Skip to content

feat: add component-level context and boundary lint rules#941

Open
h0pers wants to merge 4 commits into
opendatahub-io:mainfrom
h0pers:feat/ai-scaffolding-tier3
Open

feat: add component-level context and boundary lint rules#941
h0pers wants to merge 4 commits into
opendatahub-io:mainfrom
h0pers:feat/ai-scaffolding-tier3

Conversation

@h0pers

@h0pers h0pers commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

What this PR does / why we need it:

Implements AI Scaffolding Tier 3 checks 3.1 and 3.3 for the distributed-workloads repo:

  • Check 3.1 — Component-level context files: Add .claude/rules/ with path-scoped rules for tests/trainer/, tests/common/support/, and general test conventions (mandatory tags, namespace isolation, resource naming, import boundaries).
  • Check 3.3 — Architectural boundary lint rules: Enable depguard in .golangci.yml with per-suite boundary rules preventing cross-suite imports between tests/kfto/, tests/trainer/, tests/fms/, and tests/odh/. Move shared image helpers (GetAlpacaDatasetImage, GetBloomModelImage) from tests/kfto/ to tests/common/support/environment.go to resolve existing cross-suite import violations.

Which issue(s) this PR fixes:

Fixes #940

Summary by CodeRabbit

Summary by CodeRabbit

  • Documentation

    • Added/updated test-convention rules for namespace isolation, naming, cleanup, tags, helper contracts, and suite import boundaries.
  • Bug Fixes

    • Standardized test image selection via shared environment getters (Bloom model, Alpaca dataset).
    • Improved notebook template loading with direct file reading and explicit error checking.
  • Refactor

    • Centralized notebook status log polling in shared test helpers; updated trainer/SDK tests to use it consistently.
  • Chores

    • Enforced suite boundary imports via linting; updated agent config sync tooling to run through the Python/uv-based generator.

@openshift-ci
openshift-ci Bot requested review from ChughShilpa and sutaakar July 2, 2026 07:20
@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign abhijeet-dhumal for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@h0pers, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 47 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 520cfd49-a200-43af-908f-9f32b523305b

📥 Commits

Reviewing files that changed from the base of the PR and between 3b179bb and d9cd68c.

📒 Files selected for processing (1)
  • tests/common/support/core.go
📝 Walkthrough

Walkthrough

Adds metadata-driven synchronization for Claude and Cursor agent configuration, with ai/ as the source and uv-based CI verification. Adds test conventions and depguard rules for suite boundaries. Moves image getters and notebook log polling into shared test support, updating callers and removing cross-suite helper dependencies. Also replaces notebook file loading with direct reads and adjusts embedded script formatting.

Estimated code review effort: 3 (Moderate) | ~30 minutes

🚥 Pre-merge checks | ✅ 8 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Out of Scope Changes check ⚠️ Warning Adds ai/, .cursor/, sync-script, and workflow changes beyond #940; unrelated to the requested rules/helper move and broadens CI/CD surface (CWE-494). Split the agent-sync, mirrored rule files, and workflow/Makefile changes into a separate PR unless they are explicitly part of #940.
Contribution Quality And Spam Detection ⚠️ Warning Boilerplate PR template plus dev-only lint/CI scaffolding; the boundary rules are internal-maintenance work, not a realistic untrusted-input security fix (CWE-829 theater). Remove security framing, add a concrete threat model and tests for any real behavioral change, or submit it as maintenance/docs only.
✅ Passed checks (8 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title matches the main change: component-level test context and depguard boundary rules.
Linked Issues check ✅ Passed The requested #940 scope is covered: scoped rules, depguard boundaries, and shared image helpers moved to tests/common/support/.
No Hardcoded Secrets ✅ Passed No hardcoded creds found; only placeholder test tokens and env-var names. No CWE-798/CWE-321 issue.
No Weak Cryptography ✅ Passed No CWE-327/CWE-328/CWE-208 issues: changed files contain no MD5/SHA1/DES/RC4/3DES/Blowfish/ECB or custom crypto; only SHA-256 image digests.
No Injection Vectors ✅ Passed No CWE-89/78/94/502/79 sinks found; the new script only reads repo-owned JSON/MD and writes files, and the other changes are test/docs glue.
No Privileged Containers ✅ Passed No touched Kubernetes manifests or Dockerfiles add privileged flags, host access, SYS_ADMIN, or root; the only manifest-like change is a CI workflow and it contains none.
No Sensitive Data In Logs ✅ Passed No CWE-532 exposure found: new prints/echoes only emit file paths and status strings, not secrets, tokens, PII, or raw bodies.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@efazal

efazal commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

@h0pers wondering if we can make the rules common for both Claude and Cursor as well. Without repeating the md files, perhaps a suggestion like ai/rules folder will contain the rules and symlinks can be added to them in claude/cursor rules folders? or if we want generalize for any ai agents, then perhaps we can add a reference in the agents.md file pointing to the ai/rules folder.

