Added the capacity to use AWS Codebuild on ci-operator

[hector-vido]

The purpose of this changes is to have another build mechanism, se we can relay on other alternatives than Openshift Builds, in this case we choose AWS CodeBuild.

A new key was added to pkg/api/types.go named BuildType, right now it can be openshift or aws.

Most of the logic are inside pkg/steps/source.go.

All builds happens on AWS and the resulting image is pushed inside the internal registry of the build cluster.

build.openshift.io/v1

Actually, most of the info used to build the image inside AWS are extracted from the build object, this made the integration easier - since almost all info are inside it - but this object is passed along the way only for that purpose, this could be overkill and confuse.

TO-DOS:

• Add all builds inside a single project (if this is possible, will be easier to understand, clear and possibly faster)
• Clean aws codebuild project and cloudwatch logs after the build succeed.
• Test more targets

Summary by CodeRabbit

• New Features

  • Configurable BuildType option supporting AWS CodeBuild and OpenShift execution
  • Defaults to OpenShift when unspecified
  • BuildType is propagated to all relevant build steps
  • AWS CodeBuild path with project provisioning, buildspec generation, registry credential handling, and CloudWatch log collection
  • Added utility to shell-escape commands used in generated build specs

• Chores

  • Updated AWS SDK and related dependencies to newer versions

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: automatic mode

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds an optional ReleaseBuildConfiguration.BuildType (defaulting to "openshift"), threads buildType through step constructors, and implements an AWS CodeBuild execution path in the Source step (buildspec generation, CodeBuild project start/polling, and CloudWatch log retrieval); preserves the existing OpenShift build path.

Changes

Cohort / File(s)	Summary
Dependency updates go.mod	Bumped AWS SDK (github.com/aws/aws-sdk-go-v2) and github.com/aws/smithy-go; added direct requires for github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs and .../service/codebuild; updated related internal SDK modules.
Config & types pkg/api/types.go, pkg/api/config.go	Add BuildType string (json:"build_type,omitempty") to ReleaseBuildConfiguration; Default() now sets BuildType to "openshift" when empty.
Step plumbing pkg/defaults/defaults.go, pkg/steps/... pkg/steps/bundle_source.go, pkg/steps/git_source.go, pkg/steps/index_generator.go, pkg/steps/pipeline_image_cache.go, pkg/steps/project_image.go, pkg/steps/rpm_injection.go, pkg/steps/source.go	Propagate buildType through constructors and step structs; update call sites to pass buildType into handleBuild/handleBuilds.
Source step (build execution) pkg/steps/source.go	Introduce AWS CodeBuild path when buildType == "aws": derive/create CodeBuild project and buildspec, start build, poll via CodeBuild APIs, collect CloudWatch Logs into artifacts; otherwise use existing OpenShift build flow.
Buildspec models pkg/util/buildspec/buildspec.go	Add buildspec package with types (BuildSpec, Env, Phases, Variables, BuildPhase) to model CodeBuild buildspec JSON.
Utilities pkg/util/util.go	Add ShellEscape(command string) string helper to safely embed strings inside single-quoted shell contexts.
Tests cmd/ci-operator/main_test.go	Update test to pass buildType ("openshift") into SourceStep invocation.

Sequence Diagram(s)

sequenceDiagram
    participant Step as Source Step
    participant K8s as Kubernetes API
    participant CB as AWS CodeBuild
    participant CW as AWS CloudWatch Logs
    participant OSB as OpenShift Build API

    Step->>Step: Inspect buildType

    alt buildType == "aws"
        Step->>K8s: Read pull secret / registry credentials
        K8s-->>Step: Credentials
        Step->>Step: Assemble buildspec (Dockerfile, credentials)
        Step->>CB: Ensure/create CodeBuild project with buildspec
        Step->>CB: Start CodeBuild build
        loop poll
            Step->>CB: BatchGetBuilds / Get build status
            CB-->>Step: Status
        end
        Step->>CW: Fetch CloudWatch log events
        CW-->>Step: Logs
        Step->>Step: Write logs/artifacts
    else buildType == "openshift"
        Step->>OSB: Create/OpenShift build or reuse
        OSB-->>Step: Build reference
        loop wait
            Step->>OSB: Check build status
            OSB-->>Step: Status
        end
        Step->>OSB: Retrieve build logs
        OSB-->>Step: Logs
        Step->>Step: Write logs/artifacts
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 9 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 17.39% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (9 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: adding AWS CodeBuild support to ci-operator, which is the primary objective reflected throughout the changeset.
Stable And Deterministic Test Names	✅ Passed	The custom check for Stable and Deterministic Test Names is not applicable to this pull request. The codebase uses standard Go testing package with t.Run() style tests, not Ginkgo testing framework. A comprehensive search of the repository found zero Ginkgo imports and no usage of Ginkgo test patterns. All test names are static and descriptive strings.
Test Structure And Quality	✅ Passed	This pull request does not use the Ginkgo testing framework. The codebase exclusively uses Go's standard testing package with table-driven test patterns.
Microshift Test Compatibility	✅ Passed	This PR does not add any new Ginkgo e2e tests; changes focus on AWS CodeBuild support and dependency updates.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No new Ginkgo e2e tests detected. All modifications use standard Go unit testing or are library code without test definitions.
Topology-Aware Scheduling Compatibility	✅ Passed	PR modifies internal CI infrastructure tooling without introducing Kubernetes deployment manifests, operators, or control-plane node scheduling constraints.
Ote Binary Stdout Contract	✅ Passed	The OTE Binary Stdout Contract check is not applicable to ci-operator, which is a regular CLI orchestration tool, not an OTE test binary.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	The PR does not introduce any new Ginkgo e2e tests. The only test file modified is cmd/ci-operator/main_test.go, which uses standard Go's testing package with table-driven tests. No Ginkgo imports or test functions are present.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hector-vido

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [hector-vido]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 7

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

pkg/defaults/defaults.go (1)

208-221: ⚠️ Potential issue | 🟡 Minor

Missing BuildType for other step constructors.

The BundleSourceStep (line 208), IndexGeneratorStep (line 210), and RPMImageInjectionStep (line 221) calls don't pass cfg.CIConfig.BuildType, but their structs now have buildType fields. Either the constructors should be updated to accept the parameter (and these call sites updated), or the struct fields should be removed if these steps intentionally always use OpenShift builds.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/defaults/defaults.go` around lines 208 - 221, The BundleSourceStep,
IndexGeneratorStep, and RPMImageInjectionStep constructors are missing the new
BuildType parameter expected by their structs; update the constructors and all
call sites (BundleSourceStep, IndexGeneratorStep, RPMImageInjectionStep) to
accept and pass cfg.CIConfig.BuildType (e.g., add buildType argument before
cfg.CIConfig.Resources or in the appropriate position), or if the steps should
not carry buildType, remove the buildType field from their structs and related
constructor signatures—choose one approach and make the signatures and all
invocations consistent.

pkg/steps/project_image.go (1)

217-238: ⚠️ Potential issue | 🔴 Critical

buildType field is never initialized in constructor.

