carverauto/serviceradar

Fork 0

syslog fix #2825

Merged

mfreeman451 merged 7 commits from refs/pull/2825/head into staging

2026-02-01 21:33:53 +00:00

mfreeman451 commented

2026-02-01 08:35:54 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #2657
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/2657
Original created: 2026-02-01T08:35:54Z
Original updated: 2026-02-01T21:33:55Z
Original head: carverauto/serviceradar:fix/syslog-messages-missing-ui
Original base: staging
Original merged: 2026-02-01T21:33:53Z by @mfreeman451

User description

IMPORTANT: Please sign the Developer Certificate of Origin

Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include
a DCO sign-off statement indicating the DCO acceptance in one commit message. Here
is an example DCO Signed-off-by line in a commit message:

Signed-off-by: J. Doe <j.doe@domain.com>

Describe your changes

Issue ticket number and link

Code checklist before requesting a review

I have signed the DCO?
The build completes without errors?
All tests are passing when running make test?

PR Type

Bug fix

Description

Refactored processLogsTable to handle syslog messages correctly
Replaced generic OTEL table processor with dedicated log processing logic
Ensures all messages are tracked for acknowledgment regardless of parsing
Fixes missing syslog messages in UI by proper row collection and insertion

Diagram Walkthrough

flowchart LR
  A["processLogsTable"] -->|"check empty"| B["Return nil"]
  A -->|"iterate messages"| C["Parse OTEL message"]
  C -->|"success"| D["Collect rows"]
  C -->|"failure"| E["Log warning, continue"]
  D -->|"insert rows"| F["InsertOTELLogs"]
  F -->|"success"| G["Return processed messages"]
  F -->|"error"| H["Return error with processed"]

File Walkthrough

Relevant files

Bug fix

processor.go

Refactor log processor for proper message handling

pkg/consumers/db-event-writer/processor.go

Replaced generic processOTELTable call with dedicated inline log
processing logic
Added early return for empty message slices
Implemented explicit message tracking to ensure all messages are
acknowledged
Changed to collect all parsed rows before batch insertion to CNPG
Updated logging to include row count and use "logs" terminology
instead of "OTEL logs"

+35/-10

Imported from GitHub pull request. Original GitHub pull request: #2657 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/2657 Original created: 2026-02-01T08:35:54Z Original updated: 2026-02-01T21:33:55Z Original head: carverauto/serviceradar:fix/syslog-messages-missing-ui Original base: staging Original merged: 2026-02-01T21:33:53Z by @mfreeman451 --- ### **User description** ## IMPORTANT: Please sign the Developer Certificate of Origin Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include a [DCO sign-off statement]( https://developercertificate.org/) indicating the DCO acceptance in one commit message. Here is an example DCO Signed-off-by line in a commit message: ``` Signed-off-by: J. Doe <j.doe@domain.com> ``` ## Describe your changes ## Issue ticket number and link ## Code checklist before requesting a review - [ ] I have signed the DCO? - [ ] The build completes without errors? - [ ] All tests are passing when running make test? ___ ### **PR Type** Bug fix ___ ### **Description** - Refactored `processLogsTable` to handle syslog messages correctly - Replaced generic OTEL table processor with dedicated log processing logic - Ensures all messages are tracked for acknowledgment regardless of parsing - Fixes missing syslog messages in UI by proper row collection and insertion ___ ### Diagram Walkthrough ```mermaid flowchart LR A["processLogsTable"] -->|"check empty"| B["Return nil"] A -->|"iterate messages"| C["Parse OTEL message"] C -->|"success"| D["Collect rows"] C -->|"failure"| E["Log warning, continue"] D -->|"insert rows"| F["InsertOTELLogs"] F -->|"success"| G["Return processed messages"] F -->|"error"| H["Return error with processed"] ``` <details><summary><h3>File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Bug fix</strong></td><td><table> <tr> <td> <details> <summary><strong>processor.go</strong><dd><code>Refactor log processor for proper message handling</code>              </dd></summary> <hr> pkg/consumers/db-event-writer/processor.go <ul><li>Replaced generic <code>processOTELTable</code> call with dedicated inline log <br>processing logic<br> <li> Added early return for empty message slices<br> <li> Implemented explicit message tracking to ensure all messages are <br>acknowledged<br> <li> Changed to collect all parsed rows before batch insertion to CNPG<br> <li> Updated logging to include row count and use "logs" terminology <br>instead of "OTEL logs"</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2657/files#diff-c55d73b621975e3797271d69fc43b78fa44eb184437392f9e40e18d4568589a8">+35/-10</a>  </td> </tr> </table></td></tr></tbody></table> </details> ___

qodo-code-review[bot] commented

2026-02-01 08:36:28 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2657#issuecomment-3830622036
Original created: 2026-02-01T08:36:28Z

