carverauto/serviceradar

Fork 0

wip #3022

Merged

mfreeman451 merged 1 commit from refs/pull/3022/head into staging

2026-03-07 23:02:43 +00:00

mfreeman451 commented

2026-03-07 23:02:36 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #3004
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/3004
Original created: 2026-03-07T23:02:36Z
Original updated: 2026-03-07T23:06:09Z
Original head: carverauto/serviceradar:update/build-fix
Original base: staging
Original merged: 2026-03-07T23:02:43Z by @mfreeman451

IMPORTANT: Please sign the Developer Certificate of Origin

Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include
a DCO sign-off statement indicating the DCO acceptance in one commit message. Here
is an example DCO Signed-off-by line in a commit message:

Signed-off-by: J. Doe <j.doe@domain.com>

Describe your changes

Issue ticket number and link

Code checklist before requesting a review

I have signed the DCO?
The build completes without errors?
All tests are passing when running make test?

Imported from GitHub pull request. Original GitHub pull request: #3004 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/3004 Original created: 2026-03-07T23:02:36Z Original updated: 2026-03-07T23:06:09Z Original head: carverauto/serviceradar:update/build-fix Original base: staging Original merged: 2026-03-07T23:02:43Z by @mfreeman451 --- ## IMPORTANT: Please sign the Developer Certificate of Origin Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include a [DCO sign-off statement]( https://developercertificate.org/) indicating the DCO acceptance in one commit message. Here is an example DCO Signed-off-by line in a commit message: ``` Signed-off-by: J. Doe <j.doe@domain.com> ``` ## Describe your changes ## Issue ticket number and link ## Code checklist before requesting a review - [ ] I have signed the DCO? - [ ] The build completes without errors? - [ ] All tests are passing when running make test?

qodo-code-review[bot] commented

2026-03-07 23:02:46 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/3004#issuecomment-4017597524
Original created: 2026-03-07T23:02:46Z

ⓘ You are approaching your monthly quota for Qodo. Upgrade your plan

Review Summary by Qodo

Update Debian package dependencies in MODULE.bazel

✨ Enhancement

Walkthroughs

Description

• Update Debian package dependencies to latest versions
• Bump gcc-15-base from 15.2.0-12 to 15.2.0-14
• Bump libgcc-s1 from 15.2.0-12 to 15.2.0-14
• Bump libc6 from 2.42-11+b1 to 2.42-13 with updated checksums

Diagram

flowchart LR
  A["MODULE.bazel"] -- "Update package versions" --> B["gcc-15-base 15.2.0-14"]
  A -- "Update package versions" --> C["libgcc-s1 15.2.0-14"]
  A -- "Update package versions" --> D["libc6 2.42-13"]

File Changes

1. MODULE.bazel Dependencies +6/-6

Update Debian package versions and checksums

• Updated debian_gcc_15_base_amd64_deb from version 15.2.0-12 to 15.2.0-14
• Updated debian_libgcc_s1_amd64_deb from version 15.2.0-12 to 15.2.0-14
• Updated debian_libc6_amd64_deb from version 2.42-11+b1 to 2.42-13
• Updated corresponding SHA256 checksums for all three packages

MODULE.bazel

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/3004#issuecomment-4017597524 Original created: 2026-03-07T23:02:46Z --- <pre>ⓘ You are approaching your monthly quota for Qodo. <a href="https://www.qodo.ai/pricing">Upgrade your plan</a></pre> <h3>Review Summary by Qodo</h3> Update Debian package dependencies in MODULE.bazel <code>✨ Enhancement</code> <img src="https://www.qodo.ai/wp-content/uploads/2025/11/light-grey-line.svg" height="10%" alt="Grey Divider"> <h3>Walkthroughs</h3> <details open> <summary>Description</summary> <br/> <pre> • Update Debian package dependencies to latest versions • Bump gcc-15-base from 15.2.0-12 to 15.2.0-14 • Bump libgcc-s1 from 15.2.0-12 to 15.2.0-14 • Bump libc6 from 2.42-11+b1 to 2.42-13 with updated checksums </pre> </details> <details> <summary>Diagram</summary> <br/> > ```mermaid flowchart LR A["MODULE.bazel"] -- "Update package versions" --> B["gcc-15-base 15.2.0-14"] A -- "Update package versions" --> C["libgcc-s1 15.2.0-14"] A -- "Update package versions" --> D["libc6 2.42-13"] ``` </details> <img src="https://www.qodo.ai/wp-content/uploads/2025/11/light-grey-line.svg" height="10%" alt="Grey Divider"> <h3>File Changes</h3> <details> <summary>1. MODULE.bazel <code> Dependencies </code> <code> +6/-6 </code> </summary> <br/> >Update Debian package versions and checksums ><pre> >• Updated <b><i>debian_gcc_15_base_amd64_deb</i></b> from version 15.2.0-12 to 15.2.0-14 >• Updated <b><i>debian_libgcc_s1_amd64_deb</i></b> from version 15.2.0-12 to 15.2.0-14 >• Updated <b><i>debian_libc6_amd64_deb</i></b> from version 2.42-11+b1 to 2.42-13 >• Updated corresponding SHA256 checksums for all three packages ></pre> > ><a href='https://github.com/carverauto/serviceradar/pull/3004/files#diff-6136fc12446089c3db7360e923203dd114b6a1466252e71667c6791c20fe6bdc'> MODULE.bazel </a> <hr/> </details> <img src="https://www.qodo.ai/wp-content/uploads/2025/11/light-grey-line.svg" height="10%" alt="Grey Divider"> <a href="https://www.qodo.ai"><img src="https://www.qodo.ai/wp-content/uploads/2025/03/qodo-logo.svg" width="80" alt="Qodo Logo"></a>