The buildType field was added to projectDirectoryImageBuildStep (Line 35) and is used in run() (Lines 76, 79), but ProjectDirectoryImageBuildStep() doesn't accept or initialize it. This means buildType will always be an empty string, causing all builds from this step to default to OpenShift regardless of configuration.

🐛 Proposed fix to add buildType parameter

 func ProjectDirectoryImageBuildStep(
 	config api.ProjectDirectoryImageBuildStepConfiguration,
 	releaseBuildConfig *api.ReleaseBuildConfiguration,
 	resources api.ResourceConfiguration,
 	buildClient BuildClient,
 	podClient kubernetes.PodClient,
 	jobSpec *api.JobSpec,
 	pullSecret *coreapi.Secret,
 	metricsAgent *metrics.MetricsAgent,
+	buildType string,
 ) api.Step {
 	return &projectDirectoryImageBuildStep{
 		config:             config,
 		releaseBuildConfig: releaseBuildConfig,
 		resources:          resources,
 		client:             buildClient,
 		podClient:          podClient,
 		jobSpec:            jobSpec,
 		pullSecret:         pullSecret,
 		multiArch:          config.MultiArch,
 		architectures:      sets.New[string](),
 		metricsAgent:       metricsAgent,
+		buildType:          buildType,
 	}
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/steps/project_image.go` around lines 217 - 238, The constructor
ProjectDirectoryImageBuildStep does not set the
projectDirectoryImageBuildStep.buildType field, so builds always default to
OpenShift; update the ProjectDirectoryImageBuildStep signature to accept a
buildType parameter (string or appropriate enum) and assign it to the returned
struct's buildType field, then update any call sites that construct this step to
pass the desired build type; ensure projectDirectoryImageBuildStep.run() (which
reads buildType) will then observe the configured value.

🧹 Nitpick comments (7)

pkg/api/types.go (1)

42-43: Consider adding validation for BuildType values.

The field accepts any string, but per the PR description, valid values are "openshift" or "aws". A typo like "AWS" or "Aws" would silently fall back to OpenShift builds rather than fail fast.

Consider defining constants and adding validation, similar to how ReleaseProduct or ClusterProfile are handled elsewhere in this file:

💡 Suggested type definition

// BuildType defines the build backend to use
type BuildType string

const (
    BuildTypeOpenShift BuildType = "openshift"
    BuildTypeAWS       BuildType = "aws"
)

Then update the field to use the type and add validation in a Validate() method.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/api/types.go` around lines 42 - 43, The BuildType field currently accepts
any string; define a new type BuildType and constants (e.g., BuildTypeOpenShift
= "openshift", BuildTypeAWS = "aws"), update the struct field to use BuildType
instead of string (keeping the json tag), and add a Validate() method (or extend
the existing Validate on the parent struct) that checks the BuildType value is
one of the allowed constants and returns an error on any other value
(case-sensitive) so typos like "AWS" are rejected; reference the BuildType type
and constants, the struct field BuildType, and the Validate() method to locate
and implement the changes.

pkg/steps/source.go (5)

1169-1173: Inconsistent pointer idiom; use ptr.To(true) for consistency.

Line 1172 uses &[]bool{true}[0] while the codebase uses ptr.To() elsewhere (Lines 1098, 1109, 1111). Use the same pattern for consistency.

♻️ Use ptr.To for consistency

 	input := &cloudwatchlogs.GetLogEventsInput{
 		LogGroupName:  build.Logs.GroupName,
 		LogStreamName: build.Logs.StreamName,
-		StartFromHead: &[]bool{true}[0],
+		StartFromHead: ptr.To(true),
 	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/steps/source.go` around lines 1169 - 1173, Replace the odd pointer idiom
used for StartFromHead in the GetLogEventsInput literal with the project's
standard ptr.To(true) helper for consistency; update the StartFromHead field in
the GetLogEventsInput construction (symbol: GetLogEventsInput, field:
StartFromHead) to use ptr.To(true) instead of &[]bool{true}[0] and ensure the
same ptr package already used elsewhere in this file is imported/available.

---

943-962: ListProjects may be inefficient at scale; consider using prefix filtering.

Calling ListProjects with nil returns all projects in the account. If there are thousands of projects, this becomes slow and expensive. AWS CodeBuild's ListProjects API doesn't support filtering, but you could use BatchGetProjects to check existence directly, or better yet, attempt to create and handle ResourceAlreadyExistsException.

Additionally, awsBuildAssemblyCredentials populates is *imagev1.ImageStreamTag as a side-effect, which is an unusual pattern that makes the code harder to follow. Consider returning the ImageStreamTag or the DockerImageReference directly.

♻️ Proposed: Use create-or-get pattern instead of list-then-create

-	pList, err := cbClient.ListProjects(ctx, nil)
-	if err != nil {
-		errs = append(errs, err)
-		return false, fmt.Errorf("could not list project: %w", err)
-	}
-
-	if !slices.Contains(pList.Projects, projectName) {
+	// Try to create project; if it exists, proceed to start build
+	{
 		is := &imagev1.ImageStreamTag{}
 		credentials, err := awsBuildAssemblyCredentials(ctx, buildClient, build, is, errs)
 		if err != nil {
 			return false, err
 		}
 		buildSpec := awsBuildSpec(build, string(credentials), is.Image.DockerImageReference, buildClient.LocalRegistryDNS())
 
 		err = awsBuildCreateCloudBuildProject(ctx, build, cbClient, buildSpec, projectName, errs)
-		if err != nil {
+		if err != nil && !isResourceAlreadyExistsError(err) {
 			return false, err
 		}
 	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/steps/source.go` around lines 943 - 962, The current code calls
cbClient.ListProjects(ctx, nil) which lists all projects (slow at scale) and
relies on awsBuildAssemblyCredentials to populate is *imagev1.ImageStreamTag by
side-effect; change the flow to either call BatchGetProjects
(cbClient.BatchGetProjects) to directly check for projectName existence or
implement a create-or-get by attempting awsBuildCreateCloudBuildProject and
handling the AWS ResourceAlreadyExistsException instead of listing everything;
also refactor awsBuildAssemblyCredentials to return the ImageStreamTag or the
Docker image reference (or a small struct) rather than mutating the is parameter
so callers of awsBuildSpec and awsBuildCreateCloudBuildProject receive explicit
values.

