carverauto/serviceradar

Fork 0

fixing flowgger / rust kv watcher infinite restart issues #2558

Merged

mfreeman451 merged 4 commits from refs/pull/2558/head into main

2025-12-14 16:50:41 +00:00

mfreeman451 commented

2025-12-14 03:59:48 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #2119
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/2119
Original created: 2025-12-14T03:59:48Z
Original updated: 2025-12-14T16:50:45Z
Original head: carverauto/serviceradar:feat/ui_update_mapper_and_snmp
Original base: main
Original merged: 2025-12-14T16:50:41Z by @mfreeman451

User description

IMPORTANT: Please sign the Developer Certificate of Origin

Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include
a DCO sign-off statement indicating the DCO acceptance in one commit message. Here
is an example DCO Signed-off-by line in a commit message:

Signed-off-by: J. Doe <j.doe@domain.com>

Describe your changes

Issue ticket number and link

Code checklist before requesting a review

I have signed the DCO?
The build completes without errors?
All tests are passing when running make test?

PR Type

Enhancement, Bug fix

Description

Fix infinite restart loops in Rust KV watchers by skipping initial config value
Add sensitive field redaction for mapper and SNMP checker configs in API responses
Implement per-interface SNMP polling preference storage and management in KV
Add UI controls for mapper discovery configuration and interface SNMP polling toggles
Enable checker services to act as KV clients for telemetry and config updates

Diagram Walkthrough

flowchart LR
  A["Rust Services<br/>flowgger, trapd, sysmon, rperf"] -->|Skip initial KV event| B["Stable Config<br/>No restart loops"]
  C["UI Discovery View"] -->|Read/Write| D["Core API<br/>Config + Preferences"]
  D -->|Redact sensitive| E["Browser<br/>Safe display"]
  D -->|Persist| F["KV Store<br/>mapper.json<br/>snmp-checker.json<br/>interface prefs"]
  G["Discovered Interfaces"] -->|Toggle SNMP| H["Per-interface<br/>Polling Prefs"]
  H -->|Rebuild targets| I["SNMP Checker<br/>Config"]

File Walkthrough

Relevant files

Bug fix

4 files

main.rs `Skip initial KV watch event to prevent restart`	+6/-0
main.rs `Skip initial KV watch event to prevent restart`	+6/-0
main.rs `Skip initial KV watch event to prevent restart`	+6/-0
main.rs `Skip initial KV watch event to prevent restart`	+6/-0

Enhancement

12 files

types.go `Mark community field as sensitive in struct tag`	+1/-1
config_redaction.go `New module for redacting sensitive config values`	+194/-0
network_discovery.go `New endpoints for SNMP polling preferences and targets`	+639/-0
auth.go `Redact config bytes before returning to client`	+11/-1
server.go `Register new SNMP polling preference API routes`	+3/-0
security.go `Enable checker services as KV/telemetry clients`	+1/-1
types.go `Mark sensitive fields with struct tags and fix alignment`	+22/-22
route.ts `New proxy endpoint for batch SNMP polling preferences`	+46/-0
route.ts `New proxy endpoint for SNMP polling preference updates`	+46/-0
route.ts `New proxy endpoint for rebuilding SNMP checker targets`	+46/-0
DeviceBasedDiscoveryDashboard.tsx `Add discovery config UI and SNMP polling toggle controls`	+454/-1
InterfaceTable.tsx `Add SNMP polling toggle column to interface table`	+55/-2

Tests

1 files

config_redaction_test.go
Tests for config redaction and restoration logic +151/-0

Formatting

1 files

errors.go
Fix alignment and formatting of error definitions +6/-6

Configuration changes

1 files

BUILD.bazel
Add new source files and dependencies to build +5/-0

Documentation

8 files

proposal.md `Design proposal for network discovery UI feature`	+42/-0
design.md `Detailed design decisions and migration plan`	+57/-0
spec.md `KV storage requirements for interface preferences`	+16/-0
spec.md `Network discovery and polling control requirements`	+37/-0
tasks.md `Implementation tasks and validation checklist`	+21/-0
proposal.md `Proposal for fixing KV watcher restart loops`	+16/-0
spec.md `KV watch event handling requirements`	+33/-0
tasks.md `Tasks for fixing Rust service restart loops`	+7/-0

Imported from GitHub pull request. Original GitHub pull request: #2119 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/2119 Original created: 2025-12-14T03:59:48Z Original updated: 2025-12-14T16:50:45Z Original head: carverauto/serviceradar:feat/ui_update_mapper_and_snmp Original base: main Original merged: 2025-12-14T16:50:41Z by @mfreeman451 --- ### **User description** ## IMPORTANT: Please sign the Developer Certificate of Origin Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include a [DCO sign-off statement]( https://developercertificate.org/) indicating the DCO acceptance in one commit message. Here is an example DCO Signed-off-by line in a commit message: ``` Signed-off-by: J. Doe <j.doe@domain.com> ``` ## Describe your changes ## Issue ticket number and link ## Code checklist before requesting a review - [ ] I have signed the DCO? - [ ] The build completes without errors? - [ ] All tests are passing when running make test? ___ ### **PR Type** Enhancement, Bug fix ___ ### **Description** - Fix infinite restart loops in Rust KV watchers by skipping initial config value - Add sensitive field redaction for mapper and SNMP checker configs in API responses - Implement per-interface SNMP polling preference storage and management in KV - Add UI controls for mapper discovery configuration and interface SNMP polling toggles - Enable checker services to act as KV clients for telemetry and config updates ___ ### Diagram Walkthrough ```mermaid flowchart LR A["Rust Services flowgger, trapd, sysmon, rperf"] -->|Skip initial KV event| B["Stable Config No restart loops"] C["UI Discovery View"] -->|Read/Write| D["Core API Config + Preferences"] D -->|Redact sensitive| E["Browser Safe display"] D -->|Persist| F["KV Store mapper.json snmp-checker.json interface prefs"] G["Discovered Interfaces"] -->|Toggle SNMP| H["Per-interface Polling Prefs"] H -->|Rebuild targets| I["SNMP Checker Config"] ``` <details><summary><h3>File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td>Bug fix</td><td><details><summary>4 files</summary><table> <tr> <td>main.rs<dd><code>Skip initial KV watch event to prevent restart</code>                      </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-c10b431511497d683869182aaf88fb2ec422f3db7fe27ce5af646a9a4f8f3899">+6/-0</a>      </td> </tr> <tr> <td>main.rs<dd><code>Skip initial KV watch event to prevent restart</code>                      </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-33b655d8730ae3e9c844ee280787d11f1b0d5343119188273f89558805f814ba">+6/-0</a>      </td> </tr> <tr> <td>main.rs<dd><code>Skip initial KV watch event to prevent restart</code>                      </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-cef134403622089f759cfa006eb04dc8f1cfda08497a9d38586cc4de03d14820">+6/-0</a>      </td> </tr> <tr> <td>main.rs<dd><code>Skip initial KV watch event to prevent restart</code>                      </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-fb8dc04ef7087f15c7498a2d197e37fd629444ebff0291a3cc8ca49aabdc94cc">+6/-0</a>      </td> </tr> </table></details></td></tr><tr><td>Enhancement</td><td><details><summary>12 files</summary><table> <tr> <td>types.go<dd><code>Mark community field as sensitive in struct tag</code>                    </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-d084fb749025dce23d720e215c6e66f52fe28432c912037984099c7570572a8b">+1/-1</a>      </td> </tr> <tr> <td>config_redaction.go<dd><code>New module for redacting sensitive config values</code>                  </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-2331b461668ce353c364a2d779e3d064ce00c536d4fa4b26dd6eaced7df476a4">+194/-0</a>  </td> </tr> <tr> <td>network_discovery.go<dd><code>New endpoints for SNMP polling preferences and targets</code>      </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-60047002fd6642800576f57541a62a48015b4e21c7e00c4c8bfcae29007e0804">+639/-0</a>  </td> </tr> <tr> <td>auth.go<dd><code>Redact config bytes before returning to client</code>                      </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-61eb09279471ca59a1b57a306f0ad05988a8cb39eca163b32bfb86c53f8a553e">+11/-1</a>    </td> </tr> <tr> <td>server.go<dd><code>Register new SNMP polling preference API routes</code>                    </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-1bb99367fdd853c728b7cfbf5893a293f6d217144dfb5282cb8dd32e5261021e">+3/-0</a>      </td> </tr> <tr> <td>security.go<dd><code>Enable checker services as KV/telemetry clients</code>                    </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-16c7ade0ef011a3e8a25fea036572ef166aecce3f6711fb7b0ce8d1a91d81639">+1/-1</a>      </td> </tr> <tr> <td>types.go<dd><code>Mark sensitive fields with struct tags and fix alignment</code>  </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-758a385752111929b8b9750602a3acfb807b9aa2c5bcf9f74af6a4a0f9dbc9fb">+22/-22</a>  </td> </tr> <tr> <td>route.ts<dd><code>New proxy endpoint for batch SNMP polling preferences</code>        </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-31f1a97d38f46c769083c7d59cecda05985d17ca40941024b9e6b5b904e03b44">+46/-0</a>    </td> </tr> <tr> <td>route.ts<dd><code>New proxy endpoint for SNMP polling preference updates</code>      </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-a7bb7def2b03e6255181252fbefaf63d018e2b767683eeb5f5a2faff9f56f883">+46/-0</a>    </td> </tr> <tr> <td>route.ts<dd><code>New proxy endpoint for rebuilding SNMP checker targets</code>      </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-c695f0093534b660b3d2482add2977d4661414d6b48ca093e01583a82e47aa92">+46/-0</a>    </td> </tr> <tr> <td>DeviceBasedDiscoveryDashboard.tsx<dd><code>Add discovery config UI and SNMP polling toggle controls</code>  </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-4c9228f97a008dc254be38a931b5e4df232c12911ac1319eada317c76b66777b">+454/-1</a>  </td> </tr> <tr> <td>InterfaceTable.tsx<dd><code>Add SNMP polling toggle column to interface table</code>                </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-9c9d8f4bef1962fefc3e5001eeacf07ce7668a1fcf1e59a60f77f133a69b4cc5">+55/-2</a>    </td> </tr> </table></details></td></tr><tr><td>Tests</td><td><details><summary>1 files</summary><table> <tr> <td>config_redaction_test.go<dd><code>Tests for config redaction and restoration logic</code>                  </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-7c4d2ba039a59d651e8c5e7932266dafb566fff04a884ba079fc8755bc618b5c">+151/-0</a>  </td> </tr> </table></details></td></tr><tr><td>Formatting</td><td><details><summary>1 files</summary><table> <tr> <td>errors.go<dd><code>Fix alignment and formatting of error definitions</code>                </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-176f803e97e51c3fd184f09122756cb45cf875caf0be4dc2347876451900d09a">+6/-6</a>      </td> </tr> </table></details></td></tr><tr><td>Configuration changes</td><td><details><summary>1 files</summary><table> <tr> <td>BUILD.bazel<dd><code>Add new source files and dependencies to build</code>                      </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-ee91bfc5d078aab2befc64f89c36dca0de7342465f414ecd70292d092153bfcc">+5/-0</a>      </td> </tr> </table></details></td></tr><tr><td>Documentation</td><td><details><summary>8 files</summary><table> <tr> <td>proposal.md<dd><code>Design proposal for network discovery UI feature</code>                  </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-a468258d1febd459eccfdc7f230657e2baef6f24b8f9a12dc37af1545b67c1ff">+42/-0</a>    </td> </tr> <tr> <td>design.md<dd><code>Detailed design decisions and migration plan</code>                          </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-d472f9315e0db3f0219f4374cd00b73182786b2cb580ec1b64e7a32ecb0c5bca">+57/-0</a>    </td> </tr> <tr> <td>spec.md<dd><code>KV storage requirements for interface preferences</code>                </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-50c7e79993de72dae30fe8acd6e9cbb723c4c9c1849aa81f7d62989cb5e8c417">+16/-0</a>    </td> </tr> <tr> <td>spec.md<dd><code>Network discovery and polling control requirements</code>              </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-a6320ea8415b3cb40aebe2f8926b9ff860cc997a0bb3bdf5350161ce2bab0dca">+37/-0</a>    </td> </tr> <tr> <td>tasks.md<dd><code>Implementation tasks and validation checklist</code>                        </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-e4a583131c780fcfdba5dc2ffba6814c3a07bff2a263afd96acf999a97b79054">+21/-0</a>    </td> </tr> <tr> <td>proposal.md<dd><code>Proposal for fixing KV watcher restart loops</code>                          </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-83785bb4c2138af3000b0cf7c9fc7d95c6dc77bfbe9835ee9082ca587d0b0634">+16/-0</a>    </td> </tr> <tr> <td>spec.md<dd><code>KV watch event handling requirements</code>                                          </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-6061e3b90455a596806140e7d75cb791ca4807237eb9ec571f859e0a824a643b">+33/-0</a>    </td> </tr> <tr> <td>tasks.md<dd><code>Tasks for fixing Rust service restart loops</code>                            </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-50f0c43c7a40d5404f8b006a113f4ab8a343b99e29c3d2743bd7e89b4022877a">+7/-0</a>      </td> </tr> </table></details></td></tr></tbody></table> </details> ___

qodo-code-review[bot] commented

2025-12-14 04:00:36 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2119#issuecomment-3650171065
Original created: 2025-12-14T04:00:36Z

You are nearing your monthly Qodo Merge usage quota. For more information, please visit here.

