[ci] Add cross-platform cozypkg build targets with version injection

[kvaps]

What this PR does

• Add pattern rule for building cozypkg binaries per platform (assets-cozypkg-<os>-<arch>) with checksums generation
• Add Version variable to cozypkg CLI injected via ldflags
• Split manifests into separate cozystack-crds.yaml and cozystack-operator.yaml files
• Update CI workflow to handle CRDs and operator as separate artifacts
• Update e2e tests and upload script for new manifest structure

Release note

[ci] Add cross-platform cozypkg build targets with version injection and split installer manifests into CRDs and operator

Summary by CodeRabbit

• New Features

  • Multi-platform binaries (Linux, macOS, Windows; amd64 & arm64)
  • Checksum file added for release artifact verification

• Refactor

  • Installation flow reworked to validate and apply CRDs and Operator manifests separately
  • CLI exposes a configurable build-time version for reporting

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Warning

Rate limit exceeded

@kvaps has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 5 minutes and 44 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between e557b23 and 6dbfcbb.

📒 Files selected for processing (7)

• .github/workflows/pull-requests.yaml
• Makefile
• cmd/cozypkg/cmd/root.go
• hack/e2e-install-cozystack.bats
• hack/upload-assets.sh
• packages/core/installer/templates/crds.yaml
• packages/core/testing/Makefile

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

📝 Walkthrough

Walkthrough

Replaces the single "installer" artifact with separate CRDs and Operator manifests across build, release, and test flows; adds multi-platform cozypkg packaging and a build-time CLI Version variable. Workflow steps, asset names/outputs, uploads/downloads, and test/apply scripts updated accordingly.

Changes

Cohort / File(s)	Summary
GitHub Actions workflow \.github/workflows/pull-requests\.yaml	Replaced installer asset with cozystack-crds and added cozystack-operator. Renamed outputs (installer_id → crds_id), added operator_id. Updated upload/download, draft-release lookup, and core asset fetch logic.
Makefile — manifests & assets Makefile	manifests now renders two helm templates: cozystack-crds.yaml and cozystack-operator.yaml. Added cozypkg target and an assets pipeline with assets-talos and assets-cozypkg; per-OS packaging rule assets-cozypkg-% and checksum generation added.
CLI cmd/cozypkg/cmd/root.go	Added exported Version variable (default "dev") and set rootCmd.Version to it.
Release/upload scripts hack/upload-assets.sh	Uploads replaced/expanded: upload cozystack-crds.yaml and cozystack-operator.yaml (installer removed), plus cozypkg-*.tar.gz and cozypkg-checksums.txt.
E2E / test helpers hack/e2e-install-cozystack.bats, packages/core/testing/Makefile	Tests now validate and apply cozystack-crds.yaml and cozystack-operator.yaml separately; testing Makefile copies both manifests into sandbox.
Manifest templates packages/core/installer/templates/crds\.yaml	Removed an extra literal ---- separator within the template rendering of definitions/*.yaml.

Sequence Diagram(s)

sequenceDiagram
  actor Developer
  participant CI as GitHub Actions Runner
  participant Release as GitHub Release API
  participant Storage as Release Assets
  participant Cluster as Kubernetes Cluster

  Developer ->> CI: push PR / create release
  CI ->> CI: run Makefile -> generate `cozystack-crds.yaml`, `cozystack-operator.yaml`, cozypkg archives
  CI ->> Release: upload assets (`crds`, `operator`, `cozypkg` archives, checksums)
  Release ->> Storage: store uploaded assets
  CI ->> Release: resolve asset IDs (crds_id, operator_id, disk_id)
  CI ->> CI: download assets using resolved IDs
  CI ->> Cluster: apply `cozystack-crds.yaml`
  CI ->> Cluster: apply `cozystack-operator.yaml`
  Cluster -->> CI: readiness/status

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 Two manifests I proudly bring today,
CRDs first, then Operators at play.
Binaries bundled for near and far,
Hopping releases, checksum star ⭐,
A cozy hop toward a cleaner way.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately captures the primary change: adding cross-platform cozypkg build targets with version injection. It is specific, concise, and reflects the main objectives.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @kvaps, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly refines the build and deployment pipeline by enabling the creation of cross-platform cozypkg binaries with integrated versioning. It also modularizes the installer manifests, separating CRDs from the operator, which enhances deployment flexibility and maintainability. These changes collectively improve the overall CI/CD process and asset management.

