carverauto/serviceradar

Fork 0

Updates/packaging for srql #2237

Merged

mfreeman451 merged 5 commits from refs/pull/2237/head into main

2025-09-24 14:39:01 +00:00

mfreeman451 commented

2025-09-24 14:19:18 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #1657
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/1657
Original created: 2025-09-24T14:19:18Z
Original updated: 2025-09-24T14:40:14Z
Original head: carverauto/serviceradar:updates/packaging_for_srql
Original base: main
Original merged: 2025-09-24T14:39:01Z by @mfreeman451

PR Type

Enhancement

Description

Add complete packaging infrastructure for SRQL service
Implement OCaml build pipeline with Docker support
Create systemd service configuration and installation scripts
Update database schema TTL policies for optimization

Diagram Walkthrough

flowchart LR
  A["OCaml Source"] --> B["Docker Builder"]
  B --> C["Binary Package"]
  C --> D["DEB/RPM Package"]
  D --> E["Systemd Service"]
  F["Installation Scripts"] --> E
  G["Configuration Files"] --> E

File Walkthrough

Relevant files

Configuration changes

7 files

postinstall.sh `Add SRQL service post-installation script`	+61/-0
prerm.sh `Add SRQL service pre-removal script`	+30/-0
components.json `Add SRQL component configuration`	+63/-0
serviceradar-srql.spec `Add RPM spec file for SRQL`	+64/-0
srql.env `Add SRQL environment configuration`	+24/-0
serviceradar-srql.service `Add systemd service definition for SRQL`	+23/-0
00000000000001_consolidated_serviceradar_schema.up.sql `Update database TTL policies to 3 days`	+11/-11

Enhancement

5 files

setup-package.sh `Add OCaml Docker build support`	+19/-0
Dockerfile.srql-builder `Add SRQL OCaml builder Docker image`	+62/-0
Dockerfile.srql `Update SRQL Docker build configuration`	+66/-21
Dockerfile.rpm.srql `Add RPM package builder for SRQL`	+102/-0
Dockerfile `Add standalone SRQL build Dockerfile`	+81/-0

Bug fix

1 files

run_live_srql.ml
Fix OCaml syntax for query execution +8/-6

Dependencies

2 files

MODULE.bazel `Update OCaml dependencies and versions`	+20/-2
srql-translator.opam `Update OPAM dependencies and constraints`	+11/-3

Additional files

1 files

SRQL_SYNTAX.md

[link]

Imported from GitHub pull request. Original GitHub pull request: #1657 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/1657 Original created: 2025-09-24T14:19:18Z Original updated: 2025-09-24T14:40:14Z Original head: carverauto/serviceradar:updates/packaging_for_srql Original base: main Original merged: 2025-09-24T14:39:01Z by @mfreeman451 --- ### **PR Type** Enhancement ___ ### **Description** - Add complete packaging infrastructure for SRQL service - Implement OCaml build pipeline with Docker support - Create systemd service configuration and installation scripts - Update database schema TTL policies for optimization ___ ### Diagram Walkthrough ```mermaid flowchart LR A["OCaml Source"] --> B["Docker Builder"] B --> C["Binary Package"] C --> D["DEB/RPM Package"] D --> E["Systemd Service"] F["Installation Scripts"] --> E G["Configuration Files"] --> E ``` <details> <summary><h3> File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Configuration changes</strong></td><td><details><summary>7 files</summary><table> <tr> <td><strong>postinstall.sh</strong><dd><code>Add SRQL service post-installation script</code>                                </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1657/files#diff-1742d16c0c58659462156e50ffe2067833b2c2cbaf11a2dac10c3a15e3fc4c88">+61/-0</a>    </td> </tr> <tr> <td><strong>prerm.sh</strong><dd><code>Add SRQL service pre-removal script</code>                                            </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1657/files#diff-6eebfaf7630bc68dd42b504ee91d88e5869f76c7f2de0cd51cc0791c64d68e1a">+30/-0</a>    </td> </tr> <tr> <td><strong>components.json</strong><dd><code>Add SRQL component configuration</code>                                                  </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1657/files#diff-3ae5949d89b0252d10fce9bf950231c8151a73b2154dccfe4e7261acc116582c">+63/-0</a>    </td> </tr> <tr> <td><strong>serviceradar-srql.spec</strong><dd><code>Add RPM spec file for SRQL</code>                                                              </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1657/files#diff-0f0d2551b721585ca16456a6217f4633c70f56c4a667e721d6783744ca3e5ff8">+64/-0</a>    </td> </tr> <tr> <td><strong>srql.env</strong><dd><code>Add SRQL environment configuration</code>                                              </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1657/files#diff-817ac5ee60701531e76f822e08c2575be3fea26f101e800954d008e37c20de33">+24/-0</a>    </td> </tr> <tr> <td><strong>serviceradar-srql.service</strong><dd><code>Add systemd service definition for SRQL</code>                                    </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1657/files#diff-db3d05af3c011bdd80512b162b36713efc7292902dacab2cc4581dc55c52f7ff">+23/-0</a>    </td> </tr> <tr> <td><strong>00000000000001_consolidated_serviceradar_schema.up.sql</strong><dd><code>Update database TTL policies to 3 days</code>                                      </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1657/files#diff-1e05de747238f2112bb2230aac8db388e4c80eebe84c071eb78e035d64e67eb6">+11/-11</a>  </td> </tr> </table></details></td></tr><tr><td><strong>Enhancement</strong></td><td><details><summary>5 files</summary><table> <tr> <td><strong>setup-package.sh</strong><dd><code>Add OCaml Docker build support</code>                                                      </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1657/files#diff-388e4f6f99131c27ccade0a4d7f16112297ec05e4dda0a23e142f787498ac004">+19/-0</a>    </td> </tr> <tr> <td><strong>Dockerfile.srql-builder</strong><dd><code>Add SRQL OCaml builder Docker image</code>                                            </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1657/files#diff-f10af98ad3045a3aeb6c2828c532daf6ad102b27ffe0da2111baa55be5e93ae8">+62/-0</a>    </td> </tr> <tr> <td><strong>Dockerfile.srql</strong><dd><code>Update SRQL Docker build configuration</code>                                      </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1657/files#diff-e0103823c18ea9202ec83a15bc9484f47137179adc12bb22c77e7108d415a184">+66/-21</a>  </td> </tr> <tr> <td><strong>Dockerfile.rpm.srql</strong><dd><code>Add RPM package builder for SRQL</code>                                                  </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1657/files#diff-4aed257fbbf9eddfb69e5c2c023f017af5ab13107d3221efc9ebfa288b9583e3">+102/-0</a>  </td> </tr> <tr> <td><strong>Dockerfile</strong><dd><code>Add standalone SRQL build Dockerfile</code>                                          </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1657/files#diff-086d9103a276f32ea4c77dca8e9cd4a5b47c6cb4a73d1cbfd5f7d825361c19d1">+81/-0</a>    </td> </tr> </table></details></td></tr><tr><td><strong>Bug fix</strong></td><td><details><summary>1 files</summary><table> <tr> <td><strong>run_live_srql.ml</strong><dd><code>Fix OCaml syntax for query execution</code>                                          </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1657/files#diff-ea25a2c5be7493fef8b79f6c49ab84140d70b2458f61c001139f3eec92bfb5e9">+8/-6</a>      </td> </tr> </table></details></td></tr><tr><td><strong>Dependencies</strong></td><td><details><summary>2 files</summary><table> <tr> <td><strong>MODULE.bazel</strong><dd><code>Update OCaml dependencies and versions</code>                                      </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1657/files#diff-6136fc12446089c3db7360e923203dd114b6a1466252e71667c6791c20fe6bdc">+20/-2</a>    </td> </tr> <tr> <td><strong>srql-translator.opam</strong><dd><code>Update OPAM dependencies and constraints</code>                                  </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1657/files#diff-900d10104207edf7fbf525b51ccffa5711742688c181ed29a41cabd9ca1579c2">+11/-3</a>    </td> </tr> </table></details></td></tr><tr><td><strong>Additional files</strong></td><td><details><summary>1 files</summary><table> <tr> <td><strong>SRQL_SYNTAX.md</strong></td> <td><a href="https://github.com/carverauto/serviceradar/pull/1657/files#diff-a05b6f97a6861ba78c4ce3169b8946110e4eab9d1ccd42a549630ec2cc41e28d">[link]</a>    </td> </tr> </table></details></td></tr></tr></tbody></table> </details> ___

