Skip to content

test proxy in deploy-konflux-operator #80783

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ajaggapa wants to merge 1 commit into
base: main
Choose a base branch
from
+8 −1
Open

test proxy in deploy-konflux-operator #80783

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion ci-operator/step-registry/deploy-konflux-operator/deploy-konflux-operator-commands.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,8 +128,15 @@ function deploy_operators() {
run_command "deploy-konflux-operator/deploy-operator.sh ${args[*]}"
}

set_proxy
echo "HTTP_PROXY=${HTTP_PROXY:-}"
echo "HTTPS_PROXY=${HTTPS_PROXY:-}"
echo "NO_PROXY=${NO_PROXY:-}"
echo "http_proxy=${http_proxy:-}"
echo "https_proxy=${https_proxy:-}"
echo "no_proxy=${no_proxy:-}"
Comment on lines +131 to +136

@coderabbitai coderabbitai Bot Jun 19, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Do not print raw proxy environment variables to CI logs.

HTTP_PROXY/HTTPS_PROXY/http_proxy/https_proxy can contain full URLs and embedded credentials; echoing them leaks sensitive infrastructure details. Log presence only (or redact values) instead of printing raw content.

Suggested fix 
-echo "HTTP_PROXY=${HTTP_PROXY:-}"
-echo "HTTPS_PROXY=${HTTPS_PROXY:-}"
-echo "NO_PROXY=${NO_PROXY:-}"
-echo "http_proxy=${http_proxy:-}"
-echo "https_proxy=${https_proxy:-}"
-echo "no_proxy=${no_proxy:-}"
+echo "HTTP_PROXY set: $([[ -n ${HTTP_PROXY:-} ]] && echo yes || echo no)"
+echo "HTTPS_PROXY set: $([[ -n ${HTTPS_PROXY:-} ]] && echo yes || echo no)"
+echo "NO_PROXY set: $([[ -n ${NO_PROXY:-} ]] && echo yes || echo no)"
+echo "http_proxy set: $([[ -n ${http_proxy:-} ]] && echo yes || echo no)"
+echo "https_proxy set: $([[ -n ${https_proxy:-} ]] && echo yes || echo no)"
+echo "no_proxy set: $([[ -n ${no_proxy:-} ]] && echo yes || echo no)"

As per coding guidelines, step-registry command scripts must never print sensitive data (including URLs/credential-bearing values) to logs.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/deploy-konflux-operator/deploy-konflux-operator-commands.sh`
around lines 131 - 136, The echo statements for HTTP_PROXY, HTTPS_PROXY,
NO_PROXY, http_proxy, https_proxy, and no_proxy variables expose sensitive
infrastructure details including URLs and embedded credentials to CI logs.
Replace these raw variable echo statements with checks that only indicate
whether each proxy variable is set (without printing the actual value), such as
using conditional tests or redacted confirmation messages that show presence but
not content.

Source: Coding guidelines


install_deps
set_proxy
Comment on lines 138 to +139

@coderabbitai coderabbitai Bot Jun 19, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Proxy setup must happen before dependency installation.

install_deps now runs before set_proxy, so oc/opm installs may execute without required proxy env and fail in restricted networks. The order should be set_proxy first, then install_deps.

Suggested fix 
-install_deps
-set_proxy
+set_proxy
+install_deps
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
install_deps
set_proxy
set_proxy
install_deps
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@ci-operator/step-registry/deploy-konflux-operator/deploy-konflux-operator-commands.sh`
around lines 138 - 139, The `install_deps` and `set_proxy` function calls are in
the wrong order. The `set_proxy` function must be called before `install_deps`
to ensure that proxy environment variables are configured before any dependency
installation commands are executed. Swap the order of these two function calls
so that `set_proxy` executes first, followed by `install_deps`.

run_command "oc whoami"
run_command "which oc && oc version -o yaml"
deploy_operators