Highlights

• Cross-platform cozypkg builds: New Makefile targets have been introduced to build cozypkg binaries for various operating systems and architectures (Linux, macOS, Windows for amd64 and arm64), along with generating SHA256 checksums for these assets.
• Version injection for cozypkg CLI: The cozypkg command-line interface now supports version injection at build time using ldflags, ensuring that the binary reports its correct version based on the COZYSTACK_VERSION.
• Split installer manifests: The monolithic cozystack-installer.yaml has been separated into two distinct files: cozystack-crds.yaml for Custom Resource Definitions and cozystack-operator.yaml for the operator and package source. This provides more granular control over deployment.
• CI/E2E/Upload script updates: The continuous integration workflow, end-to-end tests, and asset upload scripts have been updated to correctly handle the new split manifest structure and to include the newly generated cross-platform cozypkg binaries and their checksums.
• Robust version retrieval: The logic for determining COZYSTACK_VERSION in scripts/common-envs.mk has been made more robust by suppressing errors from git describe --tags, preventing build failures in certain scenarios.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/pull-requests.yaml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces cross-platform builds for cozypkg, injects version information, and splits the installer manifests. The changes are well-structured, particularly in the Makefile with new build targets. The Go code modification for version injection is correct, and the updates across tests, manifests, and scripts are consistent with the new asset structure. I have one suggestion to improve the robustness of the build process in the Makefile.

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In `@Makefile`:
- Around line 40-46: The build-deps dependency check is missing the cozyhr tool
used by the manifests target; update the build-deps check by adding "cozyhr" to
the list of required tools (the tools array/string on the build-deps line ~6) so
the Makefile verifies cozyhr is installed alongside helm, docker, jq, etc.
- Around line 59-62: The assets-cozypkg-% makefile rule needs to ensure output
directories exist and append .exe for Windows builds: modify the
assets-cozypkg-% recipe to create directories before building (ensure
_out/bin/cozypkg-$* and _out/assets exist via mkdir -p or similar) and when
computing the output filename for go build (used in the -o flag and later
filenames like cozypkg and tar contents) append .exe when GOOS is windows
(detect via GOOS=$(firstword $(subst -, ,$*)) and set BINNAME=cozypkg$(if
$(filter windows,$(GOOS)),.exe,)); use that BINNAME in the go build -o, cp, and
tar commands so Windows builds produce cozypkg.exe and directories are created.

In `@scripts/common-envs.mk`:
- Around line 28-32: COZYSTACK_VERSION can remain empty if git describe --tags
fails; update the scripts/common-envs.mk logic that sets COZYSTACK_VERSION so it
provides a safe fallback or fails early: after the existing git describe
assignment, check if COZYSTACK_VERSION is empty and either set a default like
"0.0.0" or "dev" (so helm package --version always receives a value) or print a
clear error and exit; reference the COZYSTACK_VERSION variable and the git
describe --tags invocation and ensure the chosen behavior prevents downstream
helm package commands from receiving an empty --version.

🧹 Nitpick comments (1)

Makefile (1)

48-49: Consider ensuring output directory exists.

The go build command outputs to _out/bin/cozypkg, but unlike the manifests target (which has mkdir -p _out/assets), there's no directory creation here. This could fail on a clean build.

Proposed fix

 cozypkg:
+	mkdir -p _out/bin
 	go build -ldflags "-X github.com/cozystack/cozystack/cmd/cozypkg/cmd.Version=v$(COZYSTACK_VERSION)" -o _out/bin/cozypkg ./cmd/cozypkg

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fd54647 and a4cac7d.