h0pers and others added 2 commits July 14, 2026 16:26
Add .claude/rules/ with path-scoped rules for trainer, common/support,
and general test conventions. Enable depguard in .golangci.yml with
per-suite boundary rules preventing cross-suite imports. Move shared
image helpers from tests/kfto/ to tests/common/support/ to eliminate
existing violations.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
… violations

The depguard boundary rules added in 1a3736d prevent cross-suite imports,
but tests/odh/ was still importing from tests/trainer/utils/. Move
PollNotebookLogsForStatus to tests/common/support/core.go and update all
callers.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@h0pers
h0pers force-pushed the feat/ai-scaffolding-tier3 branch from b074505 to fcfca2c Compare July 17, 2026 09:04
h0pers and others added 2 commits July 17, 2026 10:10
… truth

Replace hack/sync-agents-config.sh with hack/sync_agents_config.py that
handles both skills and rules, generates .cursor/rules/*.mdc files, and
validates metadata.json for each source document. Move rule sources to
ai/rules/ alongside ai/skills/ with metadata.json for agent-specific
fields (globs, description). Add uv setup step to CI verification.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)
.github/workflows/verify_generated_files.yml (1)

34-36: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Set least-privilege permissions per job (CWE-284).

The verify-agents-config job lacks a permissions block, causing it to inherit default workflow permissions. If default permissions are broad, this could allow a compromised CI runner to mutate the repository. As per path instructions, set explicit least-privilege permissions per job.

Proposed fix
   verify-agents-config:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/verify_generated_files.yml around lines 34 - 36, Update
the verify-agents-config job to declare an explicit least-privilege permissions
block, granting only the permissions required by its existing steps and setting
all others to none; do not rely on inherited workflow defaults.

Sources: Path instructions, Linters/SAST tools

tests/odh/training_hub_rayjob_test.go (1)

141-169: 🔒 Security & Privacy | 🔴 Critical | ⚡ Quick win

CWE-78: Command injection risk due to unquoted shell variables.

The scriptConfigMap, algorithm, and pvcName variables are interpolated directly into the shell command without shell quoting. Even if these currently originate from trusted Kubernetes names or hardcoded strings, this pattern is a command injection risk. All variables interpolated into shell commands must be properly quoted.

Proposed fix
 	return []string{
 		"/bin/sh",
 		"-c",
 		s3Exports +
 			"pip install papermill huggingface_hub datasets s3fs && " +
 			"if papermill /opt/app-root/notebooks/{{.NotebookConfigMapFileName}}" +
 			" /opt/app-root/src/mcad-out.ipynb -p namespace {{.Namespace}} -p ray_image " + rayImage +
-			fmt.Sprintf(" -p script_configmap %s -p algorithm %s -p pvc_name %s", scriptConfigMap, algorithm, pvcName) +
+			fmt.Sprintf(" -p script_configmap %s -p algorithm %s -p pvc_name %s", trainingHubShellQuote(scriptConfigMap), trainingHubShellQuote(algorithm), trainingHubShellQuote(pvcName)) +
 			" -p openshift_api_url {{.OpenShiftApiUrl}} -p kubernetes_user_bearer_token {{.KubernetesUserBearerToken}}" +
 			" -p num_gpus {{ .NumGpus }} --log-output; " +
 			"then echo 'NOTEBOOK_STATUS: SUCCESS'; else echo 'NOTEBOOK_STATUS: FAILURE'; fi; sleep infinity",
 	}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/odh/training_hub_rayjob_test.go` around lines 141 - 169, Update
getTrainingHubNotebookCommand to shell-quote scriptConfigMap, algorithm, and
pvcName before interpolating them into the command, using the existing
trainingHubShellQuote helper. Ensure each value remains a single argument and
cannot alter shell syntax.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/verify_generated_files.yml:
- Around line 37-39: Update the actions/checkout and astral-sh/setup-uv steps in
the workflow to reference immutable full commit SHAs instead of mutable version
tags. Configure actions/checkout to disable credential persistence, while
preserving the existing action usage and setup behavior.

