PROJQUAY-11621: docs: add repo context files#163
Conversation
WalkthroughAdds three new documentation files/sections: a full ChangesDocumentation
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~5 minutes ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 7
🧹 Nitpick comments (4)
ARCHITECTURE.md (3)
26-32: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueAdd language specifier to fenced code block to satisfy markdownlint.
The ASCII art diagram block triggers MD040. Add
textas the language specifier to suppress the warning without affecting rendering.
Clair/Quay (creates ImageManifestVuln CRs)<details> <summary>🤖 Prompt for AI Agents</summary>Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.In
@ARCHITECTURE.mdaround lines 26 - 32, Add a language specifier to the fenced
ASCII diagram in ARCHITECTURE.md so markdownlint no longer flags MD040. Update
the diagram block near the Clair/Quay and container-security-operator section to
use a text fence, keeping the content unchanged and preserving the rendering.</details> <!-- cr-comment:v1:b4755c017833c3c0b1b512f7 --> _Source: Linters/SAST tools_ --- `100-113`: _📐 Maintainability & Code Quality_ | _🔵 Trivial_ | _💤 Low value_ **Add language specifier to fenced code block to satisfy markdownlint.** The reconciliation flow block triggers MD040. Add `text` as the language specifier. ```diff
Watch ImageManifestVuln:<details> <summary>🤖 Prompt for AI Agents</summary>Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.In
@ARCHITECTURE.mdaround lines 100 - 113, The fenced reconciliation flow block
in ARCHITECTURE.md is missing a language specifier and triggers markdownlint
MD040. Update the code fence around the Watch ImageManifestVuln / Watch Pods
section to use text as the fence language so the markdown lint rule is
satisfied.</details> <!-- cr-comment:v1:d40a0e638d203a3b264c0649 --> _Source: Linters/SAST tools_ --- `62-89`: _📐 Maintainability & Code Quality_ | _🔵 Trivial_ | _💤 Low value_ **Add language specifier to fenced code block to satisfy markdownlint.** The data flow steps block triggers MD040. Add `text` as the language specifier. ```diff
1. Quay/Clair scans image → creates ImageManifestVuln CR:<details> <summary>🤖 Prompt for AI Agents</summary>Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.In
@ARCHITECTURE.mdaround lines 62 - 89, The data flow example in
ARCHITECTURE.md is an untyped fenced block that triggers markdownlint MD040;
update the fenced block around the Quay/Clair scan and operator workflow steps
to use a text language specifier. Make this change in the markdown section
containing the ImageManifestVuln, operator watches, and labels flow so the block
remains readable while satisfying linting.</details> <!-- cr-comment:v1:1fa5b04fb361cda6856f37ff --> _Source: Linters/SAST tools_ </blockquote></details> <details> <summary>CONTRIBUTING.md (1)</summary><blockquote> `13-13`: _📐 Maintainability & Code Quality_ | _🔵 Trivial_ | _💤 Low value_ **Remove or relocate misplaced purpose statement.** The sentence "Displays Clair vulnerability scan results in OpenShift console." under the Development section is a product description, not development guidance. It appears redundant with the README/ARCHITECTURE purpose statements and doesn't help contributors develop. <details> <summary>🤖 Prompt for AI Agents</summary>Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.In
@CONTRIBUTING.mdat line 13, The Development section in CONTRIBUTING.md
contains a misplaced product-purpose sentence that should be removed or moved
elsewhere. Update the CONTRIBUTING.md content around the Development guidance so
it only includes contributor instructions, and relocate or delete the “Displays
Clair vulnerability scan results in OpenShift console.” statement since it
belongs in a product overview section such as README or ARCHITECTURE.</details> <!-- cr-comment:v1:676e87b6a763609b73c1c130 --> </blockquote></details> </blockquote></details> <details> <summary>🤖 Prompt for all review comments with AI agents</summary>Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.Inline comments:
In@AGENTS.md:
- Line 48: The Project Structure section in AGENTS.md is inconsistent with the
entrypoint path used elsewhere, since it refers to the generic cmd/ directory
instead of the specific cmd/security-labeller/ entrypoint. Update the entrypoint
reference in that section to match the exact path already used in the low-token
routing guidance so the file consistently points to the same executable
location.In
@ARCHITECTURE.md:
- Line 39: Update the ImageManifestVuln severity documentation to match the
actual severity handling in the vulnerability count logic. Expand the severity
enumeration in ARCHITECTURE.md to include Defcon1, Negligible, and Unknown so it
aligns with the symbols used in labeller/manifest.go and no longer conflicts
with the implemented severity set.- Around line 93-97: The Pod label documentation for secscan/highestSeverity is
incomplete and does not match the values produced by the labeller. Update the
label value list in the Pod labels section to include all possible severities
from the labeller/manifest.go logic, specifically Defcon1, Negligible, and
Unknown, alongside the existing Critical, High, Medium, and Low values.- Around line 84-87: The architecture doc is describing a label that the
operator does not actually support. Update the docs around the label handling in
the relevant section so they only mention the labels written by the operator’s
current logic, such as secscan/hasVulnerabilities and secscan/highestSeverity,
or add implementation support for secscan/affectedByVulns if that behavior is
intended. Refer to the label-writing code path and any documentation entries for
these labels to keep them consistent.In
@CONTRIBUTING.md:
- Around line 38-42: Update the Code Structure section so it matches the actual
project layout and the other docs: replace the inconsistent operator entrypoint
path in the directory list to use the same symbol/path referenced by AGENTS.md,
and add the missing top-level directories referenced elsewhere, including
secscan/, image/, generated/, and hack/. Keep the directory descriptions aligned
with README.md and AGENTS.md so the documented structure is consistent across
the repo.In
@README.md:
- Line 153: The README “Key paths” entry uses the ambiguous cmd/ label, so
update that list to the repo’s actual entrypoint directory name and make it
consistent with the references in CONTRIBUTING.md, AGENTS.md, and
ARCHITECTURE.md. Locate the README key-paths section and replace every
entrypoint mention with the same canonical directory name used by the codebase
so all docs point to one standard path.- Line 155: The contributor docs still mention a non-existent make test target,
so update the docs to match the real test command or add the missing target.
Adjust the relevant documentation entry that references build/run/test commands,
and ensure it consistently points to go test -v ./... rather than make test so
contributors use the supported workflow.
Nitpick comments:
In@ARCHITECTURE.md:
- Around line 26-32: Add a language specifier to the fenced ASCII diagram in
ARCHITECTURE.md so markdownlint no longer flags MD040. Update the diagram block
near the Clair/Quay and container-security-operator section to use a text fence,
keeping the content unchanged and preserving the rendering.- Around line 100-113: The fenced reconciliation flow block in ARCHITECTURE.md
is missing a language specifier and triggers markdownlint MD040. Update the code
fence around the Watch ImageManifestVuln / Watch Pods section to use text as the
fence language so the markdown lint rule is satisfied.- Around line 62-89: The data flow example in ARCHITECTURE.md is an untyped
fenced block that triggers markdownlint MD040; update the fenced block around
the Quay/Clair scan and operator workflow steps to use a text language
specifier. Make this change in the markdown section containing the
ImageManifestVuln, operator watches, and labels flow so the block remains
readable while satisfying linting.In
@CONTRIBUTING.md:
- Line 13: The Development section in CONTRIBUTING.md contains a misplaced