---

1089-1111: Hardcoded AWS configuration values limit flexibility.

Several AWS-specific values are hardcoded:

• ServiceRole (Line 1089): "codebuild-ci-operator" - different AWS accounts may use different role names
• TimeoutInMinutes (Line 1098): 8 hours - very long, may need to be configurable
• ComputeType (Line 1105): ComputeTypeBuildGeneral1Medium - build resource requirements may vary

Consider making these configurable via the build configuration or environment variables.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/steps/source.go` around lines 1089 - 1111, The code hardcodes AWS values
when creating the CodeBuild project (ServiceRole = "codebuild-ci-operator",
TimeoutInMinutes = 60*8, ComputeType =
codebuildtypes.ComputeTypeBuildGeneral1Medium) inside the cbClient.CreateProject
call; make these parameters configurable instead by reading them from the build
configuration or environment variables and falling back to sensible defaults.
Update the CreateProject invocation to use a configurable serviceRole variable
(instead of ServiceRole), a timeoutInMinutes variable (int32) derived from
configuration/ENV, and a computeType variable (codebuildtypes.ComputeType...) so
callers can override defaults; ensure the config parsing is added where
buildSpec is prepared and propagate those variables into the ProjectEnvironment
and CreateProject input.

---

1030-1036: Redundant IsNotFound check; both branches return the same error format.

The IsNotFound conditional (Lines 1032-1035) and the general case (Line 1035) return identical error messages. Simplify to a single return.

♻️ Simplify error handling

 	err := buildClient.Get(ctx, ctrlruntimeclient.ObjectKey{Namespace: build.Namespace, Name: secretName}, secret)
 	if err != nil {
 		errs = append(errs, err)
-		if kerrors.IsNotFound(err) {
-			return nil, fmt.Errorf("could not get secret %s: %w", secretName, err)
-		}
 		return nil, fmt.Errorf("could not get secret %s: %w", secretName, err)
 	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/steps/source.go` around lines 1030 - 1036, The code in
pkg/steps/source.go duplicates error handling when retrieving a secret: the
kerrors.IsNotFound branch and the general branch both return identical
fmt.Errorf("could not get secret %s: %w", secretName, err) and append err to
errs; remove the redundant IsNotFound conditional and keep a single unified
error return path (still append to errs), i.e., replace the two-branch block
around the secret retrieval with one append(errs, err) followed by return nil,
fmt.Errorf("could not get secret %s: %w", secretName, err) to simplify logic
while preserving behavior.

---

566-581: The errs []error parameter is modified but changes are not visible to caller.

In both awsBuild and openshiftBuild, appending to errs doesn't persist back to handleBuild because Go slices are passed by value (the length change isn't visible). The error tracking within these functions is effectively dead code since the caller relies only on the returned error.

Consider either:

1. Removing the errs parameter from inner functions
2. Using *[]error if aggregation is needed
3. Returning a multi-error from the inner functions

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/steps/source.go` around lines 566 - 581, handleBuild passes errs []error
into awsBuild and openshiftBuild but appending to that slice inside those
functions doesn't propagate back (slices are passed by value); update the design
so error accumulation is visible: either remove the errs parameter and have
awsBuild/opeshiftBuild return an error (or utilerrors.Aggregate) which
handleBuild can append to its local errs, or change the parameter to *[]error so
callers mutate the caller-owned slice; update the function signatures for
awsBuild and openshiftBuild and all call sites (including the closure passed to
wait.ExponentialBackoff) to use the chosen approach and ensure handleBuild
aggregates returned errors into errs before constructing the final error
message.

pkg/util/buildspec/buildspec.go (1)

16-19: Consider using a map for Variables to allow dynamic environment variables.

Currently Variables has fixed fields, which works for the current use case but limits extensibility. If future builds need additional environment variables, this struct will need modification.

♻️ Optional: More flexible Variables type

 type Variables struct {
-	DockerFile  string `json:"dockerfile"`
-	Credentials string `json:"credentials"`
+	DockerFile  string            `json:"dockerfile"`
+	Credentials string            `json:"credentials"`
+	Custom      map[string]string `json:"-"` // For additional vars, merged during marshaling
 }

Alternatively, consider using map[string]string directly if full flexibility is needed.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/util/buildspec/buildspec.go` around lines 16 - 19, The Variables struct
currently has fixed fields (type Variables with DockerFile and Credentials)
which limits extensibility; change it to a flexible representation—either
replace the struct with map[string]string for full dynamic env support, or add
an Extra map[string]string field to Variables to hold arbitrary key/value pairs;
update any code that constructs or reads Variables (references to Variables,
Variables.DockerFile, Variables.Credentials) to read from the map keys (e.g.,
"dockerfile" / "credentials") or to merge existing fields with the Extra map so
existing consumers keep working.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/steps/bundle_source.go`:
- Around line 29-30: The buildType struct field in BundleSourceStep is never
initialized; update the BundleSourceStep constructor(s) to accept a buildType
string parameter and assign it to the buildType field when returning the step
instance, and then update the call site(s) that construct BundleSourceStep
(including the defaults code that should pass cfg.CIConfig.BuildType) so the
value is propagated; also apply the same change to the other BundleSourceStep
constructor variant found later in the file so both constructors initialize
buildType.

In `@pkg/steps/git_source.go`:
- Around line 30-31: The new buildType struct field on the GitSourceStep is
never initialized by the GitSourceStep() constructor, so it remains an empty
string; update the GitSourceStep constructor signature to accept a buildType
parameter and set the struct's buildType field accordingly (i.e., assign the
passed value to the GitSourceStep.buildType inside the constructor), and then
update the caller that creates GitSourceStep (the defaults bootstrap that calls
GitSourceStep(...)) to pass cfg.CIConfig.BuildType; ensure the same pattern is
applied for any similar constructors mentioned (lines ~137-157) that added
buildType.

In `@pkg/steps/index_generator.go`:
- Around line 35-36: The struct field buildType on IndexGeneratorStep is never
initialized because the IndexGeneratorStep(...) constructor doesn't accept or
set it; update the IndexGeneratorStep constructor to accept a buildType string
parameter and assign it to s.buildType (ensure any helper NewIndexGeneratorStep
or similar factory sets s.buildType), then update the call site in defaults.go
(where IndexGeneratorStep is invoked) to pass cfg.CIConfig.BuildType so
s.buildType is populated and AWS CodeBuild behavior is supported.

In `@pkg/steps/rpm_injection.go`:
- Around line 34-35: The RPMImageInjectionStep struct's buildType field is never
initialized; update the RPMImageInjectionStep constructor to accept a buildType
string parameter and assign it to the struct's buildType field (similar to how
IndexGeneratorStep was fixed), and then update the caller to pass
cfg.CIConfig.BuildType into RPMImageInjectionStep so the field is not left as
the empty string.