qodo-code-review[bot] commented

2025-09-24 14:20:06 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1657#issuecomment-3328786482
Original created: 2025-09-24T14:20:06Z

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 4 🔵🔵🔵🔵⚪

🧪 No relevant tests

🔒 Security concerns

Insecure defaults:
The environment file sets weak defaults (e.g., SRQL_API_KEY=changeme) and disables TLS verification (PROTON_INSECURE_SKIP_VERIFY=1, PROTON_VERIFY_HOSTNAME=0). If deployed without modification, this can allow unauthorized access and MITM risks. Recommend documenting required overrides, enforcing non-empty secure API key at startup, and defaulting to strict TLS verification.

⚡ Recommended focus areas for review

Fragile Pinning

Dream and Proton are pinned via git refs and local sed to relax h2 constraints; this could break reproducibility or silently change dependency sets. Consider pinning exact versions/tags and avoiding in-place edits if possible.

RUN git clone --depth 1 --branch "${DREAM_REF}" https://github.com/aantron/dream.git /tmp/dream \
    && sed -i 's/"h2" {< "0.13.0"}/"h2" {>= "0.13.0" & < "0.14.0"}/' /tmp/dream/dream-httpaf.opam \
    && sed -i 's/"h2-lwt-unix"/"h2-lwt-unix" {>= "0.13.0"}/' /tmp/dream/dream-httpaf.opam \
    && sed -i 's/"h2-lwt"/"h2-lwt" {>= "0.13.0"}/' /tmp/dream/dream-httpaf.opam \
    && opam pin add dream /tmp/dream -y \
    && opam pin add dream-httpaf /tmp/dream -y \
    && opam pin add dream-pure /tmp/dream -y

Insecure Defaults

Default credentials and TLS verification disabled (API key 'changeme', PROTON_* insecure flags) risk accidental insecure deployments. Prefer safe defaults or force overrides at install.

PROTON_PASSWORD=changeme
PROTON_TLS=1
PROTON_VERIFY_HOSTNAME=0
PROTON_INSECURE_SKIP_VERIFY=1
PROTON_COMPRESSION=lz4
PROTON_CA_CERT=/etc/serviceradar/certs/root.pem
PROTON_CLIENT_CERT=/etc/serviceradar/certs/srql.pem
PROTON_CLIENT_KEY=/etc/serviceradar/certs/srql-key.pem

# Authentication and listener configuration
AUTH_ENABLED=true
SRQL_API_KEY=changeme
SRQL_REQUIRE_BEARER=true
SRQL_LISTEN_HOST=0.0.0.0
SRQL_LISTEN_PORT=8080
PORT=8080
DREAM_INTERFACE=0.0.0.0
DREAM_PORT=8080

Docker Copy Path

The ocaml build step copies from a container path that may be a directory; docker cp semantics differ for file vs directory. Validate that docker_output_path and output_path handling results in a single executable at the desired path across DEB/RPM builds.

local output_path docker_output_path
output_path=$(echo "$config" | jq -r '.binary.output_path')
docker_output_path=$(echo "$config" | jq -r '.binary.docker_output_path // "/output/${package_name}"')
echo "Building OCaml binary with Docker ($dockerfile)..."
docker build \
    --platform linux/amd64 \
    --build-arg VERSION="$version" \
    --build-arg BUILD_ID="$BUILD_ID" \
    -f "${BASE_DIR}/${dockerfile}" \
    -t "${package_name}-builder" \
    "${BASE_DIR}" || { echo "Error: Docker build failed"; exit 1; }
container_id=$(docker create "${package_name}-builder" /bin/true) || { echo "Error: Failed to create container"; exit 1; }
echo "Creating directory for binary: $(dirname "${pkg_root}${output_path}")"
mkdir -p "$(dirname "${pkg_root}${output_path}")" || { echo "Error: Failed to create directory $(dirname "${pkg_root}${output_path}")"; exit 1; }
docker cp "${container_id}:${docker_output_path}" "${pkg_root}${output_path}" || { echo "Error: Failed to copy OCaml binary from ${docker_output_path}"; exit 1; }
ls -l "${pkg_root}${output_path}" || { echo "Error: Binary not copied to package root"; exit 1; }
test -s "${pkg_root}${output_path}" || { echo "Error: Binary is empty"; exit 1; }
docker rm "$container_id"

