NO-JIRA: Add default coderabbit for the repo

[rikatz]

Add coderabbit configuration for router repo

Summary by CodeRabbit

• Chores
  • Configured automated code review and CI settings to streamline the development workflow.

[openshift-ci-robot]

@rikatz: This pull request explicitly references no jira issue.

Details

In response to this:

Add coderabbit configuration for router repo

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Warning

Ignoring CodeRabbit configuration file changes. For security, only the configuration from the base branch is applied for open source repositories.

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 7fc115af-bb1c-4f1b-ab7e-2475922c7554

📥 Commits

Reviewing files that changed from the base of the PR and between ce3479a and 400eac8.

📒 Files selected for processing (1)

• .coderabbit.yaml

---

Walkthrough

A new .coderabbit.yaml file is added to the repository root. It sets the review language to en-US, enables automated reviews (excluding drafts), configures review workflow and summary/status toggles, sets master as the base branch, and excludes vendor/** and **/vendor/** paths from review consideration.

Changes

CodeRabbit Configuration

Layer / File(s)	Summary
CodeRabbit review configuration .coderabbit.yaml	Adds the full CodeRabbit configuration: en-US language, inherited config enabled, automated review on (drafts off), request-changes workflow, walkthrough/summary/status flags, master base branch, and path filters excluding vendor directories.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error)

Check name	Status	Explanation	Resolution
Container-Privileges	❌ Error	PR adds deploy/router.yaml with hostNetwork: true (a privileged network setting) without justification in PR description or code comments.	Document why hostNetwork is required for the router pod or remove if not necessary. Update PR description or add inline comments explaining the security requirement.

✅ Passed checks (14 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding a default CodeRabbit configuration file to the repository.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR only adds .coderabbit.yaml configuration file. Repository does not use Ginkgo testing framework; it uses standard Go testing package. No Ginkgo tests present to evaluate.
Test Structure And Quality	✅ Passed	PR adds .coderabbit.yaml configuration only. Repository uses standard Go testing (testing.T), not Ginkgo. No Ginkgo tests exist in codebase, making the Ginkgo test quality check inapplicable.
Microshift Test Compatibility	✅ Passed	This PR does not add any Ginkgo e2e tests. It only adds unit tests and configuration files (including .coderabbit.yaml). The check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR adds only .coderabbit.yaml configuration file; contains no Ginkgo e2e tests. The SNO test compatibility check is not applicable to configuration-only changes.
Topology-Aware Scheduling Compatibility	✅ Passed	PR adds config and documentation files plus example deploy/router.yaml with no pod affinity, topology spread constraints, PDBs, or control-plane nodeSelectors that would break on SNO/TNF/TNA/HyperS...
Ote Binary Stdout Contract	✅ Passed	PR only adds .coderabbit.yaml configuration file with no Go code changes. OTE Binary Stdout Contract violations only apply to executable code in process-level contexts.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR adds only .coderabbit.yaml configuration; no Ginkgo e2e tests are added, so IPv6/disconnected network check does not apply.
No-Weak-Crypto	✅ Passed	PR adds only .coderabbit.yaml configuration file with no cryptographic code, weak crypto algorithms, custom crypto implementations, or insecure secret comparisons.
No-Sensitive-Data-In-Logs	✅ Passed	.coderabbit.yaml contains only non-sensitive configuration values (language, boolean toggles, base branch, path filters). No passwords, tokens, API keys, PII, or other sensitive data found.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[rikatz]

/cc @bentito

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign jcmoraisjr for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[bentito]

@rikatz this will leave off at an /approve that is from someone not in OWNERS, right? We had discussed also having "openshift-ci detects coderabbit approving and add the ready-for-human-review label" but how does that part work?

We can certainly merge this PR. Just wondering about rest of the process.

[rikatz]

yes that's right.

I though it was something that openshift-ci robot would do, but I've found we can also ask coderabbit to do directly: https://github.com/openshift/lvm-operator/blob/f6407c6c17ef3c34b72c3afb430487125d32c84c/.coderabbit.yaml#L13-L15

Tho I am not sure if it will have the right permissions.

@coderabbitai do you know?

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Fetch the lvm-operator .coderabbit.yaml to see lines 13-15
curl -s "https://raw.githubusercontent.com/openshift/lvm-operator/f6407c6c17ef3c34b72c3afb430487125d32c84c/.coderabbit.yaml"

Length of output: 709

---

---

@rikatz Here's the breakdown of what CodeRabbit can and cannot do in this context:

What CodeRabbit can do: add GitHub labels directly

The lvm-operator config you found (lines 13–15) uses the auto_apply_labels + labeling_instructions feature:

reviews:
  auto_apply_labels: true
  labeling_instructions:
    - label: "ready-for-human-review"
      instructions: "Apply when CodeRabbit approves the PR with no outstanding comments or requested changes."

This uses the GitHub App API to apply the label directly — it does not post a prow command. As long as the CodeRabbit GitHub App was installed with pull-requests: write (or issues: write) permissions, it has the ability to add/remove labels. That's a standard scope requested during GitHub App installation, so it should work here.

What CodeRabbit cannot do: act as a prow approver

Posting /approve as a comment would only count if CodeRabbit's bot account is listed in the OWNERS file. Since it isn't, the prow/tide system would ignore such a comment.

Recommendation

You can add this to the .coderabbit.yaml in this PR:

reviews:
  auto_apply_labels: true
  labeling_instructions:
    - label: "ready-for-human-review"
      instructions: "Apply when CodeRabbit approves the PR with no outstanding comments or requested changes."

This gives you the label-based signal without needing OWNERS file changes. The label ready-for-human-review would need to exist in the repository first (you can create it via GitHub's Labels UI if it doesn't already).

[rikatz]

aha

@bentito actually we need to enable https://github.com/openshift/release/blob/ae6198e8bf8638a290103281db4c78833a404e92/clusters/app.ci/prow/03_deployment/ship-hook.yaml#L18 on our repo, apparently

Found the design for it: https://github.com/openshift-eng/ship-hook/blob/832c122c37735ce4f3ac612d36b45b019e412157/specs/003-ready-for-humans.md?plain=1#L16

[openshift-ci]

@rikatz: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-fips	400eac8	link	true	/test e2e-aws-fips

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.