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
⚪	Redaction bypass risk Description: The redaction logic uses a fixed placeholder "SR_REDACTED" without contextual binding, making it possible for a client to submit that exact string for new sensitive fields to cause unintended restoration or deletion of values; an attacker could also infer presence of secrets by toggling placeholders—use per-field nonces or server-side field-level tracking instead. config_redaction.go [9-40] Referred Code const redactedConfigValuePlaceholder = "__SR_REDACTED__" var mapperSensitiveKeys = map[string]struct{}{ "community": {}, "api_key": {}, "auth_password": {}, "privacy_password": {}, } func shouldRedactConfig(serviceName string) bool { return strings.EqualFold(serviceName, "mapper") \|\| strings.EqualFold(serviceName, "snmp-checker") } func redactConfigBytes(serviceName string, data []byte) []byte { if !shouldRedactConfig(serviceName) \|\| len(data) == 0 { return data } var doc any decoder := json.NewDecoder(bytes.NewReader(data)) decoder.UseNumber() ... (clipped 11 lines)
	Credential exposure Description: The SNMP community string from mapper config may be propagated into generated snmp-checker targets as plaintext ("community" field), risking storage or transmission of sensitive credentials if the resulting config is exposed—ensure encryption-at-rest or restrict access to this KV key and avoid logging these values. network_discovery.go [480-503] Referred Code func (s *APIServer) resolveDefaultSNMPCredentialsFromMapper(ctx context.Context, kvStoreID string) (snmp.SNMPVersion, string) { key := s.qualifyKVKey(kvStoreID, "config/mapper.json") entry, err := s.getKVEntry(ctx, kvStoreID, key) if err != nil \|\| entry == nil \|\| !entry.Found \|\| len(entry.Value) == 0 { return snmp.Version2c, "" } var doc map[string]any if err := json.Unmarshal(entry.Value, &doc); err != nil { return snmp.Version2c, "" } creds, _ := doc["default_credentials"].(map[string]any) versionRaw, _ := creds["version"].(string) community, _ := creds["community"].(string) versionRaw = strings.ToLower(strings.TrimSpace(versionRaw)) switch versionRaw { case "v1": return snmp.Version1, strings.TrimSpace(community) case "v3": return snmp.Version3, strings.TrimSpace(community) default: ... (clipped 3 lines)
	Client-side authZ only Description: Admin detection decodes and parses the JWT in the browser to infer roles, which could be spoofed if any upstream check relies on this client-side role; ensure server-side authorization on all related API endpoints and treat this only as UI gating. DeviceBasedDiscoveryDashboard.tsx [203-229] Referred Code `const bearerToken = useMemo(() => { if (token) { return token; } if (typeof document === 'undefined') { return ''; } return ( document.cookie .split('; ') .find((row) => row.startsWith('accessToken=')) ?.split('=')[1] \|\| '' ); }, [token]); const isAdmin = useMemo(() => { if (!bearerToken) { return false; } try { const payload = JSON.parse(atob(bearerToken.split('.')[1])); ... (clipped 6 lines)`
	Unvalidated IP usage Description: SQL query uses a parameterized $1 but relies on device IDs from KV/user input; while parameterization mitigates injection, the code selects the latest "device_ip" without validation, enabling potential SSRF or misconfiguration if bogus IPs are stored—validate IP format before using it to create SNMP targets. network_discovery.go [446-468] Referred Code deviceID := strings.TrimSpace(pref.DeviceID) if deviceID == "" { continue } if _, ok := seen[deviceID]; ok { continue } seen[deviceID] = struct{}{} rows, err := s.dbService.ExecuteQuery(ctx, `SELECT device_ip FROM discovered_interfaces WHERE device_id = $1 ORDER BY timestamp DESC LIMIT 1`, deviceID, ) if err != nil \|\| len(rows) == 0 { continue } ip, _ := rows[0]["device_ip"].(string) ip = strings.TrimSpace(ip) if ip == "" { continue } ... (clipped 2 lines)
	Proxy auth header trust Description: Next.js proxy trusts any "Authorization: Bearer ..." header and forwards it along with a global X-API-Key, potentially enabling header spoofing from the browser; enforce server-side session verification and restrict CORS/origins to prevent token replay. route.ts [9-29] Referred Code export async function PUT(req: NextRequest): Promise<NextResponse> { const authHeader = req.headers.get("Authorization"); if (!authHeader?.startsWith("Bearer ")) { return UNAUTHORIZED; } const search = req.nextUrl.searchParams.toString(); const apiUrl = `${getInternalApiUrl()}/api/admin/network/discovery/snmp-polling${ search ? `?${search}` : "" }`; try { const response = await fetch(apiUrl, { method: "PUT", headers: { "Content-Type": "application/json", "X-API-Key": getApiKey(), Authorization: authHeader, }, body: await req.text(), });
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Action Logging: New admin endpoints change per-interface SNMP polling and rebuild targets without explicit audit logging of who did what beyond optional UpdatedBy, which may be insufficient for comprehensive audit trails. Referred Code func (s APIServer) handleBatchGetSNMPInterfacePollingPrefs(w http.ResponseWriter, r http.Request) { ctx := r.Context() kvStoreID := resolveKVStoreIDFromRequest(r) var req snmpInterfacePollingPrefBatchRequest if err := json.NewDecoder(r.Body).Decode(&req); err != nil { s.writeAPIError(w, http.StatusBadRequest, "invalid request body") return } if len(req.Interfaces) == 0 { s.writeAPIError(w, http.StatusBadRequest, "interfaces is required") return } keys := make([]string, 0, len(req.Interfaces)) keyByIndex := make(map[int]string, len(req.Interfaces)) for idx, iface := range req.Interfaces { key, err := snmpInterfacePrefKVKey(iface.DeviceID, iface.IfIndex) if err != nil { continue ... (clipped 172 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Error Context: Proxy routes return generic 502 errors without surfacing actionable context or structured error payloads, which may hinder debugging and edge-case handling. Referred Code import { NextRequest, NextResponse } from "next/server"; import { getInternalApiUrl, getApiKey } from "@/lib/config"; const UNAUTHORIZED = NextResponse.json( { error: "Unauthorized: Authentication required" }, { status: 401 }, ); export async function PUT(req: NextRequest): Promise<NextResponse> { const authHeader = req.headers.get("Authorization"); if (!authHeader?.startsWith("Bearer ")) { return UNAUTHORIZED; } const search = req.nextUrl.searchParams.toString(); const apiUrl = `${getInternalApiUrl()}/api/admin/network/discovery/snmp-polling${ search ? `?${search}` : "" }`; try { const response = await fetch(apiUrl, { ... (clipped 25 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Input Validation: Batch and PUT handlers minimally validate fields and echo error strings while deriving KV keys from user input, which may need stricter validation/authorization checks not visible in the diff. Referred Code func (s APIServer) handleBatchGetSNMPInterfacePollingPrefs(w http.ResponseWriter, r http.Request) { ctx := r.Context() kvStoreID := resolveKVStoreIDFromRequest(r) var req snmpInterfacePollingPrefBatchRequest if err := json.NewDecoder(r.Body).Decode(&req); err != nil { s.writeAPIError(w, http.StatusBadRequest, "invalid request body") return } if len(req.Interfaces) == 0 { s.writeAPIError(w, http.StatusBadRequest, "interfaces is required") return } keys := make([]string, 0, len(req.Interfaces)) keyByIndex := make(map[int]string, len(req.Interfaces)) for idx, iface := range req.Interfaces { key, err := snmpInterfacePrefKVKey(iface.DeviceID, iface.IfIndex) if err != nil { continue ... (clipped 136 lines) Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2119#issuecomment-3650171065 Original created: 2025-12-14T04:00:36Z --- _You are nearing your monthly Qodo Merge usage quota. For more information, please visit [here](https://qodo-merge-docs.qodo.ai/installation/qodo_merge/#cloud-users)._ ## PR Compliance Guide 🔍  Below is a summary of compliance checks for this PR: <table><tbody><tr><td colspan='2'>Security Compliance</td></tr> <tr><td rowspan=5>⚪</td> <td><details><summary>Redaction bypass risk </summary> Description: The redaction logic uses a fixed placeholder "__SR_REDACTED__" without contextual binding, making it possible for a client to submit that exact string for new sensitive fields to cause unintended restoration or deletion of values; an attacker could also infer presence of secrets by toggling placeholders—use per-field nonces or server-side field-level tracking instead. <a href='https://github.com/carverauto/serviceradar/pull/2119/files#diff-2331b461668ce353c364a2d779e3d064ce00c536d4fa4b26dd6eaced7df476a4R9-R40'>config_redaction.go [9-40]</a> <details open><summary>Referred Code</summary> ```go const redactedConfigValuePlaceholder = "__SR_REDACTED__" var mapperSensitiveKeys = map[string]struct{}{ "community": {}, "api_key": {}, "auth_password": {}, "privacy_password": {}, } func shouldRedactConfig(serviceName string) bool { return strings.EqualFold(serviceName, "mapper") || strings.EqualFold(serviceName, "snmp-checker") } func redactConfigBytes(serviceName string, data []byte) []byte { if !shouldRedactConfig(serviceName) || len(data) == 0 { return data } var doc any decoder := json.NewDecoder(bytes.NewReader(data)) decoder.UseNumber() ... (clipped 11 lines) ``` </details></details></td></tr> <tr><td><details><summary>Credential exposure </summary> Description: The SNMP community string from mapper config may be propagated into generated snmp-checker targets as plaintext ("community" field), risking storage or transmission of sensitive credentials if the resulting config is exposed—ensure encryption-at-rest or restrict access to this KV key and avoid logging these values. <a href='https://github.com/carverauto/serviceradar/pull/2119/files#diff-60047002fd6642800576f57541a62a48015b4e21c7e00c4c8bfcae29007e0804R480-R503'>network_discovery.go [480-503]</a> <details open><summary>Referred Code</summary> ```go func (s *APIServer) resolveDefaultSNMPCredentialsFromMapper(ctx context.Context, kvStoreID string) (snmp.SNMPVersion, string) { key := s.qualifyKVKey(kvStoreID, "config/mapper.json") entry, err := s.getKVEntry(ctx, kvStoreID, key) if err != nil || entry == nil || !entry.Found || len(entry.Value) == 0 { return snmp.Version2c, "" } var doc map[string]any if err := json.Unmarshal(entry.Value, &doc); err != nil { return snmp.Version2c, "" } creds, _ := doc["default_credentials"].(map[string]any) versionRaw, _ := creds["version"].(string) community, _ := creds["community"].(string) versionRaw = strings.ToLower(strings.TrimSpace(versionRaw)) switch versionRaw { case "v1": return snmp.Version1, strings.TrimSpace(community) case "v3": return snmp.Version3, strings.TrimSpace(community) default: ... (clipped 3 lines) ``` </details></details></td></tr> <tr><td><details><summary>Client-side authZ only </summary> Description: Admin detection decodes and parses the JWT in the browser to infer roles, which could be spoofed if any upstream check relies on this client-side role; ensure server-side authorization on all related API endpoints and treat this only as UI gating. <a href='https://github.com/carverauto/serviceradar/pull/2119/files#diff-4c9228f97a008dc254be38a931b5e4df232c12911ac1319eada317c76b66777bR203-R229'>DeviceBasedDiscoveryDashboard.tsx [203-229]</a> <details open><summary>Referred Code</summary> ```tsx const bearerToken = useMemo(() => { if (token) { return token; } if (typeof document === 'undefined') { return ''; } return ( document.cookie .split('; ') .find((row) => row.startsWith('accessToken=')) ?.split('=')[1] || '' ); }, [token]); const isAdmin = useMemo(() => { if (!bearerToken) { return false; } try { const payload = JSON.parse(atob(bearerToken.split('.')[1])); ... (clipped 6 lines) ``` </details></details></td></tr> <tr><td><details><summary>Unvalidated IP usage </summary> Description: SQL query uses a parameterized $1 but relies on device IDs from KV/user input; while parameterization mitigates injection, the code selects the latest "device_ip" without validation, enabling potential SSRF or misconfiguration if bogus IPs are stored—validate IP format before using it to create SNMP targets. <a href='https://github.com/carverauto/serviceradar/pull/2119/files#diff-60047002fd6642800576f57541a62a48015b4e21c7e00c4c8bfcae29007e0804R446-R468'>network_discovery.go [446-468]</a> <details open><summary>Referred Code</summary> ```go deviceID := strings.TrimSpace(pref.DeviceID) if deviceID == "" { continue } if _, ok := seen[deviceID]; ok { continue } seen[deviceID] = struct{}{} rows, err := s.dbService.ExecuteQuery(ctx, `SELECT device_ip FROM discovered_interfaces WHERE device_id = $1 ORDER BY timestamp DESC LIMIT 1`, deviceID, ) if err != nil || len(rows) == 0 { continue } ip, _ := rows[0]["device_ip"].(string) ip = strings.TrimSpace(ip) if ip == "" { continue } ... (clipped 2 lines) ``` </details></details></td></tr> <tr><td><details><summary>Proxy auth header trust </summary> Description: Next.js proxy trusts any "Authorization: Bearer ..." header and forwards it along with a global X-API-Key, potentially enabling header spoofing from the browser; enforce server-side session verification and restrict CORS/origins to prevent token replay. <a href='https://github.com/carverauto/serviceradar/pull/2119/files#diff-a7bb7def2b03e6255181252fbefaf63d018e2b767683eeb5f5a2faff9f56f883R9-R29'>route.ts [9-29]</a> <details open><summary>Referred Code</summary> ```typescript export async function PUT(req: NextRequest): Promise<NextResponse> { const authHeader = req.headers.get("Authorization"); if (!authHeader?.startsWith("Bearer ")) { return UNAUTHORIZED; } const search = req.nextUrl.searchParams.toString(); const apiUrl = `${getInternalApiUrl()}/api/admin/network/discovery/snmp-polling${ search ? `?${search}` : "" }`; try { const response = await fetch(apiUrl, { method: "PUT", headers: { "Content-Type": "application/json", "X-API-Key": getApiKey(), Authorization: authHeader, }, body: await req.text(), }); ``` </details></details></td></tr> <tr><td colspan='2'>Ticket Compliance</td></tr> <tr><td>⚪</td><td><details><summary>🎫 No ticket provided </summary> - [ ] Create ticket/issue  </details></td></tr> <tr><td colspan='2'>Codebase Duplication Compliance</td></tr> <tr><td>⚪</td><td><details><summary>Codebase context is not defined </summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/core-abilities/rag_context_enrichment/'>guide</a> to enable codebase context checks. </details></td></tr> <tr><td colspan='2'>Custom Compliance</td></tr> <tr><td rowspan=3>🟢</td><td> <details><summary>Generic: Meaningful Naming and Self-Documenting Code</summary> **Objective:** Ensure all identifiers clearly express their purpose and intent, making code self-documenting **Status:** Passed > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary>Generic: Secure Error Handling</summary> **Objective:** To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. **Status:** Passed > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary>Generic: Secure Logging Practices</summary> **Objective:** To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. **Status:** Passed > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td rowspan=3>⚪</td> <td><details> <summary>Generic: Comprehensive Audit Trails</summary> **Objective:** To create a detailed and reliable record of critical system actions for security analysis and compliance. **Status:** <a href='https://github.com/carverauto/serviceradar/pull/2119/files#diff-60047002fd6642800576f57541a62a48015b4e21c7e00c4c8bfcae29007e0804R114-R306'>Action Logging</a>: New admin endpoints change per-interface SNMP polling and rebuild targets without explicit audit logging of who did what beyond optional UpdatedBy, which may be insufficient for comprehensive audit trails. <details open><summary>Referred Code</summary> ```go func (s *APIServer) handleBatchGetSNMPInterfacePollingPrefs(w http.ResponseWriter, r *http.Request) { ctx := r.Context() kvStoreID := resolveKVStoreIDFromRequest(r) var req snmpInterfacePollingPrefBatchRequest if err := json.NewDecoder(r.Body).Decode(&req); err != nil { s.writeAPIError(w, http.StatusBadRequest, "invalid request body") return } if len(req.Interfaces) == 0 { s.writeAPIError(w, http.StatusBadRequest, "interfaces is required") return } keys := make([]string, 0, len(req.Interfaces)) keyByIndex := make(map[int]string, len(req.Interfaces)) for idx, iface := range req.Interfaces { key, err := snmpInterfacePrefKVKey(iface.DeviceID, iface.IfIndex) if err != nil { continue ... (clipped 172 lines) ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary>Generic: Robust Error Handling and Edge Case Management</summary> **Objective:** Ensure comprehensive error handling that provides meaningful context and graceful degradation **Status:** <a href='https://github.com/carverauto/serviceradar/pull/2119/files#diff-a7bb7def2b03e6255181252fbefaf63d018e2b767683eeb5f5a2faff9f56f883R1-R46'>Error Context</a>: Proxy routes return generic 502 errors without surfacing actionable context or structured error payloads, which may hinder debugging and edge-case handling. <details open><summary>Referred Code</summary> ```typescript import { NextRequest, NextResponse } from "next/server"; import { getInternalApiUrl, getApiKey } from "@/lib/config"; const UNAUTHORIZED = NextResponse.json( { error: "Unauthorized: Authentication required" }, { status: 401 }, ); export async function PUT(req: NextRequest): Promise<NextResponse> { const authHeader = req.headers.get("Authorization"); if (!authHeader?.startsWith("Bearer ")) { return UNAUTHORIZED; } const search = req.nextUrl.searchParams.toString(); const apiUrl = `${getInternalApiUrl()}/api/admin/network/discovery/snmp-polling${ search ? `?${search}` : "" }`; try { const response = await fetch(apiUrl, { ... (clipped 25 lines) ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary>Generic: Security-First Input Validation and Data Handling</summary> **Objective:** Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities **Status:** <a href='https://github.com/carverauto/serviceradar/pull/2119/files#diff-60047002fd6642800576f57541a62a48015b4e21c7e00c4c8bfcae29007e0804R114-R270'>Input Validation</a>: Batch and PUT handlers minimally validate fields and echo error strings while deriving KV keys from user input, which may need stricter validation/authorization checks not visible in the diff. <details open><summary>Referred Code</summary> ```go func (s *APIServer) handleBatchGetSNMPInterfacePollingPrefs(w http.ResponseWriter, r *http.Request) { ctx := r.Context() kvStoreID := resolveKVStoreIDFromRequest(r) var req snmpInterfacePollingPrefBatchRequest if err := json.NewDecoder(r.Body).Decode(&req); err != nil { s.writeAPIError(w, http.StatusBadRequest, "invalid request body") return } if len(req.Interfaces) == 0 { s.writeAPIError(w, http.StatusBadRequest, "interfaces is required") return } keys := make([]string, 0, len(req.Interfaces)) keyByIndex := make(map[int]string, len(req.Interfaces)) for idx, iface := range req.Interfaces { key, err := snmpInterfacePrefKVKey(iface.DeviceID, iface.IfIndex) if err != nil { continue ... (clipped 136 lines) ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td align="center" colspan="2"> - [ ] Update  </td></tr></tbody></table> <details><summary>Compliance status legend</summary> 🟢 - Fully Compliant 🟡 - Partial Compliant 🔴 - Not Compliant ⚪ - Requires Further Human Verification 🏷️ - Compliance label </details>

qodo-code-review[bot] commented

2025-12-14 04:01:55 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2119#issuecomment-3650171764
Original created: 2025-12-14T04:01:55Z

You are nearing your monthly Qodo Merge usage quota. For more information, please visit here.

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
High-level	Decouple SNMP target generation from Core The Core API is currently responsible for generating the `snmp-checker` configuration by reading interface preferences and mapper credentials. This logic should be moved into the `snmp-checker` service itself to improve modularity. Examples: pkg/core/api/network_discovery.go [313-400] `func (s APIServer) rebuildSNMPCheckerTargetsFromPrefs(ctx context.Context, kvStoreID, writer string) (string, uint64, error) { if s == nil { return "", 0, errors.New("server unavailable") } // Load existing SNMP checker config (required to avoid guessing node/security settings). const baseKey = "config/snmp-checker.json" kvKey := s.qualifyKVKey(kvStoreID, baseKey) entry, err := s.getKVEntry(ctx, kvStoreID, kvKey) if err != nil { ... (clipped 78 lines)` Solution Walkthrough: Before: // In Core API (pkg/core/api/network_discovery.go) func (s APIServer) handlePutSNMPInterfacePollingPref(...) { // 1. Write the single interface preference to KV s.putConfigToKV(...) // 2. Rebuild the entire snmp-checker config from within Core s.rebuildSNMPCheckerTargetsFromPrefs(...) } func (s APIServer) rebuildSNMPCheckerTargetsFromPrefs(...) { // 1. Load existing snmp-checker.json // 2. Load all enabled interface preferences from KV // 3. Load device IPs from DB // 4. Load credentials from mapper.json in KV // 5. Generate new SNMP targets // 6. Merge with existing targets // 7. Write new snmp-checker.json back to KV } After: // In Core API func (s APIServer) handlePutSNMPInterfacePollingPref(...) { // 1. Write the single interface preference to KV // (e.g., to 'prefs/snmp/interface-polling/...') s.putConfigToKV(...) // Core's responsibility ends here. } // In snmp-checker service (conceptual) func watchForConfigChanges() { // Watch for changes on its own config AND on 'prefs/snmp/interface-polling/...' // On change: rebuildPollingTargets() } func rebuildPollingTargets() { // 1. Load base config (snmp-checker.json) // 2. Load all enabled interface preferences from KV // 3. Load credentials (e.g., from mapper.json in KV) // 4. Generate new SNMP targets // 5. Update internal polling state (no need to write back to snmp-checker.json) } Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies a significant architectural issue where the Core API is tightly coupled with the configuration generation of the `snmp-checker` service, and the proposed decoupling would improve modularity and long-term maintainability.	High
Possible issue	Improve array merging logic for safety In `restoreRedactions`, modify the array merging logic for the `targets` array to use the `name` field as a key instead of relying on array index. This prevents incorrect restoration of sensitive data if the order of elements changes. pkg/core/api/config_redaction.go [169-177] + case "targets": + prevByName := make(map[string]any, len(prevSlice)) + for _, item := range prevSlice { + m, ok := item.(map[string]any) + if !ok { + continue + } + name, _ := m["name"].(string) + name = strings.TrimSpace(name) + if name == "" { + continue + } + prevByName[name] = item + } + for i := range n { + m, ok := n[i].(map[string]any) + if !ok { + n[i] = restoreRedactions(nil, n[i], "") + continue + } + name, _ := m["name"].(string) + name = strings.TrimSpace(name) + n[i] = restoreRedactions(prevByName[name], n[i], "") + } + return n default: for i := range n { var pv any if i < len(prevSlice) { pv = prevSlice[i] } n[i] = restoreRedactions(pv, n[i], "") } return n Apply / Chat Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies that index-based array merging in `restoreRedactions` is unsafe for the `snmp-checker`'s `targets` list, and proposes a safer key-based merge using the `name` field, preventing potential misapplication of sensitive credentials.	Medium
	Prevent unsafe client-side API access Refactor the logic for reading the `accessToken` from cookies to use a `useState` and `useEffect` hook. This ensures the cookie is only accessed on the client-side, preventing server-side rendering (SSR) errors and hydration mismatches. web/src/components/Network/DeviceBasedDiscoveryDashboard.tsx [203-216] -const bearerToken = useMemo(() => { +const [bearerToken, setBearerToken] = useState(token \|\| ''); + +useEffect(() => { if (token) { - return token; + setBearerToken(token); + } else { + const cookieToken = + document.cookie + .split('; ') + .find((row) => row.startsWith('accessToken=')) + ?.split('=')[1] \|\| ''; + setBearerToken(cookieToken); } - if (typeof document === 'undefined') { - return ''; - } - return ( - document.cookie - .split('; ') - .find((row) => row.startsWith('accessToken=')) - ?.split('=')[1] \|\| '' - ); }, [token]); Apply / Chat Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies a server-side rendering (SSR) issue where `document.cookie` is accessed outside a `useEffect` hook, which can cause hydration errors. The proposed fix correctly moves this client-side logic into a `useEffect` hook.	Medium
	Fix redaction logic for all JSON types In `handleUpdateConfig`, trigger the restoration of redacted configuration values based on whether the service requires redaction by calling `shouldRedactConfig(service)`, rather than checking if the `Content-Type` header contains "application/json". pkg/core/api/auth.go [801-805] `- if strings.Contains(r.Header.Get("Content-Type"), "application/json") { + if shouldRedactConfig(service) { if prevEntry, err := s.getKVEntry(r.Context(), kvStoreID, resolvedKey); err == nil && prevEntry != nil && prevEntry.Found && len(prevEntry.Value) > 0 { configBytes = restoreRedactedConfigBytes(service, prevEntry.Value, configBytes) } }` Apply / Chat Suggestion importance[1-10]: 7 __ Why: The suggestion correctly points out that relying on the `Content-Type` header to trigger redaction restoration is brittle. Using `shouldRedactConfig(service)` is more robust and directly ties the behavior to the services that actually need it.	Medium
Update

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2119#issuecomment-3650171764 Original created: 2025-12-14T04:01:55Z --- _You are nearing your monthly Qodo Merge usage quota. For more information, please visit [here](https://qodo-merge-docs.qodo.ai/installation/qodo_merge/#cloud-users)._ ## PR Code Suggestions ✨  Explore these optional code suggestions: <table><thead><tr><td>Category</td><td align=left>Suggestion                                                                                                                                    </td><td align=center>Impact</td></tr><tbody><tr><td rowspan=1>High-level</td> <td> <details><summary>Decouple SNMP target generation from Core</summary> ___ **The Core API is currently responsible for generating the <code>snmp-checker</code> configuration by reading interface preferences and mapper credentials. This logic should be moved into the <code>snmp-checker</code> service itself to improve modularity.** ### Examples: <details> <summary> <a href="https://github.com/carverauto/serviceradar/pull/2119/files#diff-60047002fd6642800576f57541a62a48015b4e21c7e00c4c8bfcae29007e0804R313-R400">pkg/core/api/network_discovery.go [313-400]</a> </summary> ```go func (s *APIServer) rebuildSNMPCheckerTargetsFromPrefs(ctx context.Context, kvStoreID, writer string) (string, uint64, error) { if s == nil { return "", 0, errors.New("server unavailable") } // Load existing SNMP checker config (required to avoid guessing node/security settings). const baseKey = "config/snmp-checker.json" kvKey := s.qualifyKVKey(kvStoreID, baseKey) entry, err := s.getKVEntry(ctx, kvStoreID, kvKey) if err != nil { ... (clipped 78 lines) ``` </details> ### Solution Walkthrough: #### Before: ```go // In Core API (pkg/core/api/network_discovery.go) func (s *APIServer) handlePutSNMPInterfacePollingPref(...) { // 1. Write the single interface preference to KV s.putConfigToKV(...) // 2. Rebuild the entire snmp-checker config from within Core s.rebuildSNMPCheckerTargetsFromPrefs(...) } func (s *APIServer) rebuildSNMPCheckerTargetsFromPrefs(...) { // 1. Load existing snmp-checker.json // 2. Load all enabled interface preferences from KV // 3. Load device IPs from DB // 4. Load credentials from mapper.json in KV // 5. Generate new SNMP targets // 6. Merge with existing targets // 7. Write new snmp-checker.json back to KV } ``` #### After: ```go // In Core API func (s *APIServer) handlePutSNMPInterfacePollingPref(...) { // 1. Write the single interface preference to KV // (e.g., to 'prefs/snmp/interface-polling/...') s.putConfigToKV(...) // Core's responsibility ends here. } // In snmp-checker service (conceptual) func watchForConfigChanges() { // Watch for changes on its own config AND on 'prefs/snmp/interface-polling/...' // On change: rebuildPollingTargets() } func rebuildPollingTargets() { // 1. Load base config (snmp-checker.json) // 2. Load all enabled interface preferences from KV // 3. Load credentials (e.g., from mapper.json in KV) // 4. Generate new SNMP targets // 5. Update internal polling state (no need to write back to snmp-checker.json) } ``` <details><summary>Suggestion importance[1-10]: 9</summary> __ Why: The suggestion correctly identifies a significant architectural issue where the Core API is tightly coupled with the configuration generation of the `snmp-checker` service, and the proposed decoupling would improve modularity and long-term maintainability. </details></details></td><td align=center>High </td></tr><tr><td rowspan=3>Possible issue</td> <td> <details><summary>Improve array merging logic for safety</summary> ___ **In <code>restoreRedactions</code>, modify the array merging logic for the <code>targets</code> array to use the <code>name</code> field as a key instead of relying on array index. This prevents incorrect restoration of sensitive data if the order of elements changes.** [pkg/core/api/config_redaction.go [169-177]](https://github.com/carverauto/serviceradar/pull/2119/files#diff-2331b461668ce353c364a2d779e3d064ce00c536d4fa4b26dd6eaced7df476a4R169-R177) ```diff + case "targets": + prevByName := make(map[string]any, len(prevSlice)) + for _, item := range prevSlice { + m, ok := item.(map[string]any) + if !ok { + continue + } + name, _ := m["name"].(string) + name = strings.TrimSpace(name) + if name == "" { + continue + } + prevByName[name] = item + } + for i := range n { + m, ok := n[i].(map[string]any) + if !ok { + n[i] = restoreRedactions(nil, n[i], "") + continue + } + name, _ := m["name"].(string) + name = strings.TrimSpace(name) + n[i] = restoreRedactions(prevByName[name], n[i], "") + } + return n default: for i := range n { var pv any if i < len(prevSlice) { pv = prevSlice[i] } n[i] = restoreRedactions(pv, n[i], "") } return n ``` - [ ] **Apply / Chat**  <details><summary>Suggestion importance[1-10]: 8</summary> __ Why: The suggestion correctly identifies that index-based array merging in `restoreRedactions` is unsafe for the `snmp-checker`'s `targets` list, and proposes a safer key-based merge using the `name` field, preventing potential misapplication of sensitive credentials. </details></details></td><td align=center>Medium </td></tr><tr><td> <details><summary>Prevent unsafe client-side API access</summary> ___ **Refactor the logic for reading the <code>accessToken</code> from cookies to use a <code>useState</code> and <code>useEffect</code> hook. This ensures the cookie is only accessed on the client-side, preventing server-side rendering (SSR) errors and hydration mismatches.** [web/src/components/Network/DeviceBasedDiscoveryDashboard.tsx [203-216]](https://github.com/carverauto/serviceradar/pull/2119/files#diff-4c9228f97a008dc254be38a931b5e4df232c12911ac1319eada317c76b66777bR203-R216) ```diff -const bearerToken = useMemo(() => { +const [bearerToken, setBearerToken] = useState(token || ''); + +useEffect(() => { if (token) { - return token; + setBearerToken(token); + } else { + const cookieToken = + document.cookie + .split('; ') + .find((row) => row.startsWith('accessToken=')) + ?.split('=')[1] || ''; + setBearerToken(cookieToken); } - if (typeof document === 'undefined') { - return ''; - } - return ( - document.cookie - .split('; ') - .find((row) => row.startsWith('accessToken=')) - ?.split('=')[1] || '' - ); }, [token]); ``` - [ ] **Apply / Chat**  <details><summary>Suggestion importance[1-10]: 8</summary> __ Why: The suggestion correctly identifies a server-side rendering (SSR) issue where `document.cookie` is accessed outside a `useEffect` hook, which can cause hydration errors. The proposed fix correctly moves this client-side logic into a `useEffect` hook. </details></details></td><td align=center>Medium </td></tr><tr><td> <details><summary>Fix redaction logic for all JSON types</summary> ___ **In <code>handleUpdateConfig</code>, trigger the restoration of redacted configuration values based on whether the service requires redaction by calling <code>shouldRedactConfig(service)</code>, rather than checking if the <code>Content-Type</code> header contains "application/json".** [pkg/core/api/auth.go [801-805]](https://github.com/carverauto/serviceradar/pull/2119/files#diff-61eb09279471ca59a1b57a306f0ad05988a8cb39eca163b32bfb86c53f8a553eR801-R805) ```diff - if strings.Contains(r.Header.Get("Content-Type"), "application/json") { + if shouldRedactConfig(service) { if prevEntry, err := s.getKVEntry(r.Context(), kvStoreID, resolvedKey); err == nil && prevEntry != nil && prevEntry.Found && len(prevEntry.Value) > 0 { configBytes = restoreRedactedConfigBytes(service, prevEntry.Value, configBytes) } } ``` - [ ] **Apply / Chat**  <details><summary>Suggestion importance[1-10]: 7</summary> __ Why: The suggestion correctly points out that relying on the `Content-Type` header to trigger redaction restoration is brittle. Using `shouldRedactConfig(service)` is more robust and directly ties the behavior to the services that actually need it. </details></details></td><td align=center>Medium </td></tr> <tr><td align="center" colspan="2"> - [ ] Update  </td><td></td></tr></tbody></table>

qodo-code-review[bot] commented

2025-12-14 16:03:02 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2119#issuecomment-3651567594
Original created: 2025-12-14T16:03:02Z

CI Feedback 🧐

(Feedback updated until commit `github.com/carverauto/serviceradar@db4e9ac8d3`)

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: build

Failed stage: Test [❌]

Failed test name: ""

Failure summary:

Bazel failed during the loading/fetch phase due to a missing external Debian package required by
Docker image targets:
- Failed to fetch repository @@+_repo_rules2+debian_gcc_15_base_amd64_deb
because the URL returned 404:

https://deb.debian.org/debian/pool/main/g/gcc-15/gcc-15-base_15.2.0-10_amd64.deb
- Error surfaced
at
/home/runner/.cache/bazel/_bazel_runner/.../external/bazel_tools/tools/build_defs/repo/http.bzl:216:33

- Subsequent “no such package” errors at:
- /docker/images/BUILD.bazel:1484:8 for
//docker/images:glibc_runtime_layer
- /docker/images/BUILD.bazel:1509:8 for
//docker/images:timescaledb_extension_layer
- /docker/images/BUILD.bazel:1592:8 for
//docker/images:age_extension_layer
- Additional warning: Node.js v20.18.1 URL also 404’d, but the
primary failure is the missing Debian GCC 15 base .deb which caused analysis to fail for multiple
docker/image targets.
- Result: “command succeeded, but there were loading phase errors” and build
did not complete successfully, causing the action to exit with code 1.

Relevant error logs:

1:  Runner name: 'arc-runner-set-2tp2m-runner-k7mrw'
2:  Runner group name: 'Default'
...

135:  ^[[36;1mif command -v apt-get >/dev/null 2>&1; then^[[0m
136:  ^[[36;1m  sudo apt-get update^[[0m
137:  ^[[36;1m  sudo apt-get install -y build-essential pkg-config libssl-dev protobuf-compiler cmake flex bison^[[0m
138:  ^[[36;1melif command -v dnf >/dev/null 2>&1; then^[[0m
139:  ^[[36;1m  sudo dnf install -y gcc gcc-c++ make openssl-devel protobuf-compiler cmake flex bison^[[0m
140:  ^[[36;1melif command -v yum >/dev/null 2>&1; then^[[0m
141:  ^[[36;1m  sudo yum install -y gcc gcc-c++ make openssl-devel protobuf-compiler cmake flex bison^[[0m
142:  ^[[36;1melif command -v microdnf >/dev/null 2>&1; then^[[0m
143:  ^[[36;1m  sudo microdnf install -y gcc gcc-c++ make openssl-devel protobuf-compiler cmake flex bison^[[0m
144:  ^[[36;1melse^[[0m
145:  ^[[36;1m  echo "Unsupported package manager; please install gcc, g++ (or clang), make, OpenSSL headers, pkg-config, and protoc manually." >&2^[[0m
146:  ^[[36;1m  exit 1^[[0m
147:  ^[[36;1mfi^[[0m
148:  ^[[36;1m^[[0m
149:  ^[[36;1mensure_pkg_config^[[0m
150:  ^[[36;1mprotoc --version || (echo "protoc installation failed" && exit 1)^[[0m
151:  shell: /usr/bin/bash -e {0}
...

194:  with:
195:  bazelisk-version: 1.x
196:  token: ***
197:  env:
198:  BUILDBUDDY_ORG_API_KEY: ***
199:  SRQL_TEST_DATABASE_URL: ***
200:  SRQL_TEST_ADMIN_URL: ***
201:  DOCKERHUB_USERNAME: ***
202:  DOCKERHUB_TOKEN: ***
203:  ##[endgroup]
204:  Attempting to download 1.x...
205:  Acquiring v1.27.0 from https://github.com/bazelbuild/bazelisk/releases/download/v1.27.0/bazelisk-linux-amd64
206:  Adding to the cache ...
207:  Successfully cached bazelisk to /home/runner/_work/_tool/bazelisk/1.27.0/x64
208:  Added bazelisk to the path
209:  ##[warning]Failed to restore: Cache service responded with 400
210:  Restored bazelisk cache dir @ /home/runner/.cache/bazelisk
...

246:  2025/12/14 16:01:59 Downloading https://releases.bazel.build/8.4.1/release/bazel-8.4.1-linux-x86_64...
247:  Extracting Bazel installation...
248:  Starting local Bazel server (8.4.1) and connecting to it...
249:  (16:02:09) ^[[32mINFO: ^[[0mInvocation ID: 9e925d57-b43e-462e-b152-13eee123c9b9
250:  (16:02:09) ^[[32mINFO: ^[[0mStreaming build results to: ^[[36mhttps://carverauto.buildbuddy.io/invocation/9e925d57-b43e-462e-b152-13eee123c9b9^[[0m
251:  (16:02:09) ^[[32mINFO: ^[[0mReading 'startup' options from /home/runner/_work/serviceradar/serviceradar/.bazelrc: --max_idle_secs=60
252:  (16:02:09) ^[[32mINFO: ^[[0mOptions provided by the client:
253:  Inherited 'common' options: --isatty=0 --terminal_columns=80
254:  (16:02:09) ^[[32mINFO: ^[[0mReading rc options for 'test' from /home/runner/_work/serviceradar/serviceradar/.bazelrc:
255:  Inherited 'common' options: --announce_rc --experimental_convenience_symlinks=clean --color=yes --curses=yes
256:  (16:02:09) ^[[32mINFO: ^[[0mReading rc options for 'test' from /home/runner/_work/serviceradar/serviceradar/.bazelrc.remote:
257:  Inherited 'common' options: --remote_header=x-buildbuddy-api-key=***
258:  (16:02:09) ^[[32mINFO: ^[[0mReading rc options for 'test' from /home/runner/_work/serviceradar/serviceradar/.bazelrc:
259:  Inherited 'build' options: --keep_going --jobs=auto --show_timestamps --action_env=SRQL_TEST_DATABASE_URL --action_env=SRQL_TEST_ADMIN_URL --action_env=NATS_URL --action_env=NATS_SERVER_NAME --action_env=NATS_CA_FILE --action_env=NATS_CERT_FILE --action_env=NATS_KEY_FILE --action_env=NATS_CA_B64 --action_env=NATS_CERT_B64 --action_env=NATS_KEY_B64 --action_env=NEXT_PRIVATE_SKIP_TURBOPACK=1 --action_env=TURBOPACK= --action_env=NEXT_SKIP_TURBO=1 --action_env=OPENSSL_DIR=/usr --action_env=OPENSSL_LIB_DIR=/usr/lib/x86_64-linux-gnu --action_env=OPENSSL_INCLUDE_DIR=/usr/include --action_env=OPENSSL_NO_VENDOR= --action_env=OPENSSL_NO_PKG_CONFIG= --repo_env=OPENSSL_DIR=/usr --repo_env=OPENSSL_LIB_DIR=/usr/lib/x86_64-linux-gnu --repo_env=OPENSSL_INCLUDE_DIR=/usr/include --repo_env=OPENSSL_NO_VENDOR= --repo_env=OPENSSL_NO_PKG_CONFIG= --repo_env=NEXT_SKIP_TURBO=1 --repo_env=NEXT_PRIVATE_SKIP_TURBOPACK=1 --repo_env=TURBOPACK= --java_runtime_version=local_jdk --tool_java_runtime_version=local_jdk --@io_bazel_rules_go//go/config:pure --workspace_status_command=$(pwd)/scripts/workspace_status.sh --build_metadata=REPO_URL=git@github.com:carverauto/serviceradar.git
260:  (16:02:09) ^[[32mINFO: ^[[0mReading rc options for 'test' from /home/runner/_work/serviceradar/serviceradar/.bazelrc:
261:  'test' options: --test_output=errors --action_env=SRQL_TEST_DATABASE_URL --action_env=SRQL_TEST_ADMIN_URL --action_env=NATS_URL --action_env=NATS_SERVER_NAME --action_env=NATS_CA_FILE --action_env=NATS_CERT_FILE --action_env=NATS_KEY_FILE --action_env=NATS_CA_B64 --action_env=NATS_CERT_B64 --action_env=NATS_KEY_B64 --@io_bazel_rules_go//go/config:pure --flaky_test_attempts=2
262:  (16:02:09) ^[[32mINFO: ^[[0mFound applicable config definition build:ci in file /home/runner/_work/serviceradar/serviceradar/.bazelrc: --keep_going --build_tag_filters=-manual --config=remote_base --build_metadata=ROLE=CI --bes_results_url=https://carverauto.buildbuddy.io/invocation/ --bes_backend=grpcs://carverauto.buildbuddy.io --remote_cache=grpcs://carverauto.buildbuddy.io --remote_timeout=15m --strategy=ExpandTemplate=local --strategy=NpmPackageExtract=local --strategy=CopyDirectory=local
263:  (16:02:09) ^[[32mINFO: ^[[0mFound applicable config definition build:remote_base in file /home/runner/_work/serviceradar/serviceradar/.bazelrc: --remote_executor=grpcs://remote.buildbuddy.io --host_platform=//build/rbe:rbe_platform --platforms=//build/rbe:rbe_platform --crosstool_top=@buildbuddy_toolchain//:toolchain --extra_toolchains=@buildbuddy_toolchain//:cc_toolchain --repo_env=BAZEL_DO_NOT_DETECT_CPP_TOOLCHAIN=1 --copt=-Wno-use-after-free --java_language_version=11 --tool_java_language_version=11 --java_runtime_version=remotejdk_11 --tool_java_runtime_version=remotejdk_11 --define=EXECUTOR=remote --incompatible_strict_action_env --remote_download_minimal --remote_upload_local_results --jobs=100 --strategy=ExpandTemplate=local --strategy=NpmPackageExtract=local --strategy=CopyDirectory=local --action_env=OPENSSL_DIR=/usr --action_env=OPENSSL_LIB_DIR=/usr/lib/x86_64-linux-gnu --action_env=OPENSSL_INCLUDE_DIR=/usr/include --action_env=NEXT_PRIVATE_SKIP_TURBOPACK=1 --action_env=TURBOPACK= --action_env=NEXT_SKIP_TURBO=1
264:  (16:02:09) ^[[32mINFO: ^[[0mFound applicable config definition test:ci in file /home/runner/_work/serviceradar/serviceradar/.bazelrc: --test_tag_filters=-manual --test_output=errors
265:  (16:02:10) ^[[32mINFO: ^[[0mCurrent date is 2025-12-14
...

487:  Fetching repository @@apple_support+; starting
488:  Fetching repository @@buildifier_prebuilt+; starting
489:  Fetching repository @@rules_kotlin+; starting
490:  Fetching ...zel_lib++toolchains+bats_toolchains; starting ... (12 fetches)
491:  ^[[1A^[[K
492:  ^[[1A^[[K
493:  ^[[1A^[[K
494:  ^[[1A^[[K
495:  ^[[1A^[[K
496:  ^[[1A^[[K
497:  ^[[1A^[[K
498:  ^[[1A^[[K
499:  ^[[1A^[[K
500:  ^[[1A^[[K
501:  ^[[1A^[[K
502:  ^[[1A^[[K(16:02:19) ^[[35mWARNING: ^[[0mDownload from https://deb.debian.org/debian/pool/main/g/gcc-15/gcc-15-base_15.2.0-10_amd64.deb failed: class java.io.FileNotFoundException GET returned 404 Not Found
503:  (16:02:19) ^[[32mAnalyzing:^[[0m 1037 targets (260 packages loaded, 892 targets configure\
...

568:  ^[[1A^[[K
569:  ^[[1A^[[K
570:  ^[[1A^[[K
571:  ^[[1A^[[K
572:  ^[[1A^[[K
573:  ^[[1A^[[K
574:  ^[[1A^[[K
575:  ^[[1A^[[K
576:  ^[[1A^[[K
577:  ^[[1A^[[K
578:  ^[[1A^[[K
579:  ^[[1A^[[K
580:  ^[[1A^[[K
581:  ^[[1A^[[K
582:  ^[[1A^[[K
583:  ^[[1A^[[K(16:02:19) ^[[31m^[[1mERROR: ^[[0m/home/runner/.cache/bazel/_bazel_runner/5267be34ed6226e5181c0e8ea3f399cd/external/bazel_tools/tools/build_defs/repo/http.bzl:216:33: An error occurred during the fetch of repository '+_repo_rules2+debian_gcc_15_base_amd64_deb':
584:  Traceback (most recent call last):
585:  File "/home/runner/.cache/bazel/_bazel_runner/5267be34ed6226e5181c0e8ea3f399cd/external/bazel_tools/tools/build_defs/repo/http.bzl", line 216, column 33, in _http_file_impl
586:  download_info = ctx.download(
587:  Error in download: java.io.IOException: Error downloading [https://deb.debian.org/debian/pool/main/g/gcc-15/gcc-15-base_15.2.0-10_amd64.deb] to /home/runner/.cache/bazel/_bazel_runner/5267be34ed6226e5181c0e8ea3f399cd/external/+_repo_rules2+debian_gcc_15_base_amd64_deb/file/downloaded: GET returned 404 Not Found
588:  (16:02:19) ^[[32mAnalyzing:^[[0m 1037 targets (266 packages loaded, 924 targets configure\
...

610:  ^[[1A^[[K
611:  ^[[1A^[[K
612:  ^[[1A^[[K
613:  ^[[1A^[[K
614:  ^[[1A^[[K
615:  ^[[1A^[[K
616:  ^[[1A^[[K
617:  ^[[1A^[[K
618:  ^[[1A^[[K
619:  ^[[1A^[[K
620:  ^[[1A^[[K
621:  ^[[1A^[[K
622:  ^[[1A^[[K
623:  ^[[1A^[[K
624:  ^[[1A^[[K
625:  ^[[1A^[[K(16:02:19) ^[[31m^[[1mERROR: ^[[0mno such package '@@+_repo_rules2+debian_gcc_15_base_amd64_deb//file': java.io.IOException: Error downloading [https://deb.debian.org/debian/pool/main/g/gcc-15/gcc-15-base_15.2.0-10_amd64.deb] to /home/runner/.cache/bazel/_bazel_runner/5267be34ed6226e5181c0e8ea3f399cd/external/+_repo_rules2+debian_gcc_15_base_amd64_deb/file/downloaded: GET returned 404 Not Found
626:  (16:02:19) ^[[32mAnalyzing:^[[0m 1037 targets (266 packages loaded, 925 targets configure\
...

648:  ^[[1A^[[K
649:  ^[[1A^[[K
650:  ^[[1A^[[K
651:  ^[[1A^[[K
652:  ^[[1A^[[K
653:  ^[[1A^[[K
654:  ^[[1A^[[K
655:  ^[[1A^[[K
656:  ^[[1A^[[K
657:  ^[[1A^[[K
658:  ^[[1A^[[K
659:  ^[[1A^[[K
660:  ^[[1A^[[K
661:  ^[[1A^[[K
662:  ^[[1A^[[K
663:  ^[[1A^[[K(16:02:19) ^[[31m^[[1mERROR: ^[[0m/home/runner/_work/serviceradar/serviceradar/docker/images/BUILD.bazel:1484:8: //docker/images:glibc_runtime_layer depends on @@+_repo_rules2+debian_gcc_15_base_amd64_deb//file:file in repository @@+_repo_rules2+debian_gcc_15_base_amd64_deb which failed to fetch. no such package '@@+_repo_rules2+debian_gcc_15_base_amd64_deb//file': java.io.IOException: Error downloading [https://deb.debian.org/debian/pool/main/g/gcc-15/gcc-15-base_15.2.0-10_amd64.deb] to /home/runner/.cache/bazel/_bazel_runner/5267be34ed6226e5181c0e8ea3f399cd/external/+_repo_rules2+debian_gcc_15_base_amd64_deb/file/downloaded: GET returned 404 Not Found
664:  (16:02:19) ^[[32mAnalyzing:^[[0m 1037 targets (266 packages loaded, 925 targets configure\
...

2148:  Fetching ...sitory @@gazelle++go_deps+com_github_nats_io_nats_go; starting
2149:  Fetching repository @@gazelle++go_deps+org_uber_go_mock; starting
2150:  Fetching ...go_sdk; Downloading and extracting Go toolchain ... (62 fetche\
2151:  s)
2152:  ^[[1A^[[K
2153:  ^[[1A^[[K
2154:  ^[[1A^[[K
2155:  ^[[1A^[[K
2156:  ^[[1A^[[K
2157:  ^[[1A^[[K
2158:  ^[[1A^[[K
2159:  ^[[1A^[[K
2160:  ^[[1A^[[K
2161:  ^[[1A^[[K
2162:  ^[[1A^[[K
2163:  ^[[1A^[[K(16:02:31) ^[[35mWARNING: ^[[0mDownload from https://unofficial-builds.nodejs.org/download/release/v20.18.1/node-v20.18.1-linux-x64.tar.xz failed: class java.io.FileNotFoundException GET returned 404 Not Found
2164:  (16:02:31) ^[[32mAnalyzing:^[[0m 1037 targets (354 packages loaded, 8594 targets configur\
...

2551:  Fetching repository @@gazelle++go_deps+org_golang_google_grpc; starting
2552:  Fetching ...e++non_module_deps+bazel_gazelle_go_repository_cache; starting
2553:  Fetching ...e++go_deps+com_github_gosnmp_gosnmp; starting ... (80 fetches)
2554:  ^[[1A^[[K
2555:  ^[[1A^[[K
2556:  ^[[1A^[[K
2557:  ^[[1A^[[K
2558:  ^[[1A^[[K
2559:  ^[[1A^[[K
2560:  ^[[1A^[[K
2561:  ^[[1A^[[K
2562:  ^[[1A^[[K
2563:  ^[[1A^[[K
2564:  ^[[1A^[[K
2565:  ^[[1A^[[K
2566:  ^[[1A^[[K(16:02:34) ^[[31m^[[1mERROR: ^[[0m/home/runner/_work/serviceradar/serviceradar/docker/images/BUILD.bazel:1509:8: //docker/images:timescaledb_extension_layer depends on @@+_repo_rules2+debian_gcc_15_base_amd64_deb//file:file in repository @@+_repo_rules2+debian_gcc_15_base_amd64_deb which failed to fetch. no such package '@@+_repo_rules2+debian_gcc_15_base_amd64_deb//file': java.io.IOException: Error downloading [https://deb.debian.org/debian/pool/main/g/gcc-15/gcc-15-base_15.2.0-10_amd64.deb] to /home/runner/.cache/bazel/_bazel_runner/5267be34ed6226e5181c0e8ea3f399cd/external/+_repo_rules2+debian_gcc_15_base_amd64_deb/file/downloaded: GET returned 404 Not Found
2567:  (16:02:34) ^[[32mAnalyzing:^[[0m 1037 targets (478 packages loaded, 14224 targets configu\
...

2610:  ^[[1A^[[K
2611:  ^[[1A^[[K
2612:  ^[[1A^[[K
2613:  ^[[1A^[[K
2614:  ^[[1A^[[K
2615:  ^[[1A^[[K
2616:  ^[[1A^[[K
2617:  ^[[1A^[[K
2618:  ^[[1A^[[K
2619:  ^[[1A^[[K
2620:  ^[[1A^[[K
2621:  ^[[1A^[[K
2622:  ^[[1A^[[K
2623:  ^[[1A^[[K
2624:  ^[[1A^[[K
2625:  ^[[1A^[[K(16:02:34) ^[[31m^[[1mERROR: ^[[0m/home/runner/_work/serviceradar/serviceradar/docker/images/BUILD.bazel:1592:8: //docker/images:age_extension_layer depends on @@+_repo_rules2+debian_gcc_15_base_amd64_deb//file:file in repository @@+_repo_rules2+debian_gcc_15_base_amd64_deb which failed to fetch. no such package '@@+_repo_rules2+debian_gcc_15_base_amd64_deb//file': java.io.IOException: Error downloading [https://deb.debian.org/debian/pool/main/g/gcc-15/gcc-15-base_15.2.0-10_amd64.deb] to /home/runner/.cache/bazel/_bazel_runner/5267be34ed6226e5181c0e8ea3f399cd/external/+_repo_rules2+debian_gcc_15_base_amd64_deb/file/downloaded: GET returned 404 Not Found
2626:  (16:02:34) ^[[32mAnalyzing:^[[0m 1037 targets (495 packages loaded, 14740 targets configu\
...

4350:  ^[[1A^[[K
4351:  ^[[1A^[[K
4352:  ^[[1A^[[K
4353:  ^[[1A^[[K
4354:  ^[[1A^[[K
4355:  ^[[1A^[[K
4356:  ^[[1A^[[K
4357:  ^[[1A^[[K
4358:  ^[[1A^[[K
4359:  ^[[1A^[[K
4360:  ^[[1A^[[K
4361:  ^[[1A^[[K
4362:  ^[[1A^[[K
4363:  ^[[1A^[[K
4364:  ^[[1A^[[K(16:02:47) ^[[32mINFO: ^[[0mFrom Executing genrule //docker/images:cnpg_postgresql_16_6_rootfs_tar:
4365:  Error: pulling layout:/buildbuddy-execroot/bazel-out/k8-fastbuild/bin/external/rules_oci++oci+cloudnativepg_postgresql_16_6_linux_amd64/layout: parsing reference "layout:/buildbuddy-execroot/bazel-out/k8-fastbuild/bin/external/rules_oci++oci+cloudnativepg_postgresql_16_6_linux_amd64/layout": could not parse reference: layout:/buildbuddy-execroot/bazel-out/k8-fastbuild/bin/external/rules_oci++oci+cloudnativepg_postgresql_16_6_linux_amd64/layout
4366:  (16:02:47) ^[[32mAnalyzing:^[[0m 1037 targets (1504 packages loaded, 66195 targets config\
...

5396:  ^[[1A^[[K
5397:  ^[[1A^[[K
5398:  ^[[1A^[[K
5399:  ^[[1A^[[K
5400:  ^[[1A^[[K
5401:  ^[[1A^[[K
5402:  ^[[1A^[[K(16:02:52) ^[[35mWARNING: ^[[0m/home/runner/_work/serviceradar/serviceradar/web/BUILD.bazel:67:22: input 'package' of //web:.aspect_rules_js/node_modules/unrs-resolver@1.11.1/lc is a directory; dependency checking of directories is unsound
5403:  (16:02:52) ^[[32mAnalyzing:^[[0m 1037 targets (1880 packages loaded, 86158 targets config\
5404:  ured)
5405:  ^[[32m[5,293 / 5,420]^[[0m 2 / 4 tests;^[[0m 96 actions, 0 running^[[0m; last test: ^[[32m...fastsum_test^[[0m
5406:  Extracting npm package define-data-property@1.1.4; 0s remote-cache
5407:  Extracting npm package jsx-ast-utils@3.3.5; 0s remote-cache
5408:  Extracting npm package fast-glob@3.3.1; 0s remote-cache
5409:  Extracting npm package es-abstract@1.24.0; 0s remote-cache
5410:  Extracting npm package es-define-property@1.0.1; 0s remote-cache
5411:  Extracting npm package es-errors@1.3.0; 0s remote-cache
5412:  Extracting npm package eslint-scope@8.3.0; 0s remote-cache
...

7062:  ^[[1A^[[K
7063:  ^[[1A^[[K
7064:  ^[[1A^[[K
7065:  ^[[1A^[[K
7066:  ^[[1A^[[K
7067:  ^[[1A^[[K
7068:  ^[[1A^[[K
7069:  ^[[1A^[[K(16:03:06) ^[[32m[10,777 / 11,437]^[[0m 34 / 41 tests;^[[0m 97 actions, 2 running^[[0m; last test: ^[[32m\
7070:  //pkg/core:core_test^[[0m
7071:  //web:typecheck; 11s remote, remote-cache
7072:  //web:standalone_app; 11s remote, remote-cache
7073:  Running Cargo build script openssl; 0s remote, remote-cache
7074:  Running Cargo build script symbolic-demangle; 0s remote, remote-cache
7075:  Running Cargo build script ring; 0s remote, remote-cache
7076:  ...//:cargo_toml_env_vars; 0s remote, remote-cache
7077:  Compiling Rust rlib thiserror v2.0.17 (57 files); 0s remote, remote-cache
7078:  ...//:cargo_toml_env_vars; 0s remote, remote-cache ...
...

7777:  d/consumers/zen:zen_lib_test^[[0m
7778:  //docker/images:web_image_amd64_tar; 0s remote, remote-cache
7779:  Copying file docker/images/web_image_amd64; 0s remote, remote-cache
7780:  ^[[1A^[[K
7781:  ^[[1A^[[K
7782:  ^[[1A^[[K
7783:  ^[[1A^[[K(16:04:25) ^[[32m[11,442 / 11,443]^[[0m 40 / 41 tests;^[[0m  1 action^[[0m; last test: ^[[32m..._lib_test^[[0m^[[0m
7784:  Jq docker/images/web_image_amd64.json.sha256; 0s remote, remote-cache
7785:  ^[[1A^[[K
7786:  ^[[1A^[[K(16:04:26) ^[[32m[11,442 / 11,443]^[[0m 40 / 41 tests;^[[0m  1 action^[[0m; last test: ^[[32m..._lib_test^[[0m^[[0m
7787:  [Sched] Jq docker/images/web_image_amd64.json.sha256
7788:  ^[[1A^[[K
7789:  ^[[1A^[[K(16:04:26) ^[[32m[11,442 / 11,443]^[[0m 40 / 41 tests;^[[0m  1 action^[[0m; last test: ^[[32m..._lib_test^[[0m^[[0m
7790:  Jq docker/images/web_image_amd64.json.sha256; 0s remote, remote-cache
7791:  ^[[1A^[[K
7792:  ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:cnpg_image_amd64', it will not be built.
7793:  Analysis failed
7794:  (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\
7795:  md/consumers/zen:zen_lib_test^[[0m
7796:  ^[[1A^[[K
7797:  ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:push_all', it will not be built.
7798:  Analysis failed
7799:  (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\
7800:  md/consumers/zen:zen_lib_test^[[0m
7801:  ^[[1A^[[K
7802:  ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:cnpg_image_amd64_push_cmd', it will not be built.
7803:  Analysis failed
7804:  (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\
7805:  md/consumers/zen:zen_lib_test^[[0m
7806:  ^[[1A^[[K
7807:  ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:cnpg_image_amd64_tar', it will not be built.
7808:  Analysis failed
7809:  (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\
7810:  md/consumers/zen:zen_lib_test^[[0m
7811:  ^[[1A^[[K
7812:  ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:cnpg_image_amd64_index_json', it will not be built.
7813:  Analysis failed
7814:  (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\
7815:  md/consumers/zen:zen_lib_test^[[0m
7816:  ^[[1A^[[K
7817:  ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:cnpg_image_amd64_index_json_cp', it will not be built.
7818:  Analysis failed
7819:  (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\
7820:  md/consumers/zen:zen_lib_test^[[0m
7821:  ^[[1A^[[K
7822:  ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:glibc_runtime_layer', it will not be built.
7823:  Analysis failed
7824:  (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\
7825:  md/consumers/zen:zen_lib_test^[[0m
7826:  ^[[1A^[[K
7827:  ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:cnpg_image_amd64.digest', it will not be built.
7828:  Analysis failed
7829:  (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\
7830:  md/consumers/zen:zen_lib_test^[[0m
7831:  ^[[1A^[[K
7832:  ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//rust/srql:srql_api_test', it will not be built.
7833:  Analysis failed
7834:  (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\
7835:  md/consumers/zen:zen_lib_test^[[0m
7836:  ^[[1A^[[K
7837:  ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:cnpg_image_amd64_push_tags', it will not be built.
7838:  Analysis failed
7839:  (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\
7840:  md/consumers/zen:zen_lib_test^[[0m
7841:  ^[[1A^[[K
7842:  ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//rust/srql:srql_comprehensive_test', it will not be built.
7843:  Analysis failed
7844:  (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\
7845:  md/consumers/zen:zen_lib_test^[[0m
7846:  ^[[1A^[[K
7847:  ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:cnpg_image_amd64_push', it will not be built.
7848:  Analysis failed
7849:  (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\
7850:  md/consumers/zen:zen_lib_test^[[0m
7851:  ^[[1A^[[K
7852:  ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:age_extension_layer', it will not be built.
7853:  Analysis failed
7854:  (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\
7855:  md/consumers/zen:zen_lib_test^[[0m
7856:  ^[[1A^[[K
7857:  ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:timescaledb_extension_layer', it will not be built.
7858:  Analysis failed
7859:  (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\
7860:  md/consumers/zen:zen_lib_test^[[0m
7861:  ^[[1A^[[K
7862:  ^[[1A^[[K(16:04:26) ^[[32mINFO: ^[[0mBuild succeeded for only 1023 of 1037 top-level targets
7863:  (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\
7864:  md/consumers/zen:zen_lib_test^[[0m
7865:  ^[[1A^[[K
7866:  ^[[1A^[[K(16:04:26) ^[[32mINFO: ^[[0mFound 982 targets and 41 test targets...
7867:  (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\
7868:  md/consumers/zen:zen_lib_test^[[0m
7869:  ^[[1A^[[K
7870:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mERROR: ^[[0mcommand succeeded, but there were loading phase errors
7871:  (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\
7872:  md/consumers/zen:zen_lib_test^[[0m
7873:  ^[[1A^[[K
7874:  ^[[1A^[[K(16:04:26) ^[[32mINFO: ^[[0mElapsed time: 142.224s, Critical Path: 93.89s
7875:  (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\
7876:  md/consumers/zen:zen_lib_test^[[0m
7877:  ^[[1A^[[K
7878:  ^[[1A^[[K(16:04:26) ^[[32mINFO: ^[[0m10470 processes: 5708 remote cache hit, 4670 internal, 1 local, 91 remote.
7879:  (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\
7880:  md/consumers/zen:zen_lib_test^[[0m
7881:  ^[[1A^[[K
7882:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mERROR: ^[[0mBuild did NOT complete successfully
7883:  (16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7884:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7885:  //cmd/consumers/zen:zen_lib_test                                ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s
7886:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7887:  //cmd/otel:otel_lib_test                                        ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s
7888:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7889:  //docs:lint                                                     ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s
7890:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7891:  //internal/fastsum:fastsum_test                                 ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s
7892:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7893:  //pkg/agent:agent_test                                          ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s
7894:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7895:  //pkg/checker/snmp:snmp_test                                    ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s
7896:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7897:  //pkg/consumers/db-event-writer:db-event-writer_test            ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s
7898:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7899:  //pkg/core:core_test                                            ^[[0m^[[32m(cached) PASSED^[[0m in 0.5s
7900:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7901:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7902:  //pkg/core/api:api_test                                         ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s
7903:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7904:  //pkg/core/auth:auth_test                                       ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s
7905:  //pkg/core/templateregistry:templateregistry_test               ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s
7906:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7907:  //pkg/cpufreq:cpufreq_test                                      ^[[0m^[[32m(cached) PASSED^[[0m in 0.2s
7908:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7909:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7910:  //pkg/datasvc:datasvc_test                                      ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s
7911:  //pkg/db:db_test                                                ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s
7912:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7913:  //pkg/devicealias:devicealias_test                              ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s
7914:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7915:  //pkg/deviceupdate:deviceupdate_test                            ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s
7916:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7917:  //pkg/edgeonboarding/mtls:mtls_test                             ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s
7918:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7919:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7920:  //pkg/grpc:grpc_test                                            ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s
7921:  //pkg/hashutil:hashutil_test                                    ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s
7922:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7923:  //pkg/http:http_test                                            ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s
7924:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7925:  //pkg/identitymap:identitymap_test                              ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s
7926:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7927:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7928:  //pkg/integration_test:integration_test_test                    ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s
7929:  //pkg/logger:logger_test                                        ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s
7930:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7931:  //pkg/mapper:mapper_test                                        ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s
7932:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7933:  //pkg/mcp:mcp_test                                              ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s
7934:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7935:  //pkg/metrics:metrics_test                                      ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s
7936:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7937:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7938:  //pkg/metricstore:metricstore_test                              ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s
7939:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7940:  //pkg/models:models_test                                        ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s
7941:  //pkg/poller:poller_test                                        ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s
7942:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7943:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7944:  //pkg/registry:registry_test                                    ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s
7945:  //pkg/scan:scan_test                                            ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s
7946:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7947:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7948:  //pkg/sweeper:sweeper_test                                      ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s
7949:  //pkg/sync:sync_test                                            ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s
7950:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7951:  //pkg/sync/integrations/armis:armis_test                        ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s
7952:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7953:  //pkg/sync/integrations/netbox:netbox_test                      ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s
7954:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7955:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7956:  //rust/config-bootstrap:config_bootstrap_test                   ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s
7957:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7958:  //rust/edge-onboarding:edge_onboarding_test                     ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s
7959:  //rust/kvutil:kvutil_test                                       ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s
7960:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7961:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7962:  //tests/kvseeding:kvseeding_test                                ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s
7963:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7964:  //web:typecheck_typecheck_test                                  ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s
7965:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7966:  //pkg/checker/sysmonosx:sysmonosx_test                                  ^[[0m^[[35mSKIPPED^[[0m
7967:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7968:  Executed 0 out of 41 tests: 40 tests pass and ^[[0m^[[35m1 was skipped^[[0m.
7969:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7970:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7971:  There were tests whose specified size is too big. Use the --test_verbose_timeout_warnings command line option to see which ones these are.
7972:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7973:  ^[[0m^[[31m^[[1mAll tests passed but there were other errors during the build.
7974:  ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 
7975:  ^[[0m
7976:  ^[[1A^[[K(16:04:27) ^[[31m^[[1mFAILED:^[[0m 
7977:  ^[[1A^[[K(16:04:28) ^[[32mINFO: ^[[0mStreaming build results to: ^[[36mhttps://carverauto.buildbuddy.io/invocation/9e925d57-b43e-462e-b152-13eee123c9b9^[[0m
7978:  ^[[0m
7979:  ##[error]Process completed with exit code 1.
7980:  Post job cleanup.

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2119#issuecomment-3651567594 Original created: 2025-12-14T16:03:02Z --- ## CI Feedback 🧐 #### (Feedback updated until commit https://github.com/carverauto/serviceradar/commit/db4e9ac8d374e393ebc7cf5066ff89ccf2c6f140) A test triggered by this PR failed. Here is an AI-generated analysis of the failure: <table><tr><td> **Action:** build</td></tr> <tr><td> **Failed stage:** [Test](https://github.com/carverauto/serviceradar/actions/runs/20210521828/job/58015614177) [❌] </td></tr> <tr><td> **Failed test name:** "" </td></tr> <tr><td> **Failure summary:** Bazel failed during the loading/fetch phase due to a missing external Debian package required by Docker image targets: - Failed to fetch repository <code>@@+_repo_rules2+debian_gcc_15_base_amd64_deb</code> because the URL returned 404: https://deb.debian.org/debian/pool/main/g/gcc-15/gcc-15-base_15.2.0-10_amd64.deb - Error surfaced at <code>/home/runner/.cache/bazel/_bazel_runner/.../external/bazel_tools/tools/build_defs/repo/http.bzl:216:33</code> - Subsequent “no such package” errors at: - <code>/docker/images/BUILD.bazel:1484:8</code> for <code>//docker/images:glibc_runtime_layer</code> - <code>/docker/images/BUILD.bazel:1509:8</code> for <code>//docker/images:timescaledb_extension_layer</code> - <code>/docker/images/BUILD.bazel:1592:8</code> for <code>//docker/images:age_extension_layer</code> - Additional warning: Node.js v20.18.1 URL also 404’d, but the primary failure is the missing Debian GCC 15 base .deb which caused analysis to fail for multiple docker/image targets. - Result: “command succeeded, but there were loading phase errors” and build did not complete successfully, causing the action to exit with code 1. </td></tr> <tr><td> <details><summary>Relevant error logs:</summary> ```yaml 1: Runner name: 'arc-runner-set-2tp2m-runner-k7mrw' 2: Runner group name: 'Default' ... 135: ^[[36;1mif command -v apt-get >/dev/null 2>&1; then^[[0m 136: ^[[36;1m sudo apt-get update^[[0m 137: ^[[36;1m sudo apt-get install -y build-essential pkg-config libssl-dev protobuf-compiler cmake flex bison^[[0m 138: ^[[36;1melif command -v dnf >/dev/null 2>&1; then^[[0m 139: ^[[36;1m sudo dnf install -y gcc gcc-c++ make openssl-devel protobuf-compiler cmake flex bison^[[0m 140: ^[[36;1melif command -v yum >/dev/null 2>&1; then^[[0m 141: ^[[36;1m sudo yum install -y gcc gcc-c++ make openssl-devel protobuf-compiler cmake flex bison^[[0m 142: ^[[36;1melif command -v microdnf >/dev/null 2>&1; then^[[0m 143: ^[[36;1m sudo microdnf install -y gcc gcc-c++ make openssl-devel protobuf-compiler cmake flex bison^[[0m 144: ^[[36;1melse^[[0m 145: ^[[36;1m echo "Unsupported package manager; please install gcc, g++ (or clang), make, OpenSSL headers, pkg-config, and protoc manually." >&2^[[0m 146: ^[[36;1m exit 1^[[0m 147: ^[[36;1mfi^[[0m 148: ^[[36;1m^[[0m 149: ^[[36;1mensure_pkg_config^[[0m 150: ^[[36;1mprotoc --version || (echo "protoc installation failed" && exit 1)^[[0m 151: shell: /usr/bin/bash -e {0} ... 194: with: 195: bazelisk-version: 1.x 196: token: *** 197: env: 198: BUILDBUDDY_ORG_API_KEY: *** 199: SRQL_TEST_DATABASE_URL: *** 200: SRQL_TEST_ADMIN_URL: *** 201: DOCKERHUB_USERNAME: *** 202: DOCKERHUB_TOKEN: *** 203: ##[endgroup] 204: Attempting to download 1.x... 205: Acquiring v1.27.0 from https://github.com/bazelbuild/bazelisk/releases/download/v1.27.0/bazelisk-linux-amd64 206: Adding to the cache ... 207: Successfully cached bazelisk to /home/runner/_work/_tool/bazelisk/1.27.0/x64 208: Added bazelisk to the path 209: ##[warning]Failed to restore: Cache service responded with 400 210: Restored bazelisk cache dir @ /home/runner/.cache/bazelisk ... 246: 2025/12/14 16:01:59 Downloading https://releases.bazel.build/8.4.1/release/bazel-8.4.1-linux-x86_64... 247: Extracting Bazel installation... 248: Starting local Bazel server (8.4.1) and connecting to it... 249: (16:02:09) ^[[32mINFO: ^[[0mInvocation ID: 9e925d57-b43e-462e-b152-13eee123c9b9 250: (16:02:09) ^[[32mINFO: ^[[0mStreaming build results to: ^[[36mhttps://carverauto.buildbuddy.io/invocation/9e925d57-b43e-462e-b152-13eee123c9b9^[[0m 251: (16:02:09) ^[[32mINFO: ^[[0mReading 'startup' options from /home/runner/_work/serviceradar/serviceradar/.bazelrc: --max_idle_secs=60 252: (16:02:09) ^[[32mINFO: ^[[0mOptions provided by the client: 253: Inherited 'common' options: --isatty=0 --terminal_columns=80 254: (16:02:09) ^[[32mINFO: ^[[0mReading rc options for 'test' from /home/runner/_work/serviceradar/serviceradar/.bazelrc: 255: Inherited 'common' options: --announce_rc --experimental_convenience_symlinks=clean --color=yes --curses=yes 256: (16:02:09) ^[[32mINFO: ^[[0mReading rc options for 'test' from /home/runner/_work/serviceradar/serviceradar/.bazelrc.remote: 257: Inherited 'common' options: --remote_header=x-buildbuddy-api-key=*** 258: (16:02:09) ^[[32mINFO: ^[[0mReading rc options for 'test' from /home/runner/_work/serviceradar/serviceradar/.bazelrc: 259: Inherited 'build' options: --keep_going --jobs=auto --show_timestamps --action_env=SRQL_TEST_DATABASE_URL --action_env=SRQL_TEST_ADMIN_URL --action_env=NATS_URL --action_env=NATS_SERVER_NAME --action_env=NATS_CA_FILE --action_env=NATS_CERT_FILE --action_env=NATS_KEY_FILE --action_env=NATS_CA_B64 --action_env=NATS_CERT_B64 --action_env=NATS_KEY_B64 --action_env=NEXT_PRIVATE_SKIP_TURBOPACK=1 --action_env=TURBOPACK= --action_env=NEXT_SKIP_TURBO=1 --action_env=OPENSSL_DIR=/usr --action_env=OPENSSL_LIB_DIR=/usr/lib/x86_64-linux-gnu --action_env=OPENSSL_INCLUDE_DIR=/usr/include --action_env=OPENSSL_NO_VENDOR= --action_env=OPENSSL_NO_PKG_CONFIG= --repo_env=OPENSSL_DIR=/usr --repo_env=OPENSSL_LIB_DIR=/usr/lib/x86_64-linux-gnu --repo_env=OPENSSL_INCLUDE_DIR=/usr/include --repo_env=OPENSSL_NO_VENDOR= --repo_env=OPENSSL_NO_PKG_CONFIG= --repo_env=NEXT_SKIP_TURBO=1 --repo_env=NEXT_PRIVATE_SKIP_TURBOPACK=1 --repo_env=TURBOPACK= --java_runtime_version=local_jdk --tool_java_runtime_version=local_jdk --@io_bazel_rules_go//go/config:pure --workspace_status_command=$(pwd)/scripts/workspace_status.sh --build_metadata=REPO_URL=git@github.com:carverauto/serviceradar.git 260: (16:02:09) ^[[32mINFO: ^[[0mReading rc options for 'test' from /home/runner/_work/serviceradar/serviceradar/.bazelrc: 261: 'test' options: --test_output=errors --action_env=SRQL_TEST_DATABASE_URL --action_env=SRQL_TEST_ADMIN_URL --action_env=NATS_URL --action_env=NATS_SERVER_NAME --action_env=NATS_CA_FILE --action_env=NATS_CERT_FILE --action_env=NATS_KEY_FILE --action_env=NATS_CA_B64 --action_env=NATS_CERT_B64 --action_env=NATS_KEY_B64 --@io_bazel_rules_go//go/config:pure --flaky_test_attempts=2 262: (16:02:09) ^[[32mINFO: ^[[0mFound applicable config definition build:ci in file /home/runner/_work/serviceradar/serviceradar/.bazelrc: --keep_going --build_tag_filters=-manual --config=remote_base --build_metadata=ROLE=CI --bes_results_url=https://carverauto.buildbuddy.io/invocation/ --bes_backend=grpcs://carverauto.buildbuddy.io --remote_cache=grpcs://carverauto.buildbuddy.io --remote_timeout=15m --strategy=ExpandTemplate=local --strategy=NpmPackageExtract=local --strategy=CopyDirectory=local 263: (16:02:09) ^[[32mINFO: ^[[0mFound applicable config definition build:remote_base in file /home/runner/_work/serviceradar/serviceradar/.bazelrc: --remote_executor=grpcs://remote.buildbuddy.io --host_platform=//build/rbe:rbe_platform --platforms=//build/rbe:rbe_platform --crosstool_top=@buildbuddy_toolchain//:toolchain --extra_toolchains=@buildbuddy_toolchain//:cc_toolchain --repo_env=BAZEL_DO_NOT_DETECT_CPP_TOOLCHAIN=1 --copt=-Wno-use-after-free --java_language_version=11 --tool_java_language_version=11 --java_runtime_version=remotejdk_11 --tool_java_runtime_version=remotejdk_11 --define=EXECUTOR=remote --incompatible_strict_action_env --remote_download_minimal --remote_upload_local_results --jobs=100 --strategy=ExpandTemplate=local --strategy=NpmPackageExtract=local --strategy=CopyDirectory=local --action_env=OPENSSL_DIR=/usr --action_env=OPENSSL_LIB_DIR=/usr/lib/x86_64-linux-gnu --action_env=OPENSSL_INCLUDE_DIR=/usr/include --action_env=NEXT_PRIVATE_SKIP_TURBOPACK=1 --action_env=TURBOPACK= --action_env=NEXT_SKIP_TURBO=1 264: (16:02:09) ^[[32mINFO: ^[[0mFound applicable config definition test:ci in file /home/runner/_work/serviceradar/serviceradar/.bazelrc: --test_tag_filters=-manual --test_output=errors 265: (16:02:10) ^[[32mINFO: ^[[0mCurrent date is 2025-12-14 ... 487: Fetching repository @@apple_support+; starting 488: Fetching repository @@buildifier_prebuilt+; starting 489: Fetching repository @@rules_kotlin+; starting 490: Fetching ...zel_lib++toolchains+bats_toolchains; starting ... (12 fetches) 491: ^[[1A^[[K 492: ^[[1A^[[K 493: ^[[1A^[[K 494: ^[[1A^[[K 495: ^[[1A^[[K 496: ^[[1A^[[K 497: ^[[1A^[[K 498: ^[[1A^[[K 499: ^[[1A^[[K 500: ^[[1A^[[K 501: ^[[1A^[[K 502: ^[[1A^[[K(16:02:19) ^[[35mWARNING: ^[[0mDownload from https://deb.debian.org/debian/pool/main/g/gcc-15/gcc-15-base_15.2.0-10_amd64.deb failed: class java.io.FileNotFoundException GET returned 404 Not Found 503: (16:02:19) ^[[32mAnalyzing:^[[0m 1037 targets (260 packages loaded, 892 targets configure\ ... 568: ^[[1A^[[K 569: ^[[1A^[[K 570: ^[[1A^[[K 571: ^[[1A^[[K 572: ^[[1A^[[K 573: ^[[1A^[[K 574: ^[[1A^[[K 575: ^[[1A^[[K 576: ^[[1A^[[K 577: ^[[1A^[[K 578: ^[[1A^[[K 579: ^[[1A^[[K 580: ^[[1A^[[K 581: ^[[1A^[[K 582: ^[[1A^[[K 583: ^[[1A^[[K(16:02:19) ^[[31m^[[1mERROR: ^[[0m/home/runner/.cache/bazel/_bazel_runner/5267be34ed6226e5181c0e8ea3f399cd/external/bazel_tools/tools/build_defs/repo/http.bzl:216:33: An error occurred during the fetch of repository '+_repo_rules2+debian_gcc_15_base_amd64_deb': 584: Traceback (most recent call last): 585: File "/home/runner/.cache/bazel/_bazel_runner/5267be34ed6226e5181c0e8ea3f399cd/external/bazel_tools/tools/build_defs/repo/http.bzl", line 216, column 33, in _http_file_impl 586: download_info = ctx.download( 587: Error in download: java.io.IOException: Error downloading [https://deb.debian.org/debian/pool/main/g/gcc-15/gcc-15-base_15.2.0-10_amd64.deb] to /home/runner/.cache/bazel/_bazel_runner/5267be34ed6226e5181c0e8ea3f399cd/external/+_repo_rules2+debian_gcc_15_base_amd64_deb/file/downloaded: GET returned 404 Not Found 588: (16:02:19) ^[[32mAnalyzing:^[[0m 1037 targets (266 packages loaded, 924 targets configure\ ... 610: ^[[1A^[[K 611: ^[[1A^[[K 612: ^[[1A^[[K 613: ^[[1A^[[K 614: ^[[1A^[[K 615: ^[[1A^[[K 616: ^[[1A^[[K 617: ^[[1A^[[K 618: ^[[1A^[[K 619: ^[[1A^[[K 620: ^[[1A^[[K 621: ^[[1A^[[K 622: ^[[1A^[[K 623: ^[[1A^[[K 624: ^[[1A^[[K 625: ^[[1A^[[K(16:02:19) ^[[31m^[[1mERROR: ^[[0mno such package '@@+_repo_rules2+debian_gcc_15_base_amd64_deb//file': java.io.IOException: Error downloading [https://deb.debian.org/debian/pool/main/g/gcc-15/gcc-15-base_15.2.0-10_amd64.deb] to /home/runner/.cache/bazel/_bazel_runner/5267be34ed6226e5181c0e8ea3f399cd/external/+_repo_rules2+debian_gcc_15_base_amd64_deb/file/downloaded: GET returned 404 Not Found 626: (16:02:19) ^[[32mAnalyzing:^[[0m 1037 targets (266 packages loaded, 925 targets configure\ ... 648: ^[[1A^[[K 649: ^[[1A^[[K 650: ^[[1A^[[K 651: ^[[1A^[[K 652: ^[[1A^[[K 653: ^[[1A^[[K 654: ^[[1A^[[K 655: ^[[1A^[[K 656: ^[[1A^[[K 657: ^[[1A^[[K 658: ^[[1A^[[K 659: ^[[1A^[[K 660: ^[[1A^[[K 661: ^[[1A^[[K 662: ^[[1A^[[K 663: ^[[1A^[[K(16:02:19) ^[[31m^[[1mERROR: ^[[0m/home/runner/_work/serviceradar/serviceradar/docker/images/BUILD.bazel:1484:8: //docker/images:glibc_runtime_layer depends on @@+_repo_rules2+debian_gcc_15_base_amd64_deb//file:file in repository @@+_repo_rules2+debian_gcc_15_base_amd64_deb which failed to fetch. no such package '@@+_repo_rules2+debian_gcc_15_base_amd64_deb//file': java.io.IOException: Error downloading [https://deb.debian.org/debian/pool/main/g/gcc-15/gcc-15-base_15.2.0-10_amd64.deb] to /home/runner/.cache/bazel/_bazel_runner/5267be34ed6226e5181c0e8ea3f399cd/external/+_repo_rules2+debian_gcc_15_base_amd64_deb/file/downloaded: GET returned 404 Not Found 664: (16:02:19) ^[[32mAnalyzing:^[[0m 1037 targets (266 packages loaded, 925 targets configure\ ... 2148: Fetching ...sitory @@gazelle++go_deps+com_github_nats_io_nats_go; starting 2149: Fetching repository @@gazelle++go_deps+org_uber_go_mock; starting 2150: Fetching ...go_sdk; Downloading and extracting Go toolchain ... (62 fetche\ 2151: s) 2152: ^[[1A^[[K 2153: ^[[1A^[[K 2154: ^[[1A^[[K 2155: ^[[1A^[[K 2156: ^[[1A^[[K 2157: ^[[1A^[[K 2158: ^[[1A^[[K 2159: ^[[1A^[[K 2160: ^[[1A^[[K 2161: ^[[1A^[[K 2162: ^[[1A^[[K 2163: ^[[1A^[[K(16:02:31) ^[[35mWARNING: ^[[0mDownload from https://unofficial-builds.nodejs.org/download/release/v20.18.1/node-v20.18.1-linux-x64.tar.xz failed: class java.io.FileNotFoundException GET returned 404 Not Found 2164: (16:02:31) ^[[32mAnalyzing:^[[0m 1037 targets (354 packages loaded, 8594 targets configur\ ... 2551: Fetching repository @@gazelle++go_deps+org_golang_google_grpc; starting 2552: Fetching ...e++non_module_deps+bazel_gazelle_go_repository_cache; starting 2553: Fetching ...e++go_deps+com_github_gosnmp_gosnmp; starting ... (80 fetches) 2554: ^[[1A^[[K 2555: ^[[1A^[[K 2556: ^[[1A^[[K 2557: ^[[1A^[[K 2558: ^[[1A^[[K 2559: ^[[1A^[[K 2560: ^[[1A^[[K 2561: ^[[1A^[[K 2562: ^[[1A^[[K 2563: ^[[1A^[[K 2564: ^[[1A^[[K 2565: ^[[1A^[[K 2566: ^[[1A^[[K(16:02:34) ^[[31m^[[1mERROR: ^[[0m/home/runner/_work/serviceradar/serviceradar/docker/images/BUILD.bazel:1509:8: //docker/images:timescaledb_extension_layer depends on @@+_repo_rules2+debian_gcc_15_base_amd64_deb//file:file in repository @@+_repo_rules2+debian_gcc_15_base_amd64_deb which failed to fetch. no such package '@@+_repo_rules2+debian_gcc_15_base_amd64_deb//file': java.io.IOException: Error downloading [https://deb.debian.org/debian/pool/main/g/gcc-15/gcc-15-base_15.2.0-10_amd64.deb] to /home/runner/.cache/bazel/_bazel_runner/5267be34ed6226e5181c0e8ea3f399cd/external/+_repo_rules2+debian_gcc_15_base_amd64_deb/file/downloaded: GET returned 404 Not Found 2567: (16:02:34) ^[[32mAnalyzing:^[[0m 1037 targets (478 packages loaded, 14224 targets configu\ ... 2610: ^[[1A^[[K 2611: ^[[1A^[[K 2612: ^[[1A^[[K 2613: ^[[1A^[[K 2614: ^[[1A^[[K 2615: ^[[1A^[[K 2616: ^[[1A^[[K 2617: ^[[1A^[[K 2618: ^[[1A^[[K 2619: ^[[1A^[[K 2620: ^[[1A^[[K 2621: ^[[1A^[[K 2622: ^[[1A^[[K 2623: ^[[1A^[[K 2624: ^[[1A^[[K 2625: ^[[1A^[[K(16:02:34) ^[[31m^[[1mERROR: ^[[0m/home/runner/_work/serviceradar/serviceradar/docker/images/BUILD.bazel:1592:8: //docker/images:age_extension_layer depends on @@+_repo_rules2+debian_gcc_15_base_amd64_deb//file:file in repository @@+_repo_rules2+debian_gcc_15_base_amd64_deb which failed to fetch. no such package '@@+_repo_rules2+debian_gcc_15_base_amd64_deb//file': java.io.IOException: Error downloading [https://deb.debian.org/debian/pool/main/g/gcc-15/gcc-15-base_15.2.0-10_amd64.deb] to /home/runner/.cache/bazel/_bazel_runner/5267be34ed6226e5181c0e8ea3f399cd/external/+_repo_rules2+debian_gcc_15_base_amd64_deb/file/downloaded: GET returned 404 Not Found 2626: (16:02:34) ^[[32mAnalyzing:^[[0m 1037 targets (495 packages loaded, 14740 targets configu\ ... 