feat: add CodeRabbit configuration#921
Draft
MitaliBhalla wants to merge 1 commit intoopenshift:mainfrom
Draft
Conversation
Adds .coderabbit.yaml with: - Path-specific review instructions for cmd/, pkg/, internal/, tests, .github/, hack/ - Custom recipes: security check, breaking changes analysis - Pre-merge checks for PR title format and debug code - Auto-labeling suggestions for PRs and issues - Issue enrichment with auto-planning - Additional tools: trufflehog, hadolint, yamllint, semgrep - Filters to skip vendor, generated, and mock files Made-with: Cursor
openshift-ci
bot
added
the
do-not-merge/work-in-progress
Contributor
|
Skipping CI for Draft Pull Request. |
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: MitaliBhalla The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
Contributor
Author
|
@coderabbitai configuration |
|
Configuration used: Path: .coderabbit.yaml CodeRabbit configurationlanguage: en-US
tone_instructions: ''
early_access: true
enable_free_tier: true
inheritance: false
reviews:
profile: chill
request_changes_workflow: false
high_level_summary: true
high_level_summary_instructions: ''
high_level_summary_placeholder: '@coderabbitai summary'
high_level_summary_in_walkthrough: true
auto_title_placeholder: '@coderabbitai'
auto_title_instructions: ''
review_status: true
review_details: false
commit_status: true
fail_commit_status: false
collapse_walkthrough: false
changed_files_summary: true
sequence_diagrams: true
estimate_code_review_effort: true
assess_linked_issues: true
related_issues: true
related_prs: true
suggested_labels: true
labeling_instructions:
- label: security
instructions: >-
Apply when PR touches authentication, authorization, credentials, or
token handling
- label: breaking-change
instructions: Apply when public APIs, CLI flags, or config formats change incompatibly
- label: dependencies
instructions: Apply when go.mod or go.sum changes
- label: documentation
instructions: Apply when docs/, README, or help text changes
- label: ci
instructions: Apply when .github/workflows or Makefile changes
auto_apply_labels: false
suggested_reviewers: true
auto_assign_reviewers: false
in_progress_fortune: true
poem: false
enable_prompt_for_ai_agents: true
path_filters:
- '!vendor/**'
- '!**/*.generated.go'
- '!**/mock_*.go'
- '!**/zz_generated*.go'
- '!**/mocks/**'
path_instructions:
- path: cmd/**
instructions: |
CLI command code for OCM plugin (ocm-backplane).
Focus on:
- Consistent error messages with actionable guidance
- Proper cobra command patterns (Use(), Short, Long, RunE)
- Input validation before processing
- Help text clarity and completeness
- Exit codes (0=success, non-zero=error)
- path: pkg/**
instructions: |
Core library code.
Focus on:
- API backward compatibility (don't break existing callers)
- Thread safety for concurrent operations
- Error wrapping with context (fmt.Errorf with %w)
- No hardcoded credentials, URLs, or cluster names
- Proper context.Context propagation
- path: internal/**
instructions: |
Internal packages.
Focus on:
- Clear separation of concerns
- No circular dependencies
- Should not be imported outside this module
- path: '**/*_test.go'
instructions: |
Test files.
Ensure:
- Table-driven tests for multiple cases
- Cover error paths, not just happy paths
- Meaningful test names describing behavior
- No hardcoded credentials (use mocks/fakes)
- Tests are deterministic (no flaky tests)
- path: go.mod
instructions: |
Dependency changes.
Check:
- Is this a major version bump requiring code changes?
- Are there known CVEs in new versions?
- Is the dependency necessary or can stdlib be used?
- Does it align with OpenShift dependency versions?
- path: .github/**
instructions: |
GitHub Actions and workflows.
Verify:
- No secrets hardcoded in workflow files
- Minimal permissions (principle of least privilege)
- Pinned action versions (avoid `@main`, use `@v1.2.3` or SHA)
- Proper error handling in scripts
- path: hack/**
instructions: |
Build and development scripts.
