fix(ibmcloud): preserve path component in COS backend URL#830
Open
adrianriobo wants to merge 5 commits into
Open
fix(ibmcloud): preserve path component in COS backend URL#830adrianriobo wants to merge 5 commits into
adrianriobo wants to merge 5 commits into
Conversation
This comment was marked as outdated.
This comment was marked as outdated.
When a backed URL includes a path (e.g. s3://bucket/some/path), the previous code discarded the path and stored Pulumi state at the bucket root. Refactor extractBucket into extractBucketAndPath so the path is carried through to PULUMI_BACKEND_URL. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@pkg/integrations/gitlab/snippet-linux.sh`:
- Around line 35-36: The /etc/resolv.conf fallback currently excludes only IPv4
loopback (127.*) so IPv6 loopback (::1) can still be captured into _dns_servers;
update the awk filter in the _dns_servers assignment (the line using awk
'/^nameserver/ && $2 !~ /^127\./ {print $2}') to also exclude the IPv6 loopback
(e.g. add a condition like $2 != "::1" or $2 !~ /^::1/), ensuring nameserver
entries equal to ::1 are not included.
- Around line 48-54: The script currently checks for "dns_servers" globally
which can match other sections; change the detection/update logic so it only
looks inside the [containers] section: when checking for existence use a
section-scoped search (e.g., search between the line matching "^\[containers\]"
and the next section header "^\[.*\]") to decide whether to replace dns_servers
or append it after the [containers] header; update the two sed/grep branches
that reference dns_servers and /etc/containers/containers.conf and ensure the
inserted value uses the same ${_toml_list} variable and formatting as before.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Enterprise
Run ID: 466885cf-1897-4a3c-8cf6-9db3d3fcc8aa
📒 Files selected for processing (1)
pkg/integrations/gitlab/snippet-linux.sh
Detect the host's upstream DNS servers at runner setup time and write them to /etc/containers/containers.conf so Podman propagates them into every container it creates, including the nested inner containers spawned by `podman build` RUN steps. Without this, inner build containers inherit the systemd-resolved loopback stub (127.0.0.53) which is unreachable from inside a container, causing intermittent "Could not resolve host" failures for external domains. Detection tries resolvectl, nmcli, and /etc/resolv.conf in order, filtering out loopback addresses at each step. The existence check and in-place replacement are scoped to the [containers] section via awk to avoid false-positive matches in other sections (e.g. [network]). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Pass --name "{{ .Name }}" to gitlab-runner register in all platform
snippets (Linux, Darwin, Windows). Without this flag the runner defaults
to the system hostname, which is not meaningful in ephemeral environments.
Set the Name field from ProjectName() rather than RunID() so the runner
is identified by the project it belongs to.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
deekay2310
reviewed
Jun 12, 2026
deekay2310
left a comment
deekay2310
left a comment
Contributor
There was a problem hiding this comment.
Apart from my one comment regarding context.go, we should also address CodeRabbit's comments and I think this PR will be ready to merge.
|
|
||
| func manageIntegration(c *Context, ca *ContextArgs) error { | ||
| if ca.GHRunnerArgs != nil { | ||
| ca.GHRunnerArgs.Name = c.RunID() |
Contributor
There was a problem hiding this comment.
Should this also be changed to c.ProjectName() just like GLRunnerArgs.name?
Collaborator
Author
There was a problem hiding this comment.
yeah I just found out using the RunID as name is not really helpful so make it with the project name clarifies it, but as this change is GH related can you change it on your PR?
Contributor
There was a problem hiding this comment.
Sounds good! I'll look into it
When both GitLab runner and OTel are configured, Podman is set to use the journald log driver so CI job container output is captured by systemd journal. The otelcol config gains a journald/gitlab-jobs receiver that parses CONTAINER_NAME to extract job_id, project_id, and runner_token, and the existing filelog/gitlab-runner receiver gets regex_parser operators to promote job= and runner= fields from the runner daemon log body into attributes. Both streams share job_id, enabling cross-stream correlation in any OTel backend. The journald log driver change is gated on a new LogToJournald field in GitLabRunnerArgs, set only when hasOtel is true in the IBM Power and IBM Z providers. The otelcol receivers remain gated on the existing MonitorGitLabRunner flag. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Set dns_options = ["timeout:2", "attempts:5", "single-request"] alongside dns_servers in /etc/containers/containers.conf so build containers retry dropped UDP packets and send A/AAAA queries sequentially rather than in parallel, preventing intermittent "Could not resolve host" failures in enterprise networks. Also chmod 644 the file after every write path so rootless Podman (non-root users) can read the system config; sudo tee on Ubuntu uses a restrictive root umask that produces mode 600. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When a backed URL includes a path (e.g. s3://bucket/some/path), the previous code discarded the path and stored Pulumi state at the bucket root. Refactor extractBucket into extractBucketAndPath so the path is carried through to PULUMI_BACKEND_URL.
Fixes #829
Fixes #832