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
🔴	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Unwrapped DB error: The database insert failure is returned without added context (e.g., `table`/row count/operation), reducing actionable debugging information. Referred Code `if err := p.db.InsertOTELLogs(ctx, table, rows); err != nil { return processed, err }` Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Error exposure risk: The raw error from `p.db.InsertOTELLogs` is propagated directly and may expose internal database details depending on where this error is surfaced. Referred Code `if err := p.db.InsertOTELLogs(ctx, table, rows); err != nil { return processed, err }` Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Unvalidated external input: `table` and parsed log data are used for database insertion without validation visible in the diff, and it is unclear if the DB layer parameterizes/whitelists these inputs. Referred Code func (p *Processor) processLogsTable(ctx context.Context, table string, msgs []jetstream.Msg) ([]jetstream.Msg, error) { if len(msgs) == 0 { return nil, nil } processed := make([]jetstream.Msg, 0, len(msgs)) rows := make([]models.OTELLogRow, 0, len(msgs)) for _, msg := range msgs { processed = append(processed, msg) parsedRows, ok := p.parseOTELMessage(msg) if !ok { p.logger.Warn(). Str("subject", msg.Subject()). Msg("Skipping malformed log message") continue } rows = append(rows, parsedRows...) } ... (clipped 7 lines) Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2657#issuecomment-3830622036 Original created: 2026-02-01T08:36:28Z --- ## PR Compliance Guide 🔍  Below is a summary of compliance checks for this PR:<br> <table><tbody><tr><td colspan='2'><strong>Security Compliance</strong></td></tr> <tr><td>🟢</td><td><details><summary><strong>No security concerns identified</strong></summary> No security vulnerabilities detected by AI analysis. Human verification advised for critical code. </details></td></tr> <tr><td colspan='2'><strong>Ticket Compliance</strong></td></tr> <tr><td>⚪</td><td><details><summary>🎫 <strong>No ticket provided </strong></summary> - [ ] Create ticket/issue  </details></td></tr> <tr><td colspan='2'><strong>Codebase Duplication Compliance</strong></td></tr> <tr><td>⚪</td><td><details><summary><strong>Codebase context is not defined </strong></summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/core-abilities/rag_context_enrichment/'>guide</a> to enable codebase context checks. </details></td></tr> <tr><td colspan='2'><strong>Custom Compliance</strong></td></tr> <tr><td rowspan=3>🟢</td><td> <details><summary><strong>Generic: Comprehensive Audit Trails</strong></summary><br> **Objective:** To create a detailed and reliable record of critical system actions for security analysis <br>and compliance.<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Meaningful Naming and Self-Documenting Code</strong></summary><br> **Objective:** Ensure all identifiers clearly express their purpose and intent, making code <br>self-documenting<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Secure Logging Practices</strong></summary><br> **Objective:** To ensure logs are useful for debugging and auditing without exposing sensitive <br>information like PII, PHI, or cardholder data.<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td rowspan=1>🔴</td> <td><details> <summary><strong>Generic: Robust Error Handling and Edge Case Management</strong></summary><br> **Objective:** Ensure comprehensive error handling that provides meaningful context and graceful <br>degradation<br> **Status:** <br><a href='https://github.com/carverauto/serviceradar/pull/2657/files#diff-c55d73b621975e3797271d69fc43b78fa44eb184437392f9e40e18d4568589a8R466-R468'><strong>Unwrapped DB error</strong></a>: The database insert failure is returned without added context (e.g., <code>table</code>/row <br>count/operation), reducing actionable debugging information.<br> <details open><summary>Referred Code</summary> ```go if err := p.db.InsertOTELLogs(ctx, table, rows); err != nil { return processed, err } ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td rowspan=2>⚪</td> <td><details> <summary><strong>Generic: Secure Error Handling</strong></summary><br> **Objective:** To prevent the leakage of sensitive system information through error messages while <br>providing sufficient detail for internal debugging.<br> **Status:** <br><a href='https://github.com/carverauto/serviceradar/pull/2657/files#diff-c55d73b621975e3797271d69fc43b78fa44eb184437392f9e40e18d4568589a8R466-R468'><strong>Error exposure risk</strong></a>: The raw error from <code>p.db.InsertOTELLogs</code> is propagated directly and may expose internal <br>database details depending on where this error is surfaced.<br> <details open><summary>Referred Code</summary> ```go if err := p.db.InsertOTELLogs(ctx, table, rows); err != nil { return processed, err } ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary><strong>Generic: Security-First Input Validation and Data Handling</strong></summary><br> **Objective:** Ensure all data inputs are validated, sanitized, and handled securely to prevent <br>vulnerabilities<br> **Status:** <br><a href='https://github.com/carverauto/serviceradar/pull/2657/files#diff-c55d73b621975e3797271d69fc43b78fa44eb184437392f9e40e18d4568589a8R440-R467'><strong>Unvalidated external input</strong></a>: <code>table</code> and parsed log data are used for database insertion without validation visible in <br>the diff, and it is unclear if the DB layer parameterizes/whitelists these inputs.<br> <details open><summary>Referred Code</summary> ```go func (p *Processor) processLogsTable(ctx context.Context, table string, msgs []jetstream.Msg) ([]jetstream.Msg, error) { if len(msgs) == 0 { return nil, nil } processed := make([]jetstream.Msg, 0, len(msgs)) rows := make([]models.OTELLogRow, 0, len(msgs)) for _, msg := range msgs { processed = append(processed, msg) parsedRows, ok := p.parseOTELMessage(msg) if !ok { p.logger.Warn(). Str("subject", msg.Subject()). Msg("Skipping malformed log message") continue } rows = append(rows, parsedRows...) } ... (clipped 7 lines) ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td align="center" colspan="2"> - [ ] Update  </td></tr></tbody></table> <details><summary>Compliance status legend</summary> 🟢 - Fully Compliant<br> 🟡 - Partial Compliant<br> 🔴 - Not Compliant<br> ⚪ - Requires Further Human Verification<br> 🏷️ - Compliance label<br> </details>

