Skip to content

Test smee webhook#85

Open
raks-tt wants to merge 15 commits intodevfile-samples:mainfrom
rrajashe-stonesoup:test-smee-webhook
Open

Test smee webhook#85
raks-tt wants to merge 15 commits intodevfile-samples:mainfrom
rrajashe-stonesoup:test-smee-webhook

Conversation

@raks-tt
Copy link
Copy Markdown

@raks-tt raks-tt commented Mar 30, 2026
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • New Features

    • Added an automated pull-request validation pipeline: builds images, optionally prefetches deps, runs configurable security/compliance scans, creates image indexes/source images, tags and publishes artifacts, and returns build/git results.
    • Added an automated push-to-main pipeline: full build + indexing, conditional scans, tagging and artifact publishing; configurable build/check toggles and metadata outputs.

  • Documentation

    • Expanded README with new testing and webhook authentication guidance.

@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Mar 30, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: daa0114b-cfea-4840-be16-2f5a456cc13a

📥 Commits

Reviewing files that changed from the base of the PR and between cc9ccf6 and fd445d1.

📒 Files selected for processing (1)
  • README.md
🚧 Files skipped from review as they are similar to previous changes (1)
  • README.md
📝 Walkthrough

Walkthrough

Two new Tekton PipelineRun manifests were added (push and pull-request) to build images and run conditional security/compliance scans; README.md was edited to merge new testing headings into the Dockerfiles reference line.

Changes

Cohort / File(s) Summary
Tekton: Pull Request Pipeline
.tekton/python-sample-pull-request.yaml		 Adds PipelineRun python-sample-on-pull-request in rk-tenant: parameterized git/source/image args, OCI-artifact based clone, optional prefetch, build via buildah-oci-ta, optional source-image/index builds, conditional security/compliance scanner tasks, tag/push steps, pipeline results (IMAGE_URL, IMAGE_DIGEST, CHAINS-GIT_*), serviceAccount and optional workspaces.
Tekton: Push Pipeline
.tekton/python-sample-push.yaml		 Adds PipelineRun python-sample-on-push: similar params and task graph as PR pipeline, trigger conditions for push (branch main), buildah build args/cache toggles, OCI artifact wiring, conditional scanners gated by skip-checks, and exposed pipeline results.
Documentation
README.md		 Fixed trailing newline and appended multiple testing headings inline after the Dockerfiles reference bullet (# Testing Smee Webhook, # Testing webhook with secret, # Testing fixed GitHub App auth, etc.), altering section placement.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Event as PR/Push Event
  participant Tekton as Tekton PipelineRun
  participant Git as Git Repository
  participant OCI as OCI Artifact Store / Registry
  participant Build as buildah-oci-ta
  participant Scans as Scanner Tasks

  Event->>Tekton: trigger PipelineRun (params: git-url, revision, output-image, flags)
  Tekton->>Git: clone repo into OCI artifact
  Tekton->>OCI: store source artifact
  Tekton->>Build: start image build using OCI source
  Build->>OCI: push built image (image URL + digest)
  Tekton->>Scans: conditionally run scanners (clair, Snyk, clamav, coverity, etc.)
  Scans->>OCI: read image for analysis
  Scans-->>Tekton: return scan results
  Tekton->>OCI: push image tags and Dockerfile artifact
  Tekton-->>Event: produce pipeline results (IMAGE_URL, IMAGE_DIGEST, CHAINS-GIT_*)
Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🐰 I hopped through pipelines, nibbling bytes and logs,

I packed the source into neat little cogs,
Scanners sniffed crates while buildah hopped on logs,
Tags tied with ribbon, digests snug as clogs,
A rabbit cheers — new runs ready for the flogs!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name Status Explanation Resolution
Title check ❓ Inconclusive The PR title 'Test smee webhook' is vague and does not accurately describe the main changes, which involve adding two comprehensive Tekton pipeline manifests for Python sample CI/CD workflows. Consider a more descriptive title that captures the primary change, such as 'Add Tekton pipelines for Python sample CI/CD on pull requests and push events' or 'Add Python sample Tekton pipeline manifests for PR and push workflows'.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.tekton/python-sample-pull-request.yaml:
- Around line 4-12: Update the build annotation
build.appstudio.openshift.io/repo to point to the correct repository URL by
replacing
https://github.com/rrajashe-stonesoup/devfile-sample-python-basic?rev={{revision}}
with
https://github.com/devfile-samples/devfile-sample-python-basic?rev={{revision}}
in the .tekton/python-sample-pull-request.yaml; repeat the exact same
replacement for the same annotation in .tekton/python-sample-push.yaml so both
manifests reference devfile-samples/devfile-sample-python-basic.

In `@README.md`:
- Line 18: The Markdown has a formatting issue where the heading "# Testing Smee
Webhook" is concatenated to the previous bullet ("For more information about
Dockerfiles..."), so split them by inserting a newline (and ideally a blank
line) between the Dockerfile bullet and the heading; update the README so the
list item ends with its own line and the "Testing Smee Webhook" heading appears
on the next line starting with `# Testing Smee Webhook`.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8a05c747-a6b9-4d76-b4bf-07eb97a851d2

📥 Commits

Reviewing files that changed from the base of the PR and between 14aa02e and 3fae41e.

📒 Files selected for processing (3)
  • .tekton/python-sample-pull-request.yaml
  • .tekton/python-sample-push.yaml
  • README.md

.tekton/python-sample-pull-request.yaml
Comment on lines +4 to +12
annotations:
build.appstudio.openshift.io/repo: https://github.com/rrajashe-stonesoup/devfile-sample-python-basic?rev={{revision}}
build.appstudio.redhat.com/commit_sha: '{{revision}}'
build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}'
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
pipelinesascode.tekton.dev/cancel-in-progress: "true"
pipelinesascode.tekton.dev/max-keep-runs: "3"
pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
== "main"
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check if the annotation URL matches the repository this PR is targeting
echo "Annotation repo URL in pull-request.yaml:"
rg -n 'build.appstudio.openshift.io/repo' .tekton/python-sample-pull-request.yaml

echo ""
echo "Checking if this is the correct repository pattern used elsewhere:"
rg -n 'rrajashe-stonesoup|devfile-samples' .tekton/

Repository: devfile-samples/devfile-sample-python-basic

Length of output: 640

Correct the repository URL in build annotations.

The build.appstudio.openshift.io/repo annotation on line 5 references https://github.com/rrajashe-stonesoup/devfile-sample-python-basic but the actual repository is devfile-samples/devfile-sample-python-basic. This mismatch will cause the build system to incorrectly associate build metadata and artifacts with the wrong repository. The same issue exists in .tekton/python-sample-push.yaml. Update both annotations to use https://github.com/devfile-samples/devfile-sample-python-basic?rev={{revision}}.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.tekton/python-sample-pull-request.yaml around lines 4 - 12, Update the
build annotation build.appstudio.openshift.io/repo to point to the correct
repository URL by replacing
https://github.com/rrajashe-stonesoup/devfile-sample-python-basic?rev={{revision}}
with
https://github.com/devfile-samples/devfile-sample-python-basic?rev={{revision}}
in the .tekton/python-sample-pull-request.yaml; repeat the exact same
replacement for the same annotation in .tekton/python-sample-push.yaml so both
manifests reference devfile-samples/devfile-sample-python-basic.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@raks-tt