In `@pkg/steps/source.go`:
- Around line 968-978: The error handling messages after calling
cbClient.StartBuild and awsBuildWaitForIt incorrectly reference build.Namespace;
update those fmt.Errorf calls to include the correct identifiers (use
projectName for the StartBuild failure and buildId or awsBuildResult.ID (or
similar result identifier) for the wait/logs failure). Locate the block around
awsBuildResult, err := cbClient.StartBuild(ctx, sbi) and the subsequent call to
awsBuildWaitForIt and replace references of build.Namespace with projectName and
the appropriate buildId/awsBuildResult identifier so the error text clearly
identifies the project or build.
- Around line 1137-1163: The polling loop that calls cbClient.BatchGetBuilds
with buildId should be made safe by (1) checking the API response slice before
indexing: verify len(builds.Builds) > 0 and handle the no-builds case (return a
clear error or retry) instead of directly using builds.Builds[0]; and (2)
honoring ctx cancellation or a deadline to avoid infinite looping: replace the
bare for{} with a loop that selects on ctx.Done() (or enforces a timeout/max
attempts) and on a timer/tick before each BatchGetBuilds call so
awsBuildGatherLogs, buildId and logPath handling only proceed when context is
still active and you return an appropriate error when context times out or when
max retries are exceeded.
- Around line 997-1007: The loop that builds buildEnv and buildArgs injects raw
env.Value into a single-quoted shell fragment (used in the docker buildx build
string), which allows command injection if env.Value contains a single quote,
and dockerFile dereferences build.Spec.CommonSpec.Source.Dockerfile without a
nil check which can panic; fix by escaping env.Value before embedding (e.g.,
replace single quotes with the safe shell-escaping sequence or use a proper
argument-joining/quoting function such as strconv.Quote to produce a safe token)
and stop constructing a raw shell line with unescaped values (prefer building an
args slice or safely-quoted string for the docker command used in commands), and
add a nil check for build.Spec.CommonSpec.Source and
build.Spec.CommonSpec.Source.Dockerfile before dereferencing in the dockerFile
assignment (handle nil by returning an error or skipping modification).

---

Outside diff comments:
In `@pkg/defaults/defaults.go`:
- Around line 208-221: The BundleSourceStep, IndexGeneratorStep, and
RPMImageInjectionStep constructors are missing the new BuildType parameter
expected by their structs; update the constructors and all call sites
(BundleSourceStep, IndexGeneratorStep, RPMImageInjectionStep) to accept and pass
cfg.CIConfig.BuildType (e.g., add buildType argument before
cfg.CIConfig.Resources or in the appropriate position), or if the steps should
not carry buildType, remove the buildType field from their structs and related
constructor signatures—choose one approach and make the signatures and all
invocations consistent.

In `@pkg/steps/project_image.go`:
- Around line 217-238: The constructor ProjectDirectoryImageBuildStep does not
set the projectDirectoryImageBuildStep.buildType field, so builds always default
to OpenShift; update the ProjectDirectoryImageBuildStep signature to accept a
buildType parameter (string or appropriate enum) and assign it to the returned
struct's buildType field, then update any call sites that construct this step to
pass the desired build type; ensure projectDirectoryImageBuildStep.run() (which
reads buildType) will then observe the configured value.

---

Nitpick comments:
In `@pkg/api/types.go`:
- Around line 42-43: The BuildType field currently accepts any string; define a
new type BuildType and constants (e.g., BuildTypeOpenShift = "openshift",
BuildTypeAWS = "aws"), update the struct field to use BuildType instead of
string (keeping the json tag), and add a Validate() method (or extend the
existing Validate on the parent struct) that checks the BuildType value is one
of the allowed constants and returns an error on any other value
(case-sensitive) so typos like "AWS" are rejected; reference the BuildType type
and constants, the struct field BuildType, and the Validate() method to locate
and implement the changes.

In `@pkg/steps/source.go`:
- Around line 1169-1173: Replace the odd pointer idiom used for StartFromHead in
the GetLogEventsInput literal with the project's standard ptr.To(true) helper
for consistency; update the StartFromHead field in the GetLogEventsInput
construction (symbol: GetLogEventsInput, field: StartFromHead) to use
ptr.To(true) instead of &[]bool{true}[0] and ensure the same ptr package already
used elsewhere in this file is imported/available.
- Around line 943-962: The current code calls cbClient.ListProjects(ctx, nil)
which lists all projects (slow at scale) and relies on
awsBuildAssemblyCredentials to populate is *imagev1.ImageStreamTag by
side-effect; change the flow to either call BatchGetProjects
(cbClient.BatchGetProjects) to directly check for projectName existence or
implement a create-or-get by attempting awsBuildCreateCloudBuildProject and
handling the AWS ResourceAlreadyExistsException instead of listing everything;
also refactor awsBuildAssemblyCredentials to return the ImageStreamTag or the
Docker image reference (or a small struct) rather than mutating the is parameter
so callers of awsBuildSpec and awsBuildCreateCloudBuildProject receive explicit
values.
- Around line 1089-1111: The code hardcodes AWS values when creating the
CodeBuild project (ServiceRole = "codebuild-ci-operator", TimeoutInMinutes =
60*8, ComputeType = codebuildtypes.ComputeTypeBuildGeneral1Medium) inside the
cbClient.CreateProject call; make these parameters configurable instead by
reading them from the build configuration or environment variables and falling
back to sensible defaults. Update the CreateProject invocation to use a
configurable serviceRole variable (instead of ServiceRole), a timeoutInMinutes
variable (int32) derived from configuration/ENV, and a computeType variable
(codebuildtypes.ComputeType...) so callers can override defaults; ensure the
config parsing is added where buildSpec is prepared and propagate those
variables into the ProjectEnvironment and CreateProject input.
- Around line 1030-1036: The code in pkg/steps/source.go duplicates error
handling when retrieving a secret: the kerrors.IsNotFound branch and the general
branch both return identical fmt.Errorf("could not get secret %s: %w",
secretName, err) and append err to errs; remove the redundant IsNotFound
conditional and keep a single unified error return path (still append to errs),
i.e., replace the two-branch block around the secret retrieval with one
append(errs, err) followed by return nil, fmt.Errorf("could not get secret %s:
%w", secretName, err) to simplify logic while preserving behavior.
- Around line 566-581: handleBuild passes errs []error into awsBuild and
openshiftBuild but appending to that slice inside those functions doesn't
propagate back (slices are passed by value); update the design so error
accumulation is visible: either remove the errs parameter and have
awsBuild/opeshiftBuild return an error (or utilerrors.Aggregate) which
handleBuild can append to its local errs, or change the parameter to *[]error so
callers mutate the caller-owned slice; update the function signatures for
awsBuild and openshiftBuild and all call sites (including the closure passed to
wait.ExponentialBackoff) to use the chosen approach and ensure handleBuild
aggregates returned errors into errs before constructing the final error
message.