qodo-code-review[bot] commented

2026-02-01 08:37:41 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2657#issuecomment-3830623365
Original created: 2026-02-01T08:37:41Z

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Prevent data loss on DB error To prevent data loss on database insertion failure, return `nil` instead of the `processed` message slice, ensuring failed batches are not acknowledged and can be redelivered. pkg/consumers/db-event-writer/processor.go [466-468] `if err := p.db.InsertOTELLogs(ctx, table, rows); err != nil { - return processed, err + return nil, err }` Apply / Chat Suggestion importance[1-10]: 10 __ Why: The suggestion correctly identifies a critical data loss bug where a database insertion failure would cause all messages in the batch to be acknowledged and lost, and provides the correct fix.	High
Possible issue	Only ack successfully parsed messages Only add messages to the `processed` slice after they have been successfully parsed to avoid acknowledging and losing malformed messages. pkg/consumers/db-event-writer/processor.go [441-460] `if len(msgs) == 0 { return nil, nil } processed := make([]jetstream.Msg, 0, len(msgs)) rows := make([]models.OTELLogRow, 0, len(msgs)) for _, msg := range msgs { - processed = append(processed, msg) - parsedRows, ok := p.parseOTELMessage(msg) if !ok { p.logger.Warn(). Str("subject", msg.Subject()). Msg("Skipping malformed log message") continue } + processed = append(processed, msg) rows = append(rows, parsedRows...) }` Apply / Chat Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies that malformed messages are incorrectly added to the `processed` slice, which would lead to them being acknowledged and dropped, and proposes a fix to prevent this data loss.	Medium
General	Chunk large insert operations Implement batching for database inserts by breaking large sets of rows into smaller chunks to prevent potential SQL errors and improve stability. pkg/consumers/db-event-writer/processor.go [466-476] -if err := p.db.InsertOTELLogs(ctx, table, rows); err != nil { - p.logger.Info(). - Int("rows_processed", len(rows)). - Str("table", table). - Msg("Inserted logs into CNPG") - return processed, nil +const maxBatchSize = 1000 +for start := 0; start < len(rows); start += maxBatchSize { + end := start + maxBatchSize + if end > len(rows) { + end = len(rows) + } + batch := rows[start:end] + if err := p.db.InsertOTELLogs(ctx, table, batch); err != nil { + p.logger.Error(). + Err(err). + Str("table", table). + Int("batch_size", len(batch)). + Msg("Failed to insert batch into CNPG") + return processed, err + } } +p.logger.Info(). + Int("rows_processed", len(rows)). + Str("table", table). + Msg("Inserted logs into CNPG") `[To ensure code accuracy, apply this suggestion manually]` Suggestion importance[1-10]: 7 __ Why: The suggestion provides a valuable improvement for robustness by proposing to batch database inserts, which can prevent errors with large message volumes and improve performance.	Medium
General	Log insert errors with context Add a detailed error log with context like table name and row count when a database insertion fails to improve diagnostics. pkg/consumers/db-event-writer/processor.go [466-468] `if err := p.db.InsertOTELLogs(ctx, table, rows); err != nil { + p.logger.Error(). + Err(err). + Str("table", table). + Int("rows", len(rows)). + Msg("Failed to insert logs into CNPG") return processed, err }` Apply / Chat Suggestion importance[1-10]: 6 __ Why: This is a good suggestion for improving observability by logging the error with relevant context when a database insertion fails, which aids in debugging.	Low
Update