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/1657#issuecomment-3328786482 Original created: 2025-09-24T14:20:06Z --- ## PR Reviewer Guide 🔍 Here are some key observations to aid the review process: <table> <tr><td>⏱️ <strong>Estimated effort to review</strong>: 4 🔵🔵🔵🔵⚪</td></tr> <tr><td>🧪 <strong>No relevant tests</strong></td></tr> <tr><td>🔒 <strong>Security concerns</strong><br><br> <strong>Insecure defaults:</strong><br> The environment file sets weak defaults (e.g., SRQL_API_KEY=changeme) and disables TLS verification (PROTON_INSECURE_SKIP_VERIFY=1, PROTON_VERIFY_HOSTNAME=0). If deployed without modification, this can allow unauthorized access and MITM risks. Recommend documenting required overrides, enforcing non-empty secure API key at startup, and defaulting to strict TLS verification.</td></tr> <tr><td>⚡ <strong>Recommended focus areas for review</strong><br><br> <details><summary><a href='https://github.com/carverauto/serviceradar/pull/1657/files#diff-f10af98ad3045a3aeb6c2828c532daf6ad102b27ffe0da2111baa55be5e93ae8R33-R39'><strong>Fragile Pinning</strong></a> Dream and Proton are pinned via git refs and local sed to relax h2 constraints; this could break reproducibility or silently change dependency sets. Consider pinning exact versions/tags and avoiding in-place edits if possible. </summary> ```txt RUN git clone --depth 1 --branch "${DREAM_REF}" https://github.com/aantron/dream.git /tmp/dream \ && sed -i 's/"h2" {< "0.13.0"}/"h2" {>= "0.13.0" & < "0.14.0"}/' /tmp/dream/dream-httpaf.opam \ && sed -i 's/"h2-lwt-unix"/"h2-lwt-unix" {>= "0.13.0"}/' /tmp/dream/dream-httpaf.opam \ && sed -i 's/"h2-lwt"/"h2-lwt" {>= "0.13.0"}/' /tmp/dream/dream-httpaf.opam \ && opam pin add dream /tmp/dream -y \ && opam pin add dream-httpaf /tmp/dream -y \ && opam pin add dream-pure /tmp/dream -y ``` </details> <details><summary><a href='https://github.com/carverauto/serviceradar/pull/1657/files#diff-817ac5ee60701531e76f822e08c2575be3fea26f101e800954d008e37c20de33R7-R24'><strong>Insecure Defaults</strong></a> Default credentials and TLS verification disabled (API key 'changeme', PROTON_* insecure flags) risk accidental insecure deployments. Prefer safe defaults or force overrides at install. </summary> ```txt PROTON_PASSWORD=changeme PROTON_TLS=1 PROTON_VERIFY_HOSTNAME=0 PROTON_INSECURE_SKIP_VERIFY=1 PROTON_COMPRESSION=lz4 PROTON_CA_CERT=/etc/serviceradar/certs/root.pem PROTON_CLIENT_CERT=/etc/serviceradar/certs/srql.pem PROTON_CLIENT_KEY=/etc/serviceradar/certs/srql-key.pem # Authentication and listener configuration AUTH_ENABLED=true SRQL_API_KEY=changeme SRQL_REQUIRE_BEARER=true SRQL_LISTEN_HOST=0.0.0.0 SRQL_LISTEN_PORT=8080 PORT=8080 DREAM_INTERFACE=0.0.0.0 DREAM_PORT=8080 ``` </details> <details><summary><a href='https://github.com/carverauto/serviceradar/pull/1657/files#diff-388e4f6f99131c27ccade0a4d7f16112297ec05e4dda0a23e142f787498ac004R328-R345'><strong>Docker Copy Path</strong></a> The ocaml build step copies from a container path that may be a directory; docker cp semantics differ for file vs directory. Validate that docker_output_path and output_path handling results in a single executable at the desired path across DEB/RPM builds. </summary> ```shell local output_path docker_output_path output_path=$(echo "$config" | jq -r '.binary.output_path') docker_output_path=$(echo "$config" | jq -r '.binary.docker_output_path // "/output/${package_name}"') echo "Building OCaml binary with Docker ($dockerfile)..." docker build \ --platform linux/amd64 \ --build-arg VERSION="$version" \ --build-arg BUILD_ID="$BUILD_ID" \ -f "${BASE_DIR}/${dockerfile}" \ -t "${package_name}-builder" \ "${BASE_DIR}" || { echo "Error: Docker build failed"; exit 1; } container_id=$(docker create "${package_name}-builder" /bin/true) || { echo "Error: Failed to create container"; exit 1; } echo "Creating directory for binary: $(dirname "${pkg_root}${output_path}")" mkdir -p "$(dirname "${pkg_root}${output_path}")" || { echo "Error: Failed to create directory $(dirname "${pkg_root}${output_path}")"; exit 1; } docker cp "${container_id}:${docker_output_path}" "${pkg_root}${output_path}" || { echo "Error: Failed to copy OCaml binary from ${docker_output_path}"; exit 1; } ls -l "${pkg_root}${output_path}" || { echo "Error: Binary not copied to package root"; exit 1; } test -s "${pkg_root}${output_path}" || { echo "Error: Binary is empty"; exit 1; } docker rm "$container_id" ``` </details> </td></tr> </table>

qodo-code-review[bot] commented

2025-09-24 14:21:31 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1657#issuecomment-3328794916
Original created: 2025-09-24T14:21:31Z