In `@pkg/util/buildspec/buildspec.go`:
- Around line 16-19: The Variables struct currently has fixed fields (type
Variables with DockerFile and Credentials) which limits extensibility; change it
to a flexible representation—either replace the struct with map[string]string
for full dynamic env support, or add an Extra map[string]string field to
Variables to hold arbitrary key/value pairs; update any code that constructs or
reads Variables (references to Variables, Variables.DockerFile,
Variables.Credentials) to read from the map keys (e.g., "dockerfile" /
"credentials") or to merge existing fields with the Extra map so existing
consumers keep working.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 9efb09a1-072a-42ca-9983-4f020e865002

📥 Commits

Reviewing files that changed from the base of the PR and between 40f5b15 and cd8ca78.

⛔ Files ignored due to path filters (253)

• go.sum is excluded by !**/*.sum
• vendor/github.com/aws/aws-sdk-go-v2/aws/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/debug.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/encode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/header.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/header_value.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/message.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/stream.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/timeout_read_closer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/middleware/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_AssociateKmsKey.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_AssociateSourceToS3TableIntegration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_CancelExportTask.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_CancelImportTask.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_CreateDelivery.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_CreateExportTask.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_CreateImportTask.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_CreateLogAnomalyDetector.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_CreateLogGroup.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_CreateLogStream.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_CreateLookupTable.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_CreateScheduledQuery.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteAccountPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteDataProtectionPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteDelivery.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteDeliveryDestination.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteDeliveryDestinationPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteDeliverySource.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteDestination.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteIndexPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteIntegration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteLogAnomalyDetector.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteLogGroup.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteLogStream.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteLookupTable.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteMetricFilter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteQueryDefinition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteResourcePolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteRetentionPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteScheduledQuery.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteSubscriptionFilter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteTransformer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeAccountPolicies.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeConfigurationTemplates.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeDeliveries.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeDeliveryDestinations.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeDeliverySources.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeDestinations.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeExportTasks.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeFieldIndexes.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeImportTaskBatches.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeImportTasks.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeIndexPolicies.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeLogGroups.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeLogStreams.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeLookupTables.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeMetricFilters.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeQueries.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeQueryDefinitions.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeResourcePolicies.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeSubscriptionFilters.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DisassociateKmsKey.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DisassociateSourceFromS3TableIntegration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_FilterLogEvents.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetDataProtectionPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetDelivery.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetDeliveryDestination.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetDeliveryDestinationPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetDeliverySource.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetIntegration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetLogAnomalyDetector.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetLogEvents.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetLogFields.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetLogGroupFields.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetLogObject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetLogRecord.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetLookupTable.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetQueryResults.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetScheduledQuery.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetScheduledQueryHistory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetTransformer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_ListAggregateLogGroupSummaries.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_ListAnomalies.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_ListIntegrations.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_ListLogAnomalyDetectors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_ListLogGroups.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_ListLogGroupsForQuery.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_ListScheduledQueries.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_ListSourcesForS3TableIntegration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_ListTagsForResource.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_ListTagsLogGroup.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutAccountPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutBearerTokenAuthentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutDataProtectionPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutDeliveryDestination.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutDeliveryDestinationPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutDeliverySource.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutDestination.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutDestinationPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutIndexPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutIntegration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutLogEvents.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutLogGroupDeletionProtection.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutMetricFilter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutQueryDefinition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutResourcePolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutRetentionPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutSubscriptionFilter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutTransformer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_StartLiveTail.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_StartQuery.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_StopQuery.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_TagLogGroup.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_TagResource.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_TestMetricFilter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_TestTransformer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_UntagLogGroup.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_UntagResource.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_UpdateAnomaly.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_UpdateDeliveryConfiguration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_UpdateLogAnomalyDetector.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_UpdateLookupTable.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_UpdateScheduledQuery.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/auth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/deserializers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/eventstream.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/generated.json is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/internal/endpoints/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/options.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/serializers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/types/enums.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/types/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/types/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/validators.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_BatchDeleteBuilds.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_BatchGetBuildBatches.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_BatchGetBuilds.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_BatchGetCommandExecutions.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_BatchGetFleets.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_BatchGetProjects.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_BatchGetReportGroups.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_BatchGetReports.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_BatchGetSandboxes.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_CreateFleet.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_CreateProject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_CreateReportGroup.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_CreateWebhook.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_DeleteBuildBatch.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_DeleteFleet.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_DeleteProject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_DeleteReport.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_DeleteReportGroup.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_DeleteResourcePolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_DeleteSourceCredentials.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_DeleteWebhook.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_DescribeCodeCoverages.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_DescribeTestCases.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_GetReportGroupTrend.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_GetResourcePolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ImportSourceCredentials.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_InvalidateProjectCache.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListBuildBatches.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListBuildBatchesForProject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListBuilds.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListBuildsForProject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListCommandExecutionsForSandbox.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListCuratedEnvironmentImages.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListFleets.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListProjects.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListReportGroups.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListReports.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListReportsForReportGroup.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListSandboxes.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListSandboxesForProject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListSharedProjects.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListSharedReportGroups.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListSourceCredentials.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_PutResourcePolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_RetryBuild.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_RetryBuildBatch.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_StartBuild.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_StartBuildBatch.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_StartCommandExecution.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_StartSandbox.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_StartSandboxConnection.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_StopBuild.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_StopBuildBatch.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_StopSandbox.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_UpdateFleet.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_UpdateProject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_UpdateProjectVisibility.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_UpdateReportGroup.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_UpdateWebhook.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/auth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/deserializers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/generated.json is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/internal/endpoints/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/options.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/serializers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/types/enums.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/types/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/types/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/validators.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/endpoints/endpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/metrics/nop.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/eventstream_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/ordered_group.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_build.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_deserialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_finalize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_initialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_serialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/modman.toml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/interceptor.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/interceptor_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/metrics.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/go-cmp/cmp/report_compare.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/go-cmp/cmp/report_reflect.go is excluded by !**/vendor/**, !vendor/**
• vendor/modules.txt is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (12)

• go.mod
• pkg/api/config.go
• pkg/api/types.go
• pkg/defaults/defaults.go
• pkg/steps/bundle_source.go
• pkg/steps/git_source.go
• pkg/steps/index_generator.go
• pkg/steps/pipeline_image_cache.go
• pkg/steps/project_image.go
• pkg/steps/rpm_injection.go
• pkg/steps/source.go
• pkg/util/buildspec/buildspec.go

[hector-vido]

/test lint unit codegen

[coderabbitai]

♻️ Duplicate comments (3)

pkg/steps/index_generator.go (1)

35-35: ⚠️ Potential issue | 🟠 Major

buildType is not wired into IndexGeneratorStep construction.