qodo-code-review[bot] commented

2026-03-07 23:02:47 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/3004#issuecomment-4017597542
Original created: 2026-03-07T23:02:47Z

Code Review by Qodo

🐞 Bugs (1) 📘 Rule violations (0) 📎 Requirement gaps (0)

1. No zstd for debs 🐞 Bug ⛯ Reliability

Description

The CNPG image build unpacks the pinned Debian .deb files using a custom extractor that does not
support data.tar.zst payloads. If any of the bumped (or future) Debian package pins uses
zstd-compressed payloads, Bazel genrules producing CNPG layers will fail during extraction.

Code

MODULE.bazel[R769-775]

http_file(
    name = "debian_libc6_amd64_deb",
-    sha256 = "6da26eef20b67e5a45ba21bfffa0178b93ac29951e03bd0ea42133d1aa1b4087",
+    sha256 = "860e1311cab59aee4b5706b474a3b17cfd3fb6c55d02cf4e2887a0ef4b9435a9",
    urls = [
-        "https://deb.debian.org/debian/pool/main/g/glibc/libc6_2.42-11+b1_amd64.deb",
+        "https://deb.debian.org/debian/pool/main/g/glibc/libc6_2.42-13_amd64.deb",
    ],
)

Evidence
The updated Debian .deb pins in MODULE.bazel are consumed by docker/images/cnpg_image.bzl genrules,
which call overlay_deb_packages.py to unpack each .deb into a rootfs/layer. overlay_deb_packages.py
only handles .xz/.gz/.bz2; any data.tar.zst will be treated as an uncompressed tar stream and will
fail to open/extract, breaking the build.
MODULE.bazel[753-775]
docker/images/cnpg_image.bzl[35-57]
docker/images/overlay_deb_packages.py[110-119]
docker/images/overlay_deb_packages.py[143-148]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`docker/images/overlay_deb_packages.py` is used to unpack Debian `.deb` files into CNPG image layers. It only supports `data.tar.{xz,gz,bz2}`; if a `.deb` contains `data.tar.zst`, extraction will fail (likely via `tarfile` read errors).

### Issue Context
The PR updates Debian `.deb` pins in `MODULE.bazel` that are unpacked by CNPG image genrules. Even if the currently pinned versions still use xz, future bumps may switch compression, and the failure mode will be brittle and non-obvious.

### Fix Focus Areas
- docker/images/overlay_deb_packages.py[110-149]
- docker/images/cnpg_image.bzl[35-57]
- MODULE.bazel[753-775]

### Implementation notes
- Add `.zst` handling in `_open_data_stream()` (e.g., prefer a pure-Python path if an in-repo dependency exists; otherwise use a `zstd -dc` subprocess fallback when available, and raise a clear error if neither is possible).
- At minimum, detect `filename.endswith(&#x27;.zst&#x27;)` and raise a targeted exception explaining unsupported compression and how to remedy.
- Consider adding a regression test/fixture (even a minimal archive) to ensure extraction behavior is stable.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

