feat: Enable policy docs link in Tekton tasks

[dheerajodha]

Depends on #3173

Add --show-policy-docs-link=true to all Tekton validation tasks for prod envs.

Changes:

• verify-enterprise-contract
• verify-conforma-konflux-ta
• verify-conforma-konflux-vsa-ta"

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4c3dfd42-e49d-442f-8934-8325e754a276

📥 Commits

Reviewing files that changed from the base of the PR and between 1a717bb and de1b1a4.

📒 Files selected for processing (3)

• tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml
• tasks/verify-conforma-konflux-vsa-ta/0.1/verify-conforma-konflux-vsa-ta.yaml
• tasks/verify-enterprise-contract/0.1/verify-enterprise-contract.yaml

✅ Files skipped from review due to trivial changes (2)

• tasks/verify-enterprise-contract/0.1/verify-enterprise-contract.yaml
• tasks/verify-conforma-konflux-vsa-ta/0.1/verify-conforma-konflux-vsa-ta.yaml

🚧 Files skipped from review as they are similar to previous changes (1)

• tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml

---

📝 Walkthrough

Walkthrough

Three Tekton task YAML files were updated to add the --show-policy-docs-link=true flag to Conforma ec validate command invocations, enabling policy documentation links in validation output; no control flow, retry, or other argument changes were made. (45 words)

Changes

Cohort / File(s)	Summary
Conforma Validation Tasks tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml, tasks/verify-conforma-konflux-vsa-ta/0.1/verify-conforma-konflux-vsa-ta.yaml, tasks/verify-enterprise-contract/0.1/verify-enterprise-contract.yaml	Added --show-policy-docs-link=true to Conforma ec validate command invocations in the validate steps. No other CLI args, control flow, error handling, or exported interfaces were changed.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly describes the main change: enabling a policy docs link feature across Tekton validation tasks.
Description check	✅ Passed	The description is directly related to the changeset, listing the three affected tasks and the flag being added.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[simonbaird]

The patch looks okay, but I think there's some messed up snapshot files.

Maybe start by putting them all back to how they were, then run export UPDATE_SNAPS=true ; make acceptance?

[simonbaird]

Nitpick: Commit messages sound a little AI-sloppy, especially the part where it says "Your colleague nailed it: " 😁

[dheerajodha]

The patch looks okay, but I think there's some messed up snapshot files.

Yes, those came from the commits related to PR for another ticket (EC-1603), and it contained those messy snapshot files (now fixed there). So, I decided to just rebase this branch on top of main branch and merge it once the other PR is merged first.

Nitpick: Commit messages sound a little AI-sloppy, especially the part where it says "Your colleague nailed it: " 😁

Woooops 😁 secret's out, my bot and I talk about you. But fr, sorry about that, I need to be more careful with commit messages. I've updated those commits at the source (#3173)

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml`:
- Line 393: The YAML adds the unsupported flag --show-policy-docs-link causing
unknown-flag failures; update the code that builds/assembles validate command
args (see cmd/validate/image.go and the function that constructs format/options
args) to check whether the CLI actually supports the flag before appending it:
use the command's FlagSet lookup (e.g.,
cmd.Flags().Lookup("show-policy-docs-link") or similar) or a dedicated
capability check and only append "--show-policy-docs-link=true" when the lookup
returns non-nil/true, otherwise skip adding it so the task remains compatible
with older CLI builds.

In
`@tasks/verify-conforma-konflux-vsa-ta/0.1/verify-conforma-konflux-vsa-ta.yaml`:
- Line 283: The task YAML includes an unsupported CLI flag
"--show-policy-docs-link=true" passed to the validate commands; remove both
occurrences of that flag from the argument lists for the validate vsa and
validate image commands (the entries invoking the validate vsa and validate
image commands in this task) so the commands only use registered flags; ensure
you delete the exact string "--show-policy-docs-link=true" from both places to
avoid unknown flag runtime errors.

In `@tasks/verify-enterprise-contract/0.1/verify-enterprise-contract.yaml`:
- Line 338: Add a compatibility guard around appending the CLI flag
--show-policy-docs-link to the ec validate image invocation: detect whether the
installed CLI supports that flag (e.g., run ec validate --help or parse
output/version) before adding "--show-policy-docs-link=true" and only append it
when supported; update the logic used where the flag is currently hardcoded (the
place adding "--show-policy-docs-link=true" in the task template) and apply the
same conditional pattern to the other occurrences of "--show-policy-docs-link"
in the verify-conforma-konflux-vsa-ta and verify-conforma-konflux-ta task
templates so the flag is never passed to CLI versions that don't support it.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0eb50443-2c8b-422f-8da2-41f21ebb9fd1

📥 Commits

Reviewing files that changed from the base of the PR and between bf7cd76 and 1a717bb.

