image-detector: support /image commit directive to force image builds

[jmguzik]

When build_if_affected is enabled, users can now add /image directives in commit messages to force-build specific images regardless of code change detection. The directive must start at the beginning of a line.

Supported syntax:

• /image ... - force specific images
• /image all - force all configured images

Image names are validated against images.items[].to in ci-operator config. Unknown names are warned and ignored. Forced images are unioned with auto-detected affected images.

Summary by CodeRabbit

• New Features

  • Commit-message /image directives are applied before change-based detection; /image all forces all configured images and requested image names are merged into the detected set.
  • Parse errors or unknown image names are tolerated and logged as warnings; final detection logs indicate directives that forced images and the updated total.

• Tests

  • Added tests for parsing /image directives across multiple commits, CRLF handling, ignored unknown names, and /image all.

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: automatic mode

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 39affaba-86cf-422a-b535-04e7b0e2cb14

📥 Commits

Reviewing files that changed from the base of the PR and between eb4d47d and c12c68a.

📒 Files selected for processing (2)

• pkg/tool-detector/detector.go
• pkg/tool-detector/detector_test.go

✅ Files skipped from review due to trivial changes (1)

• pkg/tool-detector/detector_test.go

🚧 Files skipped from review as they are similar to previous changes (1)

• pkg/tool-detector/detector.go

---

Walkthrough

AffectedTools now reads commit messages between baseRef..HEAD for /image directives (including /image all), parses forced image names, and merges those into the computed affected-image set; new unexported helpers handle git log, parsing, and enumerating configured image names.

Changes

Cohort / File(s)	Summary
Commit-message-driven image forcing pkg/tool-detector/detector.go	Adds unexported helpers: getForcedImagesFromCommitMessages() (runs git log --format=%B%x00 baseRef..HEAD), parseForcedImagesFromCommitMessages() (scans messages for /image directives, supports all, filters unknown names), and getAllImageNames(); integrates forced-image logic into AffectedTools() with early /image all handling and unions forced images into affected result paths; logging updated to include forcedByCommitMessage and adjusted totals.
Unit test for parsing logic pkg/tool-detector/detector_test.go	Adds TestParseForcedImagesFromCommitMessages covering parsing behavior: multiple /image directives across commits, all handling, CRLF support, line-start requirement, unknown-token filtering, aggregation, and no-op cases.

Sequence Diagram

sequenceDiagram
    participant Caller as Caller
    participant Detector as AffectedTools()
    participant Git as "git log"
    participant Parser as parseForcedImagesFromCommitMessages()
    participant Config as Config

    Caller->>Detector: AffectedTools(baseRef..HEAD)
    Detector->>Git: git log --format=%B%x00 baseRef..HEAD
    Git-->>Detector: commit messages (NUL-separated)
    Detector->>Parser: parse messages + allowed image names
    Parser->>Config: validate tokens vs configured images
    Config-->>Parser: allowed / unknown results
    Parser-->>Detector: forced set + all flag
    alt all == true
        Detector->>Config: getAllImageNames()
        Config-->>Detector: all image names
    end
    Detector->>Detector: union forced images into affected set
    Detector-->>Caller: final affected images (with forcedByCommitMessage info)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 warning, 2 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Test Structure And Quality	❓ Inconclusive	The test file cannot be located in the repository to verify compliance with Ginkgo test quality standards specified in the check criteria.	Provide access to the actual test file (pkg/tool-detector/detector_test.go) so the test code can be evaluated against the specified quality requirements.
Ote Binary Stdout Contract	❓ Inconclusive	Unable to locate and analyze the modified detector.go and detector_test.go files to determine if stdout writes exist in process-level code.	Please provide the file contents or git diff output to verify OTE Binary Stdout Contract compliance.

✅ Passed checks (7 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and specifically describes the main change: adding support for a /image commit directive to force image builds in the image-detector tool.
Stable And Deterministic Test Names	✅ Passed	The PR uses standard Go testing with static test names containing no dynamic content such as timestamps, UUIDs, or generated IDs.
Microshift Test Compatibility	✅ Passed	No Ginkgo e2e tests added. PR contains only standard Go unit tests in pkg/tool-detector/ library package.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR does not add any Ginkgo e2e tests. The changes are standard Go unit tests in pkg/tool-detector/detector_test.go using the testing package, not Ginkgo patterns.
Topology-Aware Scheduling Compatibility	✅ Passed	PR contains only Go utility functions for build automation in tool-detector package with no Kubernetes manifests, scheduling constraints, or topology-aware infrastructure code.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR adds only Go unit tests in pkg/tool-detector/detector_test.go without any Ginkgo e2e tests or network-dependent code.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jmguzik

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [jmguzik]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

pkg/tool-detector/detector_test.go (1)

865-875: Add one AffectedTools()-level test for the new control flow.