📒 Files selected for processing (8)

• .github/workflows/pull-requests.yaml
• Makefile
• cmd/cozypkg/cmd/root.go
• hack/e2e-install-cozystack.bats
• hack/upload-assets.sh
• packages/core/installer/templates/crds.yaml
• packages/core/testing/Makefile
• scripts/common-envs.mk

💤 Files with no reviewable changes (1)

• packages/core/installer/templates/crds.yaml

🧰 Additional context used

📓 Path-based instructions (3)

cmd/**/*.go

📄 CodeRabbit inference engine (AGENTS.md)

Follow controller-runtime patterns and kubebuilder style for Go code in cmd directory

Files:

• cmd/cozypkg/cmd/root.go

**/*.go

📄 CodeRabbit inference engine (AGENTS.md)

Do NOT manually edit vendor/ directory or auto-generated files (zz_generated.*.go)

Files:

• cmd/cozypkg/cmd/root.go

packages/core/**

📄 CodeRabbit inference engine (AGENTS.md)

Use Helm Chart umbrella pattern with vendored upstream charts in charts/ directory

Files:

• packages/core/testing/Makefile

🧠 Learnings (2)

📓 Common learnings

Learnt from: NickVolynkin
Repo: cozystack/cozystack PR: 1117
File: packages/apps/mysql/Makefile:8-8
Timestamp: 2025-06-26T04:29:24.830Z
Learning: The cozystack project uses yq v4+ on their CI runner, so yq v4 syntax (-o json --indent 4) is compatible and version checks are not needed.

📚 Learning: 2025-06-26T04:29:24.830Z

Learnt from: NickVolynkin
Repo: cozystack/cozystack PR: 1117
File: packages/apps/mysql/Makefile:8-8
Timestamp: 2025-06-26T04:29:24.830Z
Learning: The cozystack project uses yq v4+ on their CI runner, so yq v4 syntax (-o json --indent 4) is compatible and version checks are not needed.

Applied to files:

• scripts/common-envs.mk
• hack/upload-assets.sh
• hack/e2e-install-cozystack.bats

🔇 Additional comments (13)

cmd/cozypkg/cmd/root.go (2)

26-28: LGTM!

The exported Version variable with a sensible default follows the standard Go pattern for build-time version injection via -ldflags "-X <package>.Version=<value>".

---

49-51: LGTM!

Wiring the Version to rootCmd.Version in init() correctly enables Cobra's built-in --version flag support.

.github/workflows/pull-requests.yaml (3)

74-84: LGTM!

The upload steps are correctly split to handle CRDs and operator manifests as separate artifacts. The naming convention (cozystack-crds and cozystack-operator) is consistent with the new asset structure.

---

92-151: LGTM!

The resolve_assets job correctly updates the outputs and asset lookups to reflect the new CRDs and operator split. The validation at line 145 properly ensures all three required assets exist before proceeding.

---

236-262: LGTM!

The download steps for both regular PR and release PR paths are correctly updated to fetch the CRDs and operator manifests separately. The asset ID references align with the outputs from resolve_assets.

hack/upload-assets.sh (2)

6-7: LGTM!

The upload commands correctly reflect the new asset split from installer to CRDs and operator manifests.

---

13-14: Glob expansion is safe—cozypkg artifacts are always built.

The assets target in the Makefile has assets-cozypkg as an explicit mandatory dependency (line 51), which in turn builds 6 platform variants. The glob pattern cozypkg-*.tar.gz will reliably match all built artifacts. The Makefile itself uses the same glob pattern when generating the checksums file, confirming it's intentional and safe. The release workflow also enforces this sequence by running make assets before make upload_assets.

scripts/common-envs.mk (1)

15-15: LGTM!

Suppressing stderr with 2>/dev/null is appropriate here to avoid noisy output when no tags exist. The fallback logic at lines 28-32 handles the empty case by fetching upstream tags.

packages/core/testing/Makefile (1)

33-35: LGTM!

The target correctly copies both manifest files to the sandbox container. The target name copy-installer-manifest is slightly outdated given the split, but renaming it would require updating dependent targets (install-cozystack, test-cluster), which may not be worth the churn.

hack/e2e-install-cozystack.bats (2)

3-12: LGTM!

The prerequisite check correctly validates both manifest files exist before proceeding, with clear error messages for each missing file.

---

14-20: LGTM!