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
High-level	Consolidate the inconsistent OCaml build logic The PR's multiple Dockerfiles use conflicting OCaml versions and dependency strategies, such as patching `dream` versus pinning older versions. This should be unified into a single, consistent build process to reduce fragility and improve maintainability. Examples: docker/compose/Dockerfile.srql [4-40] `ARG BASE_IMAGE=ocaml/opam:ubuntu-24.04-ocaml-5.1 FROM ${BASE_IMAGE} AS builder USER root RUN apt-get update \ && apt-get install -y --no-install-recommends \ ca-certificates \ curl \ libev-dev \ libffi-dev \ ... (clipped 27 lines)` docker/rpm/Dockerfile.rpm.srql [3-66] `FROM --platform=linux/amd64 ocaml/opam:oraclelinux-9-ocaml-5.2 AS builder SHELL ["/bin/bash", "-lc"] ARG VERSION=0.0.0 ARG RELEASE=1 ARG COMPONENT=srql USER root RUN dnf install -y oracle-epel-release-el9 \ && dnf config-manager --enable ol9_codeready_builder \ ... (clipped 54 lines)` Solution Walkthrough: Before: `# docker/compose/Dockerfile.srql ARG BASE_IMAGE=ocaml/opam:ubuntu-24.04-ocaml-5.1 FROM ${BASE_IMAGE} ... RUN git clone --branch "master" https://github.com/aantron/dream.git /tmp/dream \ && sed -i 's/"h2" {< "0.13.0"}/.../' /tmp/dream/dream-httpaf.opam \ && opam pin add dream /tmp/dream -y ... # docker/rpm/Dockerfile.rpm.srql FROM --platform=linux/amd64 ocaml/opam:oraclelinux-9-ocaml-5.2 ... RUN eval $(opam env) \ && opam install -y dream.1.0.0~alpha7 ...` After: # Unified Dockerfile (e.g., docker/builders/Dockerfile.srql-builder) ARG BASE_IMAGE=ocaml/opam:ubuntu-24.04-ocaml-5.2 FROM ${BASE_IMAGE} ... # Use a consistent method for all builds, e.g., pinning a specific version RUN eval $(opam env) \ && opam install -y dream.1.0.0~alpha7 ... ... # Other Dockerfiles (for compose, rpm, etc.) # Use the pre-built image from the unified builder FROM my-registry/srql-builder:${VERSION} as builder ... # Copy artifacts from the consistent build environment COPY --from=builder /output/serviceradar-srql /usr/local/bin/ Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies significant inconsistencies in OCaml versions and dependency management across multiple new Dockerfiles, which introduces fragility and maintenance overhead.	High
High-level	Justify the aggressive data retention reduction The PR significantly shortens data retention TTLs for core data streams from 30/7 days to 3 days. This major policy change risks data loss for users needing historical data and requires clear justification and impact analysis. Examples: pkg/db/migrations/00000000000001_consolidated_serviceradar_schema.up.sql [36] `TTL to_start_of_day(coalesce(last_sweep_time, _tp_time)) + INTERVAL 3 DAY` pkg/db/migrations/00000000000001_consolidated_serviceradar_schema.up.sql [183] `TTL to_start_of_day(coalesce(timestamp, _tp_time)) + INTERVAL 3 DAY` Solution Walkthrough: Before: -- pkg/db/migrations/.../consolidated_serviceradar_schema.up.sql -- Latest sweep host states (versioned_kv) – 30d TTL CREATE STREAM IF NOT EXISTS sweep_host_states (...) TTL to_start_of_day(coalesce(last_sweep_time, _tp_time)) + INTERVAL 30 DAY; -- Unified device registry (versioned_kv) – 30d TTL CREATE STREAM IF NOT EXISTS unified_devices_registry (...) TTL to_start_of_day(coalesce(last_seen, _tp_time)) + INTERVAL 30 DAY; -- Topology discovery – 7d TTL CREATE STREAM IF NOT EXISTS topology_discovery_events (...) TTL to_start_of_day(coalesce(timestamp, _tp_time)) + INTERVAL 7 DAY; After: -- pkg/db/migrations/.../consolidated_serviceradar_schema.up.sql -- Latest sweep host states (versioned_kv) – 3d TTL CREATE STREAM IF NOT EXISTS sweep_host_states (...) TTL to_start_of_day(coalesce(last_sweep_time, _tp_time)) + INTERVAL 3 DAY; -- Unified device registry (versioned_kv) – 3d TTL CREATE STREAM IF NOT EXISTS unified_devices_registry (...) TTL to_start_of_day(coalesce(last_seen, _tp_time)) + INTERVAL 3 DAY; -- Topology discovery – 3d TTL CREATE STREAM IF NOT EXISTS topology_discovery_events (...) TTL to_start_of_day(coalesce(timestamp, _tp_time)) + INTERVAL 3 DAY; Suggestion importance[1-10]: 8 __ Why: This suggestion highlights a critical, non-obvious change to data retention policy that could lead to significant data loss and impact users relying on historical data, warranting careful justification.	Medium
Possible issue	Preserve config file permissions on upgrade In the `%post` scriptlet, only set permissions on `/etc/serviceradar/srql.env` during initial package installation (`$1 == 1`) to avoid overwriting custom permissions on upgrades. packaging/specs/serviceradar-srql.spec [42-45] %post %systemd_post serviceradar-srql.service mkdir -p /var/log/serviceradar chown serviceradar:serviceradar /var/log/serviceradar -if [ -f /etc/serviceradar/srql.env ]; then - chown root:serviceradar /etc/serviceradar/srql.env - chmod 640 /etc/serviceradar/srql.env +if [ "$1" -eq 1 ]; then + # Set permissions on initial install only + if [ -f /etc/serviceradar/srql.env ]; then + chown root:serviceradar /etc/serviceradar/srql.env + chmod 640 /etc/serviceradar/srql.env + fi fi if command -v getenforce >/dev/null 2>&1 && [ "$(getenforce)" != "Disabled" ]; then if command -v restorecon >/dev/null 2>&1; then restorecon -Rv /usr/local/bin/serviceradar-srql /etc/serviceradar 2>/dev/null \|\| true fi fi `[To ensure code accuracy, apply this suggestion manually]` Suggestion importance[1-10]: 7 __ Why: The suggestion correctly identifies that permissions on a configuration file are being reset on every upgrade, and proposes the standard RPM packaging fix to only set them on initial install.	Medium
Possible issue	Pin opam repository for reproducible builds For reproducible builds, pin the opam repository to a specific commit hash instead of fetching from the `master` branch. docker/rpm/Dockerfile.rpm.srql [49-54] +ARG OPAM_REPO_COMMIT=... # Replace with a known-good commit hash RUN opam update \ - && git -C /home/opam/opam-repository fetch --depth=1 origin master \ - && git -C /home/opam/opam-repository reset --hard origin/master \ + && git -C /home/opam/opam-repository fetch --depth=1 origin ${OPAM_REPO_COMMIT} \ + && git -C /home/opam/opam-repository reset --hard ${OPAM_REPO_COMMIT} \ && opam update \ && opam pin add proton /tmp/proton-ocaml-driver --kind=path -y \ && opam remove -y mirage-crypto mirage-crypto-rng mirage-crypto-rng-lwt tls tls-lwt x509 \|\| true Apply / Chat Suggestion importance[1-10]: 6 __ Why: The suggestion correctly identifies a non-reproducible build step and proposes a standard best practice to fix it, which improves build stability and reliability.	Low
More