ⓘ The new review experience is currently in Beta. Learn more

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/3004#issuecomment-4017597542 Original created: 2026-03-07T23:02:47Z --- <h3>Code Review by Qodo</h3> <code>🐞 Bugs (1)</code> <code>📘 Rule violations (0)</code> <code>📎 Requirement gaps (0)</code> <img src="https://www.qodo.ai/wp-content/uploads/2025/11/light-grey-line.svg" height="10%" alt="Grey Divider"> <br/> <img src="https://www.qodo.ai/wp-content/uploads/2026/01/review-recommended.png" height="20" alt="Remediation recommended"> <details> <summary> 1. No zstd for debs <code>🐞 Bug</code> <code>⛯ Reliability</code></summary> <br/> > <details open> ><summary>Description</summary> ><br/> > ><pre> >The CNPG image build unpacks the pinned Debian .deb files using a custom extractor that does not >support data.tar.zst payloads. If any of the bumped (or future) Debian package pins uses >zstd-compressed payloads, Bazel genrules producing CNPG layers will fail during extraction. ></pre> ></details> > <details open> ><summary>Code</summary> ><br/> > ><code>[MODULE.bazel[R769-775]](https://github.com/carverauto/serviceradar/pull/3004/files#diff-6136fc12446089c3db7360e923203dd114b6a1466252e71667c6791c20fe6bdcR769-R775)</code> > >```diff > http_file( > name = "debian_libc6_amd64_deb", >- sha256 = "6da26eef20b67e5a45ba21bfffa0178b93ac29951e03bd0ea42133d1aa1b4087", >+ sha256 = "860e1311cab59aee4b5706b474a3b17cfd3fb6c55d02cf4e2887a0ef4b9435a9", > urls = [ >- "https://deb.debian.org/debian/pool/main/g/glibc/libc6_2.42-11+b1_amd64.deb", >+ "https://deb.debian.org/debian/pool/main/g/glibc/libc6_2.42-13_amd64.deb", > ], > ) >``` ></details> > <details > ><summary>Evidence</summary> ><br/> > ><pre> >The updated Debian .deb pins in MODULE.bazel are consumed by docker/images/cnpg_image.bzl genrules, >which call overlay_deb_packages.py to unpack each .deb into a rootfs/layer. overlay_deb_packages.py >only handles .xz/.gz/.bz2; any data.tar.zst will be treated as an uncompressed tar stream and will >fail to open/extract, breaking the build. ></pre> > > <code>[MODULE.bazel[753-775]](https://github.com/carverauto/serviceradar/blob/1079b3ec25f18e236094036f32e6cf400fa61adc/MODULE.bazel/#L753-L775)</code> > <code>[docker/images/cnpg_image.bzl[35-57]](https://github.com/carverauto/serviceradar/blob/1079b3ec25f18e236094036f32e6cf400fa61adc/docker/images/cnpg_image.bzl/#L35-L57)</code> > <code>[docker/images/overlay_deb_packages.py[110-119]](https://github.com/carverauto/serviceradar/blob/1079b3ec25f18e236094036f32e6cf400fa61adc/docker/images/overlay_deb_packages.py/#L110-L119)</code> > <code>[docker/images/overlay_deb_packages.py[143-148]](https://github.com/carverauto/serviceradar/blob/1079b3ec25f18e236094036f32e6cf400fa61adc/docker/images/overlay_deb_packages.py/#L143-L148)</code> ></details> > <details> ><summary>Agent prompt</summary> ><br/> > >``` >The issue below was found during a code review. Follow the provided context and guidance below and implement a solution > >### Issue description >`docker/images/overlay_deb_packages.py` is used to unpack Debian `.deb` files into CNPG image layers. It only supports `data.tar.{xz,gz,bz2}`; if a `.deb` contains `data.tar.zst`, extraction will fail (likely via `tarfile` read errors). > >### Issue Context >The PR updates Debian `.deb` pins in `MODULE.bazel` that are unpacked by CNPG image genrules. Even if the currently pinned versions still use xz, future bumps may switch compression, and the failure mode will be brittle and non-obvious. > >### Fix Focus Areas >- docker/images/overlay_deb_packages.py[110-149] >- docker/images/cnpg_image.bzl[35-57] >- MODULE.bazel[753-775] > >### Implementation notes >- Add `.zst` handling in `_open_data_stream()` (e.g., prefer a pure-Python path if an in-repo dependency exists; otherwise use a `zstd -dc` subprocess fallback when available, and raise a clear error if neither is possible). >- At minimum, detect `filename.endswith('.zst')` and raise a targeted exception explaining unsupported compression and how to remedy. >- Consider adding a regression test/fixture (even a minimal archive) to ensure extraction behavior is stable. >``` > <code>ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools</code> ></details> <hr/> </details> <img src="https://www.qodo.ai/wp-content/uploads/2025/11/light-grey-line.svg" height="10%" alt="Grey Divider"> <pre>ⓘ The new review experience is currently in Beta. <a href="https://docs.qodo.ai/qodo-documentation/code-review">Learn more</a></pre> <img src="https://www.qodo.ai/wp-content/uploads/2025/11/light-grey-line.svg" height="10%" alt="Grey Divider">  <a href="https://www.qodo.ai"><img src="https://www.qodo.ai/wp-content/uploads/2025/03/qodo-logo.svg" width="80" alt="Qodo Logo"></a>