In `@hack/sync_agents_config.py`:
- Around line 3-4: Update the dependency declaration in the script metadata to
pin pyyaml to an explicit tested version, using the existing dependency key and
preserving the Python version requirement.

In `@tests/common/support/core.go`:
- Around line 150-176: Update PollNotebookLogsForStatus to call
test.T().Helper() at the start of the shared helper, before its polling and
assertion logic, so failures are attributed to the calling test.

In `@tests/common/support/environment.go`:
- Around line 260-267: Update GetBloomModelImage and GetAlpacaDatasetImage to
accept the Test interface, call test.T().Helper() at the start of each helper,
and continue using lookupEnvOrDefault with their existing environment keys and
defaults.

---

Outside diff comments:
In @.github/workflows/verify_generated_files.yml:
- Around line 34-36: Update the verify-agents-config job to declare an explicit
least-privilege permissions block, granting only the permissions required by its
existing steps and setting all others to none; do not rely on inherited workflow
defaults.

In `@tests/odh/training_hub_rayjob_test.go`:
- Around line 141-169: Update getTrainingHubNotebookCommand to shell-quote
scriptConfigMap, algorithm, and pvcName before interpolating them into the
command, using the existing trainingHubShellQuote helper. Ensure each value
remains a single argument and cannot alter shell syntax.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: cbb2a6c0-860a-4ff9-a271-d8140745c881

📥 Commits

Reviewing files that changed from the base of the PR and between b074505 and 3b179bb.

📒 Files selected for processing (45)
  • .claude/rules/tests-common-support.md
  • .claude/rules/tests-general.md
  • .claude/rules/tests-trainer.md
  • .claude/skills/add-benchmark/SKILL.md
  • .claude/skills/add-e2e-test/SKILL.md
  • .claude/skills/update-support-lib/SKILL.md
  • .cursor/rules/tests-common-support.mdc
  • .cursor/rules/tests-general.mdc
  • .cursor/rules/tests-trainer.mdc
  • .cursor/skills/add-benchmark/SKILL.md
  • .cursor/skills/add-e2e-test/SKILL.md
  • .cursor/skills/update-support-lib/SKILL.md
  • .github/workflows/verify_generated_files.yml
  • .golangci.yml
  • AGENTS.md
  • Makefile
  • ai/rules/tests-common-support/RULE.md
  • ai/rules/tests-common-support/metadata.json
  • ai/rules/tests-general/RULE.md
  • ai/rules/tests-general/metadata.json
  • ai/rules/tests-trainer/RULE.md
  • ai/rules/tests-trainer/metadata.json
  • ai/skills/add-benchmark/metadata.json
  • ai/skills/add-e2e-test/metadata.json
  • ai/skills/update-support-lib/metadata.json
  • hack/sync_agents_config.py
  • hack/verify-agents-config.sh
  • tests/common/support/core.go
  • tests/common/support/environment.go
  • tests/fms/kfto/kfto_kueue_sft_GPU_test.go
  • tests/fms/kfto/kfto_kueue_sft_test.go
  • tests/fms/trainer/sft_trainjob_gpu_test.go
  • tests/fms/trainer/sft_trainjob_test.go
  • tests/kfto/environment.go
  • tests/kfto/kfto_sft_llm_test.go
  • tests/odh/training_hub_rayjob_test.go
  • tests/trainer/jobset_workflow_test.go
  • tests/trainer/sdk_tests/failure_traininghub_tests.go
  • tests/trainer/sdk_tests/fashion_mnist_tests.go
  • tests/trainer/sdk_tests/lora_traininghub_tests.go
  • tests/trainer/sdk_tests/mpi_tests.go
  • tests/trainer/sdk_tests/osft_traininghub_tests.go
  • tests/trainer/sdk_tests/sft_traininghub_tests.go
  • tests/trainer/trainer_fashion_mnist_training_test.go
  • tests/trainer/utils/utils_notebook.go
💤 Files with no reviewable changes (2)
  • tests/trainer/utils/utils_notebook.go
  • tests/kfto/environment.go
🚧 Files skipped from review as they are similar to previous changes (7)
  • .claude/rules/tests-general.md
  • .golangci.yml
  • tests/fms/trainer/sft_trainjob_gpu_test.go
  • tests/kfto/kfto_sft_llm_test.go
  • tests/fms/kfto/kfto_kueue_sft_GPU_test.go
  • tests/fms/kfto/kfto_kueue_sft_test.go
  • tests/trainer/jobset_workflow_test.go

Comment on lines 37 to +39
- uses: actions/checkout@v4
- name: Set up uv
uses: astral-sh/setup-uv@v7

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🔴 Critical | ⚡ Quick win

Pin Actions by full SHA and disable credential persistence (CWE-829, CWE-312).