The installation order is correct: CRDs are applied first (line 19) followed by the operator (line 20). This ensures the Custom Resource Definitions are registered before the operator attempts to watch them.

Makefile (2)

8-10: LGTM!

Good addition of GNU tool checks. These ensure consistent behavior across different environments since GNU-specific features may be used in the build scripts.

---

56-57: No action needed. The sha256sum tool is already actively used in the CI workflows (pull-requests.yaml lines 200, 266, 316), confirming its availability in the self-hosted runner environment. The CI infrastructure uses self-hosted Linux runners, not macOS, so the portability concern does not apply.

Likely an incorrect or invalid review comment.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@hack/upload-assets.sh`:
- Around line 13-14: The Makefile target upload_assets currently only depends on
manifests, which allows hack/upload-assets.sh to run before assets-cozypkg is
built and may cause gh release upload to fail on unmatched glob patterns; update
the Makefile so the upload_assets target declares assets-cozypkg as an explicit
dependency (i.e., make upload_assets depend on both manifests and
assets-cozypkg) so the tar.gz artifacts are built before hack/upload-assets.sh
runs.

In `@Makefile`:
- Around line 59-64: The assets-cozypkg-% target uses GO build to write to
_out/bin/cozypkg-$*/cozypkg$(EXT) and then cp LICENSE there, but only
_out/assets is created; add a step to create the output directory (e.g., mkdir
-p _out/bin/cozypkg-$*) before the go build and cp so the build output and copy
succeed; update the assets-cozypkg-% recipe (referencing the target name and
variables EXT and the path _out/bin/cozypkg-$*/) to ensure the directory exists.

🧹 Nitpick comments (1)

Makefile (1)

48-49: Add directory creation for cozypkg target.

The cozypkg target outputs to _out/bin/cozypkg, but _out/bin may not exist on a clean build.

Proposed fix

 cozypkg:
+	mkdir -p _out/bin
 	go build -ldflags "-X github.com/cozystack/cozystack/cmd/cozypkg/cmd.Version=v$(COZYSTACK_VERSION)" -o _out/bin/cozypkg ./cmd/cozypkg

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ccbb2bf and 7bcb25c.

📒 Files selected for processing (7)

• .github/workflows/pull-requests.yaml
• Makefile
• cmd/cozypkg/cmd/root.go
• hack/e2e-install-cozystack.bats
• hack/upload-assets.sh
• packages/core/installer/templates/crds.yaml
• packages/core/testing/Makefile

💤 Files with no reviewable changes (1)

• packages/core/installer/templates/crds.yaml

🚧 Files skipped from review as they are similar to previous changes (3)

• packages/core/testing/Makefile
• cmd/cozypkg/cmd/root.go
• hack/e2e-install-cozystack.bats

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2025-06-26T04:29:24.830Z

Learnt from: NickVolynkin
Repo: cozystack/cozystack PR: 1117
File: packages/apps/mysql/Makefile:8-8
Timestamp: 2025-06-26T04:29:24.830Z
Learning: The cozystack project uses yq v4+ on their CI runner, so yq v4 syntax (-o json --indent 4) is compatible and version checks are not needed.

Applied to files:

• hack/upload-assets.sh

📚 Learning: 2025-12-25T09:45:26.524Z

Learnt from: CR
Repo: cozystack/cozystack PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-25T09:45:26.524Z
Learning: Applies to pkg/**/*.go : Follow controller-runtime patterns and kubebuilder style for Go code in pkg directory

Applied to files:

• Makefile

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build

🔇 Additional comments (10)

Makefile (4)

38-46: LGTM!

The split of the manifests target into separate CRDs and operator YAML files is clean and follows the PR objectives. Directory creation is handled on line 39.

---

56-57: LGTM!

The checksum generation using a subshell with cd ensures the checksum file contains relative paths, which is the correct approach for portable checksums.

---

3-3: LGTM!

The include for common environment variables centralizes version management.

---

51-54: LGTM!

The assets target properly aggregates sub-targets, and assets-talos correctly delegates to the package-specific Makefile.

hack/upload-assets.sh (1)

6-7: LGTM!

The upload script correctly reflects the split from a single installer manifest to separate CRDs and operator manifests, aligning with the Makefile changes.