product-purpose sentence that should be removed or moved elsewhere. Update the
CONTRIBUTING.md content around the Development guidance so it only includes
contributor instructions, and relocate or delete the “Displays Clair
vulnerability scan results in OpenShift console.” statement since it belongs in
a product overview section such as README or ARCHITECTURE.</details> <details> <summary>🪄 Autofix (Beta)</summary> Fix all unresolved CodeRabbit comments on this PR: - [ ] <!-- {"checkboxId": "4b0d0e0a-96d7-4f10-b296-3a18ea78f0b9"} --> Push a commit to this branch (recommended) - [ ] <!-- {"checkboxId": "ff5b1114-7d8c-49e6-8ac1-43f82af23a33"} --> Create a new PR with the fixes </details> --- <details> <summary>ℹ️ Review info</summary> <details> <summary>⚙️ Run configuration</summary> **Configuration used**: Organization UI **Review profile**: CHILL **Plan**: Enterprise **Run ID**: `963c095d-faf4-4695-b54d-3e1f396be36b` </details> <details> <summary>📥 Commits</summary> Reviewing files that changed from the base of the PR and between 8806d68a84925dfd45a1b666bda2c45279c36967 and 44fd1b798d22271e4ed9a228f180c97e17cc7dbd. </details> <details> <summary>📒 Files selected for processing (4)</summary> * `AGENTS.md` * `ARCHITECTURE.md` * `CONTRIBUTING.md` * `README.md` </details> </details> <details> <summary>📜 Review details</summary> <details> <summary>⏰ Context from checks skipped due to timeout. (2)</summary> * GitHub Check: Tests * GitHub Check: Build </details> <details> <summary>🧰 Additional context used</summary> <details> <summary>🪛 markdownlint-cli2 (0.22.1)</summary> <details> <summary>ARCHITECTURE.md</summary> [warning] 26-26: Fenced code blocks should have a language specified (MD040, fenced-code-language) --- [warning] 62-62: Fenced code blocks should have a language specified (MD040, fenced-code-language) --- [warning] 100-100: Fenced code blocks should have a language specified (MD040, fenced-code-language) </details> </details> </details> <details> <summary>🔇 Additional comments (1)</summary><blockquote> <details> <summary>ARCHITECTURE.md (1)</summary><blockquote> `117-119`: **Remove the custom indexer claim** The controller is watch-based, but `cache.Indexers{}` is passed to both informers, so there isn’t a dedicated image digest → ImageManifestVuln indexer here; the lookup uses the informer’s default key index via `GetIndexer().GetByKey(...)`. > Likely an incorrect or invalid review comment. <!-- cr-comment:v1:68b6f0a863be377e9b1aa442 --> </blockquote></details> </blockquote></details> </details> <!-- This is an auto-generated comment by CodeRabbit for review status -->
|
|
||
| Low-token routing: | ||
|
|
||
| - Entrypoint: `cmd/` |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Inconsistent entrypoint directory within the same file.
The low-token routing uses cmd/ but the Project Structure section above specifies cmd/security-labeller/. Use the precise path for consistency.
- - Entrypoint: `cmd/`
+ - Entrypoint: `cmd/security-labeller/`📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - Entrypoint: `cmd/` | |
| - Entrypoint: `cmd/security-labeller/` |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@AGENTS.md` at line 48, The Project Structure section in AGENTS.md is
inconsistent with the entrypoint path used elsewhere, since it refers to the
generic cmd/ directory instead of the specific cmd/security-labeller/
entrypoint. Update the entrypoint reference in that section to match the exact
path already used in the low-token routing guidance so the file consistently
points to the same executable location.
| ### `/apis/secscan/v1alpha1` | ||
| CRD definitions: | ||
| - `ImageManifestVuln`: Vulnerability data for image manifest | ||
| - Severity (Critical, High, Medium, Low) |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Incomplete severity enumeration in CRD definition.
The ImageManifestVuln severity list omits Defcon1, Negligible, and Unknown which are defined in the actual vulnerability count logic (labeller/manifest.go:23-42). This creates a discrepancy between documentation and code.