Actions are pinned by mutable tags (@v4, @v7). Tags can be moved to point to malicious commits, enabling supply chain attacks (e.g., CVE-2025-30066). As per path instructions, pin all actions by their full commit SHA.

Additionally, disable credential persistence in actions/checkout to prevent the GITHUB_TOKEN from remaining exposed in the runner's .git/config.

Proposed fix
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@<full-sha>
+      with:
+        persist-credentials: false
     - name: Set up uv
-      uses: astral-sh/setup-uv@v7
+      uses: astral-sh/setup-uv@<full-sha>
🧰 Tools
🪛 zizmor (1.26.1)

[warning] 37-37: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false

(artipacked)


[error] 39-39: runtime artifacts potentially vulnerable to a cache poisoning attack (cache-poisoning): enables caching by default

(cache-poisoning)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/verify_generated_files.yml around lines 37 - 39, Update
the actions/checkout and astral-sh/setup-uv steps in the workflow to reference
immutable full commit SHAs instead of mutable version tags. Configure
actions/checkout to disable credential persistence, while preserving the
existing action usage and setup behavior.

Sources: Path instructions, Linters/SAST tools

Comment on lines +3 to +4
# requires-python = ">=3.11"
# dependencies = ["pyyaml"]

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Pin Python dependencies (CWE-829).

The pyyaml dependency is not pinned to a specific version or hash. Unpinned dependencies in scripts are susceptible to supply chain attacks if a malicious version is published or the package is compromised (e.g., dependency confusion or account takeover).

Provide a pinned version (e.g., pyyaml==6.0.1) to ensure reproducible and secure executions.

Proposed fix
 # requires-python = ">=3.11"
-# dependencies = ["pyyaml"]
+# dependencies = ["pyyaml==6.0.1"]
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# requires-python = ">=3.11"
# dependencies = ["pyyaml"]
# requires-python = ">=3.11"
# dependencies = ["pyyaml==6.0.1"]
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@hack/sync_agents_config.py` around lines 3 - 4, Update the dependency
declaration in the script metadata to pin pyyaml to an explicit tested version,
using the existing dependency key and preserving the Python version requirement.

Source: Path instructions

Comment on lines +150 to +176
func PollNotebookLogsForStatus(test Test, namespace, podName, containerName string, timeout time.Duration) error {
var tail int64 = 2000
getLogs := PodLog(test, namespace, podName, corev1.PodLogOptions{
Container: containerName,
TailLines: &tail,
})

sawFailure := false
test.Eventually(func() bool {
logs := getLogs(test)
switch {
case strings.Contains(logs, "NOTEBOOK_STATUS: SUCCESS"):
return true
case strings.Contains(logs, "NOTEBOOK_STATUS: FAILURE"):
sawFailure = true
return true
default:
return false
}
}, timeout).Should(gomega.BeTrue(), "Notebook did not reach definitive state")

if sawFailure {
return fmt.Errorf("Notebook execution failed")
}
return nil
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Missing test.T().Helper() in shared helper.

Shared helper functions in tests/common/support/ must call test.T().Helper() to ensure correct test failure attribution. As per coding guidelines: "Shared helpers must receive the Test interface for Kubernetes client, context, and Gomega assertion access, and helper functions must call test.T().Helper()."

Proposed fix
 func PollNotebookLogsForStatus(test Test, namespace, podName, containerName string, timeout time.Duration) error {
+	test.T().Helper()
 	var tail int64 = 2000
 	getLogs := PodLog(test, namespace, podName, corev1.PodLogOptions{
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
func PollNotebookLogsForStatus(test Test, namespace, podName, containerName string, timeout time.Duration) error {
var tail int64 = 2000
getLogs := PodLog(test, namespace, podName, corev1.PodLogOptions{
Container: containerName,
TailLines: &tail,
})
sawFailure := false
test.Eventually(func() bool {
logs := getLogs(test)
switch {
case strings.Contains(logs, "NOTEBOOK_STATUS: SUCCESS"):
return true
case strings.Contains(logs, "NOTEBOOK_STATUS: FAILURE"):
sawFailure = true
return true
default:
return false
}
}, timeout).Should(gomega.BeTrue(), "Notebook did not reach definitive state")
if sawFailure {
return fmt.Errorf("Notebook execution failed")
}
return nil
}
func PollNotebookLogsForStatus(test Test, namespace, podName, containerName string, timeout time.Duration) error {
test.T().Helper()
var tail int64 = 2000
getLogs := PodLog(test, namespace, podName, corev1.PodLogOptions{
Container: containerName,
TailLines: &tail,
})
sawFailure := false
test.Eventually(func() bool {
logs := getLogs(test)
switch {
case strings.Contains(logs, "NOTEBOOK_STATUS: SUCCESS"):
return true
case strings.Contains(logs, "NOTEBOOK_STATUS: FAILURE"):
sawFailure = true
return true
default:
return false
}
}, timeout).Should(gomega.BeTrue(), "Notebook did not reach definitive state")
if sawFailure {
return fmt.Errorf("Notebook execution failed")
}
return nil
}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/common/support/core.go` around lines 150 - 176, Update
PollNotebookLogsForStatus to call test.T().Helper() at the start of the shared
helper, before its polling and assertion logic, so failures are attributed to
the calling test.

Source: Coding guidelines

Comment on lines +260 to +267
func GetBloomModelImage() string {
return lookupEnvOrDefault(bloomModelImageEnvVar, "quay.io/ksuta/bloom-560m@sha256:f6db02bb7b5d09a8d698c04994d747bfb9e581bbb4c07d00290244d207623733")
}

func GetAlpacaDatasetImage() string {
return lookupEnvOrDefault(alpacaDatasetImageEnvVar, "quay.io/ksuta/alpaca-dataset@sha256:2e90f631180c7b2c916f9569b914b336b612e8ae86efad82546adc5c9fcbbb8d")
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Update helper function signatures to accept the Test interface.

The GetBloomModelImage and GetAlpacaDatasetImage helpers omit the Test interface and fail to call test.T().Helper(). As per coding guidelines, shared helpers must receive the Test interface for Kubernetes client, context, and Gomega assertion access, and helper functions must call test.T().Helper(). This implementation also deviates from the pattern documented in .claude/rules/tests-common-support.md, which mandates func GetMyValue(test Test) string for environment variable getters.

♻️ Proposed fixes
-func GetBloomModelImage() string {
+func GetBloomModelImage(test Test) string {
+	test.T().Helper()
	return lookupEnvOrDefault(bloomModelImageEnvVar, "quay.io/ksuta/bloom-560m@sha256:f6db02bb7b5d09a8d698c04994d747bfb9e581bbb4c07d00290244d207623733")
}

-func GetAlpacaDatasetImage() string {
+func GetAlpacaDatasetImage(test Test) string {
+	test.T().Helper()
	return lookupEnvOrDefault(alpacaDatasetImageEnvVar, "quay.io/ksuta/alpaca-dataset@sha256:2e90f631180c7b2c916f9569b914b336b612e8ae86efad82546adc5c9fcbbb8d")
}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
func GetBloomModelImage() string {
return lookupEnvOrDefault(bloomModelImageEnvVar, "quay.io/ksuta/bloom-560m@sha256:f6db02bb7b5d09a8d698c04994d747bfb9e581bbb4c07d00290244d207623733")
}
func GetAlpacaDatasetImage() string {
return lookupEnvOrDefault(alpacaDatasetImageEnvVar, "quay.io/ksuta/alpaca-dataset@sha256:2e90f631180c7b2c916f9569b914b336b612e8ae86efad82546adc5c9fcbbb8d")
}
func GetBloomModelImage(test Test) string {
test.T().Helper()
return lookupEnvOrDefault(bloomModelImageEnvVar, "quay.io/ksuta/bloom-560m@sha256:f6db02bb7b5d09a8d698c04994d747bfb9e581bbb4c07d00290244d207623733")
}
func GetAlpacaDatasetImage(test Test) string {
test.T().Helper()
return lookupEnvOrDefault(alpacaDatasetImageEnvVar, "quay.io/ksuta/alpaca-dataset@sha256:2e90f631180c7b2c916f9569b914b336b612e8ae86efad82546adc5c9fcbbb8d")
}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/common/support/environment.go` around lines 260 - 267, Update
GetBloomModelImage and GetAlpacaDatasetImage to accept the Test interface, call
test.T().Helper() at the start of each helper, and continue using
lookupEnvOrDefault with their existing environment keys and defaults.

Source: Coding guidelines

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add AI scaffolding (Tier 3) for distributed-workloads

2 participants