.github/workflows/pull-requests.yaml (5)

74-84: LGTM!

The upload steps are correctly split into separate artifacts for CRDs and operator, with clear naming that aligns with the Makefile output paths.

---

97-99: LGTM!

The output declarations are correctly updated to expose the three asset IDs needed by downstream jobs.

---

142-151: LGTM!

The asset lookup and validation logic correctly handles the split assets. The validation on line 145 ensures all three required assets are present before proceeding.

---

236-248: LGTM!

The download steps for regular PRs correctly fetch both CRDs and operator artifacts into the expected _out/assets directory.

---

251-262: LGTM!

The release PR path correctly downloads both assets from the draft release using the resolved asset IDs. The curl commands properly handle authentication and output paths.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# First, let's find and examine the upload-assets.sh file
fd upload-assets.sh

Repository: cozystack/cozystack

Length of output: 84

---

🏁 Script executed:

# Read the full script to understand context
cat -n hack/upload-assets.sh

Repository: cozystack/cozystack

Length of output: 843

---

🏁 Script executed:

# Check if there's a Makefile or build script that shows dependencies
fd -e Makefile -e makefile | head -5

Repository: cozystack/cozystack

Length of output: 45

---

🏁 Script executed:

# Let's also check the gh release upload documentation and behavior
web_search
gh release upload command glob pattern behavior shell expansion

Repository: cozystack/cozystack

Length of output: 139

---

🏁 Script executed:

# Look for Makefile or build scripts
find . -maxdepth 3 -type f \( -name "Makefile" -o -name "*.mk" -o -name "*.make" \) | head -10

Repository: cozystack/cozystack

Length of output: 225

---

🏁 Script executed:

# Check if there's a target that creates cozypkg assets
grep -r "cozypkg-" --include="Makefile" --include="*.mk" | head -20

Repository: cozystack/cozystack

Length of output: 749

---

🏁 Script executed:

# Check the _out/assets directory structure if it exists or is documented
find . -path "*_out/assets*" -o -name "*assets*" -type d | head -10

Repository: cozystack/cozystack

Length of output: 45

---

🏁 Script executed:

# Search for how cozypkg assets are generated
rg "cozypkg.*tar\.gz" --type sh --type makefile -B 3 -A 3

Repository: cozystack/cozystack

Length of output: 95

---

🏁 Script executed:

# Search for how upload-assets.sh is invoked and whether assets-cozypkg is a dependency
grep -r "upload-assets" --include="Makefile" -B 5 -A 5

Repository: cozystack/cozystack

Length of output: 200

---

🏁 Script executed:

# Check the main Makefile to see the relationship between asset targets and upload
cat -n Makefile | head -100

Repository: cozystack/cozystack

Length of output: 3774

---

🏁 Script executed:

# Look for any CI/CD files that might show the sequence of commands
find . -maxdepth 2 -type f \( -name "*.yml" -o -name "*.yaml" \) | head -10

Repository: cozystack/cozystack

Length of output: 119

---

🏁 Script executed:

# Let's verify the exact shell behavior when glob doesn't match
# Create a test scenario
bash -c 'set -xe; mkdir -p /tmp/test_glob && cd /tmp/test_glob && echo "Testing glob with no matches:" && ls *.nonexistent 2>&1; echo "Exit code: $?"'

Repository: cozystack/cozystack

Length of output: 276

---

🏁 Script executed:

# Also check what happens when passing the glob string to a command
bash -c 'set -xe; mkdir -p /tmp/test_glob && cd /tmp/test_glob && echo "file1.tar.gz" > file1.tar.gz && echo "Testing glob with matches:" && echo _out/assets/cozypkg-*.tar.gz; echo "Testing glob with no matches:" && echo _out/assets/cozypkg-*.tar.gz 2>&1 || true'

Repository: cozystack/cozystack

Length of output: 411

---

🏁 Script executed:

# Verify the upload_assets target dependencies in the Makefile
grep -A 3 "^upload_assets:" Makefile

Repository: cozystack/cozystack

Length of output: 110

---

🏁 Script executed:

# Check if there's any other build orchestration that might ensure assets-cozypkg runs first
grep -r "upload.assets" . --include="*.yml" --include="*.yaml" --include="Makefile" -B 5 -A 5

Repository: cozystack/cozystack

Length of output: 1284

---

Add assets-cozypkg as an explicit dependency for the upload_assets Makefile target.