Verify:
- Scripts are portable (avoid bashisms if targeting sh)
- Proper error handling (set -e, set -o pipefail)
- No hardcoded paths specific to one developer's machine
abort_on_close: true
disable_cache: false
slop_detection:
enabled: true
auto_review:
enabled: true
description_keyword: ''
auto_incremental_review: true
auto_pause_after_reviewed_commits: 5
ignore_title_keywords:
- WIP
- DO NOT MERGE
labels: []
drafts: false
base_branches:
- main
- master
ignore_usernames: []
finishing_touches:
docstrings:
enabled: true
unit_tests:
enabled: true
simplify:
enabled: false
custom: []
pre_merge_checks:
override_requested_reviewers_only: false
docstrings:
mode: warning
threshold: 80
title:
mode: warning
requirements: |
PR title should be clear and descriptive.
Preferred format: type: description
Types: feat, fix, docs, chore, refactor, test, ci
Example: "feat: add cluster login timeout flag"
description:
mode: warning
issue_assessment:
mode: warning
custom_checks: []
tools:
ast-grep:
rule_dirs: []
util_dirs: []
essential_rules: true
packages: []
shellcheck:
enabled: true
ruff:
enabled: true
markdownlint:
enabled: true
github-checks:
enabled: true
timeout_ms: 90000
languagetool:
enabled: true
enabled_rules: []
disabled_rules: []
enabled_categories: []
disabled_categories: []
enabled_only: false
level: default
biome:
enabled: true
hadolint:
enabled: true
swiftlint:
enabled: true
phpstan:
enabled: true
level: default
phpmd:
enabled: true
phpcs:
enabled: true
golangci-lint:
enabled: true
yamllint:
enabled: true
gitleaks:
enabled: true
trufflehog:
enabled: true
checkov:
enabled: true
tflint:
enabled: true
detekt:
enabled: true
eslint:
enabled: true
flake8:
enabled: true
fortitudeLint:
enabled: true
rubocop:
enabled: true
buf:
enabled: true
regal:
enabled: true
actionlint:
enabled: true
pmd:
enabled: true
clang:
enabled: true
cppcheck:
enabled: true
opengrep:
enabled: true
semgrep:
enabled: true
circleci:
enabled: true
clippy:
enabled: true
sqlfluff:
enabled: true
trivy:
enabled: true
prismaLint:
enabled: true
pylint:
enabled: true
oxc:
enabled: true
shopifyThemeCheck:
enabled: true
luacheck:
enabled: true
brakeman:
enabled: true
dotenvLint:
enabled: true
htmlhint:
enabled: true
stylelint:
enabled: true
checkmake:
enabled: true
osvScanner:
enabled: true
blinter:
enabled: true
smartyLint:
enabled: true
emberTemplateLint:
enabled: true
psscriptanalyzer:
enabled: true
chat:
art: true
allow_non_org_members: true
auto_reply: true
integrations:
jira:
usage: auto
linear:
usage: auto
knowledge_base:
opt_out: false
web_search:
enabled: true
code_guidelines:
enabled: true
filePatterns: []
learnings:
scope: auto
issues:
scope: auto
jira:
usage: auto
project_keys: []
linear:
usage: auto
team_keys: []
pull_requests:
scope: auto
mcp:
usage: auto
disabled_servers: []
linked_repositories: []
code_generation:
docstrings:
language: en-US
path_instructions: []
unit_tests:
path_instructions: []
issue_enrichment:
auto_enrich:
enabled: true
planning:
enabled: true
auto_planning:
enabled: true
labels: []
labeling:
labeling_instructions: []
auto_apply_labels: false
|
krishvoor
reviewed
Apr 8, 2026
| # --------------------------------------------------------------------------- | ||
| labeling_instructions: | ||
| - label: "security" | ||
| instructions: "Apply when PR touches authentication, authorization, credentials, or token handling" |
Member
There was a problem hiding this comment.
Do we have any auth n/z or token handling in the codebase?
Contributor
Author
There was a problem hiding this comment.
Yes — JWT parsing, OCM tokens, AWS STS AssumeRole, and cloud credentials (AWS/GCP). Around 60+ files touch auth/tokens.
Key areas: pkg/utils/jwt.go, pkg/awsutil/sts.go, pkg/credentials/, pkg/ocm/ocm.go
Comment on lines
+128
to
+130
| ignore_title_keywords: | ||
| - "WIP" | ||
| - "DO NOT MERGE" |
Member
There was a problem hiding this comment.
DRAFT
DNM
build(deps)
Variations among above, to allow coderabbit to review PR(s) in ready state
openshift-ci
bot
added
the
needs-rebase
Contributor
|
PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds
.coderabbit.yamlwith:@coderabbitai run security checkTest:
@coderabbitai configurationon this PRMade with Cursor