OCM-24551 | ci: align CodeRabbit review coverage for the CLI

[olucasfreitas]

PR Summary

Align the ROSA CLI repository's CodeRabbit configuration with CLI-specific review surfaces instead of Terraform-provider defaults by extending path instructions for shell, Docker, Tekton, command-structure YAML, and CloudFormation paths, and by explicitly enabling only the review tools that fit this repo.

Detailed Description of the Issue

The Jira points to the Terraform provider's .coderabbit.yaml as reference material, but the ROSA CLI repository has different code and configuration surfaces. The CLI already had a strong CodeRabbit baseline for Go code and docs, but it lacked targeted review guidance for important non-Go paths like shell scripts, Dockerfiles, Tekton pipelines, command structure YAML, and CloudFormation templates. This change keeps the provider as precedent while tailoring the final configuration to ROSA CLI standards, existing contributor workflow, and current CI/security reality.

Related Issues and PRs

• Jira: OCM-24551
• Fixes: N/A
• Related PR(s):
  • Provider reference: terraform-redhat/terraform-provider-rhcs#1107
  • Provider reference: terraform-redhat/terraform-provider-rhcs#1138
• Related design/docs: N/A

Type of Change

• feat - adds a new user-facing capability.
• fix - resolves an incorrect behavior or bug.
• docs - updates documentation only.
• style - formatting or naming changes with no logic impact.
• refactor - code restructuring with no behavior change.
• test - adds or updates tests only.
• chore - maintenance work (tooling, housekeeping, non-product code).
• ci - changes CI pipelines, jobs, or automation workflows.
• perf - improves performance without changing intended behavior.

Previous Behavior

The repo-specific CodeRabbit configuration focused on Go, AWS-sensitive code, tests, docs, and GitHub metadata, and only explicitly enabled golangci-lint and gitleaks. It did not provide targeted review instructions for shell scripts, Dockerfiles, Tekton YAML, command-structure YAML, or CloudFormation templates, and it did not make local tool choices explicit for several inherited scanner options.

Behavior After This Change

CodeRabbit review guidance now explicitly covers the ROSA CLI repo's high-signal non-Go surfaces:

• **/*.sh for hook and helper scripts
• **/Dockerfile* for build/runtime image changes
• .tekton/**/*.{yml,yaml} for Konflux/Tekton workflows
• cmd/rosa/structure_test/**/*.{yml,yaml} for command/flag contract files
• cmd/create/network/templates/**/*.yaml for CloudFormation/network templates

The config also explicitly keeps the local tool set CLI-specific by enabling hadolint, shellcheck, and yamllint, while leaving checkov, trivy, and markdownlint disabled.

How to Test (Step-by-Step)

Preconditions

• Repository checkout on branch OCM-24551
• Python available with yaml import support in the local environment

Test Steps

1. Validate the repository CodeRabbit config parses as YAML:

   python - <<'PY'
   import yaml
   from pathlib import Path
   data = yaml.safe_load(Path('.coderabbit.yaml').read_text())
   assert isinstance(data, dict)
   print(sorted(data.keys()))
   print(sorted(data.get('reviews', {}).get('tools', {}).keys()))
   PY

2. Run the repository verification flow:

   make pre-push-checks

3. Inspect .coderabbit.yaml and confirm the new path instructions and tool toggles are tailored to ROSA CLI paths rather than copied from the Terraform provider.

Expected Results

• .coderabbit.yaml parses successfully.
• make pre-push-checks passes.
• The configuration explicitly covers ROSA CLI shell, Docker, Tekton, structure-test, and CloudFormation paths.

Proof of the Fix

• Screenshots: N/A
• Videos: N/A
• Logs/CLI output:
  • YAML parse succeeded with top-level keys inheritance, knowledge_base, language, reviews
  • make pre-push-checks passed: format check, build, lint, changed-files coverage, and unit/integration tests
• Other artifacts: N/A

Breaking Changes

• No breaking changes
• Yes, this PR introduces a breaking change (describe impact and migration plan below)

Breaking Change Details / Migration Plan

N/A

Developer Verification Checklist

• Commit subject/title follows [JIRA-TICKET] | [TYPE]: <MESSAGE>.
• PR description clearly explains both what changed and why.
• Relevant Jira/GitHub issues and related PRs are linked.
• make install-hooks has been run in this clone.
• Tests were added/updated where appropriate.
• I manually tested the change.
• make test passes.
• make lint passes.
• make rosa passes.
• Documentation or repo-local agent guidance was added/updated where appropriate.
• Any risk, limitation, or follow-up work is documented.

Summary by CodeRabbit

• Chores
  • Updated code review configuration settings to enhance automated review processes for shell scripts, Docker configurations, and template files.
  • Expanded code guidelines documentation patterns for better reference during development workflows.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: e8882c1c-95c8-4114-9b7f-3cada65dc806

📥 Commits

Reviewing files that changed from the base of the PR and between c332d23 and a40a651.

📒 Files selected for processing (1)

• .coderabbit.yaml

---

📝 Walkthrough

Walkthrough

This PR updates CodeRabbit's review configuration in .coderabbit.yaml. Changes include new path-specific guidance blocks for shell scripts, Dockerfiles, Tekton pipelines, command-structure YAML, network templates, and GitHub workflows. The PR also explicitly enables/disables multiple linting and security tools (gitleaks, golangci-lint, hadolint, shellcheck, and others) and expands the code guidelines file patterns to include AGENTS.md and .cursor/rules/*.mdc.

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: aligning CodeRabbit review coverage for the CLI. It references the Jira ticket and change type (ci), making it both concise and informative.
Description check	✅ Passed	The PR description comprehensively covers all required template sections: summary, detailed description with context, related issues/PRs with links, type of change (ci) marked, previous/new behavior, testing steps with validation, proof of testing, breaking changes status, and developer checklist mostly completed.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR only modifies .coderabbit.yaml configuration; no test files changed. Custom check for Ginkgo test names is not applicable to config-only PRs.
Test Structure And Quality	✅ Passed	PR is a configuration-only change to .coderabbit.yaml with no Ginkgo test code modifications; check for test quality is not applicable.
Microshift Test Compatibility	✅ Passed	This PR only updates .coderabbit.yaml (code review configuration). It does not add any new Ginkgo e2e tests, so MicroShift compatibility check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR only modifies .coderabbit.yaml configuration file; no new Ginkgo e2e tests added, so SNO test compatibility check does not apply.
Topology-Aware Scheduling Compatibility	✅ Passed	PR only modifies .coderabbit.yaml (CodeRabbit code review config). No deployment manifests, operator code, or scheduling constraints introduced.
Ote Binary Stdout Contract	✅ Passed	PR modifies only .coderabbit.yaml (configuration). OTE Binary Stdout Contract check applies to Go source code changes, not configuration-only changes.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR only modifies .coderabbit.yaml (configuration file). No new Ginkgo e2e tests are added, so the IPv6/disconnected network test compatibility check is not applicable.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[olucasfreitas]

@amandahla please review this when you can, low priority

[amandahla]

/approve
/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: amandahla, olucasfreitas

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [amandahla,olucasfreitas]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@olucasfreitas: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.