- - Severity (Critical, High, Medium, Low)
+ - Severity (Defcon1, Critical, High, Medium, Low, Negligible, Unknown)📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - Severity (Critical, High, Medium, Low) | |
| - Severity (Defcon1, Critical, High, Medium, Low, Negligible, Unknown) |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@ARCHITECTURE.md` at line 39, Update the ImageManifestVuln severity
documentation to match the actual severity handling in the vulnerability count
logic. Expand the severity enumeration in ARCHITECTURE.md to include Defcon1,
Negligible, and Unknown so it aligns with the symbols used in
labeller/manifest.go and no longer conflicts with the implemented severity set.
| secscan/hasVulnerabilities: "true" | ||
| secscan/highestSeverity: "High" | ||
| secscan/affectedByVulns: "CVE-2023-1234,CVE-2023-5678" | ||
|
|
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify affectedByVulns label existence and truncation logic
ast-grep run --pattern 'affectedByVulns' --lang go
rg -n 'affectedByVulns' --type=goRepository: quay/container-security-operator
Length of output: 170
🏁 Script executed:
#!/bin/bash
set -euo pipefail
printf '\n== ARCHITECTURE.md around the cited lines ==\n'
sed -n '70,100p' ARCHITECTURE.md || true
printf '\n== Search for secscan label references ==\n'
rg -n 'secscan/|affectedByVulns|hasVulnerabilities|highestSeverity|CVE-2023|truncate|63 characters|label value limit' .
printf '\n== Go files mentioning secscan ==\n'
rg -n 'secscan' --type=go .Repository: quay/container-security-operator
Length of output: 26996
🏁 Script executed:
#!/bin/bash
set -euo pipefail
printf '\n== labeller/manifest.go label construction ==\n'
sed -n '70,170p' labeller/manifest.go
printf '\n== label-related helpers in labeller/manifest.go ==\n'
sed -n '1,70p' labeller/manifest.go
printf '\n== occurrences of Label map keys in labeller ==\n'
rg -n 'Labels|labelPrefix|hasVulnerabilities|highestSeverity|affectedByVulns' labellerRepository: quay/container-security-operator
Length of output: 6316
🏁 Script executed:
#!/bin/bash
set -euo pipefail
printf '\n== labeller/manifest.go 170-240 ==\n'
sed -n '170,240p' labeller/manifest.go
printf '\n== labeller/labeller.go label interactions ==\n'
sed -n '500,620p' labeller/labeller.go
printf '\n== search for Kubernetes label value length handling ==\n'
rg -n '63|length|truncate|truncat|label.*value|Kubernetes.*label|allowed by the label syntax' .Repository: quay/container-security-operator
Length of output: 16486
Remove secscan/affectedByVulns from this architecture doc or add the missing label handling.
The operator only writes secscan/hasVulnerabilities and secscan/highestSeverity; affectedByVulns isn’t implemented, and label values aren’t truncated today.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@ARCHITECTURE.md` around lines 84 - 87, The architecture doc is describing a
label that the operator does not actually support. Update the docs around the
label handling in the relevant section so they only mention the labels written
by the operator’s current logic, such as secscan/hasVulnerabilities and
secscan/highestSeverity, or add implementation support for
secscan/affectedByVulns if that behavior is intended. Refer to the label-writing
code path and any documentation entries for these labels to keep them
consistent.
| Pod labels: | ||
| - `secscan/hasVulnerabilities`: "true" | "false" | ||
| - `secscan/highestSeverity`: "Critical" | "High" | "Medium" | "Low" | ||
| - `secscan/affectedByVulns`: comma-separated CVE list (truncated if >63 chars) | ||
|
|
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Incomplete severity enumeration in label values.
The secscan/highestSeverity label values omit Defcon1, Negligible, and Unknown which the operator can produce per labeller/manifest.go:23-42. This misrepresents the possible label values.