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2657#issuecomment-3830623365 Original created: 2026-02-01T08:37:41Z --- ## PR Code Suggestions ✨  Explore these optional code suggestions: <table><thead><tr><td><strong>Category</strong></td><td align=left><strong>Suggestion                                                                                                                                    </strong></td><td align=center><strong>Impact</strong></td></tr><tbody><tr><td rowspan=2>Possible issue</td> <td> <details><summary>Prevent data loss on DB error</summary> ___ **To prevent data loss on database insertion failure, return <code>nil</code> instead of the <br><code>processed</code> message slice, ensuring failed batches are not acknowledged and can be <br>redelivered.** [pkg/consumers/db-event-writer/processor.go [466-468]](https://github.com/carverauto/serviceradar/pull/2657/files#diff-c55d73b621975e3797271d69fc43b78fa44eb184437392f9e40e18d4568589a8R466-R468) ```diff if err := p.db.InsertOTELLogs(ctx, table, rows); err != nil { - return processed, err + return nil, err } ``` - [ ] **Apply / Chat**  <details><summary>Suggestion importance[1-10]: 10</summary> __ Why: The suggestion correctly identifies a critical data loss bug where a database insertion failure would cause all messages in the batch to be acknowledged and lost, and provides the correct fix. </details></details></td><td align=center>High </td></tr><tr><td> <details><summary>Only ack successfully parsed messages</summary> ___ **Only add messages to the <code>processed</code> slice after they have been successfully <br>parsed to avoid acknowledging and losing malformed messages.** [pkg/consumers/db-event-writer/processor.go [441-460]](https://github.com/carverauto/serviceradar/pull/2657/files#diff-c55d73b621975e3797271d69fc43b78fa44eb184437392f9e40e18d4568589a8R441-R460) ```diff if len(msgs) == 0 { return nil, nil } processed := make([]jetstream.Msg, 0, len(msgs)) rows := make([]models.OTELLogRow, 0, len(msgs)) for _, msg := range msgs { - processed = append(processed, msg) - parsedRows, ok := p.parseOTELMessage(msg) if !ok { p.logger.Warn(). Str("subject", msg.Subject()). Msg("Skipping malformed log message") continue } + processed = append(processed, msg) rows = append(rows, parsedRows...) } ``` - [ ] **Apply / Chat**  <details><summary>Suggestion importance[1-10]: 8</summary> __ Why: The suggestion correctly identifies that malformed messages are incorrectly added to the `processed` slice, which would lead to them being acknowledged and dropped, and proposes a fix to prevent this data loss. </details></details></td><td align=center>Medium </td></tr><tr><td rowspan=2>General</td> <td> <details><summary>Chunk large insert operations</summary> ___ **Implement batching for database inserts by breaking large sets of rows into <br>smaller chunks to prevent potential SQL errors and improve stability.** [pkg/consumers/db-event-writer/processor.go [466-476]](https://github.com/carverauto/serviceradar/pull/2657/files#diff-c55d73b621975e3797271d69fc43b78fa44eb184437392f9e40e18d4568589a8R466-R476) ```diff -if err := p.db.InsertOTELLogs(ctx, table, rows); err != nil { - p.logger.Info(). - Int("rows_processed", len(rows)). - Str("table", table). - Msg("Inserted logs into CNPG") - return processed, nil +const maxBatchSize = 1000 +for start := 0; start < len(rows); start += maxBatchSize { + end := start + maxBatchSize + if end > len(rows) { + end = len(rows) + } + batch := rows[start:end] + if err := p.db.InsertOTELLogs(ctx, table, batch); err != nil { + p.logger.Error(). + Err(err). + Str("table", table). + Int("batch_size", len(batch)). + Msg("Failed to insert batch into CNPG") + return processed, err + } } +p.logger.Info(). + Int("rows_processed", len(rows)). + Str("table", table). + Msg("Inserted logs into CNPG") ``` `[To ensure code accuracy, apply this suggestion manually]` <details><summary>Suggestion importance[1-10]: 7</summary> __ Why: The suggestion provides a valuable improvement for robustness by proposing to batch database inserts, which can prevent errors with large message volumes and improve performance. </details></details></td><td align=center>Medium </td></tr><tr><td> <details><summary>Log insert errors with context</summary> ___ **Add a detailed error log with context like table name and row count when a <br>database insertion fails to improve diagnostics.** [pkg/consumers/db-event-writer/processor.go [466-468]](https://github.com/carverauto/serviceradar/pull/2657/files#diff-c55d73b621975e3797271d69fc43b78fa44eb184437392f9e40e18d4568589a8R466-R468) ```diff if err := p.db.InsertOTELLogs(ctx, table, rows); err != nil { + p.logger.Error(). + Err(err). + Str("table", table). + Int("rows", len(rows)). + Msg("Failed to insert logs into CNPG") return processed, err } ``` - [ ] **Apply / Chat**  <details><summary>Suggestion importance[1-10]: 6</summary> __ Why: This is a good suggestion for improving observability by logging the error with relevant context when a database insertion fails, which aids in debugging. </details></details></td><td align=center>Low </td></tr> <tr><td align="center" colspan="2"> - [ ] Update  </td><td></td></tr></tbody></table>