The glob pattern expansion is correct in the shell, but the upload_assets target in the Makefile only depends on manifests and not on assets-cozypkg, allowing hack/upload-assets.sh to be invoked without the required tar.gz files being built. With set -xe in the script, this would cause gh release upload to fail when called with the literal unmatched glob string. The GitHub workflow mitigates this by explicitly running make assets first, but the Makefile target itself should declare the dependency. Change line 82 in the Makefile from:

upload_assets: manifests

to:

upload_assets: manifests assets-cozypkg

🤖 Prompt for AI Agents

In `@hack/upload-assets.sh` around lines 13 - 14, The Makefile target
upload_assets currently only depends on manifests, which allows
hack/upload-assets.sh to run before assets-cozypkg is built and may cause gh
release upload to fail on unmatched glob patterns; update the Makefile so the
upload_assets target declares assets-cozypkg as an explicit dependency (i.e.,
make upload_assets depend on both manifests and assets-cozypkg) so the tar.gz
artifacts are built before hack/upload-assets.sh runs.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Missing directory creation for _out/bin/cozypkg-$*.

The mkdir -p on line 61 only creates _out/assets, but the go build on line 62 outputs to _out/bin/cozypkg-$*/cozypkg$(EXT), which will fail if that directory doesn't exist. Similarly, the cp LICENSE on line 63 will fail.

Proposed fix

 assets-cozypkg-%:
 	$(eval EXT := $(if $(filter windows,$(firstword $(subst -, ,$*))),.exe,))
-	mkdir -p _out/assets
+	mkdir -p _out/assets _out/bin/cozypkg-$*
 	GOOS=$(firstword $(subst -, ,$*)) GOARCH=$(lastword $(subst -, ,$*)) go build -ldflags "-X github.com/cozystack/cozystack/cmd/cozypkg/cmd.Version=v$(COZYSTACK_VERSION)" -o _out/bin/cozypkg-$*/cozypkg$(EXT) ./cmd/cozypkg
 	cp LICENSE _out/bin/cozypkg-$*/LICENSE
 	tar -C _out/bin/cozypkg-$* -czf _out/assets/cozypkg-$*.tar.gz LICENSE cozypkg$(EXT)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	assets-cozypkg-%:
	$(eval EXT := $(if $(filter windows,$(firstword $(subst -, ,$*))),.exe,))
	mkdir -p _out/assets
	GOOS=$(firstword $(subst -, ,$*)) GOARCH=$(lastword $(subst -, ,$*)) go build -ldflags "-X github.com/cozystack/cozystack/cmd/cozypkg/cmd.Version=v$(COZYSTACK_VERSION)" -o _out/bin/cozypkg-$*/cozypkg$(EXT) ./cmd/cozypkg
	cp LICENSE _out/bin/cozypkg-$*/LICENSE
	tar -C _out/bin/cozypkg-$* -czf _out/assets/cozypkg-$*.tar.gz LICENSE cozypkg$(EXT)
	assets-cozypkg-%:
	$(eval EXT := $(if $(filter windows,$(firstword $(subst -, ,$*))),.exe,))
	mkdir -p _out/assets _out/bin/cozypkg-$*
	GOOS=$(firstword $(subst -, ,$*)) GOARCH=$(lastword $(subst -, ,$*)) go build -ldflags "-X github.com/cozystack/cozystack/cmd/cozypkg/cmd.Version=v$(COZYSTACK_VERSION)" -o _out/bin/cozypkg-$*/cozypkg$(EXT) ./cmd/cozypkg
	cp LICENSE _out/bin/cozypkg-$*/LICENSE
	tar -C _out/bin/cozypkg-$* -czf _out/assets/cozypkg-$*.tar.gz LICENSE cozypkg$(EXT)

