*.*" | ||
| tags: | ||
| - "*.*.*" | ||
| - "*.*.*-*" | ||
| - v*.*.* | ||
| - v*.*.*-* |
There was a problem hiding this comment.
Invalid negation in branch/tag patterns
Negated globs (!release/...) are only valid in paths filters, not branches or tags. These entries should be removed to ensure correct triggering.
🤖 Prompt for AI Agents
In .github/workflows/dockers-binfmt-image.yaml around lines 21 to 32, the
workflow uses a negated glob pattern "!release/v*.*.*" in the branches filter,
which is invalid for branches and tags filters. Remove this negated pattern from
the branches list to ensure the workflow triggers correctly without errors.
| apt-get update | ||
| apt-get install -y libhdf5-dev |
There was a problem hiding this comment.
Restore sudo for apt-get.
On ubuntu-latest, runner requires sudo to install packages. Removing sudo will make apt-get install -y libhdf5-dev fail.
🤖 Prompt for AI Agents
In .github/actions/setup-e2e/action.yaml at lines 61 to 62, the apt-get commands
are missing the required sudo prefix. To fix this, add sudo before both apt-get
update and apt-get install -y libhdf5-dev commands to ensure they run with the
necessary permissions on ubuntu-latest runners.
| op: gt | ||
| value: 5000 | ||
| - concurrency: 1 | ||
| name: Parallel Search Opeation (Search, SearchByID, LinearSearch, LinearSearchByID) x (ConcurrentQueue, SortSlice, SortPoolSlice, PairingHeap) = 16 |
There was a problem hiding this comment.
Typo in strategy name.
Change Parallel Search Opeation to Parallel Search Operation.
🤖 Prompt for AI Agents
In .github/e2e/unary_crud.yaml at line 211, there is a typo in the strategy name
"Parallel Search Opeation". Correct the typo by changing "Opeation" to
"Operation" to fix the spelling.
| keepalive: "" | ||
| timeout: "" |
There was a problem hiding this comment.
Define non-empty duration values
Fields like keepalive.time and timeout under dial_option are set to empty strings. These must be valid durations (e.g., 30s) or omitted entirely to prevent parsing/runtime errors.
Also applies to: 107-109
🤖 Prompt for AI Agents
In .github/e2e/stream_crud.yaml at lines 84-85 and also lines 107-109, the
fields keepalive and timeout under dial_option are set to empty strings, which
is invalid. Replace these empty string values with valid duration strings like
"30s" or remove the fields entirely if no timeout is needed to ensure proper
parsing and avoid runtime errors.
2 participants
Description
Related Issue
Versions
Checklist
Special notes for your reviewer
Summary by CodeRabbit
New Features
Enhancements
Bug Fixes
Refactor
.ymlfiles with new.yamlconfigurations and improved structure.Chores