release should use bazel not arc runners #2448

Merged

mfreeman451 merged 1 commit from refs/pull/2448/head into main

2025-11-23 10:33:33 +00:00

mfreeman451 commented

2025-11-23 10:30:20 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #1980
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/1980
Original created: 2025-11-23T10:30:20Z
Original updated: 2025-11-23T10:33:37Z
Original head: carverauto/serviceradar:chore/fix_release_publish
Original base: main
Original merged: 2025-11-23T10:33:33Z by @mfreeman451

User description

IMPORTANT: Please sign the Developer Certificate of Origin

Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include
a DCO sign-off statement indicating the DCO acceptance in one commit message. Here
is an example DCO Signed-off-by line in a commit message:

Signed-off-by: J. Doe <j.doe@domain.com>

Describe your changes

Issue ticket number and link

Code checklist before requesting a review

I have signed the DCO?
The build completes without errors?
All tests are passing when running make test?

PR Type

Enhancement

Description

Simplify release workflow by removing local rpmbuild installation
Switch from local execution to RBE executor for package building
Remove manual OpenSSL environment variable configuration
Leverage rpmbuild toolchain baked into RBE executor image

Diagram Walkthrough

flowchart LR
  A["Local rpmbuild<br/>installation"] -->|removed| B["RBE executor<br/>with toolchain"]
  C["Manual env<br/>configuration"] -->|removed| B
  D["Local execution<br/>config flags"] -->|replaced| E["Remote config"]
  B --> F["Simplified<br/>release workflow"]

File Walkthrough

Relevant files

Configuration changes

release.yml

Switch release build from local to RBE executor

.github/workflows/release.yml

Removed apt-get install rpm rpm2cpio commands from both early checkout
step and main build step
Removed manual rpmbuild verification and version checking logic
Removed OpenSSL environment variable exports and configuration
(OPENSSL_DIR, OPENSSL_LIB_DIR, OPENSSL_INCLUDE_DIR)
Replaced --config=no_remote with --config=remote and removed all local
execution flags (--remote_executor=, --remote_cache=, --noremote_*
flags)
Removed bazel clean --expunge command and --jobs=8 flag
Added comment indicating rpmbuild is now provided by RBE executor
toolchain image

+2/-38

Imported from GitHub pull request. Original GitHub pull request: #1980 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/1980 Original created: 2025-11-23T10:30:20Z Original updated: 2025-11-23T10:33:37Z Original head: carverauto/serviceradar:chore/fix_release_publish Original base: main Original merged: 2025-11-23T10:33:33Z by @mfreeman451 --- ### **User description** ## IMPORTANT: Please sign the Developer Certificate of Origin Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include a [DCO sign-off statement]( https://developercertificate.org/) indicating the DCO acceptance in one commit message. Here is an example DCO Signed-off-by line in a commit message: ``` Signed-off-by: J. Doe <j.doe@domain.com> ``` ## Describe your changes ## Issue ticket number and link ## Code checklist before requesting a review - [ ] I have signed the DCO? - [ ] The build completes without errors? - [ ] All tests are passing when running make test? ___ ### **PR Type** Enhancement ___ ### **Description** - Simplify release workflow by removing local rpmbuild installation - Switch from local execution to RBE executor for package building - Remove manual OpenSSL environment variable configuration - Leverage rpmbuild toolchain baked into RBE executor image ___ ### Diagram Walkthrough ```mermaid flowchart LR A["Local rpmbuild installation"] -->|removed| B["RBE executor with toolchain"] C["Manual env configuration"] -->|removed| B D["Local execution config flags"] -->|replaced| E["Remote config"] B --> F["Simplified release workflow"] ``` <details> <summary><h3> File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td>Configuration changes</td><td><table> <tr> <td> <details> <summary>release.yml<dd><code>Switch release build from local to RBE executor</code>                    </dd></summary> <hr> .github/workflows/release.yml <ul><li>Removed <code>apt-get install rpm rpm2cpio</code> commands from both early checkout step and main build step <li> Removed manual rpmbuild verification and version checking logic <li> Removed OpenSSL environment variable exports and configuration (OPENSSL_DIR, OPENSSL_LIB_DIR, OPENSSL_INCLUDE_DIR) <li> Replaced <code>--config=no_remote</code> with <code>--config=remote</code> and removed all local execution flags (<code>--remote_executor=</code>, <code>--remote_cache=</code>, <code>--noremote_*</code> flags) <li> Removed <code>bazel clean --expunge</code> command and <code>--jobs=8</code> flag <li> Added comment indicating rpmbuild is now provided by RBE executor toolchain image</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1980/files#diff-87db21a973eed4fef5f32b267aa60fcee5cbdf03c67fafdc2a9b553bb0b15f34">+2/-38</a>    </td> </tr> </table></td></tr></tr></tbody></table> </details> ___

qodo-code-review[bot] commented

2025-11-23 10:30:38 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1980#issuecomment-3567801848
Original created: 2025-11-23T10:30:38Z