🤖 Prompt for AI Agents

In `@Makefile` around lines 59 - 64, The assets-cozypkg-% target uses GO build to
write to _out/bin/cozypkg-$*/cozypkg$(EXT) and then cp LICENSE there, but only
_out/assets is created; add a step to create the output directory (e.g., mkdir
-p _out/bin/cozypkg-$*) before the go build and cp so the build output and copy
succeed; update the assets-cozypkg-% recipe (referencing the target name and
variables EXT and the path _out/bin/cozypkg-$*/) to ensure the directory exists.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@Makefile`:
- Around line 48-50: The cozypkg Makefile target currently runs go build to
output _out/bin/cozypkg but doesn't ensure the _out/bin directory exists; modify
the cozypkg target (target name: cozypkg) to create the directory first (e.g.,
run a mkdir -p _out/bin) before invoking go build so the output path is
guaranteed to exist and the build won't fail on a clean workspace.

♻️ Duplicate comments (1)

Makefile (1)

59-65: Missing directory creation for _out/bin/cozypkg-$*.

Line 61 only creates _out/assets, but the go build on line 62 and cp on line 63 write to _out/bin/cozypkg-$*/, which doesn't exist. This will cause the build to fail.

Proposed fix

 assets-cozypkg-%:
 	$(eval EXT := $(if $(filter windows,$(firstword $(subst -, ,$*))),.exe,))
-	mkdir -p _out/assets
+	mkdir -p _out/assets _out/bin/cozypkg-$*
 	GOOS=$(firstword $(subst -, ,$*)) GOARCH=$(lastword $(subst -, ,$*)) go build -ldflags "-X github.com/cozystack/cozystack/cmd/cozypkg/cmd.Version=v$(COZYSTACK_VERSION)" -o _out/bin/cozypkg-$*/cozypkg$(EXT) ./cmd/cozypkg
 	cp LICENSE _out/bin/cozypkg-$*/LICENSE
 	tar -C _out/bin/cozypkg-$* -czf _out/assets/cozypkg-$*.tar.gz LICENSE cozypkg$(EXT)

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7bcb25c and e557b23.

📒 Files selected for processing (2)

• Makefile
• packages/core/testing/Makefile

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/core/testing/Makefile

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-12-25T09:45:26.524Z

Learnt from: CR
Repo: cozystack/cozystack PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-25T09:45:26.524Z
Learning: Applies to pkg/**/*.go : Follow controller-runtime patterns and kubebuilder style for Go code in pkg directory

Applied to files:

• Makefile

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build

🔇 Additional comments (3)

Makefile (3)

40-46: LGTM!

The manifest generation is cleanly split into CRDs and operator components. The -s flag usage correctly selects specific templates for each output file.

---

51-54: LGTM!

Clean composition of asset targets with proper delegation.

---

56-57: LGTM!

Good coverage of common platforms and architectures. The checksum generation with relative paths is the right approach for release artifacts.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Missing directory creation for _out/bin.

The go build command outputs to _out/bin/cozypkg, but this directory may not exist on a clean build, causing the build to fail.

Proposed fix

 cozypkg:
+	mkdir -p _out/bin
 	go build -ldflags "-X github.com/cozystack/cozystack/cmd/cozypkg/cmd.Version=v$(COZYSTACK_VERSION)" -o _out/bin/cozypkg ./cmd/cozypkg

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	cozypkg:
	go build -ldflags "-X github.com/cozystack/cozystack/cmd/cozypkg/cmd.Version=v$(COZYSTACK_VERSION)" -o _out/bin/cozypkg ./cmd/cozypkg
	cozypkg:
	mkdir -p _out/bin
	go build -ldflags "-X github.com/cozystack/cozystack/cmd/cozypkg/cmd.Version=v$(COZYSTACK_VERSION)" -o _out/bin/cozypkg ./cmd/cozypkg

🤖 Prompt for AI Agents

In `@Makefile` around lines 48 - 50, The cozypkg Makefile target currently runs go
build to output _out/bin/cozypkg but doesn't ensure the _out/bin directory
exists; modify the cozypkg target (target name: cozypkg) to create the directory
first (e.g., run a mkdir -p _out/bin) before invoking go build so the output
path is guaranteed to exist and the build won't fail on a clean workspace.