Line 130 forwards s.buildType, but the constructor never initializes it, so this step won’t honor AWS build selection.

🔧 Proposed fix

 func IndexGeneratorStep(
 	config api.IndexGeneratorStepConfiguration,
 	releaseBuildConfig *api.ReleaseBuildConfiguration,
 	resources api.ResourceConfiguration,
 	buildClient BuildClient,
 	podClient kubernetes.PodClient,
 	jobSpec *api.JobSpec,
 	pullSecret *coreapi.Secret,
 	metricsAgent *metrics.MetricsAgent,
+	buildType string,
 ) api.Step {
 	return &indexGeneratorStep{
 		config:             config,
 		releaseBuildConfig: releaseBuildConfig,
 		resources:          resources,
 		client:             buildClient,
 		podClient:          podClient,
 		jobSpec:            jobSpec,
 		pullSecret:         pullSecret,
 		architectures:      sets.New[string](),
 		metricsAgent:       metricsAgent,
+		buildType:          buildType,
 	}
 }

Also applies to: 130-130

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/steps/index_generator.go` at line 35, The IndexGeneratorStep struct's
buildType field is never initialized in its constructor, yet
NewIndexGeneratorStep (or the function constructing IndexGeneratorStep) forwards
s.buildType later (e.g., at the call site that uses s.buildType on line 130), so
update the constructor for IndexGeneratorStep to accept a buildType parameter
(string) and assign it to the struct's buildType field; also update all callers
of the constructor to pass the appropriate buildType value so the step honors
AWS build selection.

pkg/steps/bundle_source.go (1)

29-29: ⚠️ Potential issue | 🟠 Major

BundleSourceStep still drops buildType during initialization.

The field is introduced and consumed, but never assigned in the constructor, so bundle source builds won’t switch to AWS mode.

🔧 Proposed fix

 func BundleSourceStep(
 	config api.BundleSourceStepConfiguration,
 	releaseBuildConfig *api.ReleaseBuildConfiguration,
 	resources api.ResourceConfiguration,
 	client BuildClient,
 	podClient kubernetes.PodClient,
 	jobSpec *api.JobSpec,
 	pullSecret *coreapi.Secret,
+	buildType string,
 ) api.Step {
 	return &bundleSourceStep{
 		config:             config,
 		releaseBuildConfig: releaseBuildConfig,
 		resources:          resources,
 		client:             client,
 		podClient:          podClient,
 		jobSpec:            jobSpec,
 		pullSecret:         pullSecret,
+		buildType:          buildType,
 	}
 }

Also applies to: 86-86

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/steps/bundle_source.go` at line 29, BundleSourceStep's buildType field is
never set during construction causing AWS mode to never be used; update the
constructor(s) that create BundleSourceStep (e.g., NewBundleSourceStep or any
factory that returns *BundleSourceStep and the other initializer referenced at
the second occurrence) to accept and assign the buildType parameter into the
struct (set s.buildType = buildType), ensuring both initialization sites
populate the buildType field so bundle source builds can switch to AWS mode.

pkg/steps/git_source.go (1)

30-30: ⚠️ Potential issue | 🟠 Major

buildType is read but never initialized in GitSourceStep.

Line 30 introduces the field and Line 56 consumes it, but GitSourceStep(...) never sets it, so this step will always run with empty build type (effectively OpenShift path, never AWS).

🔧 Proposed fix

 func GitSourceStep(
 	config api.ProjectDirectoryImageBuildInputs,
 	resources api.ResourceConfiguration,
 	buildClient BuildClient,
 	podClient kubernetes.PodClient,
 	jobSpec *api.JobSpec,
 	cloneAuthConfig *CloneAuthConfig,
 	pullSecret *coreapi.Secret,
 	metricsAgent *metrics.MetricsAgent,
+	buildType string,
 ) api.Step {
 	return &gitSourceStep{
 		config:          config,
 		resources:       resources,
 		buildClient:     buildClient,
 		podClient:       podClient,
 		jobSpec:         jobSpec,
 		cloneAuthConfig: cloneAuthConfig,
 		pullSecret:      pullSecret,
 		architectures:   sets.New[string](),
 		metricsAgent:    metricsAgent,
+		buildType:       buildType,
 	}
 }

Also applies to: 56-56

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/steps/git_source.go` at line 30, The struct field buildType on
GitSourceStep is declared but never set; update the GitSourceStep
constructor/initializer to accept (or derive) the build type and assign it to
the GitSourceStep.buildType field so the step doesn't run with an empty value
(currently causing the OpenShift path to be used always where the buildType is
consumed at line 56). Locate the GitSourceStep(...) function/constructor and
either add a buildType string parameter (or pull it from the existing
config/args used to create the step) and set s.buildType = buildType during
initialization.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@pkg/steps/bundle_source.go`:
- Line 29: BundleSourceStep's buildType field is never set during construction
causing AWS mode to never be used; update the constructor(s) that create
BundleSourceStep (e.g., NewBundleSourceStep or any factory that returns
*BundleSourceStep and the other initializer referenced at the second occurrence)
to accept and assign the buildType parameter into the struct (set s.buildType =
buildType), ensuring both initialization sites populate the buildType field so
bundle source builds can switch to AWS mode.

In `@pkg/steps/git_source.go`:
- Line 30: The struct field buildType on GitSourceStep is declared but never
set; update the GitSourceStep constructor/initializer to accept (or derive) the
build type and assign it to the GitSourceStep.buildType field so the step
doesn't run with an empty value (currently causing the OpenShift path to be used
always where the buildType is consumed at line 56). Locate the
GitSourceStep(...) function/constructor and either add a buildType string
parameter (or pull it from the existing config/args used to create the step) and
set s.buildType = buildType during initialization.

In `@pkg/steps/index_generator.go`:
- Line 35: The IndexGeneratorStep struct's buildType field is never initialized
in its constructor, yet NewIndexGeneratorStep (or the function constructing
IndexGeneratorStep) forwards s.buildType later (e.g., at the call site that uses
s.buildType on line 130), so update the constructor for IndexGeneratorStep to
accept a buildType parameter (string) and assign it to the struct's buildType
field; also update all callers of the constructor to pass the appropriate
buildType value so the step honors AWS build selection.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 65b4ce11-a34c-4412-bf13-5e40a0172885

📥 Commits

Reviewing files that changed from the base of the PR and between cd8ca78 and 1534b3a.

