feat(xtest): support platform-embedded otdfctl for migration to monorepo#434
feat(xtest): support platform-embedded otdfctl for migration to monorepo#434dmihalcik-virtru wants to merge 1 commit intomainfrom
Conversation
otdfctl is moving from opentdf/otdfctl into opentdf/platform. This updates the test infrastructure to auto-detect when the platform checkout contains otdfctl/ and build from there instead of the standalone repo. Key changes: - xtest.yml: new otdfctl-source input (auto/standalone/platform) and detection step that checks for otdfctl/go.mod in the platform dir - setup-cli-tool: new platform-otdfctl-dir input; symlinks platform source into sdk/go/src/ for head builds instead of separate checkout - otdf-sdk-mgr: resolve.py supports go_source="platform" to resolve against the platform repo with otdfctl/ tag infix; installers write .module-path file for the new Go module path - cli.sh/otdfctl.sh: read .module-path to use the correct module path (github.com/opentdf/platform/otdfctl) for go run fallback Backward compatible: old releases still resolve from the standalone repo; .module-path absence defaults to the original module path. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 14 minutes and 42 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (8)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces support for resolving and installing the Go otdfctl CLI from the platform monorepo in addition to the standalone repository. Key changes include adding a source parameter to resolution and installation logic, updating shell wrappers to support dynamic module paths, and modifying the GitHub Action to allow symlinking local platform-embedded source code. Feedback highlights a missing propagation of the source parameter during installation, a potential IndexError when resolving the main branch, and security risks associated with direct shell interpolation of JSON outputs in the GitHub Action.
| if source == "platform": | ||
| (dist_dir / ".module-path").write_text(f"{GO_MODULE_PATH_PLATFORM}\n") |
There was a problem hiding this comment.
The source parameter is currently not being propagated from the CLI or the install_release function. Consequently, the .module-path file will never be created, causing the Go wrappers to use the incorrect module path for platform-embedded releases.
You can fix this by inferring the source from the version prefix if it is not explicitly provided.
| if source == "platform": | |
| (dist_dir / ".module-path").write_text(f"{GO_MODULE_PATH_PLATFORM}\n") | |
| if source == "platform" or version.startswith("otdfctl/"): | |
| (dist_dir / ".module-path").write_text(f"{GO_MODULE_PATH_PLATFORM}\n") |
| repo = Git() | ||
| if version == "main" or version == "refs/heads/main": | ||
| all_heads = [r.split("\t") for r in repo.ls_remote(sdk_url, heads=True).split("\n")] | ||
| sha, _ = [tag for tag in all_heads if "refs/heads/main" in tag][0] |
There was a problem hiding this comment.
This line will raise an IndexError if refs/heads/main is not found in the remote repository's heads. It is safer to use a more robust way to find the head or check if the list is non-empty.
| sha, _ = [tag for tag in all_heads if "refs/heads/main" in tag][0] | |
| sha, _ = next(tag for tag in all_heads if "refs/heads/main" in tag) |
| a) version_json='${{ steps.resolve.outputs.version-a }}' ; needs_source='${{ steps.check-source.outputs.needs-source-a }}' ;; | ||
| b) version_json='${{ steps.resolve.outputs.version-b }}' ; needs_source='${{ steps.check-source.outputs.needs-source-b }}' ;; | ||
| c) version_json='${{ steps.resolve.outputs.version-c }}' ; needs_source='${{ steps.check-source.outputs.needs-source-c }}' ;; | ||
| d) version_json='${{ steps.resolve.outputs.version-d }}' ; needs_source='${{ steps.check-source.outputs.needs-source-d }}' ;; |
There was a problem hiding this comment.
Using direct interpolation of GitHub Action outputs (${{ steps.resolve.outputs.version-a }}) inside single quotes in a shell script is risky. If the JSON output contains a single quote (e.g., in a tag name or an error message), it will break the shell command syntax. It is safer to map these outputs to environment variables and use those in the script.
X-Test Results✅ java-main |
1 participant
otdfctl is moving from opentdf/otdfctl into opentdf/platform. This
updates the test infrastructure to auto-detect when the platform
checkout contains otdfctl/ and build from there instead of the
standalone repo.
Key changes:
detection step that checks for otdfctl/go.mod in the platform dir
source into sdk/go/src/ for head builds instead of separate checkout
against the platform repo with otdfctl/ tag infix; installers write
.module-path file for the new Go module path
(github.com/opentdf/platform/otdfctl) for go run fallback
Backward compatible: old releases still resolve from the standalone
repo; .module-path absence defaults to the original module path.
Co-Authored-By: Claude Opus 4.6 (1M context) noreply@anthropic.com