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/1657#issuecomment-3328794916 Original created: 2025-09-24T14:21:31Z --- ## PR Code Suggestions ✨  Explore these optional code suggestions: <table><thead><tr><td><strong>Category</strong></td><td align=left><strong>Suggestion                                                                                                                                    </strong></td><td align=center><strong>Impact</strong></td></tr><tbody><tr><td rowspan=2>High-level</td> <td> <details><summary>Consolidate the inconsistent OCaml build logic</summary> ___ **The PR's multiple Dockerfiles use conflicting OCaml versions and dependency <br>strategies, such as patching <code>dream</code> versus pinning older versions. This should be <br>unified into a single, consistent build process to reduce fragility and improve <br>maintainability.** ### Examples: <details> <summary> <a href="https://github.com/carverauto/serviceradar/pull/1657/files#diff-e0103823c18ea9202ec83a15bc9484f47137179adc12bb22c77e7108d415a184R4-R40">docker/compose/Dockerfile.srql [4-40]</a> </summary> ```dockerfile ARG BASE_IMAGE=ocaml/opam:ubuntu-24.04-ocaml-5.1 FROM ${BASE_IMAGE} AS builder USER root RUN apt-get update \ && apt-get install -y --no-install-recommends \ ca-certificates \ curl \ libev-dev \ libffi-dev \ ... (clipped 27 lines) ``` </details> <details> <summary> <a href="https://github.com/carverauto/serviceradar/pull/1657/files#diff-4aed257fbbf9eddfb69e5c2c023f017af5ab13107d3221efc9ebfa288b9583e3R3-R66">docker/rpm/Dockerfile.rpm.srql [3-66]</a> </summary> ```dockerfile FROM --platform=linux/amd64 ocaml/opam:oraclelinux-9-ocaml-5.2 AS builder SHELL ["/bin/bash", "-lc"] ARG VERSION=0.0.0 ARG RELEASE=1 ARG COMPONENT=srql USER root RUN dnf install -y oracle-epel-release-el9 \ && dnf config-manager --enable ol9_codeready_builder \ ... (clipped 54 lines) ``` </details> ### Solution Walkthrough: #### Before: ```dockerfile # docker/compose/Dockerfile.srql ARG BASE_IMAGE=ocaml/opam:ubuntu-24.04-ocaml-5.1 FROM ${BASE_IMAGE} ... RUN git clone --branch "master" https://github.com/aantron/dream.git /tmp/dream \ && sed -i 's/"h2" {< "0.13.0"}/.../' /tmp/dream/dream-httpaf.opam \ && opam pin add dream /tmp/dream -y ... # docker/rpm/Dockerfile.rpm.srql FROM --platform=linux/amd64 ocaml/opam:oraclelinux-9-ocaml-5.2 ... RUN eval $(opam env) \ && opam install -y dream.1.0.0~alpha7 ... ``` #### After: ```dockerfile # Unified Dockerfile (e.g., docker/builders/Dockerfile.srql-builder) ARG BASE_IMAGE=ocaml/opam:ubuntu-24.04-ocaml-5.2 FROM ${BASE_IMAGE} ... # Use a consistent method for all builds, e.g., pinning a specific version RUN eval $(opam env) \ && opam install -y dream.1.0.0~alpha7 ... ... # Other Dockerfiles (for compose, rpm, etc.) # Use the pre-built image from the unified builder FROM my-registry/srql-builder:${VERSION} as builder ... # Copy artifacts from the consistent build environment COPY --from=builder /output/serviceradar-srql /usr/local/bin/ ``` <details><summary>Suggestion importance[1-10]: 9</summary> __ Why: The suggestion correctly identifies significant inconsistencies in OCaml versions and dependency management across multiple new Dockerfiles, which introduces fragility and maintenance overhead. </details></details></td><td align=center>High </td></tr><tr><td> <details><summary>Justify the aggressive data retention reduction</summary> ___ **The PR significantly shortens data retention TTLs for core data streams from <br>30/7 days to 3 days. This major policy change risks data loss for users needing <br>historical data and requires clear justification and impact analysis.** ### Examples: <details> <summary> <a href="https://github.com/carverauto/serviceradar/pull/1657/files#diff-1e05de747238f2112bb2230aac8db388e4c80eebe84c071eb78e035d64e67eb6R36-R36">pkg/db/migrations/00000000000001_consolidated_serviceradar_schema.up.sql [36]</a> </summary> ```sql TTL to_start_of_day(coalesce(last_sweep_time, _tp_time)) + INTERVAL 3 DAY ``` </details> <details> <summary> <a href="https://github.com/carverauto/serviceradar/pull/1657/files#diff-1e05de747238f2112bb2230aac8db388e4c80eebe84c071eb78e035d64e67eb6R183-R183">pkg/db/migrations/00000000000001_consolidated_serviceradar_schema.up.sql [183]</a> </summary> ```sql TTL to_start_of_day(coalesce(timestamp, _tp_time)) + INTERVAL 3 DAY ``` </details> ### Solution Walkthrough: #### Before: ```sql -- pkg/db/migrations/.../consolidated_serviceradar_schema.up.sql -- Latest sweep host states (versioned_kv) – 30d TTL CREATE STREAM IF NOT EXISTS sweep_host_states (...) TTL to_start_of_day(coalesce(last_sweep_time, _tp_time)) + INTERVAL 30 DAY; -- Unified device registry (versioned_kv) – 30d TTL CREATE STREAM IF NOT EXISTS unified_devices_registry (...) TTL to_start_of_day(coalesce(last_seen, _tp_time)) + INTERVAL 30 DAY; -- Topology discovery – 7d TTL CREATE STREAM IF NOT EXISTS topology_discovery_events (...) TTL to_start_of_day(coalesce(timestamp, _tp_time)) + INTERVAL 7 DAY; ``` #### After: ```sql -- pkg/db/migrations/.../consolidated_serviceradar_schema.up.sql -- Latest sweep host states (versioned_kv) – 3d TTL CREATE STREAM IF NOT EXISTS sweep_host_states (...) TTL to_start_of_day(coalesce(last_sweep_time, _tp_time)) + INTERVAL 3 DAY; -- Unified device registry (versioned_kv) – 3d TTL CREATE STREAM IF NOT EXISTS unified_devices_registry (...) TTL to_start_of_day(coalesce(last_seen, _tp_time)) + INTERVAL 3 DAY; -- Topology discovery – 3d TTL CREATE STREAM IF NOT EXISTS topology_discovery_events (...) TTL to_start_of_day(coalesce(timestamp, _tp_time)) + INTERVAL 3 DAY; ``` <details><summary>Suggestion importance[1-10]: 8</summary> __ Why: This suggestion highlights a critical, non-obvious change to data retention policy that could lead to significant data loss and impact users relying on historical data, warranting careful justification. </details></details></td><td align=center>Medium </td></tr><tr><td rowspan=2>Possible issue</td> <td> <details><summary>Preserve config file permissions on upgrade</summary> ___ **In the <code>%post</code> scriptlet, only set permissions on <code>/etc/serviceradar/srql.env</code> <br>during initial package installation (<code>$1 == 1</code>) to avoid overwriting custom <br>permissions on upgrades.** [packaging/specs/serviceradar-srql.spec [42-45]](https://github.com/carverauto/serviceradar/pull/1657/files#diff-0f0d2551b721585ca16456a6217f4633c70f56c4a667e721d6783744ca3e5ff8R42-R45) ```diff %post %systemd_post serviceradar-srql.service mkdir -p /var/log/serviceradar chown serviceradar:serviceradar /var/log/serviceradar -if [ -f /etc/serviceradar/srql.env ]; then - chown root:serviceradar /etc/serviceradar/srql.env - chmod 640 /etc/serviceradar/srql.env +if [ "$1" -eq 1 ]; then + # Set permissions on initial install only + if [ -f /etc/serviceradar/srql.env ]; then + chown root:serviceradar /etc/serviceradar/srql.env + chmod 640 /etc/serviceradar/srql.env + fi fi if command -v getenforce >/dev/null 2>&1 && [ "$(getenforce)" != "Disabled" ]; then if command -v restorecon >/dev/null 2>&1; then restorecon -Rv /usr/local/bin/serviceradar-srql /etc/serviceradar 2>/dev/null || true fi fi ``` `[To ensure code accuracy, apply this suggestion manually]` <details><summary>Suggestion importance[1-10]: 7</summary> __ Why: The suggestion correctly identifies that permissions on a configuration file are being reset on every upgrade, and proposes the standard RPM packaging fix to only set them on initial install. </details></details></td><td align=center>Medium </td></tr><tr><td> <details><summary>Pin opam repository for reproducible builds</summary> ___ **For reproducible builds, pin the opam repository to a specific commit hash <br>instead of fetching from the <code>master</code> branch.** [docker/rpm/Dockerfile.rpm.srql [49-54]](https://github.com/carverauto/serviceradar/pull/1657/files#diff-4aed257fbbf9eddfb69e5c2c023f017af5ab13107d3221efc9ebfa288b9583e3R49-R54) ```diff +ARG OPAM_REPO_COMMIT=... # Replace with a known-good commit hash RUN opam update \ - && git -C /home/opam/opam-repository fetch --depth=1 origin master \ - && git -C /home/opam/opam-repository reset --hard origin/master \ + && git -C /home/opam/opam-repository fetch --depth=1 origin ${OPAM_REPO_COMMIT} \ + && git -C /home/opam/opam-repository reset --hard ${OPAM_REPO_COMMIT} \ && opam update \ && opam pin add proton /tmp/proton-ocaml-driver --kind=path -y \ && opam remove -y mirage-crypto mirage-crypto-rng mirage-crypto-rng-lwt tls tls-lwt x509 || true ``` - [ ] **Apply / Chat**  <details><summary>Suggestion importance[1-10]: 6</summary> __ Why: The suggestion correctly identifies a non-reproducible build step and proposes a standard best practice to fix it, which improves build stability and reliability. </details></details></td><td align=center>Low </td></tr> <tr><td align="center" colspan="2"> - [ ] More  </td><td></td></tr></tbody></table>

qodo-code-review[bot] commented

2025-09-24 14:26:02 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1657#issuecomment-3328814930
Original created: 2025-09-24T14:26:02Z

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: build-test

Failed stage: Install dependencies (with tests) [❌]

Failure summary:

The action failed due to an opam dependency resolution conflict:
- The environment pins
ocaml-base-compiler = 5.3.0 (invariant), but dependencies pulled by deps-of-srql-translator → dream
≥ 1.0.0alpha7 → dream-httpaf ≥ 1.0.0alpha4 → h2 < 0.13.0 → hpack = 0.11.0 require ocaml < 5.3 (and
in some paths ocaml < 5.0).
- This creates incompatible constraints with ocaml-base-compiler =
5.3.0, conflicting with dkml-base-compiler and ocaml-variants.
- Additional missing dependencies are
gated by availability conditions:
- ocaml-beta requires enable-ocaml-beta-repository.
-
system-msvc requires os = "win32".
- opam exits with a package conflict error (exit code 20),
causing the job to fail.

Relevant error logs:

1:  ##[group]Runner Image Provisioner
2:  Hosted Compute Agent
...

193:  Setting up musl-dev:amd64 (1.2.4-2) ...
194:  Setting up musl-tools (1.2.4-2) ...
195:  Processing triggers for man-db (2.12.0-4build2) ...
196:  Not building database; man-db/auto-update is not 'true'.
197:  Running kernel seems to be up-to-date.
198:  Restarting services...
199:  Service restarts being deferred:
200:  systemctl restart hosted-compute-agent.service
201:  No containers need to be restarted.
202:  No user sessions are running outdated binaries.
203:  No VM guests are running outdated hypervisor (qemu) binaries on this host.
204:  [command]/opt/hostedtoolcache/opam/2.4.1/x86_64/opam init --auto-setup --bare --enable-shell-hook
205:  No configuration file found, using built-in defaults.
206:  Checking for available remotes: rsync and local, git, mercurial.
207:  - you won't be able to use darcs repositories unless you install the ^[[01mdarcs^[[0m command on your system.
208:  ^[[31m[ERROR]^[[0m Sandboxing is not working on your platform ubuntu:
209:  "~/.opam/opam-init/hooks/sandbox.sh build sh -c echo SUCCESS | tee check-write" exited with code 1 "bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted"
210:  Do you want to disable it?  Note that this will result in less secure package builds, so please ensure that you have some other isolation mechanisms in place (such as running within a container or virtual machine). [^[[1;34my^[[0m/^[[1;34mN^[[0m] y
...

673:  shell: /usr/bin/bash -e {0}
674:  env:
675:  OPAMCOLOR: always
676:  OPAMCONFIRMLEVEL: unsafe-yes
677:  OPAMDOWNLOADJOBS: 4
678:  OPAMERRLOGLEN: 0
679:  OPAMEXTERNALSOLVER: builtin-0install
680:  OPAMPRECISETRACKING: 1
681:  OPAMRETRIES: 10
682:  OPAMROOT: /home/runner/.opam
683:  OPAMSOLVERTIMEOUT: 600
684:  OPAMYES: 1
685:  DUNE_CACHE_ROOT: /home/runner/.cache/dune
686:  CLICOLOR_FORCE: 1
687:  ##[endgroup]
688:  ^[[31m[ERROR]^[[0m Package conflict!
689:  ^[[31m  * ^[[0mNo agreement on the version of ^[[01mh2^[[0m:
...

697:  ^[[31m  * ^[[0mNo agreement on the version of ^[[01mocaml-base-compiler^[[0m:
698:  - (invariant)^[[33m → ^[[0m^[[31;01mocaml-base-compiler = 5.3.0^[[0m
699:  - deps-of-srql-translator^[[33m → ^[[0mdream >= 1.0.0~alpha7^[[33m → ^[[0mdream-httpaf >= 1.0.0~alpha4^[[33m → ^[[0mh2 < 0.13.0^[[33m → ^[[0mhpack = 0.11.0^[[33m → ^[[0mocaml < 5.3^[[33m → ^[[0m^[[31;01mocaml-base-compiler < 5.2.2~^[[0m
700:  ^[[31m  * ^[[0mIncompatible packages:
701:  - (invariant)^[[33m → ^[[0m^[[31;01mocaml-base-compiler = 5.3.0^[[0m
702:  - deps-of-srql-translator^[[33m → ^[[0mdream >= 1.0.0~alpha7^[[33m → ^[[0mdream-httpaf >= 1.0.0~alpha4^[[33m → ^[[0mh2 < 0.13.0^[[33m → ^[[0mocaml < 5.0^[[33m → ^[[0m^[[31;01mdkml-base-compiler^[[0m
703:  ^[[31m  * ^[[0mIncompatible packages:
704:  - (invariant)^[[33m → ^[[0m^[[31;01mocaml-base-compiler = 5.3.0^[[0m
705:  - deps-of-srql-translator^[[33m → ^[[0mdream >= 1.0.0~alpha7^[[33m → ^[[0mdream-httpaf >= 1.0.0~alpha4^[[33m → ^[[0mh2 < 0.13.0^[[33m → ^[[0mocaml < 5.0^[[33m → ^[[0m^[[31;01mocaml-variants^[[0m
706:  ^[[31m  * ^[[0mMissing dependency:
707:  - deps-of-srql-translator^[[33m → ^[[0mdream >= 1.0.0~alpha7^[[33m → ^[[0mdream-httpaf >= 1.0.0~alpha4^[[33m → ^[[0mh2 < 0.13.0^[[33m → ^[[0mocaml < 5.0^[[33m → ^[[0mocaml-variants^[[33m → ^[[0m^[[31;01mocaml-beta^[[0m
708:  unmet availability conditions: 'enable-ocaml-beta-repository'
709:  ^[[31m  * ^[[0mMissing dependency:
710:  - deps-of-srql-translator^[[33m → ^[[0mdream >= 1.0.0~alpha7^[[33m → ^[[0mdream-httpaf >= 1.0.0~alpha4^[[33m → ^[[0mh2 < 0.13.0^[[33m → ^[[0mocaml < 5.0^[[33m → ^[[0mocaml-variants^[[33m → ^[[0m^[[31;01msystem-msvc^[[0m
711:  unmet availability conditions: 'os = "win32"'
712:  ##[error]Process completed with exit code 20.
713:  Post job cleanup.