- `secscan/highestSeverity`: "Critical" | "High" | "Medium" | "Low"
+ `secscan/highestSeverity`: "Defcon1" | "Critical" | "High" | "Medium" | "Low" | "Negligible" | "Unknown"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| Pod labels: | |
| - `secscan/hasVulnerabilities`: "true" | "false" | |
| - `secscan/highestSeverity`: "Critical" | "High" | "Medium" | "Low" | |
| - `secscan/affectedByVulns`: comma-separated CVE list (truncated if >63 chars) | |
| Pod labels: | |
| - `secscan/hasVulnerabilities`: "true" | "false" | |
| - `secscan/highestSeverity`: "Defcon1" | "Critical" | "High" | "Medium" | "Low" | "Negligible" | "Unknown" | |
| - `secscan/affectedByVulns`: comma-separated CVE list (truncated if >63 chars) | |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@ARCHITECTURE.md` around lines 93 - 97, The Pod label documentation for
secscan/highestSeverity is incomplete and does not match the values produced by
the labeller. Update the label value list in the Pod labels section to include
all possible severities from the labeller/manifest.go logic, specifically
Defcon1, Negligible, and Unknown, alongside the existing Critical, High, Medium,
and Low values.
| - `apis/secscan/v1alpha1/` - CRD types | ||
| - `cmd/manager/` - operator entrypoint | ||
| - `labeller/` - pod vulnerability labeling | ||
| - `k8sutils/` - K8s client helpers | ||
| - `bundle/` - OLM metadata |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Directory path inconsistency and incompleteness.
The Code Structure section lists cmd/manager/ but AGENTS.md references cmd/security-labeller/. These must be consistent. Also missing secscan/, image/, generated/, and hack/ directories that are referenced in README.md and AGENTS.md.
- `apis/secscan/v1alpha1/` - CRD types
- - `cmd/manager/` - operator entrypoint
+ - `cmd/security-labeller/` - operator entrypoint
- `labeller/` - pod vulnerability labeling
- `k8sutils/` - K8s client helpers
+ - `secscan/` - registry client for vulnerability data
+ - `image/` - container image ID parsing
+ - `generated/` - auto-generated clients (do not edit)
+ - `hack/` - build scripts and helpers
- `bundle/` - OLM metadata📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - `apis/secscan/v1alpha1/` - CRD types | |
| - `cmd/manager/` - operator entrypoint | |
| - `labeller/` - pod vulnerability labeling | |
| - `k8sutils/` - K8s client helpers | |
| - `bundle/` - OLM metadata | |
| - `apis/secscan/v1alpha1/` - CRD types | |
| - `cmd/security-labeller/` - operator entrypoint | |
| - `labeller/` - pod vulnerability labeling | |
| - `k8sutils/` - K8s client helpers | |
| - `secscan/` - registry client for vulnerability data | |
| - `image/` - container image ID parsing | |
| - `generated/` - auto-generated clients (do not edit) | |
| - `hack/` - build scripts and helpers | |
| - `bundle/` - OLM metadata |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@CONTRIBUTING.md` around lines 38 - 42, Update the Code Structure section so
it matches the actual project layout and the other docs: replace the
inconsistent operator entrypoint path in the directory list to use the same
symbol/path referenced by AGENTS.md, and add the missing top-level directories
referenced elsewhere, including secscan/, image/, generated/, and hack/. Keep
the directory descriptions aligned with README.md and AGENTS.md so the
documented structure is consistent across the repo.
| pods --> console | ||
| ``` | ||
|
|
||
| Key paths: `apis/secscan/v1alpha1/`, `cmd/`, `labeller/`, `secscan/`, `image/`, `generated/`, `bundle/`, and `hack/`. |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Use precise and consistent entrypoint directory name.
cmd/ is ambiguous. CONTRIBUTING.md uses cmd/manager/, AGENTS.md uses cmd/security-labeller/, and ARCHITECTURE.md references /cmd/manager. Standardize on the actual directory name.
- Key paths: `apis/secscan/v1alpha1/`, `cmd/`, `labeller/`, `secscan/`, `image/`, `generated/`, `bundle/`, and `hack/`.
+ Key paths: `apis/secscan/v1alpha1/`, `cmd/security-labeller/`, `labeller/`, `secscan/`, `image/`, `generated/`, `bundle/`, and `hack/`.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| Key paths: `apis/secscan/v1alpha1/`, `cmd/`, `labeller/`, `secscan/`, `image/`, `generated/`, `bundle/`, and `hack/`. | |
| Key paths: `apis/secscan/v1alpha1/`, `cmd/security-labeller/`, `labeller/`, `secscan/`, `image/`, `generated/`, `bundle/`, and `hack/`. |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@README.md` at line 153, The README “Key paths” entry uses the ambiguous cmd/
label, so update that list to the repo’s actual entrypoint directory name and
make it consistent with the references in CONTRIBUTING.md, AGENTS.md, and
ARCHITECTURE.md. Locate the README key-paths section and replace every
entrypoint mention with the same canonical directory name used by the codebase
so all docs point to one standard path.
|
|
||
| Key paths: `apis/secscan/v1alpha1/`, `cmd/`, `labeller/`, `secscan/`, `image/`, `generated/`, `bundle/`, and `hack/`. | ||
|
|
||
| Use `make build`, `make run`, `make installcrds`, `go test -v ./...`, and `make codegen`. Do not edit generated clients manually. |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify Makefile test target
cat Makefile | grep -A3 '^test:'Repository: quay/container-security-operator
Length of output: 170
🏁 Script executed:
#!/bin/bash
set -euo pipefail
printf 'FILES:\n'
git ls-files | rg '(^|/)(Makefile|README\.md|CONTRIBUTING\.md)$' || true
printf '\nMAKEFILE TEST TARGET SEARCH:\n'
rg -n '^[[:space:]]*test:' Makefile || true
printf '\nMAKEFILE TEST REFERENCES:\n'
rg -n 'make test|go test -v ./\.\.\.|go test' Makefile README.md CONTRIBUTING.md || true
printf '\nCONTRIBUTING EXCERPT:\n'
if [ -f CONTRIBUTING.md ]; then
rg -n -A3 -B3 'make test|go test -v ./\.\.\.' CONTRIBUTING.md || true
fi
printf '\nREADME EXCERPT:\n'
if [ -f README.md ]; then
rg -n -A3 -B3 'make build|make run|make installcrds|go test -v ./\.\.\.|make codegen' README.md || true
fiRepository: quay/container-security-operator
Length of output: 1229
🏁 Script executed:
#!/bin/bash
set -euo pipefail
wc -l Makefile CONTRIBUTING.md README.md
printf '\nMAKEFILE TARGETS:\n'
rg -n '^[A-Za-z0-9_.-]+:' Makefile
printf '\nMAKEFILE TEST-RELATED LINES:\n'
rg -n 'go test|test-e2e|unit test|unit tests|test:' Makefile
printf '\nCONTRIBUTING TEST-RELATED LINES:\n'
rg -n -A2 -B2 'make test|go test|unit test|unit tests' CONTRIBUTING.md
printf '\nREADME TEST-RELATED LINES:\n'
rg -n -A2 -B2 'make test|go test|unit test|unit tests' README.mdRepository: quay/container-security-operator
Length of output: 556
Standardize the test command in the docs
CONTRIBUTING.md still references make test, but this Makefile doesn’t define a test target. Align the contributor docs with the actual command (go test -v ./...) or add the missing target.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@README.md` at line 155, The contributor docs still mention a non-existent
make test target, so update the docs to match the real test command or add the
missing target. Adjust the relevant documentation entry that references
build/run/test commands, and ensure it consistently points to go test -v ./...
rather than make test so contributors use the supported workflow.
|
I believe CSO is deprecated and not being actively worked on. |
|
closed pr as CSO is deprecated after 3.16 |
Summary
Adds the required contextification docs for
container-security-operatoras part of PROJQUAY-11621.Changes
ARCHITECTURE.mdwith component layout, data flow, and OpenShift integration context.CONTRIBUTING.mdwith setup, testing, and review guidance.README.mdwith a contextification addendum and architecture diagram.AGENTS.mdwith low-token routing for AI agents.