Skip to content

Use dev-container image#45

Open
Matts966 wants to merge 4 commits intomainfrom
hotfix/use-dev-image
Open

Use dev-container image#45
Matts966 wants to merge 4 commits intomainfrom
hotfix/use-dev-image

Conversation

@Matts966
Copy link
Copy Markdown
Member

@Matts966 Matts966 commented Apr 10, 2026
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Chores
    • Updated the E2E testing container image used in CI.
  • Tests
    • Adjusted gRPC keepalive settings for E2E tests to use longer intervals and permit keepalive without active calls.

@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Apr 10, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 1bc78131-8443-422e-98c8-2f2709d195c5

📥 Commits

Reviewing files that changed from the base of the PR and between 5800432 and 73e5bb6.

📒 Files selected for processing (1)
  • src/tests/test_e2e.py
📝 Walkthrough

Walkthrough

E2E CI workflow container image changed to ghcr.io/vdaas/vald/vald-dev-container:nightly. Test gRPC channel keepalive options updated in TestValdE2E.setUp(): grpc.keepalive_time_ms increased, grpc.keepalive_timeout_ms adjusted, and grpc.keepalive_permit_without_calls added. No other logic changes.

Changes

Cohort / File(s) Summary
CI Workflow Image
​.github/workflows/e2e.yaml		 Switched E2E job container image from ghcr.io/vdaas/vald/vald-ci-container:nightly to ghcr.io/vdaas/vald/vald-dev-container:nightly.
gRPC Channel Configuration (tests)
src/tests/test_e2e.py		 Updated gRPC channel keepalive options: grpc.keepalive_time_ms increased (from 10000 to 1200000), grpc.keepalive_timeout_ms changed (from 5000 to 20000), and added grpc.keepalive_permit_without_calls=0.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

  • Use ci-container #32: Earlier change that updated the E2E workflow container image to a nightly container; closely related to the CI image switch in this PR.

Suggested labels

type/ci, type/refactoring

Suggested reviewers

  • kpango

Poem

🐳 A dev container takes the nightly helm,
keepalives lengthened to steady the realm.
Small edits in tests and CI align,
quiet shifts so the runners stay fine. ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'Use dev-container image' is partially related to the changeset. It accurately describes the primary change in .github/workflows/e2e.yaml (switching from vald-ci-container to vald-dev-container), but omits the secondary but significant gRPC keepalive configuration changes in src/tests/test_e2e.py.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch hotfix/use-dev-image

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@Matts966 Matts966 enabled auto-merge (squash) April 14, 2026 01:50
@Matts966 Matts966 disabled auto-merge April 14, 2026 01:50
@Matts966 Matts966 force-pushed the hotfix/use-dev-image branch from 4c23af9 to 8d9f6fe Compare April 14, 2026 02:03
coderabbitai[bot]
coderabbitai bot reviewed Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)
.github/workflows/e2e.yaml (2)

18-34: ⚠️ Potential issue | 🟠 Major

Declare explicit least-privilege permissions for this workflow.

There is no permissions block (Lines 18-34). Add explicit minimal scopes to avoid relying on defaults.

Suggested minimal permissions baseline 
 on:
   push:
     branches:
       - main
   pull_request:
+
+permissions:
+  contents: read

As per coding guidelines, ".github/workflows/**/*.yaml: Permissions: Ensure permissions are set to least privilege required for the workflow."

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/e2e.yaml around lines 18 - 34, Add an explicit top-level
permissions block to the workflow (affecting the e2e job) granting
least-privilege scopes required by the used actions: at minimum set contents:
read for actions/checkout@v3 and any action that needs repo contents, and add
only the specific extras your composite action requires (for example
pull-requests: write if the vdaas/vald-client-ci action needs PR write access
and id-token: write if it uses OIDC). Insert a top-level permissions: section
above jobs with only those minimal scopes (e.g., permissions: { contents: read,
pull-requests: write, id-token: write } adjusted to actual needs) instead of
relying on defaults so the e2e workflow and the referenced uses:
actions/checkout@v3 and uses: vdaas/vald-client-ci/.github/actions/e2e@main have
explicit least-privilege access.

28-32: ⚠️ Potential issue | 🟠 Major

Pin container image and action references to immutable digests and commit SHAs.

Line 28 uses :nightly and line 32 uses @main—both mutable references that can change behavior and security posture without code changes. Per GitHub Actions security best practices, pin the container image to its digest (sha256:...) and the action to a full commit SHA to prevent supply chain attacks from upstream changes.

Consider also pinning actions/checkout@v3 on line 31 to its full commit SHA rather than a version tag for consistency.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/e2e.yaml around lines 28 - 32, Replace mutable refs with
immutable pins: update the container image string
"ghcr.io/vdaas/vald/vald-dev-container:nightly" to use its immutable sha256
digest, change the action reference
"vdaas/vald-client-ci/.github/actions/e2e@main" to the action's full commit SHA,
and likewise pin "actions/checkout@v3" to a specific commit SHA; ensure you
fetch the correct digest and commit SHAs for the exact versions you intend to
run and substitute those values in the image and action references.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In @.github/workflows/e2e.yaml:
- Around line 18-34: Add an explicit top-level permissions block to the workflow
(affecting the e2e job) granting least-privilege scopes required by the used
actions: at minimum set contents: read for actions/checkout@v3 and any action
that needs repo contents, and add only the specific extras your composite action
requires (for example pull-requests: write if the vdaas/vald-client-ci action
needs PR write access and id-token: write if it uses OIDC). Insert a top-level
permissions: section above jobs with only those minimal scopes (e.g.,
permissions: { contents: read, pull-requests: write, id-token: write } adjusted
to actual needs) instead of relying on defaults so the e2e workflow and the
referenced uses: actions/checkout@v3 and uses:
vdaas/vald-client-ci/.github/actions/e2e@main have explicit least-privilege
access.
- Around line 28-32: Replace mutable refs with immutable pins: update the
container image string "ghcr.io/vdaas/vald/vald-dev-container:nightly" to use
its immutable sha256 digest, change the action reference
"vdaas/vald-client-ci/.github/actions/e2e@main" to the action's full commit SHA,
and likewise pin "actions/checkout@v3" to a specific commit SHA; ensure you
fetch the correct digest and commit SHAs for the exact versions you intend to
run and substitute those values in the image and action references.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: c20278d6-26d0-4bca-ba9d-d985b7ba85ca

📥 Commits

Reviewing files that changed from the base of the PR and between 7f76a90 and 4c23af9.

📒 Files selected for processing (2)
  • .github/workflows/e2e.yaml
  • src/tests/test_e2e.py

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Matts966