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/1657#issuecomment-3328814930 Original created: 2025-09-24T14:26:02Z --- ## CI Feedback 🧐 A test triggered by this PR failed. Here is an AI-generated analysis of the failure: <table><tr><td> **Action:** build-test</td></tr> <tr><td> **Failed stage:** [Install dependencies (with tests)](https://github.com/carverauto/serviceradar/actions/runs/17979665372/job/51142049260) [❌] </td></tr> <tr><td> **Failure summary:** The action failed due to an opam dependency resolution conflict:<br> - The environment pins <br><code>ocaml-base-compiler = 5.3.0</code> (invariant), but dependencies pulled by <code>deps-of-srql-translator → dream </code><br><code>≥ 1.0.0~alpha7 → dream-httpaf ≥ 1.0.0~alpha4 → h2 < 0.13.0 → hpack = 0.11.0</code> require <code>ocaml < 5.3</code> (and <br>in some paths <code>ocaml < 5.0</code>).<br> - This creates incompatible constraints with <code>ocaml-base-compiler = </code><br><code>5.3.0</code>, conflicting with <code>dkml-base-compiler</code> and <code>ocaml-variants</code>.<br> - Additional missing dependencies are <br>gated by availability conditions:<br> - <code>ocaml-beta</code> requires <code>enable-ocaml-beta-repository</code>.<br> - <br><code>system-msvc</code> requires <code>os = "win32"</code>.<br> - opam exits with a package conflict error (exit code 20), <br>causing the job to fail.<br> </td></tr> <tr><td> <details><summary>Relevant error logs:</summary> ```yaml 1: ##[group]Runner Image Provisioner 2: Hosted Compute Agent ... 193: Setting up musl-dev:amd64 (1.2.4-2) ... 194: Setting up musl-tools (1.2.4-2) ... 195: Processing triggers for man-db (2.12.0-4build2) ... 196: Not building database; man-db/auto-update is not 'true'. 197: Running kernel seems to be up-to-date. 198: Restarting services... 199: Service restarts being deferred: 200: systemctl restart hosted-compute-agent.service 201: No containers need to be restarted. 202: No user sessions are running outdated binaries. 203: No VM guests are running outdated hypervisor (qemu) binaries on this host. 204: [command]/opt/hostedtoolcache/opam/2.4.1/x86_64/opam init --auto-setup --bare --enable-shell-hook 205: No configuration file found, using built-in defaults. 206: Checking for available remotes: rsync and local, git, mercurial. 207: - you won't be able to use darcs repositories unless you install the ^[[01mdarcs^[[0m command on your system. 208: ^[[31m[ERROR]^[[0m Sandboxing is not working on your platform ubuntu: 209: "~/.opam/opam-init/hooks/sandbox.sh build sh -c echo SUCCESS | tee check-write" exited with code 1 "bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted" 210: Do you want to disable it? Note that this will result in less secure package builds, so please ensure that you have some other isolation mechanisms in place (such as running within a container or virtual machine). [^[[1;34my^[[0m/^[[1;34mN^[[0m] y ... 673: shell: /usr/bin/bash -e {0} 674: env: 675: OPAMCOLOR: always 676: OPAMCONFIRMLEVEL: unsafe-yes 677: OPAMDOWNLOADJOBS: 4 678: OPAMERRLOGLEN: 0 679: OPAMEXTERNALSOLVER: builtin-0install 680: OPAMPRECISETRACKING: 1 681: OPAMRETRIES: 10 682: OPAMROOT: /home/runner/.opam 683: OPAMSOLVERTIMEOUT: 600 684: OPAMYES: 1 685: DUNE_CACHE_ROOT: /home/runner/.cache/dune 686: CLICOLOR_FORCE: 1 687: ##[endgroup] 688: ^[[31m[ERROR]^[[0m Package conflict! 689: ^[[31m * ^[[0mNo agreement on the version of ^[[01mh2^[[0m: ... 697: ^[[31m * ^[[0mNo agreement on the version of ^[[01mocaml-base-compiler^[[0m: 698: - (invariant)^[[33m → ^[[0m^[[31;01mocaml-base-compiler = 5.3.0^[[0m 699: - deps-of-srql-translator^[[33m → ^[[0mdream >= 1.0.0~alpha7^[[33m → ^[[0mdream-httpaf >= 1.0.0~alpha4^[[33m → ^[[0mh2 < 0.13.0^[[33m → ^[[0mhpack = 0.11.0^[[33m → ^[[0mocaml < 5.3^[[33m → ^[[0m^[[31;01mocaml-base-compiler < 5.2.2~^[[0m 700: ^[[31m * ^[[0mIncompatible packages: 701: - (invariant)^[[33m → ^[[0m^[[31;01mocaml-base-compiler = 5.3.0^[[0m 702: - deps-of-srql-translator^[[33m → ^[[0mdream >= 1.0.0~alpha7^[[33m → ^[[0mdream-httpaf >= 1.0.0~alpha4^[[33m → ^[[0mh2 < 0.13.0^[[33m → ^[[0mocaml < 5.0^[[33m → ^[[0m^[[31;01mdkml-base-compiler^[[0m 703: ^[[31m * ^[[0mIncompatible packages: 704: - (invariant)^[[33m → ^[[0m^[[31;01mocaml-base-compiler = 5.3.0^[[0m 705: - deps-of-srql-translator^[[33m → ^[[0mdream >= 1.0.0~alpha7^[[33m → ^[[0mdream-httpaf >= 1.0.0~alpha4^[[33m → ^[[0mh2 < 0.13.0^[[33m → ^[[0mocaml < 5.0^[[33m → ^[[0m^[[31;01mocaml-variants^[[0m 706: ^[[31m * ^[[0mMissing dependency: 707: - deps-of-srql-translator^[[33m → ^[[0mdream >= 1.0.0~alpha7^[[33m → ^[[0mdream-httpaf >= 1.0.0~alpha4^[[33m → ^[[0mh2 < 0.13.0^[[33m → ^[[0mocaml < 5.0^[[33m → ^[[0mocaml-variants^[[33m → ^[[0m^[[31;01mocaml-beta^[[0m 708: unmet availability conditions: 'enable-ocaml-beta-repository' 709: ^[[31m * ^[[0mMissing dependency: 710: - deps-of-srql-translator^[[33m → ^[[0mdream >= 1.0.0~alpha7^[[33m → ^[[0mdream-httpaf >= 1.0.0~alpha4^[[33m → ^[[0mh2 < 0.13.0^[[33m → ^[[0mocaml < 5.0^[[33m → ^[[0mocaml-variants^[[33m → ^[[0m^[[31;01msystem-msvc^[[0m 711: unmet availability conditions: 'os = "win32"' 712: ##[error]Process completed with exit code 20. 713: Post job cleanup. ``` </details></td></tr></table>