📒 Files selected for processing (3)

• tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml
• tasks/verify-conforma-konflux-vsa-ta/0.1/verify-conforma-konflux-vsa-ta.yaml
• tasks/verify-enterprise-contract/0.1/verify-enterprise-contract.yaml

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Task usage:"
rg -n --fixed-strings 'show-policy-docs-link' \
  tasks/verify-conforma-konflux-vsa-ta/0.1/verify-conforma-konflux-vsa-ta.yaml

echo
echo "CLI flag registrations (validate commands):"
rg -n --fixed-strings 'show-policy-docs-link' cmd/validate || true

echo
echo "Validate image flags file context:"
sed -n '470,620p' cmd/validate/image.go | rg -n --fixed-strings 'show-policy-docs-link' || true

Repository: conforma/cli

Length of output: 238

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== Context around YAML line 283 and 340 ==="
sed -n '275,290p' tasks/verify-conforma-konflux-vsa-ta/0.1/verify-conforma-konflux-vsa-ta.yaml | cat -n
echo
sed -n '332,347p' tasks/verify-conforma-konflux-vsa-ta/0.1/verify-conforma-konflux-vsa-ta.yaml | cat -n

echo
echo "=== Full validate command file structure ==="
find cmd/validate -type f -name "*.go" | sort

echo
echo "=== Check for flag registration patterns in all validate files ==="
rg -n "show.policy|PolicyDocs|policy.*docs" cmd/validate || echo "No matches found"

echo
echo "=== Search for flag registration in full image.go file ==="
wc -l cmd/validate/image.go
rg -n "show-policy" cmd/validate/image.go || echo "Not found in image.go"

echo
echo "=== Check if validate vsa exists ==="
find cmd/validate -name "*vsa*" -o -name "*vsa*.go"

Repository: conforma/cli

Length of output: 2254

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== vsa.go flag registration section ==="
# Look for where flags are registered (typically Flags() section or cmd.Flags().X patterns)
rg -A 20 "func.*Cmd\(\)|PersistentFlags\(\)|Flags\(\)" cmd/validate/vsa.go | head -80

echo
echo "=== image.go flag registration section ==="
rg -A 20 "func.*Cmd\(\)|PersistentFlags\(\)|Flags\(\)" cmd/validate/image.go | head -80

echo
echo "=== Check if flag appears in any other files in repo ==="
rg -l "show-policy-docs-link" --type go --type yaml . 2>/dev/null || echo "Only in YAML task file"

Repository: conforma/cli

Length of output: 8602

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== Searching for show-successes in image.go to find where output flags are ==="
rg -n "show-successes" cmd/validate/image.go

echo
echo "=== Searching for all flag definitions containing 'show' in image.go ==="
rg -n 'cmd.Flags.*"show' cmd/validate/image.go

echo
echo "=== Full validation: search entire codebase for --show-policy-docs-link registration ==="
rg -n "show.policy.docs.link|show-policy-docs-link" cmd/ || echo "Not found in cmd/"

Repository: conforma/cli

Length of output: 590

---

--show-policy-docs-link flag is not registered in either validate image or validate vsa commands

Lines 283 and 340 use this flag, but a comprehensive search of cmd/validate/ confirms it is not defined in either image.go or vsa.go. Both commands will fail with "unknown flag" error at runtime, blocking task execution.

Remove both occurrences until CLI support is available:

Remove unsupported flags

-        - "--show-policy-docs-link=true"

Apply to both line 283 (validate vsa) and line 340 (validate image).

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

- "--show-policy-docs-link=true"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tasks/verify-conforma-konflux-vsa-ta/0.1/verify-conforma-konflux-vsa-ta.yaml`
at line 283, The task YAML includes an unsupported CLI flag
"--show-policy-docs-link=true" passed to the validate commands; remove both
occurrences of that flag from the argument lists for the validate vsa and
validate image commands (the entries invoking the validate vsa and validate
image commands in this task) so the commands only use registered flags; ensure
you delete the exact string "--show-policy-docs-link=true" from both places to
avoid unknown flag runtime errors.

[simonbaird]

Is that true @dheerajodha or is the bot confused?

[coderabbitai]

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!

[simonbaird]

Since #3173 is merged, perhaps a rebase on top of that would make the bot happier.

[dheerajodha]

Thanks Simon! I rebased, and now it's all green. These bots are good

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

Flag	Coverage Δ
acceptance	55.20% <ø> (ø)
generative	17.87% <ø> (ø)
integration	26.61% <ø> (ø)
unit	69.01% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.