Lines 867-873 only exercise the parser. They won't catch regressions in the AffectedTools() branches that merge forced images, short-circuit on /image all, or hit the empty-diff path. A small git-backed test there would lock down the behavior that actually drives image skipping.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/tool-detector/detector_test.go` around lines 865 - 875, Add a new test in
detector_test.go that exercises the higher-level AffectedTools() control flow
(not just parseForcedImagesFromCommitMessages) by creating a small git-backed
repo state and commits that include the forced-image patterns; call
AffectedTools() (the function under test) and assert the three important
branches: (1) merging of forced images into the result, (2) short-circuit
behavior when a commit contains "/image all", and (3) the empty-diff path when
no changes should affect tools. Use the existing tests table style and reference
parseForcedImagesFromCommitMessages and AffectedTools by name so the test fails
if those branches regress. Ensure the test sets up commits/messages and allowed
list to trigger each branch and validates the returned forced-images map and the
all-flag or empty result accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/tool-detector/detector.go`:
- Around line 142-151: The git range in
Detector.getForcedImagesFromCommitMessages uses the symmetric difference range
"baseRef...HEAD" which can include commits from base when it's not an ancestor;
change the git log invocation to use a HEAD-only range such as "baseRef..HEAD"
(or compute merge-base(baseRef, HEAD) and use "mergeBase..HEAD") so only commits
reachable from HEAD are scanned for /image directives; update the exec.Command
call that builds the "git log" args in getForcedImagesFromCommitMessages
accordingly and audit any other uses of "...HEAD" in this package (e.g., other
functions that call git log or git diff) to the same pattern.

---

Nitpick comments:
In `@pkg/tool-detector/detector_test.go`:
- Around line 865-875: Add a new test in detector_test.go that exercises the
higher-level AffectedTools() control flow (not just
parseForcedImagesFromCommitMessages) by creating a small git-backed repo state
and commits that include the forced-image patterns; call AffectedTools() (the
function under test) and assert the three important branches: (1) merging of
forced images into the result, (2) short-circuit behavior when a commit contains
"/image all", and (3) the empty-diff path when no changes should affect tools.
Use the existing tests table style and reference
parseForcedImagesFromCommitMessages and AffectedTools by name so the test fails
if those branches regress. Ensure the test sets up commits/messages and allowed
list to trigger each branch and validates the returned forced-images map and the
all-flag or empty result accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 9acfe622-7b48-4518-8562-0abb52a2f7f4

📥 Commits

Reviewing files that changed from the base of the PR and between 40f5b15 and 4e14a75.

📒 Files selected for processing (2)

• pkg/tool-detector/detector.go
• pkg/tool-detector/detector_test.go

[openshift-merge-bot]

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e

[openshift-merge-bot]

Tests from second stage were triggered manually. Pipeline can be controlled only manually, until HEAD changes. Use command to trigger second stage.

[openshift-merge-bot]

Tests from second stage were triggered manually. Pipeline can be controlled only manually, until HEAD changes. Use command to trigger second stage.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/tool-detector/detector.go`:
- Around line 89-91: The early returns fail to include forcedImages when
expanding binary-inputs; ensure the binary-input expansion call
getAffectedToolsByBinaryInputs is seeded with forcedImages so images forced via
"/image <tool>" propagate through inputs["bin"]. Specifically, where
affectedByImageChanges.Union(getAffectedToolsByBinaryInputs(affectedByImageChanges))
is computed (and in the other two similar return paths), call
getAffectedToolsByBinaryInputs with the union of affectedByImageChanges and
forcedImages (e.g.,
getAffectedToolsByBinaryInputs(affectedByImageChanges.Union(forcedImages))) and
then union the result with forcedImages before returning so forcedImages are
part of the binary-input expansion in all three return branches.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 72b03a4f-df69-46e0-9fc0-09a8fb5aca72

📥 Commits

Reviewing files that changed from the base of the PR and between 4e14a75 and eb4d47d.

📒 Files selected for processing (2)

• pkg/tool-detector/detector.go
• pkg/tool-detector/detector_test.go

✅ Files skipped from review due to trivial changes (1)

• pkg/tool-detector/detector_test.go

[jmguzik]

/retest

[openshift-merge-bot]

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e

[openshift-ci]

@jmguzik: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/breaking-changes	c12c68a	link	false	/test breaking-changes

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-merge-bot]

Tests from second stage were triggered manually. Pipeline can be controlled only manually, until HEAD changes. Use command to trigger second stage.

[openshift-merge-bot]

Tests from second stage were triggered manually. Pipeline can be controlled only manually, until HEAD changes. Use command to trigger second stage.