⛔ Files ignored due to path filters (253)

• go.sum is excluded by !**/*.sum
• vendor/github.com/aws/aws-sdk-go-v2/aws/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/debug.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/encode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/header.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/header_value.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/message.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/stream.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/timeout_read_closer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/middleware/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_AssociateKmsKey.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_AssociateSourceToS3TableIntegration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_CancelExportTask.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_CancelImportTask.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_CreateDelivery.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_CreateExportTask.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_CreateImportTask.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_CreateLogAnomalyDetector.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_CreateLogGroup.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_CreateLogStream.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_CreateLookupTable.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_CreateScheduledQuery.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteAccountPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteDataProtectionPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteDelivery.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteDeliveryDestination.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteDeliveryDestinationPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteDeliverySource.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteDestination.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteIndexPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteIntegration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteLogAnomalyDetector.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteLogGroup.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteLogStream.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteLookupTable.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteMetricFilter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteQueryDefinition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteResourcePolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteRetentionPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteScheduledQuery.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteSubscriptionFilter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DeleteTransformer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeAccountPolicies.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeConfigurationTemplates.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeDeliveries.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeDeliveryDestinations.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeDeliverySources.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeDestinations.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeExportTasks.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeFieldIndexes.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeImportTaskBatches.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeImportTasks.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeIndexPolicies.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeLogGroups.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeLogStreams.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeLookupTables.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeMetricFilters.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeQueries.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeQueryDefinitions.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeResourcePolicies.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DescribeSubscriptionFilters.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DisassociateKmsKey.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_DisassociateSourceFromS3TableIntegration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_FilterLogEvents.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetDataProtectionPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetDelivery.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetDeliveryDestination.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetDeliveryDestinationPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetDeliverySource.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetIntegration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetLogAnomalyDetector.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetLogEvents.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetLogFields.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetLogGroupFields.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetLogObject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetLogRecord.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetLookupTable.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetQueryResults.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetScheduledQuery.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetScheduledQueryHistory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_GetTransformer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_ListAggregateLogGroupSummaries.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_ListAnomalies.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_ListIntegrations.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_ListLogAnomalyDetectors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_ListLogGroups.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_ListLogGroupsForQuery.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_ListScheduledQueries.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_ListSourcesForS3TableIntegration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_ListTagsForResource.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_ListTagsLogGroup.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutAccountPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutBearerTokenAuthentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutDataProtectionPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutDeliveryDestination.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutDeliveryDestinationPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutDeliverySource.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutDestination.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutDestinationPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutIndexPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutIntegration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutLogEvents.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutLogGroupDeletionProtection.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutMetricFilter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutQueryDefinition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutResourcePolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutRetentionPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutSubscriptionFilter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_PutTransformer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_StartLiveTail.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_StartQuery.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_StopQuery.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_TagLogGroup.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_TagResource.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_TestMetricFilter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_TestTransformer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_UntagLogGroup.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_UntagResource.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_UpdateAnomaly.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_UpdateDeliveryConfiguration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_UpdateLogAnomalyDetector.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_UpdateLookupTable.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/api_op_UpdateScheduledQuery.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/auth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/deserializers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/eventstream.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/generated.json is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/internal/endpoints/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/options.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/serializers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/types/enums.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/types/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/types/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/validators.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_BatchDeleteBuilds.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_BatchGetBuildBatches.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_BatchGetBuilds.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_BatchGetCommandExecutions.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_BatchGetFleets.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_BatchGetProjects.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_BatchGetReportGroups.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_BatchGetReports.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_BatchGetSandboxes.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_CreateFleet.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_CreateProject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_CreateReportGroup.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_CreateWebhook.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_DeleteBuildBatch.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_DeleteFleet.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_DeleteProject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_DeleteReport.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_DeleteReportGroup.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_DeleteResourcePolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_DeleteSourceCredentials.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_DeleteWebhook.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_DescribeCodeCoverages.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_DescribeTestCases.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_GetReportGroupTrend.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_GetResourcePolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ImportSourceCredentials.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_InvalidateProjectCache.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListBuildBatches.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListBuildBatchesForProject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListBuilds.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListBuildsForProject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListCommandExecutionsForSandbox.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListCuratedEnvironmentImages.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListFleets.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListProjects.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListReportGroups.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListReports.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListReportsForReportGroup.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListSandboxes.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListSandboxesForProject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListSharedProjects.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListSharedReportGroups.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_ListSourceCredentials.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_PutResourcePolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_RetryBuild.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_RetryBuildBatch.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_StartBuild.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_StartBuildBatch.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_StartCommandExecution.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_StartSandbox.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_StartSandboxConnection.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_StopBuild.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_StopBuildBatch.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_StopSandbox.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_UpdateFleet.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_UpdateProject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_UpdateProjectVisibility.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_UpdateReportGroup.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/api_op_UpdateWebhook.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/auth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/deserializers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/generated.json is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/internal/endpoints/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/options.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/serializers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/types/enums.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/types/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/types/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/codebuild/validators.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/endpoints/endpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/metrics/nop.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/eventstream_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/ordered_group.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_build.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_deserialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_finalize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_initialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/middleware/step_serialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/modman.toml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/interceptor.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/interceptor_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/smithy-go/transport/http/metrics.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/go-cmp/cmp/report_compare.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/go-cmp/cmp/report_reflect.go is excluded by !**/vendor/**, !vendor/**
• vendor/modules.txt is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (13)

• cmd/ci-operator/main_test.go
• go.mod
• pkg/api/config.go
• pkg/api/types.go
• pkg/defaults/defaults.go
• pkg/steps/bundle_source.go
• pkg/steps/git_source.go
• pkg/steps/index_generator.go
• pkg/steps/pipeline_image_cache.go
• pkg/steps/project_image.go
• pkg/steps/rpm_injection.go
• pkg/steps/source.go
• pkg/util/buildspec/buildspec.go

✅ Files skipped from review due to trivial changes (3)

• pkg/steps/rpm_injection.go
• pkg/defaults/defaults.go
• pkg/util/buildspec/buildspec.go

🚧 Files skipped from review as they are similar to previous changes (5)

• pkg/api/config.go
• pkg/api/types.go
• pkg/steps/project_image.go
• go.mod
• pkg/steps/source.go

[hector-vido]

/retest

[openshift-ci]

@hector-vido: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/images	1534b3a	link	true	/test images
ci/prow/validate-vendor	1534b3a	link	true	/test validate-vendor
ci/prow/unit	1534b3a	link	true	/test unit
ci/prow/integration	1534b3a	link	true	/test integration
ci/prow/breaking-changes	1534b3a	link	false	/test breaking-changes
ci/prow/checkconfig	1534b3a	link	true	/test checkconfig
ci/prow/frontend-checks	1534b3a	link	true	/test frontend-checks
ci/prow/codegen	1534b3a	link	true	/test codegen

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[coderabbitai]

Actionable comments posted: 6

♻️ Duplicate comments (1)

pkg/steps/source.go (1)

977-981: ⚠️ Potential issue | 🟡 Minor

Use the build identifier in the wait/log failure message.

