Skip to content

Set spec.params instead of pipelineSpec.params#20

Merged
asergienk merged 1 commit into
release-engineering:mainfrom
asergienk:fix_default_params
Jun 26, 2026
Merged

Set spec.params instead of pipelineSpec.params#20
asergienk merged 1 commit into
release-engineering:mainfrom
asergienk:fix_default_params

Conversation

@asergienk

Copy link
Copy Markdown
Collaborator

Use the following Konflux convention: defaults in pipelineSpec.params, override in spec.params

@asergienk asergienk requested a review from a team as a code owner June 25, 2026 22:35
@fullsend-ai-review

fullsend-ai-review Bot commented Jun 25, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 10:39 PM UTC · Completed 10:48 PM UTC
Commit: aa484f0 · View workflow run →

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 25, 2026

Copy link
Copy Markdown

Review

Findings

Medium

  • [scope-creep] .tekton/fbc-update-planner-pull-request.yaml:158 — The PR includes an unrelated task bundle digest update (git-clone-oci-ta SHA256 change from d30f13d... to e865b49...) alongside the parameter configuration changes. This bundle update is not mentioned in the PR title or description.
    Remediation: Mention the git-clone-oci-ta bundle update in the PR description, or separate it into its own commit/PR.

Low

  • [missing-authorization] .tekton/fbc-update-planner-pull-request.yaml — CI/CD pipeline configuration change has no linked issue. The PR modifies Tekton pipeline parameter structure for both PR and push pipelines. The change has zero net behavioral impact (hermetic and build-source-image remain "true" via spec.params overrides).

  • [undocumented-architecture] .tekton/fbc-update-planner-pull-request.yaml — AGENTS.md documents the application architecture but contains no guidance on Tekton pipeline configuration conventions or the .tekton/ directory structure.

Previous run

Review

Findings

Medium

  • [api-contract] .tekton/fbc-update-planner-pull-request.yaml:32 — The prefetch-input parameter is declared as type: string in pipelineSpec.params (line 70–71), but the new spec.params value is a YAML array. In standard Tekton v1, providing a structured YAML value to a string-typed parameter may cause a validation error at PipelineRun admission. The Konflux ecosystem may support automatic array-to-JSON-string coercion for string-typed params, but this behavior is version-dependent.
    Remediation: Verify that the Tekton controller version in use supports automatic array-to-JSON-string coercion for string-typed params. If uncertain, keep the JSON string format (e.g., value: '{"type": "gomod", "path": "."}').

  • [api-contract] .tekton/fbc-update-planner-push.yaml:29 — Same prefetch-input array-vs-string concern as in the pull-request file. The YAML array value for a string-typed parameter relies on Tekton's automatic coercion.
    Remediation: Same as above — verify controller support or keep the JSON string format.

Low

  • [fail-open] .tekton/fbc-update-planner-pull-request.yaml:67 — The pipelineSpec.params defaults for hermetic and build-source-image were changed from "true" to "false", with explicit spec.params overrides of "true". While the runtime behavior is unchanged, the defaults are now fail-open: if the spec.params overrides are ever removed (e.g., during a future refactor), the pipeline would silently run without network isolation and without building source images. The same pattern applies to fbc-update-planner-push.yaml.
    Remediation: Consider keeping the pipelineSpec.params defaults as "true" so that the secure behavior is the default regardless of whether spec.params provides an override.
Previous run (2)

Review

Reason: stale-head

The review agent reviewed commit 5665d9c81ab83fe65b05bf8ab7b1e2ba0e834066 but the PR HEAD is now f03acc85bec94dc63510d523300d2b1805408809. This review was discarded to avoid approving unreviewed code.

Previous run (3)

Review

Findings

Low

  • [missing-authorization] .tekton/fbc-update-planner-pull-request.yaml — Pipeline configuration change modifies where hermetic and build-source-image parameters are set (moved from pipelineSpec.params defaults to spec.params overrides). The net runtime behavior is unchanged — both parameters resolve to "true" before and after the change. The PR lacks a linked issue, but the change is a structural refactoring with no behavioral impact.
    Remediation: Consider linking to an issue for traceability, though this is a low-risk structural change.

  • [undocumented-convention] .tekton/fbc-update-planner-pull-request.yaml:33 — The PR body references a "Konflux convention" for placing defaults in pipelineSpec.params with overrides in spec.params. This convention is not documented in the repository. However, this is a well-known Konflux platform pattern and the .tekton pipeline files are platform-managed artifacts.
    Remediation: Optionally add a comment in the YAML or a brief note in project docs about Konflux pipeline configuration conventions.

value: Dockerfile
- name: prefetch-input
value: '{"type": "gomod", "path": "."}'
- name: hermetic

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[low] undocumented-convention

The PR body references a 'Konflux convention' for placing defaults in pipelineSpec.params with overrides in spec.params. This convention is not documented in the repository. However, this is a well-known Konflux platform pattern and the .tekton pipeline files are platform-managed artifacts.

Suggested fix: Optionally add a comment in the YAML or a brief note in project docs about Konflux pipeline configuration conventions.

@fullsend-ai-review fullsend-ai-review Bot added the ready-for-merge All reviewers approved — ready to merge label Jun 25, 2026
@asergienk asergienk force-pushed the fix_default_params branch from 3aeb8c9 to 5665d9c Compare June 25, 2026 22:50
@fullsend-ai-review

fullsend-ai-review Bot commented Jun 25, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 10:54 PM UTC · Completed 11:08 PM UTC
Commit: aa484f0 · View workflow run →

@asergienk asergienk force-pushed the fix_default_params branch from 5665d9c to f03acc8 Compare June 25, 2026 22:57
@fullsend-ai-review

Copy link
Copy Markdown

/fs-review

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 25, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 11:11 PM UTC · Completed 11:21 PM UTC
Commit: aa484f0 · View workflow run →

@fullsend-ai-review fullsend-ai-review Bot added requires-manual-review Review requires human judgment and removed ready-for-merge All reviewers approved — ready to merge labels Jun 25, 2026
@asergienk asergienk force-pushed the fix_default_params branch from f03acc8 to ac48575 Compare June 26, 2026 00:58
@fullsend-ai-review

fullsend-ai-review Bot commented Jun 26, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 1:01 AM UTC · Completed 1:10 AM UTC
Commit: aa484f0 · View workflow run →

@fullsend-ai-review fullsend-ai-review Bot added requires-manual-review Review requires human judgment and removed requires-manual-review Review requires human judgment labels Jun 26, 2026
@asergienk asergienk merged commit 92526fe into release-engineering:main Jun 26, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

requires-manual-review Review requires human judgment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants