Preflight: Get certification grade of containers

[pierreblanc]

SUMMARY

Get certification grade of containers after preflight execution

ISSUE TYPE

• Enhanced Feature

Tests

• TestDallasWorkload: preflight-green -

[coderabbitai]

📝 Walkthrough

Walkthrough

A sequence of tasks was added to the preflight check container workflow to retrieve the operator image digest and query an external catalog API for certification grade information. These steps are executed after the container run, regardless of its outcome, and include debug outputs for both the digest and certification grade.

Changes

Files/Paths	Change Summary
roles/preflight/tasks/test_preflight_check_container_one_image.yml	Added tasks in the always block to fetch the operator image digest, output it, query an external API for certification grade, and debug-print the result.

Suggested reviewers

• manurodriguez

Note

⚡️ AI Code Reviews for VS Code, Cursor, Windsurf

CodeRabbit now has a plugin for VS Code, Cursor and Windsurf. This brings AI code reviews directly in the code editor. Each commit is reviewed immediately, finding bugs before the PR is raised. Seamless context handoff to your AI code agent ensures that you can easily incorporate review feedback.
Learn more here.

---

Note

⚡️ Faster reviews with caching

CodeRabbit now supports caching for code and dependencies, helping speed up reviews. This means quicker feedback, reduced wait times, and a smoother review experience overall. Cached data is encrypted and stored securely. This feature will be automatically enabled for all accounts on May 16th. To opt out, configure Review - Disable Cache at either the organization or repository level. If you prefer to disable all data retention across your organization, simply turn off the Data Retention setting under your Organization Settings.
Enjoy the performance boost—your workflow just got faster.

---

📜 Recent review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 97abd72 and 3723407.

📒 Files selected for processing (1)

• roles/preflight/tasks/test_preflight_check_container_one_image.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• roles/preflight/tasks/test_preflight_check_container_one_image.yml

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Sanity Check (stable-2.17)
• GitHub Check: Sanity Check (stable-2.9)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[softwarefactory-project-zuul]

Build succeeded.
https://softwarefactory-project.io/zuul/t/local/buildset/52f8b9dae9ac414883a54749d71a3200

✔️ dci-rpm-build-el8 SUCCESS in 2m 55s
✔️ dci-rpm-build-el9 SUCCESS in 2m 25s

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

roles/preflight/tasks/test_preflight_check_container_one_image.yml (2)

119-122: Enhance debug output clarity

Right now the raw digest is printed without context. It’s helpful to prepend a label and reference the image:

-    - name: Debug image digest
-      ansible.builtin.debug:
-        msg: "{{ sha.stdout }}"
+    - name: Debug image digest
+      ansible.builtin.debug:
+        msg: "Image digest for {{ current_operator_image }}: {{ sha.stdout }}"

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 122-122: trailing spaces

(trailing-spaces)

---

118-118: Remove trailing whitespace

YAML lint reports trailing spaces on these blank lines. Please delete any extra spaces to satisfy the linter.

Also applies to: 122-122, 135-135

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 118-118: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 05ed8b8 and 6d45c8f.

📒 Files selected for processing (1)

• roles/preflight/tasks/test_preflight_check_container_one_image.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

roles/preflight/tasks/test_preflight_check_container_one_image.yml

[error] 118-118: trailing spaces

(trailing-spaces)

---

[error] 122-122: trailing spaces

(trailing-spaces)

---

[error] 135-135: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Sanity Check (stable-2.9)
• GitHub Check: Sanity Check (stable-2.17)

[coderabbitai]

⚠️ Potential issue

Fix the success check in the retry loop

The until: sha is succeeded test isn’t a valid way to detect a successful shell call. This can cause the task to fail even if skopeo inspect succeeds. Please use the return code instead:

     retries: 2
     delay: 30
-    until: sha is succeeded
+    until: sha.rc == 0

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Get image digest
	ansible.builtin.shell: >
	set -eo pipefail;
	skopeo inspect
	{% if partner_creds | length %}
	--authfile {{ partner_creds }}
	{% else %}
	--no-creds
	{% endif %}
	docker://{{ current_operator_image }} | jq -r '.Digest'
	register: sha
	retries: 2
	delay: 30
	until: sha is succeeded
	- name: Get image digest
	ansible.builtin.shell: >
	set -eo pipefail;
	skopeo inspect
	{% if partner_creds | length %}
	--authfile {{ partner_creds }}
	{% else %}
	--no-creds
	{% endif %}
	docker://{{ current_operator_image }} | jq -r '.Digest'
	register: sha
	retries: 2
	delay: 30
	until: sha.rc == 0

[coderabbitai]

🛠️ Refactor suggestion

Harden the API call and grade lookup

1. Use params: instead of manually building the query string to avoid encoding issues.
2. Guard against empty results before indexing into json.data and freshness_grades to prevent runtime errors.

-  - name: "Pull cert grade of {{ current_operator_image }}"
-    vars:
-      filter_params: "filter=docker_image_digest%3D%3D{{ sha.stdout }}"
-    ansible.builtin.uri:
-      url: >
-        {{ catalog_url }}/images?{{ filter_params }}&page_size=100&page=0
-      method: GET
-      headers:
-        X-API-KEY: "{{ PYXIS_API_TOKEN }}"
-      status_code: 200
-      timeout: 120
-    register: pyxis_grade_status
-
-  - name: "Test_ Preflight: Get cert grade of {{ current_operator_image }}"
-    debug:
-      msg: "{{ pyxis_grade_status.json.data[0].freshness_grades[0].grade }}"
-    when: pyxis_grade_status is defined
+  - name: Pull certification grade for {{ current_operator_image }}
+    ansible.builtin.uri:
+      url: "{{ catalog_url }}/images"
+      method: GET
+      headers:
+        X-API-KEY: "{{ PYXIS_API_TOKEN }}"
+      params:
+        filter: "docker_image_digest=={{ sha.stdout }}"
+        page_size: 100
+        page: 0
+      timeout: 120
+      status_code: 200
+    register: pyxis_grade_status
+
+  - name: Debug certification grade
+    ansible.builtin.debug:
+      msg: "{{ pyxis_grade_status.json.data[0].freshness_grades[0].grade }}"
+    when:
+      - pyxis_grade_status.json.data | length > 0
+      - pyxis_grade_status.json.data[0].freshness_grades | length > 0

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: "Pull cert grade of {{ current_operator_image }}"
	vars:
	filter_params: "filter=docker_image_digest%3D%3D{{ sha.stdout }}"
	ansible.builtin.uri:
	url: >
	{{ catalog_url }}/images?{{ filter_params }}&page_size=100&page=0
	method: GET
	headers:
	X-API-KEY: "{{ PYXIS_API_TOKEN }}"
	status_code: 200
	timeout: 120
	register: pyxis_grade_status
	- name: "Test_ Preflight: Get cert grade of {{ current_operator_image }}"
	debug:
	msg: "{{ pyxis_grade_status.json.data[0].freshness_grades[0].grade }}"
	when: pyxis_grade_status is defined
	- name: Pull certification grade for {{ current_operator_image }}
	ansible.builtin.uri:
	url: "{{ catalog_url }}/images"
	method: GET
	headers:
	X-API-KEY: "{{ PYXIS_API_TOKEN }}"
	params:
	filter: "docker_image_digest=={{ sha.stdout }}"
	page_size: 100
	page: 0
	timeout: 120
	status_code: 200
	register: pyxis_grade_status
	- name: Debug certification grade
	ansible.builtin.debug:
	msg: "{{ pyxis_grade_status.json.data[0].freshness_grades[0].grade }}"
	when:
	- pyxis_grade_status.json.data | length > 0
	- pyxis_grade_status.json.data[0].freshness_grades | length > 0

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 135-135: trailing spaces

(trailing-spaces)

[softwarefactory-project-zuul]

Build succeeded.
https://softwarefactory-project.io/zuul/t/local/buildset/b8966f87610144e793cdb438b4e45c70

✔️ dci-rpm-build-el8 SUCCESS in 2m 53s
✔️ dci-rpm-build-el9 SUCCESS in 2m 21s

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (3)

roles/preflight/tasks/test_preflight_check_container_one_image.yml (3)

104-117: Fix the success check in the retry loop
The until: sha is succeeded condition doesn’t actually check the command’s return code, so the loop may never exit even when skopeo inspect succeeds. Please update it to test sha.rc == 0.

   retries: 2
   delay: 30
-  until: sha is succeeded
+  until: sha.rc == 0

---

123-134: Harden the API call and grade lookup
Rather than manually building the query string, use params: to handle encoding, and guard against empty responses before indexing. For example:

-  - name: "Pull cert grade of {{ current_operator_image }}"
-    vars:
-      filter_params: "filter=docker_image_digest%3D%3D{{ sha.stdout }}"
-    ansible.builtin.uri:
-      url: "{{ catalog_url }}/images?{{ filter_params }}&page_size=100&page=0"
-      method: GET
-      headers:
-        X-API-KEY: "{{ lookup('file', pyxis_apikey_path) }}"
-      timeout: 120
-      status_code: 200
-    register: pyxis_grade_status
+  - name: Pull certification grade for {{ current_operator_image }}
+    ansible.builtin.uri:
+      url: "{{ catalog_url }}/images"
+      method: GET
+      headers:
+        X-API-KEY: "{{ lookup('file', pyxis_apikey_path) }}"
+      params:
+        filter: "docker_image_digest=={{ sha.stdout }}"
+        page_size: 100
+        page: 0
+      timeout: 120
+      status_code: 200
+    register: pyxis_grade_status

---

136-139: Guard against empty API response before indexing
Accessing json.data[0].freshness_grades[0] without checks can error out if the list is empty. Add conditions:

-  - name: "Test_ Preflight: Get cert grade of {{ current_operator_image }}"
-    debug:
-      msg: "{{ pyxis_grade_status.json.data[0].freshness_grades[0].grade }}"
-    when: pyxis_grade_status is defined
+  - name: Debug certification grade
+    ansible.builtin.debug:
+      msg: "{{ pyxis_grade_status.json.data[0].freshness_grades[0].grade }}"
+    when:
+      - pyxis_grade_status.json.data | length > 0
+      - pyxis_grade_status.json.data[0].freshness_grades | length > 0

🧹 Nitpick comments (1)

roles/preflight/tasks/test_preflight_check_container_one_image.yml (1)

118-118: Remove trailing whitespace
YAMLLint flags trailing spaces on these lines. Please strip them to keep the playbook clean.

Also applies to: 122-122, 135-135

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 118-118: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6d45c8f and 3d1b0e5.

📒 Files selected for processing (1)

• roles/preflight/tasks/test_preflight_check_container_one_image.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

roles/preflight/tasks/test_preflight_check_container_one_image.yml

[error] 118-118: trailing spaces

(trailing-spaces)

---

[error] 122-122: trailing spaces

(trailing-spaces)

---

[error] 135-135: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Sanity Check (stable-2.9)
• GitHub Check: Sanity Check (stable-2.17)

🔇 Additional comments (1)

roles/preflight/tasks/test_preflight_check_container_one_image.yml (1)

119-122: Debug image digest
This ansible.builtin.debug task correctly logs the image digest for troubleshooting.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 122-122: trailing spaces

(trailing-spaces)

[dcibot]

from change #673:

• FAILURE https://www.distributed-ci.io/jobs/da31b40b-879d-4526-871c-8ce4e5ab990e/jobStates

[softwarefactory-project-zuul]

Build succeeded.
https://softwarefactory-project.io/zuul/t/local/buildset/f29bef98152f4a47aa0815fff3435ea8

✔️ dci-rpm-build-el8 SUCCESS in 2m 49s
✔️ dci-rpm-build-el9 SUCCESS in 2m 23s

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (3)

roles/preflight/tasks/test_preflight_check_container_one_image.yml (3)

123-135: Harden API call and use params
Building the query string manually can lead to encoding issues, and there’s a blank line at line 135 with trailing whitespace. Use params: for cleaner construction and drop the extra vars:

-  - name: "Pull cert grade of {{ current_operator_image }}"
-    vars:
-      filter_params: "filter=docker_image_digest%3D%3D{{ sha.stdout }}"
-    ansible.builtin.uri:
-      url: >
-        {{ catalog_url }}/images?{{ filter_params }}&page_size=100&page=0
-      method: GET
-      headers:
-        X-API-KEY: "{{ lookup('file', pyxis_apikey_path) }}"
-      status_code: 200
-      timeout: 120
-    register: pyxis_grade_status
+  - name: "Pull certification grade for {{ current_operator_image }}"
+    ansible.builtin.uri:
+      url: "{{ catalog_url }}/images"
+      method: GET
+      headers:
+        X-API-KEY: "{{ lookup('file', pyxis_apikey_path) }}"
+      params:
+        filter: "docker_image_digest=={{ sha.stdout }}"
+        page_size: 100
+        page: 0
+      status_code: 200
+      timeout: 120
+    register: pyxis_grade_status

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 135-135: trailing spaces

(trailing-spaces)

---

136-142: Improve debug guard and naming
This debug task may error if the lists are empty, and the "Test_" prefix is inconsistent. Combine both fixes:

-    - name: "Test_ Preflight: Get cert grade of {{ current_operator_image }}"
-      debug:
-        msg: "{{ pyxis_grade_status.json.data[0].freshness_grades[0].grade }}"
-      when: 
-        - pyxis_grade_status is defined
-        - pyxis_grade_status.json.data[0].freshness_grades[0] is defined 
+    - name: "Debug certification grade for {{ current_operator_image }}"
+      ansible.builtin.debug:
+        msg: "{{ pyxis_grade_status.json.data[0].freshness_grades[0].grade }}"
+      when:
+        - pyxis_grade_status.json.data | length > 0
+        - pyxis_grade_status.json.data[0].freshness_grades | length > 0

Also remove trailing whitespace on line 139.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 139-139: trailing spaces

(trailing-spaces)

---

104-118: 🛠️ Refactor suggestion

Fix the retry loop success condition
Using until: sha is succeeded will never detect a successful command. You should check the return code instead and remove the trailing space on line 118.
Apply this diff:

-      until: sha is succeeded 
+      until: sha.rc == 0

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 118-118: trailing spaces

(trailing-spaces)

🧹 Nitpick comments (1)

roles/preflight/tasks/test_preflight_check_container_one_image.yml (1)

119-122: Remove trailing whitespace
Line 122 contains trailing spaces, which causes a YAML lint error. Please remove them.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 122-122: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3d1b0e5 and 86fa89c.

📒 Files selected for processing (1)

• roles/preflight/tasks/test_preflight_check_container_one_image.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

roles/preflight/tasks/test_preflight_check_container_one_image.yml

[error] 118-118: trailing spaces

(trailing-spaces)

---

[error] 122-122: trailing spaces

(trailing-spaces)

---

[error] 135-135: trailing spaces

(trailing-spaces)

---

[error] 139-139: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Sanity Check (stable-2.17)
• GitHub Check: Sanity Check (stable-2.9)

[softwarefactory-project-zuul]

Build succeeded.
https://softwarefactory-project.io/zuul/t/local/buildset/0a98d46cd50b43e1a51c4111b03ddd3f

✔️ dci-rpm-build-el8 SUCCESS in 2m 51s
✔️ dci-rpm-build-el9 SUCCESS in 2m 17s

[dcibot]

from change #673:

• FAILURE https://www.distributed-ci.io/jobs/a6e79def-1f7e-44de-898e-3bd8aed63fb6/jobStates

[softwarefactory-project-zuul]

Build succeeded.
https://softwarefactory-project.io/zuul/t/local/buildset/a2de05efe4ae4ea694a2c2ec530b9ad6

✔️ dci-rpm-build-el8 SUCCESS in 2m 50s
✔️ dci-rpm-build-el9 SUCCESS in 2m 21s

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (3)

roles/preflight/tasks/test_preflight_check_container_one_image.yml (3)

104-117: ⚠️ Potential issue

Fix retry loop success condition
The until: sha is succeeded check won’t correctly detect a successful shell command. Use the return code instead (sha.rc == 0) so retries trigger on actual failures.
Apply this diff:

-      retries: 2
-      delay: 30
-      until: sha is succeeded
+      retries: 2
+      delay: 30
+      until: sha.rc == 0

---

123-136: 🛠️ Refactor suggestion

Use params instead of manual query-string
Building the URL by hand risks encoding problems and reduced readability. Switch to the params: option on the uri module and drop the filter_params var. For example:

-  - name: "Pull cert grade of {{ current_operator_image }}"
-    vars:
-      filter_params: "filter=docker_image_digest%3D%3D{{ sha.stdout }}"
-    ansible.builtin.uri:
-      url: >
-        {{ catalog_url }}/images?{{ filter_params }}&page_size=100&page=0
+  - name: Pull certification grade for {{ current_operator_image }}
+    ansible.builtin.uri:
+      url: "{{ catalog_url }}/images"
+      method: GET
+      headers:
+        X-API-KEY: "{{ lookup('file', pyxis_apikey_path) }}"
+      params:
+        filter: "docker_image_digest=={{ sha.stdout }}"
+        page_size: 100
+        page: 0
      timeout: 120
      status_code: 200
    register: pyxis_grade_status
    when:
      - cert_project_id | default('') | length

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 135-135: trailing spaces

(trailing-spaces)

---

138-143: 🛠️ Refactor suggestion

Guard against empty response and trim whitespace
Directly indexing into pyxis_grade_status.json.data[0].freshness_grades[0] may fail if either list is empty. Also, line 141 has trailing spaces. Consider this safer approach:

-        - name: "Test_ Preflight: Get cert grade of {{ current_operator_image }}"
-          debug:
-            msg: "{{ pyxis_grade_status.json.data[0].freshness_grades[0].grade }}"
-          when: 
-            - cert_project_id | default('') | length
-            - pyxis_grade_status.json.data[0] is defined
+        - name: Debug certification grade for {{ current_operator_image }}
+          ansible.builtin.debug:
+            msg: "{{ pyxis_grade_status.json.data[0].freshness_grades[0].grade }}"
+          when:
+            - cert_project_id | default('') | length > 0
+            - pyxis_grade_status.json.data | length > 0
+            - pyxis_grade_status.json.data[0].freshness_grades | length > 0

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 141-141: trailing spaces

(trailing-spaces)

🧹 Nitpick comments (1)

roles/preflight/tasks/test_preflight_check_container_one_image.yml (1)

119-122: Remove trailing whitespace
Line 122 has trailing spaces that trigger lint warnings. Please delete any extra spaces at end of the line to keep YAML lint happy.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 122-122: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b48cf5a and 2a33f12.

📒 Files selected for processing (1)

• roles/preflight/tasks/test_preflight_check_container_one_image.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

roles/preflight/tasks/test_preflight_check_container_one_image.yml

[error] 118-118: trailing spaces

(trailing-spaces)

---

[error] 122-122: trailing spaces

(trailing-spaces)

---

[error] 135-135: trailing spaces

(trailing-spaces)

---

[error] 141-141: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Sanity Check (stable-2.17)

[dcibot]

from change #673:

• SUCCESS https://www.distributed-ci.io/jobs/a2f9adbb-74a6-4376-af4a-83cfbfdeff34/jobStates

[softwarefactory-project-zuul]

Build succeeded.
https://softwarefactory-project.io/zuul/t/local/buildset/40e712c924fb4ae09c2ab73f33fcd254

✔️ dci-rpm-build-el8 SUCCESS in 2m 58s
✔️ dci-rpm-build-el9 SUCCESS in 2m 17s

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (3)

roles/preflight/tasks/test_preflight_check_container_one_image.yml (3)

104-118: Fix success check in retry loop
The condition until: sha is succeeded won’t catch the shell return code. Please switch to inspecting sha.rc for a zero exit status.

-    until: sha is succeeded
+    until: sha.rc == 0

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 118-118: trailing spaces

(trailing-spaces)

---

138-143: 🛠️ Refactor suggestion

Guard against empty API responses
Indexing directly into json.data[0].freshness_grades[0] can fail if the list is empty. Add length checks to the when: guard to prevent runtime errors.

-        - name: "Test_ Preflight: Get cert grade of {{ current_operator_image }}"
-          ansible.builtin.debug:
-            msg: "{{ pyxis_grade_status.json.data[0].freshness_grades[0].grade }}"
-          when: 
-            - cert_project_id | default('') | length
-            - pyxis_grade_status.json.data[0] is defined
+        - name: "Debug certification grade for {{ current_operator_image }}"
+          ansible.builtin.debug:
+            msg: "{{ pyxis_grade_status.json.data[0].freshness_grades[0].grade }}"
+          when:
+            - cert_project_id | default('') | length > 0
+            - pyxis_grade_status.json.data | length > 0
+            - pyxis_grade_status.json.data[0].freshness_grades | length > 0

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 141-141: trailing spaces

(trailing-spaces)

---

123-136: 🛠️ Refactor suggestion

Use params to build the query string
Instead of manually constructing filter_params and interpolating into the URL, leverage the params: option on the uri module. This avoids encoding pitfalls and keeps the URL clean.

-        - name: "Pull cert grade of {{ current_operator_image }}"
-          vars:
-            filter_params: "filter=docker_image_digest%3D%3D{{ sha.stdout }}"
-          ansible.builtin.uri:
-            url: >
-              {{ catalog_url }}/images?{{ filter_params }}&page_size=100&page=0
-            method: GET
-            headers:
-              X-API-KEY: "{{ lookup('file', pyxis_apikey_path) }}"
-            status_code: 200
-            timeout: 120
-          register: pyxis_grade_status
+        - name: "Pull cert grade for {{ current_operator_image }}"
+          ansible.builtin.uri:
+            url: "{{ catalog_url }}/images"
+            method: GET
+            headers:
+              X-API-KEY: "{{ lookup('file', pyxis_apikey_path) }}"
+            params:
+              filter: "docker_image_digest=={{ sha.stdout }}"
+              page_size: 100
+              page: 0
+            timeout: 120
+            status_code: 200
+          register: pyxis_grade_status

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 135-135: trailing spaces

(trailing-spaces)

🧹 Nitpick comments (1)

roles/preflight/tasks/test_preflight_check_container_one_image.yml (1)

118-118: Remove trailing whitespace
Several lines (118, 122, 135, 141) have trailing spaces which can trigger YAML lint errors. Please remove the extra spaces at end of lines.

Also applies to: 122-122, 135-135, 141-141

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 118-118: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2a33f12 and d7f6805.

📒 Files selected for processing (1)

• roles/preflight/tasks/test_preflight_check_container_one_image.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

roles/preflight/tasks/test_preflight_check_container_one_image.yml

[error] 118-118: trailing spaces

(trailing-spaces)

---

[error] 122-122: trailing spaces

(trailing-spaces)

---

[error] 135-135: trailing spaces

(trailing-spaces)

---

[error] 141-141: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Sanity Check (stable-2.9)
• GitHub Check: Sanity Check (stable-2.17)

[dcibot]

from change #673:

• SUCCESS https://www.distributed-ci.io/jobs/4af72d74-8147-4b78-857b-40780b152126/jobStates

[softwarefactory-project-zuul]

Build succeeded.
https://softwarefactory-project.io/zuul/t/local/buildset/355cf8fec7be4384a7e446d4206102cf

✔️ dci-rpm-build-el8 SUCCESS in 2m 50s
✔️ dci-rpm-build-el9 SUCCESS in 2m 19s

[dcibot]

from change #673:

• SUCCESS https://www.distributed-ci.io/jobs/f5a4ed5d-894e-4e67-91f6-25cba93ec9dd/jobStates

[softwarefactory-project-zuul]

Build succeeded.
https://softwarefactory-project.io/zuul/t/local/buildset/e42188c9c2e1490595c487e7f41ec075

✔️ dci-rpm-build-el8 SUCCESS in 2m 56s
✔️ dci-rpm-build-el9 SUCCESS in 2m 17s

[dcibot]

from change #673:

• FAILURE https://www.distributed-ci.io/jobs/8dc7ad7d-3957-4420-8ebb-2f339e52ba5d/jobStates