Line 980 still formats the error with build.Namespace, which obscures which AWS build failed. Use build.Name or the CodeBuild build ID.

💡 Suggested fix

-		return false, fmt.Errorf("could not wait/pull logs for build %s: %w", build.Namespace, err)
+		return false, fmt.Errorf("could not wait/pull logs for build %s: %w", build.Name, err)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/steps/source.go` around lines 977 - 981, The error message after calling
awsBuildWaitForIt currently uses build.Namespace, which hides which CodeBuild
failed; update the fmt.Errorf to include the actual build identifier (use
build.Name or the CodeBuild ID from awsBuildResult) instead of build.Namespace
so the log shows the failing build (change the formatted value in the error
returned from the awsBuildWaitForIt error branch where build.Namespace is used).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/steps/source.go`:
- Around line 1169-1174: The opened file handle logFile created by
os.Open(logPath) is not closed; after successfully opening logFile (right after
the err check in the block that opens logPath) add a defer logFile.Close() so
the file is closed on all exit paths, ensuring io.Copy(os.Stdout, logFile) and
any early returns won't leak the descriptor.
- Around line 1032-1034: The function awsBuildAssemblyCredentials dereferences
build.Spec.Strategy.DockerStrategy.PullSecret.Name without checking for nil; add
a nil guard for PullSecret (and DockerStrategy/Strategy if needed) before
reading Name inside awsBuildAssemblyCredentials, and when PullSecret is nil skip
secret lookup (returning appropriate zero values or append a descriptive error
to errs) so the function no longer panics for builds without a configured pull
secret.
- Around line 1073-1080: Ensure you initialize and safely merge the Auths map
before writing into it: after unmarshalling into registryCredentials (type
credentialprovider.DockerConfigJSON) check if registryCredentials.Auths is nil
and set it to an empty map if so; then lookup
pushCredentials.Auths[buildClient.LocalRegistryDNS()] into a local variable and
only assign it into registryCredentials.Auths if that lookup actually
exists/non-empty to avoid overwriting a valid existing entry or inserting an
empty auth; proceed to json.Marshal(marshalledRegistryCredentials) afterward.
- Around line 944-951: The code uses cbClient.ListProjects(ctx, nil) and only
checks the first page (pList.Projects) which can miss projects beyond 100;
replace this existence check with a direct BatchGetProjects call (e.g., use
cbClient.BatchGetProjects(ctx, &cloudproject.BatchGetProjectsRequest{Names:
[]string{projectName}}) or the equivalent BatchGetProjects method available) to
query the single projectName safely and inspect the response for the project
presence; update the branch that currently uses slices.Contains(pList.Projects,
projectName) to use the BatchGetProjects result and handle not-found vs error
accordingly, removing reliance on pagination and preventing missed projects.
- Around line 992-996: The loop in pkg/steps/source.go concatenates untrusted
values (image.From.Name, path.SourcePath, path.DestinationDir) into shell
strings, enabling command injection; replace these raw interpolations by
constructing commands with safe argument separation (e.g., use
os/exec.Command("docker", "create", "--name", fmt.Sprintf("c%d", i),
image.From.Name) and os/exec.Command("docker", "cp", fmt.Sprintf("c%d:%s", i,
path.SourcePath), path.DestinationDir)) or, if you must keep a string list,
ensure each value is safely quoted/escaped (use fmt.Sprintf("%q", val)) before
appending to commands; update the code that consumes the commands slice to
accept exec.Cmd or properly unquote/execute arguments correspondingly, and
change references in the build.Spec.CommonSpec.Source.Images loop where commands
are created.
- Around line 1184-1201: The code dereferences nullable CloudWatch fields and
can panic; add nil guards before using build.Logs and its pointers and before
using event.Timestamp/event.Message: ensure build.Logs != nil and that
GroupName/StreamName (or their aws.ToString equivalents) are present before
creating the GetLogEventsInput, and skip or return with a clear error if
missing; inside the paginator loop check event.Timestamp and event.Message for
nil (or use aws.ToInt64/ aws.ToString helpers) before converting/formatting and
writing to log.Write, and handle missing values (skip the event or provide a
fallback) to avoid nil pointer dereferences.

---

Duplicate comments:
In `@pkg/steps/source.go`:
- Around line 977-981: The error message after calling awsBuildWaitForIt
currently uses build.Namespace, which hides which CodeBuild failed; update the
fmt.Errorf to include the actual build identifier (use build.Name or the
CodeBuild ID from awsBuildResult) instead of build.Namespace so the log shows
the failing build (change the formatted value in the error returned from the
awsBuildWaitForIt error branch where build.Namespace is used).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 782059ea-f85a-43b9-abbb-12e2b4a1bae0

📥 Commits

Reviewing files that changed from the base of the PR and between d788317 and 4180ede.

📒 Files selected for processing (1)

• pkg/steps/source.go

[droslean]

Since this is a top level configuration, and we have only one new way of using the build which is the aws builds. Perhaps it would be just better to have a boolean here like use_aws_builds or something like that.

[droslean]

You will avoid all of those changes if you encapsulate the build method inside the buildClient. Since all builds will use the same build type.

[droslean]

Instead of initializing the same client all over again for each build, you should be able to initialize it once inside the buildClient interface.

[droslean]

Do we really need to create a new project for each build?

[hector-vido]

I probably can condensate all builds inside a single project and push everything from there, but there will be at least one project per "job".

[droslean]

There is no point on passing the errs and mutate it. The function will return one error in the end, you should append it out of this function.

[droslean]

Can you elaborate more on where this build will run? Is this going to still be an Openshift object that uses AWS builds natively, or will we watch the resource directly in AWS? What are those credentials? How will the build push back in the local registry in the end? I would really need this kind of information to review the code more appropriately.

[hector-vido]

The build will run inside AWS.
We will watch the resource directly on AWS.
These credentials are used to pull/push from/to AWS, Build Clusters (and/or eventually inside Quay).
After the build, the image is automatically uploaded to a registry, this is an example:
docker buildx build --build-arg BUILD_LOGLEVEL='0' --platform linux/amd64 --tag registry.build11.ci.openshift.org/hvidosil-ci-operator/pipeline:bin-amd64 --output type=registry .

[droslean]

If this runs in an OpenShift pod, it will fail.

[openshift-ci]

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.