qodo-code-review[bot] commented

2026-02-01 21:33:28 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2657#issuecomment-3832096094
Original created: 2026-02-01T21:33:28Z

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: build

Failed stage: Configure SRQL fixture database for tests [❌]

Failed test name: ""

Failure summary:

The action failed because a required secret for the test environment was not configured:
- The job
exited with code 1 after printing: SRQL_TEST_DATABASE_CA_CERT secret must be configured to verify
SRQL fixture TLS. (log line 714).
- This indicates the workflow expects the secret
SRQL_TEST_DATABASE_CA_CERT (shown empty in the environment) to be set so it can verify TLS for the
SRQL database fixture; without it, the script intentionally fails.

Relevant error logs:

1:  Runner name: 'arc-runner-set-hk6mk-runner-pfzdm'
2:  Runner group name: 'Default'
...

177:  ^[[36;1mif command -v apt-get >/dev/null 2>&1; then^[[0m
178:  ^[[36;1m  sudo apt-get update^[[0m
179:  ^[[36;1m  sudo apt-get install -y build-essential pkg-config libssl-dev protobuf-compiler cmake flex bison^[[0m
180:  ^[[36;1melif command -v dnf >/dev/null 2>&1; then^[[0m
181:  ^[[36;1m  sudo dnf install -y gcc gcc-c++ make openssl-devel protobuf-compiler cmake flex bison^[[0m
182:  ^[[36;1melif command -v yum >/dev/null 2>&1; then^[[0m
183:  ^[[36;1m  sudo yum install -y gcc gcc-c++ make openssl-devel protobuf-compiler cmake flex bison^[[0m
184:  ^[[36;1melif command -v microdnf >/dev/null 2>&1; then^[[0m
185:  ^[[36;1m  sudo microdnf install -y gcc gcc-c++ make openssl-devel protobuf-compiler cmake flex bison^[[0m
186:  ^[[36;1melse^[[0m
187:  ^[[36;1m  echo "Unsupported package manager; please install gcc, g++ (or clang), make, OpenSSL headers, pkg-config, and protoc manually." >&2^[[0m
188:  ^[[36;1m  exit 1^[[0m
189:  ^[[36;1mfi^[[0m
190:  ^[[36;1m^[[0m
191:  ^[[36;1mensure_pkg_config^[[0m
192:  ^[[36;1mprotoc --version || (echo "protoc installation failed" && exit 1)^[[0m
193:  shell: /usr/bin/bash -e {0}
...