4350: ^[[1A^[[K 4351: ^[[1A^[[K 4352: ^[[1A^[[K 4353: ^[[1A^[[K 4354: ^[[1A^[[K 4355: ^[[1A^[[K 4356: ^[[1A^[[K 4357: ^[[1A^[[K 4358: ^[[1A^[[K 4359: ^[[1A^[[K 4360: ^[[1A^[[K 4361: ^[[1A^[[K 4362: ^[[1A^[[K 4363: ^[[1A^[[K 4364: ^[[1A^[[K(16:02:47) ^[[32mINFO: ^[[0mFrom Executing genrule //docker/images:cnpg_postgresql_16_6_rootfs_tar: 4365: Error: pulling layout:/buildbuddy-execroot/bazel-out/k8-fastbuild/bin/external/rules_oci++oci+cloudnativepg_postgresql_16_6_linux_amd64/layout: parsing reference "layout:/buildbuddy-execroot/bazel-out/k8-fastbuild/bin/external/rules_oci++oci+cloudnativepg_postgresql_16_6_linux_amd64/layout": could not parse reference: layout:/buildbuddy-execroot/bazel-out/k8-fastbuild/bin/external/rules_oci++oci+cloudnativepg_postgresql_16_6_linux_amd64/layout 4366: (16:02:47) ^[[32mAnalyzing:^[[0m 1037 targets (1504 packages loaded, 66195 targets config\ ... 5396: ^[[1A^[[K 5397: ^[[1A^[[K 5398: ^[[1A^[[K 5399: ^[[1A^[[K 5400: ^[[1A^[[K 5401: ^[[1A^[[K 5402: ^[[1A^[[K(16:02:52) ^[[35mWARNING: ^[[0m/home/runner/_work/serviceradar/serviceradar/web/BUILD.bazel:67:22: input 'package' of //web:.aspect_rules_js/node_modules/unrs-resolver@1.11.1/lc is a directory; dependency checking of directories is unsound 5403: (16:02:52) ^[[32mAnalyzing:^[[0m 1037 targets (1880 packages loaded, 86158 targets config\ 5404: ured) 5405: ^[[32m[5,293 / 5,420]^[[0m 2 / 4 tests;^[[0m 96 actions, 0 running^[[0m; last test: ^[[32m...fastsum_test^[[0m 5406: Extracting npm package define-data-property@1.1.4; 0s remote-cache 5407: Extracting npm package jsx-ast-utils@3.3.5; 0s remote-cache 5408: Extracting npm package fast-glob@3.3.1; 0s remote-cache 5409: Extracting npm package es-abstract@1.24.0; 0s remote-cache 5410: Extracting npm package es-define-property@1.0.1; 0s remote-cache 5411: Extracting npm package es-errors@1.3.0; 0s remote-cache 5412: Extracting npm package eslint-scope@8.3.0; 0s remote-cache ... 7062: ^[[1A^[[K 7063: ^[[1A^[[K 7064: ^[[1A^[[K 7065: ^[[1A^[[K 7066: ^[[1A^[[K 7067: ^[[1A^[[K 7068: ^[[1A^[[K 7069: ^[[1A^[[K(16:03:06) ^[[32m[10,777 / 11,437]^[[0m 34 / 41 tests;^[[0m 97 actions, 2 running^[[0m; last test: ^[[32m\ 7070: //pkg/core:core_test^[[0m 7071: //web:typecheck; 11s remote, remote-cache 7072: //web:standalone_app; 11s remote, remote-cache 7073: Running Cargo build script openssl; 0s remote, remote-cache 7074: Running Cargo build script symbolic-demangle; 0s remote, remote-cache 7075: Running Cargo build script ring; 0s remote, remote-cache 7076: ...//:cargo_toml_env_vars; 0s remote, remote-cache 7077: Compiling Rust rlib thiserror v2.0.17 (57 files); 0s remote, remote-cache 7078: ...//:cargo_toml_env_vars; 0s remote, remote-cache ... ... 7777: d/consumers/zen:zen_lib_test^[[0m 7778: //docker/images:web_image_amd64_tar; 0s remote, remote-cache 7779: Copying file docker/images/web_image_amd64; 0s remote, remote-cache 7780: ^[[1A^[[K 7781: ^[[1A^[[K 7782: ^[[1A^[[K 7783: ^[[1A^[[K(16:04:25) ^[[32m[11,442 / 11,443]^[[0m 40 / 41 tests;^[[0m 1 action^[[0m; last test: ^[[32m..._lib_test^[[0m^[[0m 7784: Jq docker/images/web_image_amd64.json.sha256; 0s remote, remote-cache 7785: ^[[1A^[[K 7786: ^[[1A^[[K(16:04:26) ^[[32m[11,442 / 11,443]^[[0m 40 / 41 tests;^[[0m 1 action^[[0m; last test: ^[[32m..._lib_test^[[0m^[[0m 7787: [Sched] Jq docker/images/web_image_amd64.json.sha256 7788: ^[[1A^[[K 7789: ^[[1A^[[K(16:04:26) ^[[32m[11,442 / 11,443]^[[0m 40 / 41 tests;^[[0m 1 action^[[0m; last test: ^[[32m..._lib_test^[[0m^[[0m 7790: Jq docker/images/web_image_amd64.json.sha256; 0s remote, remote-cache 7791: ^[[1A^[[K 7792: ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:cnpg_image_amd64', it will not be built. 7793: Analysis failed 7794: (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\ 7795: md/consumers/zen:zen_lib_test^[[0m 7796: ^[[1A^[[K 7797: ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:push_all', it will not be built. 7798: Analysis failed 7799: (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\ 7800: md/consumers/zen:zen_lib_test^[[0m 7801: ^[[1A^[[K 7802: ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:cnpg_image_amd64_push_cmd', it will not be built. 7803: Analysis failed 7804: (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\ 7805: md/consumers/zen:zen_lib_test^[[0m 7806: ^[[1A^[[K 7807: ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:cnpg_image_amd64_tar', it will not be built. 7808: Analysis failed 7809: (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\ 7810: md/consumers/zen:zen_lib_test^[[0m 7811: ^[[1A^[[K 7812: ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:cnpg_image_amd64_index_json', it will not be built. 7813: Analysis failed 7814: (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\ 7815: md/consumers/zen:zen_lib_test^[[0m 7816: ^[[1A^[[K 7817: ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:cnpg_image_amd64_index_json_cp', it will not be built. 7818: Analysis failed 7819: (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\ 7820: md/consumers/zen:zen_lib_test^[[0m 7821: ^[[1A^[[K 7822: ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:glibc_runtime_layer', it will not be built. 7823: Analysis failed 7824: (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\ 7825: md/consumers/zen:zen_lib_test^[[0m 7826: ^[[1A^[[K 7827: ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:cnpg_image_amd64.digest', it will not be built. 7828: Analysis failed 7829: (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\ 7830: md/consumers/zen:zen_lib_test^[[0m 7831: ^[[1A^[[K 7832: ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//rust/srql:srql_api_test', it will not be built. 7833: Analysis failed 7834: (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\ 7835: md/consumers/zen:zen_lib_test^[[0m 7836: ^[[1A^[[K 7837: ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:cnpg_image_amd64_push_tags', it will not be built. 7838: Analysis failed 7839: (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\ 7840: md/consumers/zen:zen_lib_test^[[0m 7841: ^[[1A^[[K 7842: ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//rust/srql:srql_comprehensive_test', it will not be built. 7843: Analysis failed 7844: (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\ 7845: md/consumers/zen:zen_lib_test^[[0m 7846: ^[[1A^[[K 7847: ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:cnpg_image_amd64_push', it will not be built. 7848: Analysis failed 7849: (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\ 7850: md/consumers/zen:zen_lib_test^[[0m 7851: ^[[1A^[[K 7852: ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:age_extension_layer', it will not be built. 7853: Analysis failed 7854: (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\ 7855: md/consumers/zen:zen_lib_test^[[0m 7856: ^[[1A^[[K 7857: ^[[1A^[[K(16:04:26) ^[[35mWARNING: ^[[0merrors encountered while analyzing target '//docker/images:timescaledb_extension_layer', it will not be built. 7858: Analysis failed 7859: (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\ 7860: md/consumers/zen:zen_lib_test^[[0m 7861: ^[[1A^[[K 7862: ^[[1A^[[K(16:04:26) ^[[32mINFO: ^[[0mBuild succeeded for only 1023 of 1037 top-level targets 7863: (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\ 7864: md/consumers/zen:zen_lib_test^[[0m 7865: ^[[1A^[[K 7866: ^[[1A^[[K(16:04:26) ^[[32mINFO: ^[[0mFound 982 targets and 41 test targets... 7867: (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\ 7868: md/consumers/zen:zen_lib_test^[[0m 7869: ^[[1A^[[K 7870: ^[[1A^[[K(16:04:26) ^[[31m^[[1mERROR: ^[[0mcommand succeeded, but there were loading phase errors 7871: (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\ 7872: md/consumers/zen:zen_lib_test^[[0m 7873: ^[[1A^[[K 7874: ^[[1A^[[K(16:04:26) ^[[32mINFO: ^[[0mElapsed time: 142.224s, Critical Path: 93.89s 7875: (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\ 7876: md/consumers/zen:zen_lib_test^[[0m 7877: ^[[1A^[[K 7878: ^[[1A^[[K(16:04:26) ^[[32mINFO: ^[[0m10470 processes: 5708 remote cache hit, 4670 internal, 1 local, 91 remote. 7879: (16:04:26) ^[[32m[11,443 / 11,443]^[[0m 40 / 41 tests;^[[0m no actions running^[[0m; last test: ^[[32m//c\ 7880: md/consumers/zen:zen_lib_test^[[0m 7881: ^[[1A^[[K 7882: ^[[1A^[[K(16:04:26) ^[[31m^[[1mERROR: ^[[0mBuild did NOT complete successfully 7883: (16:04:26) ^[[31m^[[1mFAILED:^[[0m 7884: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7885: //cmd/consumers/zen:zen_lib_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s 7886: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7887: //cmd/otel:otel_lib_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s 7888: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7889: //docs:lint ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s 7890: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7891: //internal/fastsum:fastsum_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s 7892: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7893: //pkg/agent:agent_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s 7894: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7895: //pkg/checker/snmp:snmp_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s 7896: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7897: //pkg/consumers/db-event-writer:db-event-writer_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s 7898: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7899: //pkg/core:core_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.5s 7900: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7901: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7902: //pkg/core/api:api_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s 7903: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7904: //pkg/core/auth:auth_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s 7905: //pkg/core/templateregistry:templateregistry_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s 7906: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7907: //pkg/cpufreq:cpufreq_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.2s 7908: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7909: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7910: //pkg/datasvc:datasvc_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s 7911: //pkg/db:db_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s 7912: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7913: //pkg/devicealias:devicealias_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s 7914: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7915: //pkg/deviceupdate:deviceupdate_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s 7916: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7917: //pkg/edgeonboarding/mtls:mtls_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s 7918: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7919: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7920: //pkg/grpc:grpc_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s 7921: //pkg/hashutil:hashutil_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s 7922: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7923: //pkg/http:http_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s 7924: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7925: //pkg/identitymap:identitymap_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s 7926: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7927: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7928: //pkg/integration_test:integration_test_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s 7929: //pkg/logger:logger_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s 7930: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7931: //pkg/mapper:mapper_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s 7932: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7933: //pkg/mcp:mcp_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s 7934: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7935: //pkg/metrics:metrics_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s 7936: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7937: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7938: //pkg/metricstore:metricstore_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s 7939: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7940: //pkg/models:models_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s 7941: //pkg/poller:poller_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s 7942: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7943: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7944: //pkg/registry:registry_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s 7945: //pkg/scan:scan_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s 7946: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7947: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7948: //pkg/sweeper:sweeper_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s 7949: //pkg/sync:sync_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s 7950: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7951: //pkg/sync/integrations/armis:armis_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s 7952: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7953: //pkg/sync/integrations/netbox:netbox_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s 7954: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7955: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7956: //rust/config-bootstrap:config_bootstrap_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s 7957: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7958: //rust/edge-onboarding:edge_onboarding_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s 7959: //rust/kvutil:kvutil_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s 7960: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7961: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7962: //tests/kvseeding:kvseeding_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.0s 7963: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7964: //web:typecheck_typecheck_test ^[[0m^[[32m(cached) PASSED^[[0m in 0.1s 7965: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7966: //pkg/checker/sysmonosx:sysmonosx_test ^[[0m^[[35mSKIPPED^[[0m 7967: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7968: Executed 0 out of 41 tests: 40 tests pass and ^[[0m^[[35m1 was skipped^[[0m. 7969: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7970: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7971: There were tests whose specified size is too big. Use the --test_verbose_timeout_warnings command line option to see which ones these are. 7972: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7973: ^[[0m^[[31m^[[1mAll tests passed but there were other errors during the build. 7974: ^[[1A^[[K(16:04:26) ^[[31m^[[1mFAILED:^[[0m 7975: ^[[0m 7976: ^[[1A^[[K(16:04:27) ^[[31m^[[1mFAILED:^[[0m 7977: ^[[1A^[[K(16:04:28) ^[[32mINFO: ^[[0mStreaming build results to: ^[[36mhttps://carverauto.buildbuddy.io/invocation/9e925d57-b43e-462e-b152-13eee123c9b9^[[0m 7978: ^[[0m 7979: ##[error]Process completed with exit code 1. 7980: Post job cleanup. ``` </details></td></tr></table>