ART-21049: Create artcd command for Check Cve Tracker Bug step#3097
ART-21049: Create artcd command for Check Cve Tracker Bug step#3097tomasdavidorg wants to merge 5 commits into
Conversation
rh-pre-commit.version: 2.4.0 rh-pre-commit.check-secrets: ENABLED
|
@tomasdavidorg: This pull request references ART-21049 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the sub-task to target the "5.0.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository: openshift-eng/coderabbit/.coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
WalkthroughAdds a ChangesVerify CVE tracker coverage
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Suggested reviewers
Important Pre-merge checks failedPlease resolve all errors before merging. Addressing warnings is optional. ❌ Failed checks (2 errors, 1 warning)
✅ Passed checks (8 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@pyartcd/pyartcd/__main__.py`:
- Line 52: The new pipeline import for verify_cve_trackers is present but it is
not re-exported through the __all__ list, so it will not be included in wildcard
imports. Update the __all__ definition in __main__.py to add verify_cve_trackers
alongside the other pipeline symbols, keeping the export list consistent with
the import list.
In `@pyartcd/pyartcd/pipelines/verify_cve_trackers.py`:
- Around line 260-272: Both get_rhsa_jira_issues and
get_jira_issues_from_shipment_mr are doing blocking network I/O inside the async
run() coroutine, which will stall the event loop. Update verify_cve_trackers.py
so the calls in run() are executed off the loop, following the pattern used by
_load_releases_yaml (for example, via asyncio.to_thread or equivalent async
wrapper). Keep the existing logic for rhsa_jira_issues, shipment_jira_issues,
shipment_files, mr_group, and mr_assembly, but make sure the blocking fetches
happen in background threads before flatten_elliott_cve_trackers and
find_missing_cve_trackers consume their results.
- Around line 118-121: The per-file exception handling in
get_jira_issues_from_shipment_mr is silently swallowing failures by catching
Exception and continuing, which hides download/parse problems. Update this
branch to log the exception together with the current file path before
continuing, using a logger available to the function (for example by passing one
in or using a module-level logger). Keep the ValueError handling as-is, but make
sure unexpected errors are visible instead of disappearing from processed_files.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository: openshift-eng/coderabbit/.coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: dabbbc3f-8e8c-489d-abb6-5cb6a4bd4d9e
📒 Files selected for processing (3)
pyartcd/pyartcd/__main__.pypyartcd/pyartcd/pipelines/verify_cve_trackers.pypyartcd/tests/pipelines/test_verify_cve_trackers.py
|
/test security |
rh-pre-commit.version: 2.4.0 rh-pre-commit.check-secrets: ENABLED
|
/test security |
rh-pre-commit.version: 2.4.0 rh-pre-commit.check-secrets: ENABLED
|
@tomasdavidorg: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
rh-pre-commit.version: 2.4.0
rh-pre-commit.check-secrets: ENABLED
Summary by CodeRabbit
verify-cve-trackerscommand to verify CVE tracker coverage for a specified group and assembly using advisory-derived and shipment-derived Jira issue sources.releases.ymlfrom a data path, including Git-based refs, and allows text or JSON output with pass/fail status and missing tracker details.verify_cve_trackersfrom the main module for programmatic use.