394:  shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
395:  env:
396:  BUILDBUDDY_ORG_API_KEY: ***
397:  SRQL_TEST_DATABASE_URL: ***
398:  SRQL_TEST_ADMIN_URL: ***
399:  SRQL_TEST_DATABASE_CA_CERT: 
400:  DOCKERHUB_USERNAME: ***
401:  DOCKERHUB_TOKEN: ***
402:  TEST_CNPG_DATABASE: serviceradar_web_ng_test
403:  INSTALL_DIR_FOR_OTP: /home/runner/_work/_temp/.setup-beam/otp
404:  INSTALL_DIR_FOR_ELIXIR: /home/runner/_work/_temp/.setup-beam/elixir
405:  ##[endgroup]
406:  ##[group]Run : install rustup if needed
407:  ^[[36;1m: install rustup if needed^[[0m
408:  ^[[36;1mif ! command -v rustup &>/dev/null; then^[[0m
409:  ^[[36;1m  curl --proto '=https' --tlsv1.2 --retry 10 --retry-connrefused --location --silent --show-error --fail https://sh.rustup.rs | sh -s -- --default-toolchain none -y^[[0m
410:  ^[[36;1m  echo "$CARGO_HOME/bin" >> $GITHUB_PATH^[[0m
...

550:  shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
551:  env:
552:  BUILDBUDDY_ORG_API_KEY: ***
553:  SRQL_TEST_DATABASE_URL: ***
554:  SRQL_TEST_ADMIN_URL: ***
555:  SRQL_TEST_DATABASE_CA_CERT: 
556:  DOCKERHUB_USERNAME: ***
557:  DOCKERHUB_TOKEN: ***
558:  TEST_CNPG_DATABASE: serviceradar_web_ng_test
559:  INSTALL_DIR_FOR_OTP: /home/runner/_work/_temp/.setup-beam/otp
560:  INSTALL_DIR_FOR_ELIXIR: /home/runner/_work/_temp/.setup-beam/elixir
561:  CARGO_HOME: /home/runner/.cargo
562:  CARGO_INCREMENTAL: 0
563:  CARGO_TERM_COLOR: always
564:  ##[endgroup]
565:  ##[group]Run : work around spurious network errors in curl 8.0
566:  ^[[36;1m: work around spurious network errors in curl 8.0^[[0m
567:  ^[[36;1m# https://rust-lang.zulipchat.com/#narrow/stream/246057-t-cargo/topic/timeout.20investigation^[[0m
...

618:  SRQL_TEST_DATABASE_CA_CERT: 
619:  DOCKERHUB_USERNAME: ***
620:  DOCKERHUB_TOKEN: ***
621:  TEST_CNPG_DATABASE: serviceradar_web_ng_test
622:  INSTALL_DIR_FOR_OTP: /home/runner/_work/_temp/.setup-beam/otp
623:  INSTALL_DIR_FOR_ELIXIR: /home/runner/_work/_temp/.setup-beam/elixir
624:  CARGO_HOME: /home/runner/.cargo
625:  CARGO_INCREMENTAL: 0
626:  CARGO_TERM_COLOR: always
627:  ##[endgroup]
628:  Attempting to download 1.x...
629:  Acquiring v1.28.1 from https://github.com/bazelbuild/bazelisk/releases/download/v1.28.1/bazelisk-linux-amd64
630:  Adding to the cache ...
631:  Successfully cached bazelisk to /home/runner/_work/_tool/bazelisk/1.28.1/x64
632:  Added bazelisk to the path
633:  ##[warning]Failed to restore: Cache service responded with 400
634:  Restored bazelisk cache dir @ /home/runner/.cache/bazelisk
...

700:  env:
701:  BUILDBUDDY_ORG_API_KEY: ***
702:  SRQL_TEST_DATABASE_URL: ***
703:  SRQL_TEST_ADMIN_URL: ***
704:  SRQL_TEST_DATABASE_CA_CERT: 
705:  DOCKERHUB_USERNAME: ***
706:  DOCKERHUB_TOKEN: ***
707:  TEST_CNPG_DATABASE: serviceradar_web_ng_test
708:  INSTALL_DIR_FOR_OTP: /home/runner/_work/_temp/.setup-beam/otp
709:  INSTALL_DIR_FOR_ELIXIR: /home/runner/_work/_temp/.setup-beam/elixir
710:  CARGO_HOME: /home/runner/.cargo
711:  CARGO_INCREMENTAL: 0
712:  CARGO_TERM_COLOR: always
713:  ##[endgroup]
714:  SRQL_TEST_DATABASE_CA_CERT secret must be configured to verify SRQL fixture TLS.
715:  ##[error]Process completed with exit code 1.
716:  Post job cleanup.

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2657#issuecomment-3832096094 Original created: 2026-02-01T21:33:28Z --- ## CI Feedback 🧐 A test triggered by this PR failed. Here is an AI-generated analysis of the failure: <table><tr><td> **Action:** build</td></tr> <tr><td> **Failed stage:** [Configure SRQL fixture database for tests](https://github.com/carverauto/serviceradar/actions/runs/21570613702/job/62149075010) [❌] </td></tr> <tr><td> **Failed test name:** "" </td></tr> <tr><td> **Failure summary:** The action failed because a required secret for the test environment was not configured:<br> - The job <br>exited with code 1 after printing: <code>SRQL_TEST_DATABASE_CA_CERT secret must be configured to verify </code><br><code>SRQL fixture TLS.</code> (log line 714).<br> - This indicates the workflow expects the secret <br><code>SRQL_TEST_DATABASE_CA_CERT</code> (shown empty in the environment) to be set so it can verify TLS for the <br>SRQL database fixture; without it, the script intentionally fails.<br> </td></tr> <tr><td> <details><summary>Relevant error logs:</summary> ```yaml 1: Runner name: 'arc-runner-set-hk6mk-runner-pfzdm' 2: Runner group name: 'Default' ... 177: ^[[36;1mif command -v apt-get >/dev/null 2>&1; then^[[0m 178: ^[[36;1m sudo apt-get update^[[0m 179: ^[[36;1m sudo apt-get install -y build-essential pkg-config libssl-dev protobuf-compiler cmake flex bison^[[0m 180: ^[[36;1melif command -v dnf >/dev/null 2>&1; then^[[0m 181: ^[[36;1m sudo dnf install -y gcc gcc-c++ make openssl-devel protobuf-compiler cmake flex bison^[[0m 182: ^[[36;1melif command -v yum >/dev/null 2>&1; then^[[0m 183: ^[[36;1m sudo yum install -y gcc gcc-c++ make openssl-devel protobuf-compiler cmake flex bison^[[0m 184: ^[[36;1melif command -v microdnf >/dev/null 2>&1; then^[[0m 185: ^[[36;1m sudo microdnf install -y gcc gcc-c++ make openssl-devel protobuf-compiler cmake flex bison^[[0m 186: ^[[36;1melse^[[0m 187: ^[[36;1m echo "Unsupported package manager; please install gcc, g++ (or clang), make, OpenSSL headers, pkg-config, and protoc manually." >&2^[[0m 188: ^[[36;1m exit 1^[[0m 189: ^[[36;1mfi^[[0m 190: ^[[36;1m^[[0m 191: ^[[36;1mensure_pkg_config^[[0m 192: ^[[36;1mprotoc --version || (echo "protoc installation failed" && exit 1)^[[0m 193: shell: /usr/bin/bash -e {0} ... 394: shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0} 395: env: 396: BUILDBUDDY_ORG_API_KEY: *** 397: SRQL_TEST_DATABASE_URL: *** 398: SRQL_TEST_ADMIN_URL: *** 399: SRQL_TEST_DATABASE_CA_CERT: 400: DOCKERHUB_USERNAME: *** 401: DOCKERHUB_TOKEN: *** 402: TEST_CNPG_DATABASE: serviceradar_web_ng_test 403: INSTALL_DIR_FOR_OTP: /home/runner/_work/_temp/.setup-beam/otp 404: INSTALL_DIR_FOR_ELIXIR: /home/runner/_work/_temp/.setup-beam/elixir 405: ##[endgroup] 406: ##[group]Run : install rustup if needed 407: ^[[36;1m: install rustup if needed^[[0m 408: ^[[36;1mif ! command -v rustup &>/dev/null; then^[[0m 409: ^[[36;1m curl --proto '=https' --tlsv1.2 --retry 10 --retry-connrefused --location --silent --show-error --fail https://sh.rustup.rs | sh -s -- --default-toolchain none -y^[[0m 410: ^[[36;1m echo "$CARGO_HOME/bin" >> $GITHUB_PATH^[[0m ... 550: shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0} 551: env: 552: BUILDBUDDY_ORG_API_KEY: *** 553: SRQL_TEST_DATABASE_URL: *** 554: SRQL_TEST_ADMIN_URL: *** 555: SRQL_TEST_DATABASE_CA_CERT: 556: DOCKERHUB_USERNAME: *** 557: DOCKERHUB_TOKEN: *** 558: TEST_CNPG_DATABASE: serviceradar_web_ng_test 559: INSTALL_DIR_FOR_OTP: /home/runner/_work/_temp/.setup-beam/otp 560: INSTALL_DIR_FOR_ELIXIR: /home/runner/_work/_temp/.setup-beam/elixir 561: CARGO_HOME: /home/runner/.cargo 562: CARGO_INCREMENTAL: 0 563: CARGO_TERM_COLOR: always 564: ##[endgroup] 565: ##[group]Run : work around spurious network errors in curl 8.0 566: ^[[36;1m: work around spurious network errors in curl 8.0^[[0m 567: ^[[36;1m# https://rust-lang.zulipchat.com/#narrow/stream/246057-t-cargo/topic/timeout.20investigation^[[0m ... 618: SRQL_TEST_DATABASE_CA_CERT: 619: DOCKERHUB_USERNAME: *** 620: DOCKERHUB_TOKEN: *** 621: TEST_CNPG_DATABASE: serviceradar_web_ng_test 622: INSTALL_DIR_FOR_OTP: /home/runner/_work/_temp/.setup-beam/otp 623: INSTALL_DIR_FOR_ELIXIR: /home/runner/_work/_temp/.setup-beam/elixir 624: CARGO_HOME: /home/runner/.cargo 625: CARGO_INCREMENTAL: 0 626: CARGO_TERM_COLOR: always 627: ##[endgroup] 628: Attempting to download 1.x... 629: Acquiring v1.28.1 from https://github.com/bazelbuild/bazelisk/releases/download/v1.28.1/bazelisk-linux-amd64 630: Adding to the cache ... 631: Successfully cached bazelisk to /home/runner/_work/_tool/bazelisk/1.28.1/x64 632: Added bazelisk to the path 633: ##[warning]Failed to restore: Cache service responded with 400 634: Restored bazelisk cache dir @ /home/runner/.cache/bazelisk ... 700: env: 701: BUILDBUDDY_ORG_API_KEY: *** 702: SRQL_TEST_DATABASE_URL: *** 703: SRQL_TEST_ADMIN_URL: *** 704: SRQL_TEST_DATABASE_CA_CERT: 705: DOCKERHUB_USERNAME: *** 706: DOCKERHUB_TOKEN: *** 707: TEST_CNPG_DATABASE: serviceradar_web_ng_test 708: INSTALL_DIR_FOR_OTP: /home/runner/_work/_temp/.setup-beam/otp 709: INSTALL_DIR_FOR_ELIXIR: /home/runner/_work/_temp/.setup-beam/elixir 710: CARGO_HOME: /home/runner/.cargo 711: CARGO_INCREMENTAL: 0 712: CARGO_TERM_COLOR: always 713: ##[endgroup] 714: SRQL_TEST_DATABASE_CA_CERT secret must be configured to verify SRQL fixture TLS. 715: ##[error]Process completed with exit code 1. 716: Post job cleanup. ``` </details></td></tr></table>