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Missing audit logs: The workflow changes introduce remote execution for release publishing without adding any audit logging of critical actions (build/publish), but CI logs may already capture this; verify organizational audit requirements. Referred Code `# Build and upload packages using the RBE executor (rpmbuild is baked into the toolchain image). bazel run \ --config=remote \ --stamp \ //release:publish_packages \ -- "${args[@]}"` Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Limited failure handling: The new remote bazel invocation removes prior validation steps (e.g., rpmbuild checks) without adding explicit error handling or retries, relying solely on step failure behavior. Referred Code `# Build and upload packages using the RBE executor (rpmbuild is baked into the toolchain image). bazel run \ --config=remote \ --stamp \ //release:publish_packages \ -- "${args[@]}"` Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/1980#issuecomment-3567801848 Original created: 2025-11-23T10:30:38Z --- ## PR Compliance Guide 🔍  Below is a summary of compliance checks for this PR: <table><tbody><tr><td colspan='2'>Security Compliance</td></tr> <tr><td>🟢</td><td><details><summary>No security concerns identified</summary> No security vulnerabilities detected by AI analysis. Human verification advised for critical code. </details></td></tr> <tr><td colspan='2'>Ticket Compliance</td></tr> <tr><td>⚪</td><td><details><summary>🎫 No ticket provided </summary> - [ ] Create ticket/issue  </details></td></tr> <tr><td colspan='2'>Codebase Duplication Compliance</td></tr> <tr><td>⚪</td><td><details><summary>Codebase context is not defined </summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/core-abilities/rag_context_enrichment/'>guide</a> to enable codebase context checks. </details></td></tr> <tr><td colspan='2'>Custom Compliance</td></tr> <tr><td rowspan=4>🟢</td><td> <details><summary>Generic: Meaningful Naming and Self-Documenting Code</summary> **Objective:** Ensure all identifiers clearly express their purpose and intent, making code self-documenting **Status:** Passed > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary>Generic: Secure Error Handling</summary> **Objective:** To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. **Status:** Passed > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary>Generic: Secure Logging Practices</summary> **Objective:** To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. **Status:** Passed > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary>Generic: Security-First Input Validation and Data Handling</summary> **Objective:** Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities **Status:** Passed > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td rowspan=2>⚪</td> <td><details> <summary>Generic: Comprehensive Audit Trails</summary> **Objective:** To create a detailed and reliable record of critical system actions for security analysis and compliance. **Status:** <a href='https://github.com/carverauto/serviceradar/pull/1980/files#diff-87db21a973eed4fef5f32b267aa60fcee5cbdf03c67fafdc2a9b553bb0b15f34R238-R243'>Missing audit logs</a>: The workflow changes introduce remote execution for release publishing without adding any audit logging of critical actions (build/publish), but CI logs may already capture this; verify organizational audit requirements. <details open><summary>Referred Code</summary> ```yaml # Build and upload packages using the RBE executor (rpmbuild is baked into the toolchain image). bazel run \ --config=remote \ --stamp \ //release:publish_packages \ -- "${args[@]}" ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary>Generic: Robust Error Handling and Edge Case Management</summary> **Objective:** Ensure comprehensive error handling that provides meaningful context and graceful degradation **Status:** <a href='https://github.com/carverauto/serviceradar/pull/1980/files#diff-87db21a973eed4fef5f32b267aa60fcee5cbdf03c67fafdc2a9b553bb0b15f34R238-R243'>Limited failure handling</a>: The new remote bazel invocation removes prior validation steps (e.g., rpmbuild checks) without adding explicit error handling or retries, relying solely on step failure behavior. <details open><summary>Referred Code</summary> ```yaml # Build and upload packages using the RBE executor (rpmbuild is baked into the toolchain image). bazel run \ --config=remote \ --stamp \ //release:publish_packages \ -- "${args[@]}" ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td align="center" colspan="2">   </td></tr></tbody></table> <details><summary>Compliance status legend</summary> 🟢 - Fully Compliant 🟡 - Partial Compliant 🔴 - Not Compliant ⚪ - Requires Further Human Verification 🏷️ - Compliance label </details>

qodo-code-review[bot] commented

2025-11-23 10:31:03 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1980#issuecomment-3567802148
Original created: 2025-11-23T10:31:03Z

PR Code Suggestions ✨

No code suggestions found for the PR.

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/1980#issuecomment-3567802148 Original created: 2025-11-23T10:31:03Z --- ## PR Code Suggestions ✨ No code suggestions found for the PR.