Skip to content

feat: Enable policy docs link in Tekton tasks #3196

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dheerajodha wants to merge 1 commit into
base: main
Choose a base branch
from
+4 −0
Open

feat: Enable policy docs link in Tekton tasks #3196

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -390,6 +390,7 @@ spec:
--timeout=0
--strict=false
--show-successes=true
--show-policy-docs-link=true
--effective-time="${EFFECTIVE_TIME}"
--extra-rule-data="${EXTRA_RULE_DATA}"
--retry-max-wait="${RETRY_MAX_WAIT}"
Expand Down
2 changes: 2 additions & 0 deletions tasks/verify-conforma-konflux-vsa-ta/0.1/verify-conforma-konflux-vsa-ta.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -280,6 +280,7 @@ spec:
- "--workers"
- "$(params.WORKERS)"
- "--strict=false"
- "--show-policy-docs-link=true"
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 2, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Task usage:"
rg -n --fixed-strings 'show-policy-docs-link' \
  tasks/verify-conforma-konflux-vsa-ta/0.1/verify-conforma-konflux-vsa-ta.yaml

echo
echo "CLI flag registrations (validate commands):"
rg -n --fixed-strings 'show-policy-docs-link' cmd/validate || true

echo
echo "Validate image flags file context:"
sed -n '470,620p' cmd/validate/image.go | rg -n --fixed-strings 'show-policy-docs-link' || true

Repository: conforma/cli

Length of output: 238

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== Context around YAML line 283 and 340 ==="
sed -n '275,290p' tasks/verify-conforma-konflux-vsa-ta/0.1/verify-conforma-konflux-vsa-ta.yaml | cat -n
echo
sed -n '332,347p' tasks/verify-conforma-konflux-vsa-ta/0.1/verify-conforma-konflux-vsa-ta.yaml | cat -n

echo
echo "=== Full validate command file structure ==="
find cmd/validate -type f -name "*.go" | sort

echo
echo "=== Check for flag registration patterns in all validate files ==="
rg -n "show.policy|PolicyDocs|policy.*docs" cmd/validate || echo "No matches found"

echo
echo "=== Search for flag registration in full image.go file ==="
wc -l cmd/validate/image.go
rg -n "show-policy" cmd/validate/image.go || echo "Not found in image.go"

echo
echo "=== Check if validate vsa exists ==="
find cmd/validate -name "*vsa*" -o -name "*vsa*.go"

Repository: conforma/cli

Length of output: 2254

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== vsa.go flag registration section ==="
# Look for where flags are registered (typically Flags() section or cmd.Flags().X patterns)
rg -A 20 "func.*Cmd\(\)|PersistentFlags\(\)|Flags\(\)" cmd/validate/vsa.go | head -80

echo
echo "=== image.go flag registration section ==="
rg -A 20 "func.*Cmd\(\)|PersistentFlags\(\)|Flags\(\)" cmd/validate/image.go | head -80

echo
echo "=== Check if flag appears in any other files in repo ==="
rg -l "show-policy-docs-link" --type go --type yaml . 2>/dev/null || echo "Only in YAML task file"

Repository: conforma/cli

Length of output: 8602

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== Searching for show-successes in image.go to find where output flags are ==="
rg -n "show-successes" cmd/validate/image.go

echo
echo "=== Searching for all flag definitions containing 'show' in image.go ==="
rg -n 'cmd.Flags.*"show' cmd/validate/image.go

echo
echo "=== Full validation: search entire codebase for --show-policy-docs-link registration ==="
rg -n "show.policy.docs.link|show-policy-docs-link" cmd/ || echo "Not found in cmd/"

Repository: conforma/cli

Length of output: 590

--show-policy-docs-link flag is not registered in either validate image or validate vsa commands

Lines 283 and 340 use this flag, but a comprehensive search of cmd/validate/ confirms it is not defined in either image.go or vsa.go. Both commands will fail with "unknown flag" error at runtime, blocking task execution.

Remove both occurrences until CLI support is available:

Remove unsupported flags 
-        - "--show-policy-docs-link=true"

Apply to both line 283 (validate vsa) and line 340 (validate image).

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- "--show-policy-docs-link=true"
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@tasks/verify-conforma-konflux-vsa-ta/0.1/verify-conforma-konflux-vsa-ta.yaml`
at line 283, The task YAML includes an unsupported CLI flag
"--show-policy-docs-link=true" passed to the validate commands; remove both
occurrences of that flag from the argument lists for the validate vsa and
validate image commands (the entries invoking the validate vsa and validate
image commands in this task) so the commands only use registered flags; ensure
you delete the exact string "--show-policy-docs-link=true" from both places to
avoid unknown flag runtime errors.

Copy link
Copy Markdown
Member

@simonbaird simonbaird Apr 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is that true @dheerajodha or is the bot confused?

Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!

Copy link
Copy Markdown
Member

@simonbaird simonbaird Apr 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since #3173 is merged, perhaps a rebase on top of that would make the bot happier.

Copy link
Copy Markdown
Contributor Author

@dheerajodha dheerajodha Apr 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Simon! I rebased, and now it's all green. These bots are good

- "--fallback-public-key"
- "$(params.PUBLIC_KEY)"
- "--output"
Expand Down Expand Up @@ -336,6 +337,7 @@ spec:
- "--timeout=100h"
- "--strict=false"
- "--show-successes"
- "--show-policy-docs-link=true"
- "--effective-time=$(params.EFFECTIVE_TIME)"
- "--extra-rule-data=pipeline_intention=release"
- "--extra-rule-data=$(params.EXTRA_RULE_DATA)"
Expand Down
1 change: 1 addition & 0 deletions tasks/verify-enterprise-contract/0.1/verify-enterprise-contract.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -335,6 +335,7 @@ spec:
--timeout=0
--strict=false
--show-successes=true
--show-policy-docs-link=true
--effective-time="${EFFECTIVE_TIME}"
--extra-rule-data="${EXTRA_RULE_DATA}"
--retry-max-wait="${RETRY_MAX_WAIT}"
Expand Down
Loading